Edit tour

Windows Analysis Report
dcm2niix.exe

Overview

General Information

Sample name:	dcm2niix.exe
Analysis ID:	1466701
MD5:	0d831c8a0b2379cd73393d725ba8f95c
SHA1:	bd2cdd77c5fe97e2b238fb7f1f8ea6342e1d5b18
SHA256:	34de9d74012c9768ed8318d69c0bb0a2b34cb50f787a20f95ab4781c2bcaeb71
Infos:

Detection

Score:	24
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

AI detected suspicious sample

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains sections with non-standard names

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

dcm2niix.exe (PID: 2132 cmdline: "C:\Users\user\Desktop\dcm2niix.exe" MD5: 0D831C8A0B2379CD73393D725BA8F95C)

conhost.exe (PID: 2276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 93.5% probability

Source: dcm2niix.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\dcm2niix.exe

Code function: 0_2_00007FF7D1EE8E90 FindClose,FindFirstFileA,FindClose,

0_2_00007FF7D1EE8E90

Source: dcm2niix.exe	String found in binary or memory: http://json.org
Source: dcm2niix.exe	String found in binary or memory: http://json.orgSpecialA75DataTypeNameA75DBNameA75ExtendsA75SessionErrorA75GlobalMaxA75GlobalMinbase6
Source: dcm2niix.exe	String found in binary or memory: http://neurojson.org)
Source: dcm2niix.exe	String found in binary or memory: http://neurojson.org)AnnotationFormathttps://github.com/NeuroJSON/jnifti/blob/master/JNIfTI_specific
Source: dcm2niix.exe	String found in binary or memory: http://teem.sourceforge.net/nrrd/format.html
Source: dcm2niix.exe	String found in binary or memory: https://github.com/NeuroJSON/bjdata/blob/master/Binary_JData_Specification.md
Source: dcm2niix.exe	String found in binary or memory: https://github.com/NeuroJSON/jnifti/blob/master/JNIfTI_specification.md
Source: dcm2niix.exe	String found in binary or memory: https://github.com/NeuroJSON/jnifty
Source: dcm2niix.exe	String found in binary or memory: https://github.com/NeuroJSON/jsdata
Source: dcm2niix.exe	String found in binary or memory: https://github.com/rordenlab/dcm2niix/issues/236
Source: dcm2niix.exe	String found in binary or memory: https://pypi.org/project/bjdata
Source: dcm2niix.exe	String found in binary or memory: https://pypi.org/project/bjdatahttps://github.com/NeuroJSON/jniftyJavaScripthttps://github.com/Neuro
Source: dcm2niix.exe	String found in binary or memory: https://pypi.org/project/jdata
Source: dcm2niix.exe	String found in binary or memory: https://www.cognitiveatlas.org/task/id/trm_4c8a834779883/

Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1ED7B00	0_2_00007FF7D1ED7B00
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EE9AE0	0_2_00007FF7D1EE9AE0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EC12D0	0_2_00007FF7D1EC12D0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F51370	0_2_00007FF7D1F51370
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EC7AB0	0_2_00007FF7D1EC7AB0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EC52A0	0_2_00007FF7D1EC52A0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F30B8C	0_2_00007FF7D1F30B8C
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F2DBC0	0_2_00007FF7D1F2DBC0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EF8A50	0_2_00007FF7D1EF8A50
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EA4A20	0_2_00007FF7D1EA4A20
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EE01D0	0_2_00007FF7D1EE01D0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F021C0	0_2_00007FF7D1F021C0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F30470	0_2_00007FF7D1F30470
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F2BC8C	0_2_00007FF7D1F2BC8C
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F43CC0	0_2_00007FF7D1F43CC0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EF0150	0_2_00007FF7D1EF0150
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F3F50C	0_2_00007FF7D1F3F50C
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F2FD10	0_2_00007FF7D1F2FD10
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EBB4F0	0_2_00007FF7D1EBB4F0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EC74F0	0_2_00007FF7D1EC74F0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EDACE0	0_2_00007FF7D1EDACE0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EE94D0	0_2_00007FF7D1EE94D0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F4A97C	0_2_00007FF7D1F4A97C
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EA74A0	0_2_00007FF7D1EA74A0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EC5C80	0_2_00007FF7D1EC5C80
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F431AC	0_2_00007FF7D1F431AC
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EF1480	0_2_00007FF7D1EF1480
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F01C50	0_2_00007FF7D1F01C50
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EEB450	0_2_00007FF7D1EEB450
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F369EC	0_2_00007FF7D1F369EC
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F3121C	0_2_00007FF7D1F3121C
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EBDBF0	0_2_00007FF7D1EBDBF0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1ED2BA0	0_2_00007FF7D1ED2BA0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F40A94	0_2_00007FF7D1F40A94
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EF2380	0_2_00007FF7D1EF2380
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EF0B70	0_2_00007FF7D1EF0B70
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EA4330	0_2_00007FF7D1EA4330
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EF9B20	0_2_00007FF7D1EF9B20
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F2FB0C	0_2_00007FF7D1F2FB0C
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1ED3710	0_2_00007FF7D1ED3710
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1ED3F00	0_2_00007FF7D1ED3F00
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F01EE0	0_2_00007FF7D1F01EE0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F2B780	0_2_00007FF7D1F2B780
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EDA690	0_2_00007FF7D1EDA690
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EBEE80	0_2_00007FF7D1EBEE80
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F49FA8	0_2_00007FF7D1F49FA8
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1ED4670	0_2_00007FF7D1ED4670
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1ED0660	0_2_00007FF7D1ED0660
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EF1DF0	0_2_00007FF7D1EF1DF0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1ED4D90	0_2_00007FF7D1ED4D90
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EAF570	0_2_00007FF7D1EAF570
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EC0540	0_2_00007FF7D1EC0540
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EA8D30	0_2_00007FF7D1EA8D30
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F4990C	0_2_00007FF7D1F4990C
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F2F908	0_2_00007FF7D1F2F908
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EBF890	0_2_00007FF7D1EBF890
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1ED9880	0_2_00007FF7D1ED9880
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F32DD0	0_2_00007FF7D1F32DD0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EDB830	0_2_00007FF7D1EDB830
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EEA010	0_2_00007FF7D1EEA010
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F43640	0_2_00007FF7D1F43640
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F31654	0_2_00007FF7D1F31654
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1EC27D0	0_2_00007FF7D1EC27D0
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F3E674	0_2_00007FF7D1F3E674

Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: String function: 00007FF7D1F24CC0 appears 46 times
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: String function: 00007FF7D1EA9BB0 appears 174 times
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: String function: 00007FF7D1EA2A10 appears 417 times
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: String function: 00007FF7D1F2F334 appears 63 times

Source: classification engine

Classification label: sus24.winEXE@2/1@0/0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2276:120:WilError_03

Source: dcm2niix.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\dcm2niix.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\dcm2niix.exe "C:\Users\user\Desktop\dcm2niix.exe"
Source: C:\Users\user\Desktop\dcm2niix.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\dcm2niix.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\dcm2niix.exe	Section loaded: kernel.appcore.dll			Jump to behavior

Source: dcm2niix.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: dcm2niix.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: dcm2niix.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: dcm2niix.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: dcm2niix.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: dcm2niix.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: dcm2niix.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: dcm2niix.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: dcm2niix.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: dcm2niix.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: dcm2niix.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: dcm2niix.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: dcm2niix.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: dcm2niix.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: dcm2niix.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\dcm2niix.exe

Code function: 0_2_00007FF7D1EAE3DB push rsp; ret

0_2_00007FF7D1EAE3DC

Source: C:\Users\user\Desktop\dcm2niix.exe

API coverage: 5.8 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\dcm2niix.exe

Code function: 0_2_00007FF7D1EE8E90 FindClose,FindFirstFileA,FindClose,

0_2_00007FF7D1EE8E90

Source: C:\Users\user\Desktop\dcm2niix.exe

Code function: 0_2_00007FF7D1F3CFE0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7D1F3CFE0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F22C20 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00007FF7D1F22C20
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: 0_2_00007FF7D1F3CFE0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00007FF7D1F3CFE0

Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF7D1F4F348
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF7D1F4FBAC
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7D1F423CC
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7D1F4F774
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: GetLocaleInfoW,	0_2_00007FF7D1F4284C
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF7D1F4FD90
Source: C:\Users\user\Desktop\dcm2niix.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7D1F4F6A4

Source: C:\Users\user\Desktop\dcm2niix.exe

Code function: 0_2_00007FF7D1F23954 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7D1F23954

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Process Injection	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
dcm2niix.exe	0%	ReversingLabs
dcm2niix.exe	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://github.com/NeuroJSON/jnifty	0%	Avira URL Cloud	safe
http://json.orgSpecialA75DataTypeNameA75DBNameA75ExtendsA75SessionErrorA75GlobalMaxA75GlobalMinbase6	0%	Avira URL Cloud	safe
https://github.com/rordenlab/dcm2niix/issues/236	0%	Avira URL Cloud	safe
http://neurojson.org)AnnotationFormathttps://github.com/NeuroJSON/jnifti/blob/master/JNIfTI_specific	0%	Avira URL Cloud	safe
https://www.cognitiveatlas.org/task/id/trm_4c8a834779883/	0%	Avira URL Cloud	safe
http://neurojson.org)	0%	Avira URL Cloud	safe
https://github.com/NeuroJSON/jnifti/blob/master/JNIfTI_specification.md	0%	Avira URL Cloud	safe
https://github.com/NeuroJSON/jsdata	0%	Avira URL Cloud	safe
https://github.com/rordenlab/dcm2niix/issues/236	0%	Virustotal		Browse
https://github.com/NeuroJSON/jnifty	0%	Virustotal		Browse
https://pypi.org/project/jdata	0%	Avira URL Cloud	safe
https://github.com/NeuroJSON/bjdata/blob/master/Binary_JData_Specification.md	0%	Avira URL Cloud	safe
https://github.com/NeuroJSON/jnifti/blob/master/JNIfTI_specification.md	0%	Virustotal		Browse
https://pypi.org/project/bjdatahttps://github.com/NeuroJSON/jniftyJavaScripthttps://github.com/Neuro	0%	Avira URL Cloud	safe
https://www.cognitiveatlas.org/task/id/trm_4c8a834779883/	0%	Virustotal		Browse
http://teem.sourceforge.net/nrrd/format.html	0%	Avira URL Cloud	safe
https://pypi.org/project/bjdata	0%	Avira URL Cloud	safe
https://pypi.org/project/jdata	1%	Virustotal		Browse
http://json.org	0%	Avira URL Cloud	safe
https://github.com/NeuroJSON/bjdata/blob/master/Binary_JData_Specification.md	0%	Virustotal		Browse
https://github.com/NeuroJSON/jsdata	0%	Virustotal		Browse
https://pypi.org/project/bjdatahttps://github.com/NeuroJSON/jniftyJavaScripthttps://github.com/Neuro	0%	Virustotal		Browse
http://json.org	0%	Virustotal		Browse
https://pypi.org/project/bjdata	1%	Virustotal		Browse
http://teem.sourceforge.net/nrrd/format.html	0%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
http://neurojson.org)AnnotationFormathttps://github.com/NeuroJSON/jnifti/blob/master/JNIfTI_specific	dcm2niix.exe	false	Avira URL Cloud: safe	unknown
https://github.com/NeuroJSON/jnifty	dcm2niix.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.cognitiveatlas.org/task/id/trm_4c8a834779883/	dcm2niix.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://json.orgSpecialA75DataTypeNameA75DBNameA75ExtendsA75SessionErrorA75GlobalMaxA75GlobalMinbase6	dcm2niix.exe	false	Avira URL Cloud: safe	unknown
https://github.com/rordenlab/dcm2niix/issues/236	dcm2niix.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://neurojson.org)	dcm2niix.exe	false	Avira URL Cloud: safe	unknown
https://github.com/NeuroJSON/jnifti/blob/master/JNIfTI_specification.md	dcm2niix.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/NeuroJSON/jsdata	dcm2niix.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pypi.org/project/jdata	dcm2niix.exe	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://github.com/NeuroJSON/bjdata/blob/master/Binary_JData_Specification.md	dcm2niix.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pypi.org/project/bjdatahttps://github.com/NeuroJSON/jniftyJavaScripthttps://github.com/Neuro	dcm2niix.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://teem.sourceforge.net/nrrd/format.html	dcm2niix.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://pypi.org/project/bjdata	dcm2niix.exe	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://json.org	dcm2niix.exe	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466701
Start date and time:	2024-07-03 09:59:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	dcm2niix.exe
Detection:	SUS
Classification:	sus24.winEXE@2/1@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 73% Number of executed functions: 7 Number of non-executed functions: 112
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Not all processes where analyzed, report is missing behavior information

Joe Sandbox View / Context

Created / dropped Files

\Device\ConDrv

Download File

Process:	C:\Users\user\Desktop\dcm2niix.exe
File Type:	ASCII text, with very long lines (408), with CRLF line terminators
Category:	dropped
Size (bytes):	3187
Entropy (8bit):	5.067059768602068
Encrypted:	false
SSDEEP:	96:IlcfLmljOM1/QgUuAFCUoleMstn9s1ONLeJZk:7fqZltbeVo14
MD5:	5AFD1A966036869AB111D99D61D2852D
SHA1:	466F56B0B5F507D943EDEB309C8C478B712876D5
SHA-256:	F5F581BD997500B8391A22CBC1885D6C074090EF0C6E6B8F5F5B82AF178EB91D
SHA-512:	A0F302D6DB4D10A986619C63A6EB8365F45D92D701F7A21CE115B5CC5586DE63F79185AF6B453C15A88DE6573F99FD94BECBC55EB5E7B79AA13B3DFB970FE955
Malicious:	false
Reputation:	low
Preview:	Compression will be faster with C:\Users\user\Desktop\pigz.exe in the same folder as the executable..Chris Rorden's dcm2niiX version v1.0.20240202 (JP2:OpenJPEG) (JP-LS:CharLS) MSC1938 (64-bit Windows)..usage: dcm2niix.exe [options] <in_folder>.. Options :.. -1..-9 : gz compression level (1=fastest..9=smallest, default 6).. -a : adjacent DICOMs (images from same series always in same folder) for faster conversion (n/y, default n).. -b : BIDS sidecar (y/n/o [o=only: no NIfTI], default y).. -ba : anonymize BIDS (y/n, default y).. -c : comment stored in NIfTI aux_file (up to 24 characters e.g. '-c VIP', empty to anonymize e.g. 0020,4000 e.g. '-c ""').. -d : directory search depth. Convert DICOMs in sub-folders of in_folder? (0..9, default 5).. -e : export as NRRD (y) or MGH (o) or JSON/JNIfTI (j) or BJNIfTI (b) instead of NIfTI (y/n/o/j/b, default n).. -f : filename (%a=antenna (coil) name, %b=basename, %c=comments, %d=description, %e=echo number, %f=folder name, %g=accession

Instruction
dec eax
sub esp, 28h
call 00007F14A482DBD4h
dec eax
add esp, 28h
jmp 00007F14A482D7D7h
int3
int3
dec eax
and dword ptr [ecx+10h], 00000000h
dec eax
lea eax, dword ptr [00044EFCh]
dec eax
mov dword ptr [ecx+08h], eax
dec eax
lea eax, dword ptr [00041711h]
dec eax
mov dword ptr [ecx], eax
dec eax
mov eax, ecx
ret
int3
int3
dec eax
sub esp, 48h
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F14A482D937h
dec eax
lea edx, dword ptr [0005DB33h]
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F14A482F32Ah
int3
xor eax, eax
cmp dword ptr [000EC008h], eax
setne al
ret
and dword ptr [000EAF21h], 00000000h
ret
dec eax
mov dword ptr [esp+08h], ebx
push ebp
dec eax
lea ebp, dword ptr [esp-000004C0h]
dec eax
sub esp, 000005C0h
mov ebx, ecx
mov ecx, 00000017h
call dword ptr [0003394Ah]
test eax, eax
je 00007F14A482D966h
mov ecx, ebx
int 29h
mov ecx, 00000003h
call 00007F14A482D929h
xor edx, edx
dec eax
lea ecx, dword ptr [ebp-10h]
inc ecx
mov eax, 000004D0h
call 00007F14A485FACCh
dec eax
lea ecx, dword ptr [ebp-10h]
call dword ptr [000338E5h]
dec eax
mov ebx, dword ptr [ebp+000000E8h]
dec eax
lea edx, dword ptr [ebp+000004D8h]
dec eax
mov ecx, ebx

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xe1420	0x930	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe1d50	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x178000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x170000	0x66f0	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x179000	0xcb4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xd65c0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xd6780	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xd6480	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xb7000	0x388	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

WaitForSingleObject, CreateProcessA, GetLastError, GetModuleHandleA, WriteConsoleW, CloseHandle, FindNextFileA, FindFirstFileA, GetModuleFileNameA, FindClose, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetStringTypeW, GetCPInfo, RtlPcToFileHeader, RaiseException, RtlUnwindEx, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, QueryPerformanceFrequency, ExitProcess, GetModuleHandleExW, ReadFile, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, GetModuleFileNameW, GetStdHandle, WriteFile, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetCurrentDirectoryW, SetStdHandle, DeleteFileW, HeapReAlloc, GetTimeZoneInformation, FlushFileBuffers, GetConsoleOutputCP, GetFileSizeEx, HeapSize, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, GetFileAttributesExW, CreateDirectoryW, SetEndOfFile, RtlUnwind

ADVAPI32.dll

RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegSetValueExA

Exports

Name	Ordinal	Address
cJSON_AddArrayToObject	1	0x140055cc0
cJSON_AddBoolToObject	2	0x140055e40
cJSON_AddFalseToObject	3	0x140055fd0
cJSON_AddItemReferenceToArray	4	0x140056150
cJSON_AddItemReferenceToObject	5	0x140056210
cJSON_AddItemToArray	6	0x140056350
cJSON_AddItemToObject	7	0x140056390
cJSON_AddItemToObjectCS	8	0x140056470
cJSON_AddNullToObject	9	0x140056520
cJSON_AddNumberToObject	10	0x1400566a0
cJSON_AddObjectToObject	11	0x140056800
cJSON_AddRawToObject	12	0x140056980
cJSON_AddStringToObject	13	0x140056ae0
cJSON_AddTrueToObject	14	0x140056c40
cJSON_Compare	15	0x140056dc0
cJSON_CreateArray	16	0x1400570b0
cJSON_CreateArrayReference	17	0x1400570f0
cJSON_CreateBool	18	0x140057140
cJSON_CreateDoubleArray	19	0x140057180
cJSON_CreateFalse	20	0x1400572a0
cJSON_CreateFloatArray	21	0x1400572e0
cJSON_CreateIntArray	22	0x140057400
cJSON_CreateNull	23	0x140057520
cJSON_CreateNumber	24	0x140057560
cJSON_CreateObject	25	0x140057600
cJSON_CreateObjectReference	26	0x140057640
cJSON_CreateRaw	27	0x140057690
cJSON_CreateString	28	0x1400577a0
cJSON_CreateStringArray	29	0x1400578b0
cJSON_CreateStringReference	30	0x1400579d0
cJSON_CreateTrue	31	0x140057a20
cJSON_Delete	32	0x140057a60
cJSON_DeleteItemFromArray	33	0x140057ae0
cJSON_DeleteItemFromObject	34	0x140057bd0
cJSON_DeleteItemFromObjectCaseSensitive	35	0x140057ca0
cJSON_DetachItemFromArray	36	0x140057d70
cJSON_DetachItemFromObject	37	0x140057df0
cJSON_DetachItemFromObjectCaseSensitive	38	0x140057e60
cJSON_DetachItemViaPointer	39	0x140057ed0
cJSON_Duplicate	40	0x140057f20
cJSON_GetArrayItem	41	0x140058110
cJSON_GetArraySize	42	0x140058150
cJSON_GetErrorPtr	43	0x140058170
cJSON_GetObjectItem	44	0x140058180
cJSON_GetObjectItemCaseSensitive	45	0x140058190
cJSON_GetStringValue	46	0x1400581a0
cJSON_HasObjectItem	47	0x1400581c0
cJSON_InitHooks	48	0x1400581e0
cJSON_InsertItemInArray	49	0x140058270
cJSON_IsArray	50	0x140058300
cJSON_IsBool	51	0x140058310
cJSON_IsFalse	52	0x140058330
cJSON_IsInvalid	53	0x140058340
cJSON_IsNull	54	0x140058350
cJSON_IsNumber	55	0x140058360
cJSON_IsObject	56	0x140058370
cJSON_IsRaw	57	0x140058380
cJSON_IsString	58	0x140058390
cJSON_IsTrue	59	0x1400583a0
cJSON_Minify	60	0x1400583b0
cJSON_Parse	61	0x140058500
cJSON_ParseWithOpts	62	0x140058510
cJSON_Print	63	0x140058740
cJSON_PrintBuffered	64	0x140058760
cJSON_PrintPreallocated	65	0x140058820
cJSON_PrintUnformatted	66	0x140058890
cJSON_ReplaceItemInArray	67	0x1400588a0
cJSON_ReplaceItemInObject	68	0x140058920
cJSON_ReplaceItemInObjectCaseSensitive	69	0x140058930
cJSON_ReplaceItemViaPointer	70	0x140058940
cJSON_SetNumberHelper	71	0x1400589b0
cJSON_Version	72	0x1400589f0
cJSON_free	73	0x140058a30
cJSON_malloc	74	0x140058a40

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	04:00:23
Start date:	03/07/2024
Path:	C:\Users\user\Desktop\dcm2niix.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\dcm2niix.exe"
Imagebase:	0x7ff7d1ea0000
File size:	968'192 bytes
MD5 hash:	0D831C8A0B2379CD73393D725BA8F95C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	04:00:23
Start date:	03/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.2%
Total number of Nodes:	248
Total number of Limit Nodes:	5

Executed Functions

Function 00007FF7D1EEF640 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 76
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7D1EEF8F0: GetModuleHandleA.KERNEL32(?,00007FF7D1EEF663), ref: 00007FF7D1EEFA53
Part of subcall function 00007FF7D1EEF8F0: GetModuleFileNameA.KERNEL32(?,00007FF7D1EEF663), ref: 00007FF7D1EEFA70

RegOpenKeyExA.ADVAPI32 ref: 00007FF7D1EEF68E
RegQueryValueExA.ADVAPI32 ref: 00007FF7D1EEF6CC
RegQueryValueExA.ADVAPI32 ref: 00007FF7D1EEF708
RegQueryValueExA.ADVAPI32 ref: 00007FF7D1EEF747
RegCloseKey.ADVAPI32 ref: 00007FF7D1EEF774

Strings

filename, xrefs: 00007FF7D1EEF728
Software\dcm2nii, xrefs: 00007FF7D1EEF665
isMaximize16BitRange, xrefs: 00007FF7D1EEF6FC
isGZ, xrefs: 00007FF7D1EEF6C0

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: QueryValue$Module$CloseFileHandleNameOpen
String ID: Software\dcm2nii$filename$isGZ$isMaximize16BitRange
API String ID: 4274780908-2335991553
Opcode ID: 9847c76b50f6f510ccd2403646b138b75c4a7ee88907f0cfe050fa8eb654d50c
Instruction ID: fd92caad1cf36fb4604ff8426aadd7623b93a8986695967573cc823a74b735a3
Opcode Fuzzy Hash: 9847c76b50f6f510ccd2403646b138b75c4a7ee88907f0cfe050fa8eb654d50c
Instruction Fuzzy Hash: 3F313D3662AB4286EB50DF20F49475AB7A4FB85744FC05136EA8D43B58EF7CD108CB10

Function 00007FF7D1F42448 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF7D1F4267C,?,?,?,?,00007FF7D1F37E45), ref: 00007FF7D1F425C4
GetProcAddress.KERNEL32(?,?,?,00007FF7D1F4267C,?,?,?,?,00007FF7D1F37E45), ref: 00007FF7D1F425D0

Strings

ext-ms-, xrefs: 00007FF7D1F42521
api-ms-, xrefs: 00007FF7D1F4250E

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 932f1aecc961b03531d73b2f84e3562e301dfc4504435740e9ca801ab880614a
Instruction ID: 305f322e36634c82f547a86caee4d42468c20452db636cb064e63fed7f0d9dcc
Opcode Fuzzy Hash: 932f1aecc961b03531d73b2f84e3562e301dfc4504435740e9ca801ab880614a
Instruction Fuzzy Hash: E141E721B1A60381FB15EB56B810A7DA3A5BF44B90FC54136DD0E87795EEBCE4458360

Function 00007FF7D1EEF8F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 210
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(?,00007FF7D1EEF663), ref: 00007FF7D1EEFA53
GetModuleFileNameA.KERNEL32(?,00007FF7D1EEF663), ref: 00007FF7D1EEFA70

Strings

Compression will be faster with %s in the same folder as the executable, xrefs: 00007FF7D1EEFB36
\, xrefs: 00007FF7D1EEF9B5
\, xrefs: 00007FF7D1EEFA8D
_%s, xrefs: 00007FF7D1EEFC7A

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Module$FileHandleName
String ID: Compression will be faster with %s in the same folder as the executable$\$\$_%s
API String ID: 4146042529-2777394730
Opcode ID: 93e0e4e291c3c1c31676c8cb6f092dfc0ca48ba71856d30bc033d5569b41e333
Instruction ID: 70d4f9185086f04f9c791a9fafe787ba9fa90b67410bbfb1787665f5fb989476
Opcode Fuzzy Hash: 93e0e4e291c3c1c31676c8cb6f092dfc0ca48ba71856d30bc033d5569b41e333
Instruction Fuzzy Hash: 93B1AF2250D7C299EB05DF24E0103BDFBA1FB56744FC88266E68D43646DBBDE1A5C720

Function 00007FF7D1F49300 Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,00007FF7D1EA1291,?,00007FF7D1EA1291,?,00007FF7D1EA1291,00007FF7D1EA1291,00007FF7D1EA1291,00000000,00007FF7D1F492EB), ref: 00007FF7D1F4941C
GetLastError.KERNEL32(?,?,?,?,?,?,00007FF7D1EA1291,?,00007FF7D1EA1291,?,00007FF7D1EA1291,00007FF7D1EA1291,00007FF7D1EA1291,00000000,00007FF7D1F492EB), ref: 00007FF7D1F494A7

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: eb02be59308def3aac5e41ca65c43d5fc8698851c12b828f83e5b81ec953a6b2
Instruction ID: fe29ec17f1dff0d4c664c871e5efe68e438a6e427fe5929f50416574db4c4c8b
Opcode Fuzzy Hash: eb02be59308def3aac5e41ca65c43d5fc8698851c12b828f83e5b81ec953a6b2
Instruction Fuzzy Hash: 0B91D432F0965385F760AF65D440ABDABA0BB48B98FD4413BDE0E53695DFB8D482C720

Function 00007FF7D1F376E0 Relevance: 6.1, APIs: 4, Instructions: 90
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F3770D
CreateFileW.KERNELBASE ref: 00007FF7D1F3774C
CloseHandle.KERNEL32 ref: 00007FF7D1F37781

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: 2be86880adafc3bfd940393fe67ee5673a70ca0c0322e3ae2affd3f5cf160fce
Instruction ID: 2932bdaccb7b1bf34666dc96e986c247e446cadfa2e9a04c7e8b652a299c962d
Opcode Fuzzy Hash: 2be86880adafc3bfd940393fe67ee5673a70ca0c0322e3ae2affd3f5cf160fce
Instruction Fuzzy Hash: A6417432D1978383F754AB60951036DB360FB957A4F909336EA9C03AD5DFBCA5A08760

Function 00007FF7D1F48DB8 Relevance: 3.1, APIs: 2, Instructions: 74
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE ref: 00007FF7D1F48E6B
GetLastError.KERNEL32 ref: 00007FF7D1F48E87

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: af02c2e3b00cdfd5b50ac032109ef6e435cd870cf2e4c8d55636fb92ed733539
Instruction ID: abdbb9bab7444a7bf9415d5a431863b4501faf2f3f5d106d190db48b136a4d85
Opcode Fuzzy Hash: af02c2e3b00cdfd5b50ac032109ef6e435cd870cf2e4c8d55636fb92ed733539
Instruction Fuzzy Hash: 0B31B132B1AA828AE720AF55E4446EDB7A0FB58780FC44432EA4D83754DF7CD555C710

Function 00007FF7D1F42358 Relevance: 3.0, APIs: 2, Instructions: 18
threadCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlRestoreThreadPreferredUILanguages.NTDLL ref: 00007FF7D1F4236E
GetLastError.KERNEL32 ref: 00007FF7D1F42378

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ErrorLanguagesLastPreferredRestoreThread
String ID:
API String ID: 588628887-0
Opcode ID: 9ef646a61b4ef29a6cd0fb065494ef55437dd177a4ada2777e37c3a080dbbe0e
Instruction ID: 814df6a88bf674b9e885a5c37d6062dd66318a09601499a22e9c7c0c6c97be7d
Opcode Fuzzy Hash: 9ef646a61b4ef29a6cd0fb065494ef55437dd177a4ada2777e37c3a080dbbe0e
Instruction Fuzzy Hash: 18E01250F1F60392FF1877F2A86543DC1A15F59740FC44036D84D962A2EEAC65498270

Non-executed Functions

Function 00007FF7D1EAF570 Relevance: 325.5, APIs: 3, Strings: 177, Instructions: 10469COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF7D1EAF7BF

Strings

epi_pepolar, xrefs: 00007FF7D1EB5710
PHILIPS MR IMAGING DD 005, xrefs: 00007FF7D1EB0CCC
fldyn3d1, xrefs: 00007FF7D1EBA2DB
Dimension %d Range: %d..%d, xrefs: 00007FF7D1EB98B5, 00007FF7D1EB98D9, 00007FF7D1EB98FD, 00007FF7D1EB9921, 00007FF7D1EB9945, 00007FF7D1EB9969, 00007FF7D1EB998D, 00007FF7D1EB99B1
Patient Position 0020,0032 (#,@,X,Y,Z)%d%zu%g%g%g, xrefs: 00007FF7D1EB284D
DICOMANON, xrefs: 00007FF7D1EB2B3E
_TRACEW_, xrefs: 00007FF7D1EB13A5
1.2.840.10008.1.2.4.57, xrefs: 00007FF7D1EB18C2
MEDCOM_RESAMPLED, xrefs: 00007FF7D1EB6971
XA10A, xrefs: 00007FF7D1EB1E3E
GE header overflows buffer, xrefs: 00007FF7D1EB46EB
interpolated protocol '%s' may be unsuitable for dwidenoise/mrdegibbs. %s, xrefs: 00007FF7D1EBAA4F
QUADRUPED, xrefs: 00007FF7D1EB6926
Matlab DICOMANON can scramble SeriesInstanceUID (0020,000e) and remove crucial data (see issue 383). , xrefs: 00007FF7D1EB2B66
DICOM preamble and prefix missing: this is not a valid DICOM image., xrefs: 00007FF7D1EAFB35
_FA_, xrefs: 00007FF7D1EB13F1
Skipping DICOM (audio not image) '%s', xrefs: 00007FF7D1EB30E2
7.0T, xrefs: 00007FF7D1EBA82C
header offset: %zu, xrefs: 00007FF7D1EB4718
1.2.840.10008.1.2.2, xrefs: 00007FF7D1EB1A25
b1map, xrefs: 00007FF7D1EBAE4E
_I_, xrefs: 00007FF7D1EB14FC
PHILIPS IMAGING DD 001, xrefs: 00007FF7D1EB0C5C
1.3.46.670589.11.0.0.12.2, xrefs: 00007FF7D1EB10B8
Unable to convert DTI [recompile with increased kMaxDTI4D] detected=%d, max = %d, xrefs: 00007FF7D1EBA1B0
Illegal DICOM tag %04x,%04x (odd element length %d): %s, xrefs: 00007FF7D1EB0DDE
3D continuous, xrefs: 00007FF7D1EB5957
Unable to open file %s, xrefs: 00007FF7D1EAF84D
SIEMENS MR SDI 02, xrefs: 00007FF7D1EB0B35
_AI, xrefs: 00007FF7D1EB60FB
%*c%04x,%04x %u@%zu , xrefs: 00007FF7D1EB80DF
1.2.840.10008.1.2.5, xrefs: 00007FF7D1EB19FE
PSEUDOCONTINUOUS, xrefs: 00007FF7D1EB59D2, 00007FF7D1EB7D25
Instance number (0020,0013) not found: %s, xrefs: 00007FF7D1EBA20B
DICOM read fail: not a valid file (perhaps a directory) %s, xrefs: 00007FF7D1EAF723
1.2.840.10008.1.2, xrefs: 00007FF7D1EB1A45
Guessing this is a mosaic up to %d slices (issue 337)., xrefs: 00007FF7D1EB8DFD
Philips MR Imaging DD 001, xrefs: 00007FF7D1EB0CAE
XA30, xrefs: 00007FF7D1EB4539
DICOM appears corrupt: first group:element should be 0x0002:0x0000 '%s', xrefs: 00007FF7D1EAFB19
MOSAIC, xrefs: 00007FF7D1EB1462, 00007FF7D1EB1496
XA10, xrefs: 00007FF7D1EB459D
PALETTE_COLOR, xrefs: 00007FF7D1EB0EC4
Error: , xrefs: 00007FF7D1EAF8F0, 00007FF7D1EAF941, 00007FF7D1EB780A, 00007FF7D1EB8740, 00007FF7D1EB8789, 00007FF7D1EB885E, 00007FF7D1EB8D2A, 00007FF7D1EBA196, 00007FF7D1EBAF2D
slice orientation varies (localizer?) [%g %g %g %g %g %g] != [%g %g %g %g %g %g], xrefs: 00007FF7D1EB2596
Underspecified BMatrix without BVector (issue 265), xrefs: 00007FF7D1EB8D02
Only loaded %zu of %zu bytes for %s, xrefs: 00007FF7D1EAF95F, 00007FF7D1EB875E
SIEMENS CSA HEADER, xrefs: 00007FF7D1EB0B53
PHASE, xrefs: 00007FF7D1EB15D8
AAHScout, xrefs: 00007FF7D1EBA761, 00007FF7D1EBA77B
%s, xrefs: 00007FF7D1EB86D8
_MAGNITUDE_, xrefs: 00007FF7D1EB157B
MATLAB, xrefs: 00007FF7D1EB1E10
Photometric Interpretation 'PALETTE COLOR' not supported, xrefs: 00007FF7D1EB8CDE
1.2.840.10008.1.2.4.50, xrefs: 00007FF7D1EB1874
Invalid enhanced DICOM created by Canon: Only single dimension in DimensionIndexValues (0020,9157) varies, for 4D file (e.g. BOTH space and time should vary), xrefs: 00007FF7D1EB9A0D
File too small to be a DICOM image %s, xrefs: 00007FF7D1EAF87B
Illegal/Obsolete DICOM (%s): Overlay Bit Position shall be 0, not %d, xrefs: 00007FF7D1EB80BA
Unable to decode %d-bit images with Transfer Syntax 1.2.840.10008.1.2.4.51, decompress with dcmdjpg or gdcmconv, xrefs: 00007FF7D1EB8D44
GE header too small to be valid (B), xrefs: 00007FF7D1EB4730
GEMS_PARM_01, xrefs: 00007FF7D1EB0BE9
gre_fsp, xrefs: 00007FF7D1EBA9FB
Unsupported transfer syntax '%s' (see www.nitrc.org/plugins/mwiki/index.php/dcm2nii:MainPage), xrefs: 00007FF7D1EB1A72
Philips Imaging DD 001, xrefs: 00007FF7D1EB0C72
0008,0008=MOSAIC but number of slices not specified: %s, xrefs: 00007FF7D1EB8EEF
_IMAGINARY_, xrefs: 00007FF7D1EB1595
GE header too small to be valid (A), xrefs: 00007FF7D1EB46CD
1.3.46.670589.11.0.0.12.1, xrefs: 00007FF7D1EB109E
GE DWI vectors may have been removed by Neologica DICOM Anonymizer Pro (Issue 542), xrefs: 00007FF7D1EBACD5
XA20, xrefs: 00007FF7D1EB450C
PULSED, xrefs: 00007FF7D1EB7D6D
1-bit binary with high bit = %d not supported (issue 572), xrefs: 00007FF7D1EBAE32
GE phasePolarity/sliceOrder flags %d %d, xrefs: 00007FF7D1EB4826
%d , xrefs: 00007FF7D1EB82D6, 00007FF7D1EB8382, 00007FF7D1EB842E, 00007FF7D1EB84DA
%d %d, xrefs: 00007FF7D1EB9A1C
1.3.46.670589.11.0.0.12.4, xrefs: 00007FF7D1EB10DE
b0map, xrefs: 00007FF7D1EB57A9
DICOM file: %s, xrefs: 00007FF7D1EB92EE
SIEMENS MR SDS 01, xrefs: 00007FF7D1EB0B17
Assuming icon SQ 07a3,10ce., xrefs: 00007FF7D1EB5D08
Warning: , xrefs: 00007FF7D1EB1647, 00007FF7D1EB19A4, 00007FF7D1EB1A66, 00007FF7D1EB1BB6, 00007FF7D1EB1C61, 00007FF7D1EB2B56, 00007FF7D1EB5CFC, 00007FF7D1EB7266, 00007FF7D1EB8825, 00007FF7D1EB88A9, 00007FF7D1EB8CC4, 00007FF7D1EB8CF6, 00007FF7D1EB8DEB, 00007FF7D1EB8E9C, 00007FF7D1EB8EE0, 00007FF7D1EB926A, 00007FF7D1EB9799, 00007FF7D1EB9A84, 00007FF7D1EBA1FB, 00007FF7D1EBA299, 00007FF7D1EBAA39, 00007FF7D1EBACC9, 00007FF7D1EBAE24
_MOCO_, xrefs: 00007FF7D1EB1320
GRADIENT, xrefs: 00007FF7D1EB6B62
epi, xrefs: 00007FF7D1EB577F
Unsupported overlay origin %d/%d, xrefs: 00007FF7D1EB7E09
Guessing temporal order for Philips enhanced DICOM ASL (issue 532)., xrefs: 00007FF7D1EB9A90
XA11, xrefs: 00007FF7D1EB44F2
XA31, xrefs: 00007FF7D1EB4560
Skipping non-image DICOM: %s, xrefs: 00007FF7D1EB1118
Unsupported transfer syntax '%s' (inflate files with 'dcmconv +te gz.dcm raw.dcm' or 'gdcmconv -w gz.dcm raw.dcm)', xrefs: 00007FF7D1EB19B0
epi2, xrefs: 00007FF7D1EB5735
Assuming TR = %gms, not 0018,0080 = %gms (see issue 369), xrefs: 00007FF7D1EB97AD
_TRACE_, xrefs: 00007FF7D1EB13CB
ISOTROPIC, xrefs: 00007FF7D1EB7045
Image Private Header, xrefs: 00007FF7D1EB0D08
_ADC_, xrefs: 00007FF7D1EB138B
Compressed image stored as %d fragments: if conversion fails decompress with gdcmconv, Osirix, dcmdjpeg or dcmjp2k %s, xrefs: 00007FF7D1EB8834
Please check slice thicknesses: Philips R3.2.2 bug can disrupt estimation (%d positions reported for %d slices), xrefs: 00007FF7D1EB8BFB
1.3.46.670589.33.1.4.1, xrefs: 00007FF7D1EB1936
3D pulsed continuous, xrefs: 00007FF7D1EB5976
1.2.840.10008.5.1.4.1.1.11.1, xrefs: 00007FF7D1EB112B
DIFFUSION, xrefs: 00007FF7D1EB78F7
Found 0018,9087 but manufacturer (0008,0070) unknown: assuming Philips., xrefs: 00007FF7D1EB7278
UHP, xrefs: 00007FF7D1EBA814
Double-precision DICOM conversion untested: please provide samples to developer, xrefs: 00007FF7D1EB1653
PFF, xrefs: 00007FF7D1EB212F
Mosaic inferred without CSA header (check number of slices and spatial orientation), xrefs: 00007FF7D1EB8EA8
Check number of slices, discrepancy between tags (0020,1002; 0021,104F; 0054,0081) (%d vs %d) %s, xrefs: 00007FF7D1EB8B37
Too many slices to track dimensions. Only up to %d are supported, xrefs: 00007FF7D1EB879F
remapping %04x,%04x -> %04x,%04x, xrefs: 00007FF7D1EB0A23
Guessing this is an explicit VR image., xrefs: 00007FF7D1EAFB7E
Compressed image stored as %d fragments: decompress with gdcmconv, Osirix, dcmdjpeg or dcmjp2k %s, xrefs: 00007FF7D1EB8874
orient (0020,0037)%g%g%g%g%g%g, xrefs: 00007FF7D1EB9387
B0map, xrefs: 00007FF7D1EB56C4
Unable to determine slice thickness: please check voxel size, xrefs: 00007FF7D1EB8CA8
Series %ld includes partial volume (issue 742): %d slices acquired but ICE dims (0021,118e) specifies %d , xrefs: 00007FF7D1EBA2AC
Assuming 7FE0,0010 refers to an icon not the main image, xrefs: 00007FF7D1EB1C6D
patient position end (0020,0032)%g%g%g, xrefs: 00007FF7D1EB9344
%d TE=%g Slope=%g Inter=%g PhilipsScale=%g Phase=%d, xrefs: 00007FF7D1EBA01F
%g , xrefs: 00007FF7D1EB81DC, 00007FF7D1EB8221
oasis, xrefs: 00007FF7D1EB1FC4
Philips MR Imaging DD 005, xrefs: 00007FF7D1EB0CEA
1.2.840.10008.5.1.4.1.1.66, xrefs: 00007FF7D1EB1073
1.2.840.10008.1.2.1, xrefs: 00007FF7D1EB1859
GEMS_RELA_01, xrefs: 00007FF7D1EB0BAD
GEIIS violates the DICOM standard. Inspect results and admonish your vendor., xrefs: 00007FF7D1EB1BC2
DimensionIndexValues (0020,9157), dimensions with variability:, xrefs: 00007FF7D1EB9894
b=%d(, xrefs: 00007FF7D1EBA547
_P_, xrefs: 00007FF7D1EB152B
1.2.840.10008.1.2.4.70, xrefs: 00007FF7D1EB18E9
CONTINUOUS, xrefs: 00007FF7D1EB59F6, 00007FF7D1EB7D49
Illegal/Obsolete DICOM (%s): Overlay Bits Allocated must be 1, not %d, xrefs: 00007FF7D1EB7FD7
EPI, xrefs: 00007FF7D1EB564A
NONE, xrefs: 00007FF7D1EB6B8A
%s<%d bytes>, xrefs: 00007FF7D1EB85EC
%s %s, xrefs: 00007FF7D1EB86B4
acq %d img %d ser %ld dim %dx%dx%dx%d mm %gx%gx%g offset %d loc %d valid %d ph %d mag %d nDTI %d 3d %d bits %d littleEndian %d echo %d coilCRC %d TE %g TR %g, xrefs: 00007FF7D1EB947B
Assuming final tag is Pixel Data (7fe0,0010) (issue 639), xrefs: 00007FF7D1EB890E
GEMS_SERS_01, xrefs: 00007FF7D1EB0BCB
epiRT, xrefs: 00007FF7D1EB575A
EPI2, xrefs: 00007FF7D1EB568A
ELSCINT1, xrefs: 00007FF7D1EB0C17, 00007FF7D1EB0C3E
new remapping (%d) %04x,%02xxy -> %04x,%02xxy, xrefs: 00007FF7D1EB0D7E
, xrefs: 00007FF7D1EB8119
Conversion aborted due to corrupt file: %s %dx%d %d, xrefs: 00007FF7D1EBAF47
Parameters vary across 3D volumes packed in single DICOM file:, xrefs: 00007FF7D1EB9FAB
GEMS_ACQU_01, xrefs: 00007FF7D1EB0B8F
DICOM violation (contact vendor): compressed image without image fragments, assuming image offset defined by 0x7FE0,x0010: %s, xrefs: 00007FF7D1EB88B8
Number of frames (%d) not divisible by locations in acquisition (2001,1018) %d (issue 515), xrefs: 00007FF7D1EB9279
PHILIPS MR IMAGING DD 001, xrefs: 00007FF7D1EB0C90
%d is too many dimensions. Only up to %d are supported, xrefs: 00007FF7D1EB7827
SIEMENS MR HEADER, xrefs: 00007FF7D1EB0B01, 00007FF7D1EB0B71
1.2.840.10008.5.1.4.1.1.66.4, xrefs: 00007FF7D1EB104D
1.2.840.10008.1.2.4.80, xrefs: 00007FF7D1EB1900
patient position (0020,0032)%g%g%g, xrefs: 00007FF7D1EB9302
Please check voxel size, xrefs: 00007FF7D1EB8C5A, 00007FF7D1EB8C83
_DIFFUSION_, xrefs: 00007FF7D1EB142F
Skipping Spectroscopy DICOM '%s', xrefs: 00007FF7D1EB20D5
UserDefineDataGE file offset/length %zu %u, xrefs: 00007FF7D1EB46B0
19000101, xrefs: 00007FF7D1EB1F59
_R_, xrefs: 00007FF7D1EB14BF
_M_, xrefs: 00007FF7D1EB14E2
version %g, xrefs: 00007FF7D1EB476F
1.2.840.10008.1.2.4.81, xrefs: 00007FF7D1EB191B
_MoCo, xrefs: 00007FF7D1EB908C
%s: Warning: Data is not EPI, xrefs: 00007FF7D1EB47D8
1.2.840.10008.1.2.4.91, xrefs: 00007FF7D1EB19D7
Memory exhausted!, xrefs: 00007FF7D1EAF906
DERIVED, xrefs: 00007FF7D1EB15FB
MAP, xrefs: 00007FF7D1EB1365
_REAL_, xrefs: 00007FF7D1EB1553
1.2.840.10008.1.2.4.51, xrefs: 00007FF7D1EB189B
1.2.840.10008.1.2.4.90, xrefs: 00007FF7D1EB1966
Premier, xrefs: 00007FF7D1EBA7F5
1.2.840.10008.1.2.1.99, xrefs: 00007FF7D1EB198D
DWI bxyz %g %g %g %g, xrefs: 00007FF7D1EB9532
fl2d1, xrefs: 00007FF7D1EBA7A2

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _fread_nolock
String ID: $ Patient Position 0020,0032 (#,@,X,Y,Z)%d%zu%g%g%g$ %d TE=%g Slope=%g Inter=%g PhilipsScale=%g Phase=%d$ DWI bxyz %g %g %g %g$ Dimension %d Range: %d..%d$ DimensionIndexValues (0020,9157), dimensions with variability:$ GE header overflows buffer$ GE header too small to be valid (A)$ GE header too small to be valid (B)$ GE phasePolarity/sliceOrder flags %d %d$ UserDefineDataGE file offset/length %zu %u$ acq %d img %d ser %ld dim %dx%dx%dx%d mm %gx%gx%g offset %d loc %d valid %d ph %d mag %d nDTI %d 3d %d bits %d littleEndian %d echo %d coilCRC %d TE %g TR %g$ header offset: %zu$ orient (0020,0037)%g%g%g%g%g%g$ patient position (0020,0032)%g%g%g$ patient position end (0020,0032)%g%g%g$ version %g$%*c%04x,%04x %u@%zu $%d $%d %d$%d is too many dimensions. Only up to %d are supported$%g $%s$%s %s$%s: Warning: Data is not EPI$%s<%d bytes>$0008,0008=MOSAIC but number of slices not specified: %s$1-bit binary with high bit = %d not supported (issue 572)$1.2.840.10008.1.2$1.2.840.10008.1.2.1$1.2.840.10008.1.2.1.99$1.2.840.10008.1.2.2$1.2.840.10008.1.2.4.50$1.2.840.10008.1.2.4.51$1.2.840.10008.1.2.4.57$1.2.840.10008.1.2.4.70$1.2.840.10008.1.2.4.80$1.2.840.10008.1.2.4.81$1.2.840.10008.1.2.4.90$1.2.840.10008.1.2.4.91$1.2.840.10008.1.2.5$1.2.840.10008.5.1.4.1.1.11.1$1.2.840.10008.5.1.4.1.1.66$1.2.840.10008.5.1.4.1.1.66.4$1.3.46.670589.11.0.0.12.1$1.3.46.670589.11.0.0.12.2$1.3.46.670589.11.0.0.12.4$1.3.46.670589.33.1.4.1$19000101$3D continuous$3D pulsed continuous$7.0T$AAHScout$Assuming 7FE0,0010 refers to an icon not the main image$Assuming TR = %gms, not 0018,0080 = %gms (see issue 369)$Assuming final tag is Pixel Data (7fe0,0010) (issue 639)$Assuming icon SQ 07a3,10ce.$B0map$CONTINUOUS$Check number of slices, discrepancy between tags (0020,1002; 0021,104F; 0054,0081) (%d vs %d) %s$Compressed image stored as %d fragments: decompress with gdcmconv, Osirix, dcmdjpeg or dcmjp2k %s$Compressed image stored as %d fragments: if conversion fails decompress with gdcmconv, Osirix, dcmdjpeg or dcmjp2k %s$Conversion aborted due to corrupt file: %s %dx%d %d$DERIVED$DICOM appears corrupt: first group:element should be 0x0002:0x0000 '%s'$DICOM file: %s$DICOM preamble and prefix missing: this is not a valid DICOM image.$DICOM read fail: not a valid file (perhaps a directory) %s$DICOM violation (contact vendor): compressed image without image fragments, assuming image offset defined by 0x7FE0,x0010: %s$DICOMANON$DIFFUSION$Double-precision DICOM conversion untested: please provide samples to developer$ELSCINT1$EPI$EPI2$Error: $File too small to be a DICOM image %s$Found 0018,9087 but manufacturer (0008,0070) unknown: assuming Philips.$GE DWI vectors may have been removed by Neologica DICOM Anonymizer Pro (Issue 542)$GEIIS violates the DICOM standard. Inspect results and admonish your vendor.$GEMS_ACQU_01$GEMS_PARM_01$GEMS_RELA_01$GEMS_SERS_01$GRADIENT$Guessing temporal order for Philips enhanced DICOM ASL (issue 532).$Guessing this is a mosaic up to %d slices (issue 337).$Guessing this is an explicit VR image.$ISOTROPIC$Illegal DICOM tag %04x,%04x (odd element length %d): %s$Illegal/Obsolete DICOM (%s): Overlay Bit Position shall be 0, not %d$Illegal/Obsolete DICOM (%s): Overlay Bits Allocated must be 1, not %d$Image Private Header$Instance number (0020,0013) not found: %s$Invalid enhanced DICOM created by Canon: Only single dimension in DimensionIndexValues (0020,9157) varies, for 4D file (e.g. BOTH space and time should vary)$MAP$MATLAB$MEDCOM_RESAMPLED$MOSAIC$Matlab DICOMANON can scramble SeriesInstanceUID (0020,000e) and remove crucial data (see issue 383). $Memory exhausted!$Mosaic inferred without CSA header (check number of slices and spatial orientation)$NONE$Number of frames (%d) not divisible by locations in acquisition (2001,1018) %d (issue 515)$Only loaded %zu of %zu bytes for %s$PALETTE_COLOR$PFF$PHASE$PHILIPS IMAGING DD 001$PHILIPS MR IMAGING DD 001$PHILIPS MR IMAGING DD 005$PSEUDOCONTINUOUS$PULSED$Parameters vary across 3D volumes packed in single DICOM file:$Philips Imaging DD 001$Philips MR Imaging DD 001$Philips MR Imaging DD 005$Photometric Interpretation 'PALETTE COLOR' not supported$Please check slice thicknesses: Philips R3.2.2 bug can disrupt estimation (%d positions reported for %d slices)$Please check voxel size$Premier$QUADRUPED$SIEMENS CSA HEADER$SIEMENS MR HEADER$SIEMENS MR SDI 02$SIEMENS MR SDS 01$Series %ld includes partial volume (issue 742): %d slices acquired but ICE dims (0021,118e) specifies %d $Skipping DICOM (audio not image) '%s'$Skipping Spectroscopy DICOM '%s'$Skipping non-image DICOM: %s$Too many slices to track dimensions. Only up to %d are supported$UHP$Unable to convert DTI [recompile with increased kMaxDTI4D] detected=%d, max = %d$Unable to decode %d-bit images with Transfer Syntax 1.2.840.10008.1.2.4.51, decompress with dcmdjpg or gdcmconv$Unable to determine slice thickness: please check voxel size$Unable to open file %s$Underspecified BMatrix without BVector (issue 265)$Unsupported overlay origin %d/%d$Unsupported transfer syntax '%s' (inflate files with 'dcmconv +te gz.dcm raw.dcm' or 'gdcmconv -w gz.dcm raw.dcm)'$Unsupported transfer syntax '%s' (see www.nitrc.org/plugins/mwiki/index.php/dcm2nii:MainPage)$Warning: $XA10$XA10A$XA11$XA20$XA30$XA31$_ADC_$_AI$_DIFFUSION_$_FA_$_IMAGINARY_$_I_$_MAGNITUDE_$_MOCO_$_M_$_MoCo$_P_$_REAL_$_R_$_TRACEW_$_TRACE_$b0map$b1map$b=%d($epi$epi2$epiRT$epi_pepolar$fl2d1$fldyn3d1$gre_fsp$interpolated protocol '%s' may be unsuitable for dwidenoise/mrdegibbs. %s$new remapping (%d) %04x,%02xxy -> %04x,%02xxy$oasis$remapping %04x,%04x -> %04x,%04x$slice orientation varies (localizer?) [%g %g %g %g %g %g] != [%g %g %g %g %g %g]
API String ID: 840049012-1103246203
Opcode ID: 51e8858c84558326d82d582e836d181771be1f307aa239561adf0868a0e4d4d5
Instruction ID: 87029c73c6cd51e765978abc2bfd218f0994afa0e5a63dbe9207ab7a08666d30
Opcode Fuzzy Hash: 51e8858c84558326d82d582e836d181771be1f307aa239561adf0868a0e4d4d5
Instruction Fuzzy Hash: 8C34FF72A086C389F735EF35C9542FCBBA0EB0534AFC54337D62A566D5DEA8A640C720

Function 00007FF7D1ED7B00 Relevance: 167.3, Strings: 133, Instructions: 1079COMMON

Download Yara Rule

Strings

Created by dcm2niix and NeuroJSON (http://neurojson.org), xrefs: 00007FF7D1ED85E9
https://github.com/NeuroJSON/jnifty, xrefs: 00007FF7D1ED865B
uniform, xrefs: 00007FF7D1ED7EEF
AnnotationFormat, xrefs: 00007FF7D1ED8609
estimate, xrefs: 00007FF7D1ED7FE9
dispvec, xrefs: 00007FF7D1ED802F
uint16, xrefs: 00007FF7D1ED7BD3
shape, xrefs: 00007FF7D1ED80FB
rad, xrefs: 00007FF7D1ED7DC9
Name, xrefs: 00007FF7D1ED8B2A
0.5, xrefs: 00007FF7D1ED85D3
Python, xrefs: 00007FF7D1ED864F
binomial, xrefs: 00007FF7D1ED7E7F
int16, xrefs: 00007FF7D1ED7B60
A75DataTypeName, xrefs: 00007FF7D1ED8B8F, 00007FF7D1ED8C0A
extval, xrefs: 00007FF7D1ED7F35
invgauss, xrefs: 00007FF7D1ED7F27
complex256, xrefs: 00007FF7D1ED7BF2
corr, xrefs: 00007FF7D1ED7E2B
normal, xrefs: 00007FF7D1ED7EA9
beta, xrefs: 00007FF7D1ED7E71
Error: , xrefs: 00007FF7D1ED8DFA
A75SessionError, xrefs: 00007FF7D1ED8BEB
vector, xrefs: 00007FF7D1ED803D
_ArrayOrder_, xrefs: 00007FF7D1ED8CE1
int32, xrefs: 00007FF7D1ED7B6B
Special, xrefs: 00007FF7D1ED88F5
A75Extends, xrefs: 00007FF7D1ED8BCB
ncchi2, xrefs: 00007FF7D1ED7EC5
logistic, xrefs: 00007FF7D1ED7ED3
%s, xrefs: 00007FF7D1ED8F06
A75GlobalMax, xrefs: 00007FF7D1ED8C2B
MATLAB, xrefs: 00007FF7D1ED8665
ftest, xrefs: 00007FF7D1ED7E47
MinIntensity, xrefs: 00007FF7D1ED8934
NIFTIHeader, xrefs: 00007FF7D1ED8690
NIFTIData, xrefs: 00007FF7D1ED8C68
tseries, xrefs: 00007FF7D1ED8083
laplace, xrefs: 00007FF7D1ED7EE1
pvalue, xrefs: 00007FF7D1ED7F4B
int8, xrefs: 00007FF7D1ED7B8F
rgb, xrefs: 00007FF7D1ED809F
seq+, xrefs: 00007FF7D1ED7DD7
MaxIntensity, xrefs: 00007FF7D1ED891A
Param1, xrefs: 00007FF7D1ED86E0
QForm, xrefs: 00007FF7D1ED89AD
LastSliceID, xrefs: 00007FF7D1ED884A
rgba, xrefs: 00007FF7D1ED80CD
A75GlobalMin, xrefs: 00007FF7D1ED8C4C
zscore, xrefs: 00007FF7D1ED7E55
ScaleSlope, xrefs: 00007FF7D1ED881D
gamma, xrefs: 00007FF7D1ED7E8D
Affine, xrefs: 00007FF7D1ED8ABA
_ArrayZipSize_, xrefs: 00007FF7D1ED8D52, 00007FF7D1ED8E74
https://github.com/NeuroJSON/jsdata, xrefs: 00007FF7D1ED8671
Dim, xrefs: 00007FF7D1ED86CC
ncftest, xrefs: 00007FF7D1ED7EB7
_ArrayZipType_, xrefs: 00007FF7D1ED8CF1
quaternion, xrefs: 00007FF7D1ED8067
VoxelSize, xrefs: 00007FF7D1ED879B
Error: error when writing to JNIfTI file, xrefs: 00007FF7D1ED8EF2
NIIByteOffset, xrefs: 00007FF7D1ED8B62
NIIHeaderSize, xrefs: 00007FF7D1ED86A6
JNIFTIVersion, xrefs: 00007FF7D1ED85DD
chi, xrefs: 00007FF7D1ED7F19
Quatern, xrefs: 00007FF7D1ED89EA
BitDepth, xrefs: 00007FF7D1ED8759
_DataInfo_, xrefs: 00007FF7D1ED85C1
SliceType, xrefs: 00007FF7D1ED8866
complex128, xrefs: 00007FF7D1ED7BDA
elem, xrefs: 00007FF7D1ED8091
base64, xrefs: 00007FF7D1ED8E2F
_ArraySize_, xrefs: 00007FF7D1ED8CC8
Param2, xrefs: 00007FF7D1ED86F7
TimeOffset, xrefs: 00007FF7D1ED8968
double, xrefs: 00007FF7D1ED7B4D
SliceTime, xrefs: 00007FF7D1ED894E
_ArrayZipData_, xrefs: 00007FF7D1ED8DC7, 00007FF7D1ED8E97
Orientation, xrefs: 00007FF7D1ED87B2
.jnii, xrefs: 00007FF7D1ED81DA
seq-, xrefs: 00007FF7D1ED7DE5
ttest, xrefs: 00007FF7D1ED7E39
complex64, xrefs: 00007FF7D1ED7B7D
symmatrix, xrefs: 00007FF7D1ED8021
int64, xrefs: 00007FF7D1ED7C07
Param3, xrefs: 00007FF7D1ED870E
https://github.com/NeuroJSON/jnifti/blob/master/JNIfTI_specification.md, xrefs: 00007FF7D1ED85FF
weibull, xrefs: 00007FF7D1ED7F0B
single, xrefs: 00007FF7D1ED7B76
poisson, xrefs: 00007FF7D1ED7E9B
alt2+, xrefs: 00007FF7D1ED7E0F
.bnii, xrefs: 00007FF7D1ED81BA
logpvalue, xrefs: 00007FF7D1ED7FCD
DataType, xrefs: 00007FF7D1ED873E
ppm, xrefs: 00007FF7D1ED7DBB
http://json.org, xrefs: 00007FF7D1ED8615
Comment, xrefs: 00007FF7D1ED85F3
QuaternOffset, xrefs: 00007FF7D1ED8A52
FirstSliceID, xrefs: 00007FF7D1ED8774
triangle, xrefs: 00007FF7D1ED8059
SerialFormat, xrefs: 00007FF7D1ED861F
uint64, xrefs: 00007FF7D1ED7C3B
ScaleOffset, xrefs: 00007FF7D1ED8834
Failed to compress data stream, error code=%d, status code=%d, xrefs: 00007FF7D1ED8E13
alt+, xrefs: 00007FF7D1ED7DF3
alt2-, xrefs: 00007FF7D1ED7E1D
_ArrayType_, xrefs: 00007FF7D1ED8C85
Unit, xrefs: 00007FF7D1ED888A
Error: error when converting to JNIfTI, xrefs: 00007FF7D1ED8EC6
Parser, xrefs: 00007FF7D1ED8633
Intent, xrefs: 00007FF7D1ED8723
NIIFormat, xrefs: 00007FF7D1ED8B40
rgb24, xrefs: 00007FF7D1ED7B96
label, xrefs: 00007FF7D1ED7FF7
https://pypi.org/project/jdatahttps://pypi.org/project/bjdata, xrefs: 00007FF7D1ED8645
double128, xrefs: 00007FF7D1ED7BBE
zlib, xrefs: 00007FF7D1ED8D08
point, xrefs: 00007FF7D1ED804B
uint32, xrefs: 00007FF7D1ED7BAD
Description, xrefs: 00007FF7D1ED8984
log10pvalue, xrefs: 00007FF7D1ED7FDB
SForm, xrefs: 00007FF7D1ED89CB
AuxFile, xrefs: 00007FF7D1ED899A
unitless, xrefs: 00007FF7D1ED8075
uint8, xrefs: 00007FF7D1ED7B3E
ncttest, xrefs: 00007FF7D1ED7EFD
JavaScript, xrefs: 00007FF7D1ED867B
A75DBName, xrefs: 00007FF7D1ED8BB1
rgba32, xrefs: 00007FF7D1ED7C0E
neuronames, xrefs: 00007FF7D1ED8005
alt-, xrefs: 00007FF7D1ED7E01
matrix, xrefs: 00007FF7D1ED8013
chi2, xrefs: 00007FF7D1ED7E63

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: %s$.bnii$.jnii$0.5$A75DBName$A75DataTypeName$A75Extends$A75GlobalMax$A75GlobalMin$A75SessionError$Affine$AnnotationFormat$AuxFile$BitDepth$Comment$Created by dcm2niix and NeuroJSON (http://neurojson.org)$DataType$Description$Dim$Error: $Error: error when converting to JNIfTI$Error: error when writing to JNIfTI file$Failed to compress data stream, error code=%d, status code=%d$FirstSliceID$Intent$JNIFTIVersion$JavaScript$LastSliceID$MATLAB$MaxIntensity$MinIntensity$NIFTIData$NIFTIHeader$NIIByteOffset$NIIFormat$NIIHeaderSize$Name$Orientation$Param1$Param2$Param3$Parser$Python$QForm$Quatern$QuaternOffset$SForm$ScaleOffset$ScaleSlope$SerialFormat$SliceTime$SliceType$Special$TimeOffset$Unit$VoxelSize$_ArrayOrder_$_ArraySize_$_ArrayType_$_ArrayZipData_$_ArrayZipSize_$_ArrayZipType_$_DataInfo_$alt+$alt-$alt2+$alt2-$base64$beta$binomial$chi$chi2$complex128$complex256$complex64$corr$dispvec$double$double128$elem$estimate$extval$ftest$gamma$http://json.org$https://github.com/NeuroJSON/jnifti/blob/master/JNIfTI_specification.md$https://github.com/NeuroJSON/jnifty$https://github.com/NeuroJSON/jsdata$https://pypi.org/project/jdatahttps://pypi.org/project/bjdata$int16$int32$int64$int8$invgauss$label$laplace$log10pvalue$logistic$logpvalue$matrix$ncchi2$ncftest$ncttest$neuronames$normal$point$poisson$ppm$pvalue$quaternion$rad$rgb$rgb24$rgba$rgba32$seq+$seq-$shape$single$symmatrix$triangle$tseries$ttest$uint16$uint32$uint64$uint8$uniform$unitless$vector$weibull$zlib$zscore
API String ID: 0-450567688
Opcode ID: 2f17827cf7ee56c663132497d06aade0e060d1aa7173407ba3cb44a20d7378f8
Instruction ID: 9f726443a03da3f6c954d89e7b44ab40848272eb255c610dfef75dbcca2e3524
Opcode Fuzzy Hash: 2f17827cf7ee56c663132497d06aade0e060d1aa7173407ba3cb44a20d7378f8
Instruction Fuzzy Hash: BDC26F61A0AB8389FB11EF25D8401EDB3A4FB89788FC44237DE4D57665EFB8A245C350

Function 00007FF7D1EDB830 Relevance: 99.7, Strings: 77, Instructions: 3473COMMON

Download Yara Rule

Strings

Saving as 32-bit float (slope, intercept or bits allocated varies)., xrefs: 00007FF7D1EDEF5E
Distance from first slice:, xrefs: 00007FF7D1EDCE18
D scl_slope:scl_inter = %g:%g, xrefs: 00007FF7D1EDE2E6
Convert %d DICOM as %s (%dx%dx%dx%d), xrefs: 00007FF7D1EDE4DD
Hint: expected %d locations, xrefs: 00007FF7D1EDC2EE
_fl3d1_ns, xrefs: 00007FF7D1EDBBDF
PET, xrefs: 00007FF7D1EDD928
R = raw value, P = precise value, D = displayed value, xrefs: 00007FF7D1EDE2BA
_fl2d1, xrefs: 00007FF7D1EDBBF4
], xrefs: 00007FF7D1EDCB70
Ignoring derived diffusion image(s). Better isotropic and ADC maps can be generated later processing., xrefs: 00007FF7D1EDE7E4
_tfl2d1, xrefs: 00007FF7D1EDBB90
%u%s, xrefs: 00007FF7D1EDDFEC
Check that 2D images are not mirrored., xrefs: 00007FF7D1EDE536
Siemens XA exported as classic not enhanced DICOM (issue 236), xrefs: 00007FF7D1EDE4A5
Patient Position (0018,5100) not specified (issue 642)., xrefs: 00007FF7D1EDB9DF
%s, xrefs: 00007FF7D1EDDFFC
RS = rescale slope, RI = rescale intercept, SS = scale slope, xrefs: 00007FF7D1EDE2C6
Note these images have gantry tilt of %g degrees (manufacturer ID = %d), xrefs: 00007FF7D1EDBF4B
Dimensions %d %d %d %d nAcq %d nConvert %d, xrefs: 00007FF7D1EDCE08
Slice positions repeated, but number of slices (%d) not divisible by number of repeats (%d): missing images?, xrefs: 00007FF7D1EDC2C7
Slice thickness correction skipped: 0008,2111 reports RESAMPLED, xrefs: 00007FF7D1EDF3AD
PET, xrefs: 00007FF7D1EDD934
Missing images. Found %d images, expected %d slices per volume and instance number (0020,0013) ranges from %d to %d, xrefs: 00007FF7D1EDD365
Images sorted by instance number [0020,0013](%d..%d), but AcquisitionTime [0008,0032] suggests a different order (%g..%g) , xrefs: 00007FF7D1EDD8BC
Ignoring localizer (sequence '%s') of series %ld %s, xrefs: 00007FF7D1EDBBCC, 00007FF7D1EDBC48
Philips Scaling Values RS:RI:SS = %g:%g:%g (see PMC3998685), xrefs: 00007FF7D1EDE282
Unable to equalize slice distances: slice order not consistently ascending., xrefs: 00007FF7D1EDD26B
Unable to rotate 3D volume: slices not equidistant: %g != %g, xrefs: 00007FF7D1EDE663
OnsetTime = [, xrefs: 00007FF7D1EDCA8B
instance=[, xrefs: 00007FF7D1EDD3D3
*tfl2d1, xrefs: 00007FF7D1EDBC17
discard, xrefs: 00007FF7D1EDD9D0
DICOM row order preserved: may appear upside down in tools that ignore spatial transforms, xrefs: 00007FF7D1EDE69E
Expected %d volumes but found spatial position repeats %d times., xrefs: 00007FF7D1EDC1CE
DICOM images may be missing, expected %d spatial locations per volume, but found %d., xrefs: 00007FF7D1EDC242
Image dimensions differ %s %s, xrefs: 00007FF7D1EDD88A
Interslice distance varies in this volume (incompatible with NIfTI format)., xrefs: 00007FF7D1EDCDC3
%u.%d%s, xrefs: 00007FF7D1EDDF9E
Error: , xrefs: 00007FF7D1EDD295, 00007FF7D1EDD338, 00007FF7D1EDD867, 00007FF7D1EDDFBB
Anatomical Orientation Type (0010,2210) is QUADRUPED: rotate coordinates accordingly (issue 642), xrefs: 00007FF7D1EDBA01
Slice positions repeated, but number of slices (%d) not divisible by number of repeats (%d): converting only complete volumes., xrefs: 00007FF7D1EDC2A1
PrivateCreator remapping detected. DICOMs are not archival quality (issue 435)., xrefs: 00007FF7D1EDBAF0
Series %d does not exist, xrefs: 00007FF7D1EDDFD1
_ROI%d, xrefs: 00007FF7D1EDEB2F
First spatial position repeated %d times, xrefs: 00007FF7D1EDD27A
Unable to determine manufacturer (0008,0070), so conversion is not tuned for vendor., xrefs: 00007FF7D1EDBCEF
Ignoring derived image(s) of series %ld %s, xrefs: 00007FF7D1EDBB6A, 00007FF7D1EDDA19
Ignoring 2D image of series %ld %s, xrefs: 00007FF7D1EDBCC2
Recompiling with '-DmyInstanceNumberOrderIsNotSpatial' might help., xrefs: 00007FF7D1EDD2AB
Siemens XA10 Mosaics are not primary images and lack vital data., xrefs: 00007FF7D1EDBB26
*fl2d1, xrefs: 00007FF7D1EDBC70
Tilt correction skipped, xrefs: 00007FF7D1EDF377
_ADC, xrefs: 00007FF7D1EDE87A
_Tilt, xrefs: 00007FF7D1EDF35D
D = R * RS + RI; P = D/(RS * SS), xrefs: 00007FF7D1EDE2D2
P scl_slope:scl_inter = %g:%g, xrefs: 00007FF7D1EDE30D
Discrepancy between reported (%gs) and estimated (%gs) repetition time (issue 560)., xrefs: 00007FF7D1EDC7AB
*fl3d1_ns, xrefs: 00007FF7D1EDBC5B
Resolved discrepancy between tags (0020,1002; 0021,104F; 0054,0081), xrefs: 00007FF7D1EDC058
Swizzling 3rd and 4th dimensions (XYTZ -> XYZT), assuming interslice distance is %f, xrefs: 00007FF7D1EDD582
dx=[0, xrefs: 00007FF7D1EDCE24
DICOM images may be missing, expected %d spatial locations per volume, but found %d slices., xrefs: 00007FF7D1EDC09C
Seconds between volumes varies (perhaps run through midnight), xrefs: 00007FF7D1EDC92A
Images not sorted in ascending instance number (0020,0013), xrefs: 00007FF7D1EDD847
%g, xrefs: 00007FF7D1EDCB4A, 00007FF7D1EDCE44
derived, xrefs: 00007FF7D1EDD9E8
%d, xrefs: 00007FF7D1EDD3F7
All images appear to be a single slice - please check slice/vector orientation, xrefs: 00007FF7D1EDD5B5
Slice re-ordering resolved inter-slice distance variability., xrefs: 00007FF7D1EDD245
Using D values ('-p y ' for P values), xrefs: 00007FF7D1EDE362
See https://github.com/rordenlab/dcm2niix/issues/236, xrefs: 00007FF7D1EDBB32
Missing images? Expected %d images, but instance number (0020,0013) ranges from %d to %d, xrefs: 00007FF7D1EDD3B9
Converting %s, xrefs: 00007FF7D1EDBDC7
Seconds between volumes varies, xrefs: 00007FF7D1EDC920
Warning: , xrefs: 00007FF7D1EDB9D3, 00007FF7D1EDB9F5, 00007FF7D1EDBAE4, 00007FF7D1EDBCE3, 00007FF7D1EDBF36, 00007FF7D1EDC1BF, 00007FF7D1EDC797, 00007FF7D1EDC914, 00007FF7D1EDCDB7, 00007FF7D1EDD391, 00007FF7D1EDD5A9, 00007FF7D1EDD833, 00007FF7D1EDE499, 00007FF7D1EDE52A, 00007FF7D1EDE639
Using P values ('-p n ' for D values), xrefs: 00007FF7D1EDE336

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: %u%s$%u.%d%s$ %d$ %g$ %s$ D = R * RS + RI; P = D/(RS * SS)$ D scl_slope:scl_inter = %g:%g$ Distance from first slice:$ OnsetTime = [$ P scl_slope:scl_inter = %g:%g$ R = raw value, P = precise value, D = displayed value$ RS = rescale slope, RI = rescale intercept, SS = scale slope$ Recompiling with '-DmyInstanceNumberOrderIsNotSpatial' might help.$ See https://github.com/rordenlab/dcm2niix/issues/236$ Using D values ('-p y ' for P values)$ Using P values ('-p n ' for D values)$ ]$*fl2d1$*fl3d1_ns$*tfl2d1$All images appear to be a single slice - please check slice/vector orientation$Anatomical Orientation Type (0010,2210) is QUADRUPED: rotate coordinates accordingly (issue 642)$Check that 2D images are not mirrored.$Convert %d DICOM as %s (%dx%dx%dx%d)$Converting %s$DICOM images may be missing, expected %d spatial locations per volume, but found %d slices.$DICOM images may be missing, expected %d spatial locations per volume, but found %d.$DICOM row order preserved: may appear upside down in tools that ignore spatial transforms$Dimensions %d %d %d %d nAcq %d nConvert %d$Discrepancy between reported (%gs) and estimated (%gs) repetition time (issue 560).$Error: $Expected %d volumes but found spatial position repeats %d times.$First spatial position repeated %d times$Hint: expected %d locations$Ignoring 2D image of series %ld %s$Ignoring derived diffusion image(s). Better isotropic and ADC maps can be generated later processing.$Ignoring derived image(s) of series %ld %s$Ignoring localizer (sequence '%s') of series %ld %s$Image dimensions differ %s %s$Images not sorted in ascending instance number (0020,0013)$Images sorted by instance number [0020,0013](%d..%d), but AcquisitionTime [0008,0032] suggests a different order (%g..%g) $Interslice distance varies in this volume (incompatible with NIfTI format).$Missing images. Found %d images, expected %d slices per volume and instance number (0020,0013) ranges from %d to %d$Missing images? Expected %d images, but instance number (0020,0013) ranges from %d to %d$Note these images have gantry tilt of %g degrees (manufacturer ID = %d)$PET$PET$Patient Position (0018,5100) not specified (issue 642).$Philips Scaling Values RS:RI:SS = %g:%g:%g (see PMC3998685)$PrivateCreator remapping detected. DICOMs are not archival quality (issue 435).$Resolved discrepancy between tags (0020,1002; 0021,104F; 0054,0081)$Saving as 32-bit float (slope, intercept or bits allocated varies).$Seconds between volumes varies$Seconds between volumes varies (perhaps run through midnight)$Series %d does not exist$Siemens XA exported as classic not enhanced DICOM (issue 236)$Siemens XA10 Mosaics are not primary images and lack vital data.$Slice positions repeated, but number of slices (%d) not divisible by number of repeats (%d): converting only complete volumes.$Slice positions repeated, but number of slices (%d) not divisible by number of repeats (%d): missing images?$Slice re-ordering resolved inter-slice distance variability.$Slice thickness correction skipped: 0008,2111 reports RESAMPLED$Swizzling 3rd and 4th dimensions (XYTZ -> XYZT), assuming interslice distance is %f$Tilt correction skipped$Unable to determine manufacturer (0008,0070), so conversion is not tuned for vendor.$Unable to equalize slice distances: slice order not consistently ascending.$Unable to rotate 3D volume: slices not equidistant: %g != %g$Warning: $_ADC$_ROI%d$_Tilt$_fl2d1$_fl3d1_ns$_tfl2d1$derived$discard$dx=[0$instance=[
API String ID: 0-2133332575
Opcode ID: c003aab101856021bcc4303239e8b6b2fc8eee4894de82e40f7c0c715200631b
Instruction ID: a86e127b7de2a8f17da1c19651e2589e8de72f45ef88e375089c658dca1bc184
Opcode Fuzzy Hash: c003aab101856021bcc4303239e8b6b2fc8eee4894de82e40f7c0c715200631b
Instruction Fuzzy Hash: C483D262E08AC685F711DF38C5042FDA360FB55789FC89226DB4D27696EFB8E685C310

Function 00007FF7D1ED4D90 Relevance: 79.7, Strings: 63, Instructions: 965COMMON

Download Yara Rule

Strings

DWMRI_gradient_%04d:=%.17g %.17g %.17g, xrefs: 00007FF7D1ED5BF5
none, xrefs: 00007FF7D1ED5164, 00007FF7D1ED54D0
DICOM_0018_0081_EchoTime:=%g, xrefs: 00007FF7D1ED57F5
DICOM_0008_0070_Manufacturer:=Philips Medical Systems, xrefs: 00007FF7D1ED56F2
DICOM_0008_0060_Modality:=MR, xrefs: 00007FF7D1ED56A4
# http://teem.sourceforge.net/nrrd/format.html, xrefs: 00007FF7D1ED5061
v1.0.20240202, xrefs: 00007FF7D1ED5070
# dcm2niix %s NRRD export transforms by Tashrif Billah, xrefs: 00007FF7D1ED507A
data file: %s, xrefs: 00007FF7D1ED539A
DICOM_0018_1020_SoftwareVersions:=%s, xrefs: 00007FF7D1ED58A8
dimension: %d, xrefs: 00007FF7D1ED51F4
DICOM_0008_0070_Manufacturer:=SIEMENS, xrefs: 00007FF7D1ED56D8
list, xrefs: 00007FF7D1ED5580
.raw, xrefs: 00007FF7D1ED5E0A
DICOM_0018_0023_MRAcquisitionType:=2D, xrefs: 00007FF7D1ED578D
NaN, xrefs: 00007FF7D1ED52C0
NRRD0005, xrefs: 00007FF7D1ED5040
type: uint8, xrefs: 00007FF7D1ED50D8, 00007FF7D1ED5155
RGB-color, xrefs: 00007FF7D1ED5534
DICOM_0008_1090_ManufacturerModelName:=%s, xrefs: 00007FF7D1ED5748
space directions:%s (%g,%g,%g) (%g,%g,%g) (%g,%g,%g), xrefs: 00007FF7D1ED541A
measurement frame: (%g,%g,%g) (%g,%g,%g) (%g,%g,%g), xrefs: 00007FF7D1ED59C0
kinds:, xrefs: 00007FF7D1ED551A
type: int16, xrefs: 00007FF7D1ED50CC
sizes:, xrefs: 00007FF7D1ED5212
encoding: gzip, xrefs: 00007FF7D1ED5313
space: right-anterior-superior, xrefs: 00007FF7D1ED5203
space units: "mm" "mm" "mm", xrefs: 00007FF7D1ED53B4
type: int32, xrefs: 00007FF7D1ED50C0
type: double, xrefs: 00007FF7D1ED5180
DICOM_0018_0080_RepetitionTime:=%g, xrefs: 00007FF7D1ED57C5
DICOM_0008_0060_Modality:=CT, xrefs: 00007FF7D1ED56BE
endian: little, xrefs: 00007FF7D1ED52F2
centerings:%s cell cell cell, xrefs: 00007FF7D1ED5500
Unknown NRRD datatype %d, xrefs: 00007FF7D1ED512B
oldmin: %8.8f, xrefs: 00007FF7D1ED561D
DICOM_0018_1314_FlipAngle:=%g, xrefs: 00007FF7D1ED58C5
Error: , xrefs: 00007FF7D1ED5114
space, xrefs: 00007FF7D1ED5555
DICOM_0018_0022_ScanOptions:=%s, xrefs: 00007FF7D1ED5778
modality:=DWMRI, xrefs: 00007FF7D1ED5A7A
DICOM_0018_0087_MagneticFieldStrength:=%g, xrefs: 00007FF7D1ED586F
endian: big, xrefs: 00007FF7D1ED52EB
.nrrd, xrefs: 00007FF7D1ED501A
DWMRI_gradient_%04d:=isotropic b=%g, xrefs: 00007FF7D1ED5BDC
space origin: (%g,%g,%g), xrefs: 00007FF7D1ED53CB
type: float, xrefs: 00007FF7D1ED50E4
DICOM_0018_0083_NumberOfAverages:=%g, xrefs: 00007FF7D1ED584A
DICOM_0008_0070_Manufacturer:=GE MEDICAL SYSTEMS, xrefs: 00007FF7D1ED570C
DICOM_0018_1152_XRayExposure:=%g, xrefs: 00007FF7D1ED5825
DWMRI_b-value:=%g, xrefs: 00007FF7D1ED5B20
Saving huge image uncompressed (many GZip tools have 2 Gb limit)., xrefs: 00007FF7D1ED4F87
DWMRI_gradient_%04d:=isotropic, xrefs: 00007FF7D1ED5BC9
type: uint16, xrefs: 00007FF7D1ED514C
.nhdr, xrefs: 00007FF7D1ED4FFA
oldmax: %8.8f, xrefs: 00007FF7D1ED567E
%d, xrefs: 00007FF7D1ED5256
# Complete NRRD file format specification at:, xrefs: 00007FF7D1ED5052
thicknesses: NaN NaN %g, xrefs: 00007FF7D1ED5297
centerings:%s cell cell cell ???, xrefs: 00007FF7D1ED54F9
Warning: , xrefs: 00007FF7D1ED4F7B
DICOM_0018_0023_MRAcquisitionType:=3D, xrefs: 00007FF7D1ED57A5
encoding: raw, xrefs: 00007FF7D1ED53A8

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: %d$ NaN$ RGB-color$ list$ none$ space$# Complete NRRD file format specification at:$# dcm2niix %s NRRD export transforms by Tashrif Billah$# http://teem.sourceforge.net/nrrd/format.html$.nhdr$.nrrd$.raw$DICOM_0008_0060_Modality:=CT$DICOM_0008_0060_Modality:=MR$DICOM_0008_0070_Manufacturer:=GE MEDICAL SYSTEMS$DICOM_0008_0070_Manufacturer:=Philips Medical Systems$DICOM_0008_0070_Manufacturer:=SIEMENS$DICOM_0008_1090_ManufacturerModelName:=%s$DICOM_0018_0022_ScanOptions:=%s$DICOM_0018_0023_MRAcquisitionType:=2D$DICOM_0018_0023_MRAcquisitionType:=3D$DICOM_0018_0080_RepetitionTime:=%g$DICOM_0018_0081_EchoTime:=%g$DICOM_0018_0083_NumberOfAverages:=%g$DICOM_0018_0087_MagneticFieldStrength:=%g$DICOM_0018_1020_SoftwareVersions:=%s$DICOM_0018_1152_XRayExposure:=%g$DICOM_0018_1314_FlipAngle:=%g$DWMRI_b-value:=%g$DWMRI_gradient_%04d:=%.17g %.17g %.17g$DWMRI_gradient_%04d:=isotropic$DWMRI_gradient_%04d:=isotropic b=%g$Error: $NRRD0005$Saving huge image uncompressed (many GZip tools have 2 Gb limit).$Unknown NRRD datatype %d$Warning: $centerings:%s cell cell cell$centerings:%s cell cell cell ???$data file: %s$dimension: %d$encoding: gzip$encoding: raw$endian: big$endian: little$kinds:$measurement frame: (%g,%g,%g) (%g,%g,%g) (%g,%g,%g)$modality:=DWMRI$oldmax: %8.8f$oldmin: %8.8f$sizes:$space directions:%s (%g,%g,%g) (%g,%g,%g) (%g,%g,%g)$space origin: (%g,%g,%g)$space units: "mm" "mm" "mm"$space: right-anterior-superior$thicknesses: NaN NaN %g$type: double$type: float$type: int16$type: int32$type: uint16$type: uint8$v1.0.20240202
API String ID: 0-1954294987
Opcode ID: a5213002274d34c0a228b035e10a92754f2d8911585f8bea72a2c00e3c6c42f6
Instruction ID: fd08bca4509b4900e17bd560969fcd3a925bb41f06cae22612a76e3c489df66c
Opcode Fuzzy Hash: a5213002274d34c0a228b035e10a92754f2d8911585f8bea72a2c00e3c6c42f6
Instruction Fuzzy Hash: 8AA21522D08B8785F721EB35C5102FCA361FF5A785FC89333DA4D266A6DFA8A185C750

Function 00007FF7D1EC27D0 Relevance: 74.5, APIs: 7, Strings: 35, Instructions: 1011COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F34008: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F33F74

_fread_nolock.LIBCMT ref: 00007FF7D1EC283D
_fread_nolock.LIBCMT ref: 00007FF7D1EC294A
_fread_nolock.LIBCMT ref: 00007FF7D1EC29B5
_fread_nolock.LIBCMT ref: 00007FF7D1EC2BC4
_fread_nolock.LIBCMT ref: 00007FF7D1EC2C4E

Strings

Error reading ECAT file (yet another list header), xrefs: 00007FF7D1EC2E56
ECAT7 details for '%s', xrefs: 00007FF7D1EC354A
Software version %d, xrefs: 00007FF7D1EC355D
Scale factor %12.12g, xrefs: 00007FF7D1EC3662
Radiopharmaceutical '%s', xrefs: 00007FF7D1EC3628
ECAT volume appears to store spatial transformation matrix (please check for updates), xrefs: 00007FF7D1EC3967
Study type '%s', xrefs: 00007FF7D1EC35E1
Error reading ECAT file (yet another image header), xrefs: 00007FF7D1EC2E6F
Error reading ECAT file (list header), xrefs: 00007FF7D1EC2955
Patient ID '%s', xrefs: 00007FF7D1EC35B4
Warning: ECAT gantry tilt not supported %g, xrefs: 00007FF7D1EC39A2
Patient name '%s', xrefs: 00007FF7D1EC35A5
NIfTI scale slope %12.12g, xrefs: 00007FF7D1EC369A
Increase kMaxVols, xrefs: 00007FF7D1EC39D5
Unknown ECAT file type %d, xrefs: 00007FF7D1EC39FE
Unknown or unsupported ECAT data type %d, xrefs: 00007FF7D1EC2AE9
Accession number '%s', xrefs: 00007FF7D1EC35C3
Dosage %gbequerels/cc, xrefs: 00007FF7D1EC363C
Error reading ECAT file (image header), xrefs: 00007FF7D1EC29C0
System Type %d, xrefs: 00007FF7D1EC3570
ECAT scale factor varies between volumes (check for updates) '%s', xrefs: 00007FF7D1EC2EE2
Study description '%s', xrefs: 00007FF7D1EC35D2
Error: ECAT volumes have varying image dimensions, xrefs: 00007FF7D1EC2DD6
Isotope halflife %gs, xrefs: 00007FF7D1EC360D
Frame duration %dms, xrefs: 00007FF7D1EC3582
%zu Error reading ECAT file (offset %zu bytes %zu), xrefs: 00007FF7D1EC322F
Problem reading ECAT7 file!, xrefs: 00007FF7D1EC3A40
Time between volumes %gms, xrefs: 00007FF7D1EC3591
ECAT calibration factor %8.12g, xrefs: 00007FF7D1EC367E
ECAT support VERY experimental (Spatial transforms unknown), xrefs: 00007FF7D1EC339F
Error: , xrefs: 00007FF7D1EC2DBD, 00007FF7D1EC2EC7
Warning: , xrefs: 00007FF7D1EC338B, 00007FF7D1EC395B
Signature not 'MATRIX' (ECAT7): '%s', xrefs: 00007FF7D1EC3A25
Isotope name '%s', xrefs: 00007FF7D1EC35F2
Failure to extract ECAT7 images, xrefs: 00007FF7D1EC39C0

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _fread_nolock$_invalid_parameter_noinfo
String ID: Accession number '%s'$ Dosage %gbequerels/cc$ ECAT calibration factor %8.12g$ Frame duration %dms$ Isotope halflife %gs$ Isotope name '%s'$ NIfTI scale slope %12.12g$ Patient ID '%s'$ Patient name '%s'$ Radiopharmaceutical '%s'$ Scale factor %12.12g$ Software version %d$ Study description '%s'$ Study type '%s'$ System Type %d$ Time between volumes %gms$%zu Error reading ECAT file (offset %zu bytes %zu)$ECAT scale factor varies between volumes (check for updates) '%s'$ECAT support VERY experimental (Spatial transforms unknown)$ECAT volume appears to store spatial transformation matrix (please check for updates)$ECAT7 details for '%s'$Error reading ECAT file (image header)$Error reading ECAT file (list header)$Error reading ECAT file (yet another image header)$Error reading ECAT file (yet another list header)$Error: $Error: ECAT volumes have varying image dimensions$Failure to extract ECAT7 images$Increase kMaxVols$Problem reading ECAT7 file!$Signature not 'MATRIX' (ECAT7): '%s'$Unknown ECAT file type %d$Unknown or unsupported ECAT data type %d$Warning: $Warning: ECAT gantry tilt not supported %g
API String ID: 3405171723-3475941507
Opcode ID: 03e836ec537e63b31d60d431f98898acc91712b0735bb6b91ec00265c9092331
Instruction ID: 8b0f87c5241bd7e076891bb5dfbd4d01e21895e46a7dc477e97822d2d58d7a0f
Opcode Fuzzy Hash: 03e836ec537e63b31d60d431f98898acc91712b0735bb6b91ec00265c9092331
Instruction Fuzzy Hash: 65A2F832A0868385F724EB35C8552FDA366EF55785FC44233EA0D2769ADFACE245C720

Function 00007FF7D1EEB450 Relevance: 61.0, Strings: 47, Instructions: 2251COMMON

Download Yara Rule

Strings

Overwriting existing file with the name %s, xrefs: 00007FF7D1EED9D7
ons, xrefs: 00007FF7D1EEC6C2
dob%sg%cwt%d, xrefs: 00007FF7D1EEC7EE
.bval, xrefs: 00007FF7D1EEDA55
%0.0f, xrefs: 00007FF7D1EEC465
.nrrd, xrefs: 00007FF7D1EEDA09
You do not have write permissions for the directory %s, xrefs: 00007FF7D1EEB53F
Richland, xrefs: 00007FF7D1EEC815
%%0%dd, xrefs: 00007FF7D1EECA10, 00007FF7D1EECAF0, 00007FF7D1EECBED
_PS, xrefs: 00007FF7D1EED20D
phz, xrefs: 00007FF7D1EED0A9
ses-, xrefs: 00007FF7D1EEBA84
Canon, xrefs: 00007FF7D1EEC5EB
func, xrefs: 00007FF7D1EEBB24, 00007FF7D1EEBEA1
\, xrefs: 00007FF7D1EED638
%ld, xrefs: 00007FF7D1EEC400
rest, xrefs: 00007FF7D1EEBF4F
Bruker, xrefs: 00007FF7D1EEC5B0
_i%05d, xrefs: 00007FF7D1EECFBC
.nii.gz, xrefs: 00007FF7D1EED9F6
Mag, xrefs: 00007FF7D1EED12A
.bvec, xrefs: 00007FF7D1EEDA68
sub-, xrefs: 00007FF7D1EEB9E9
UIH, xrefs: 00007FF7D1EEC78A
S%s, xrefs: 00007FF7D1EEB667
_ph, xrefs: 00007FF7D1EED107
_Raw, xrefs: 00007FF7D1EED1DA
.json, xrefs: 00007FF7D1EEDA42
Mediso, xrefs: 00007FF7D1EEC67A
.dcm, xrefs: 00007FF7D1EEB5CC, 00007FF7D1EED23A
Unable to append protocol name (0018,1030) to filename (it is empty)., xrefs: 00007FF7D1EECD03
_r%g, xrefs: 00007FF7D1EECE4F
.nhdr, xrefs: 00007FF7D1EEDA1C
hazardous (%%h) bids naming experimental, xrefs: 00007FF7D1EEB9DD
_task-, xrefs: 00007FF7D1EEBEDA
'%%u' in output filename can be misleading (issue 526), xrefs: 00007FF7D1EEC57C
.nii, xrefs: 00007FF7D1EED9E3
.raw.gz, xrefs: 00007FF7D1EEDA2F
_real, xrefs: 00007FF7D1EED0D0
_e%d, xrefs: 00007FF7D1EECECC, 00007FF7D1EECF47
Skipping existing file named %s, xrefs: 00007FF7D1EED98F
No input, xrefs: 00007FF7D1EEDC4F
Too many NIFTI images with the name %s, xrefs: 00007FF7D1EEDBA8
_e%g, xrefs: 00007FF7D1EED2C6
Error: , xrefs: 00007FF7D1EEB526, 00007FF7D1EEDB88
Warning: , xrefs: 00007FF7D1EEB9D1, 00007FF7D1EECCF7, 00007FF7D1EED97C, 00007FF7D1EED9C4
_t%d, xrefs: 00007FF7D1EED164

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: %%0%dd$%0.0f$%ld$'%%u' in output filename can be misleading (issue 526)$.bval$.bvec$.dcm$.json$.nhdr$.nii$.nii.gz$.nrrd$.raw.gz$Bruker$Canon$Error: $Mag$Mediso$No input$Overwriting existing file with the name %s$Richland$S%s$Skipping existing file named %s$Too many NIFTI images with the name %s$UIH$Unable to append protocol name (0018,1030) to filename (it is empty).$Warning: $You do not have write permissions for the directory %s$\$_PS$_Raw$_e%d$_e%g$_i%05d$_ph$_r%g$_real$_t%d$_task-$dob%sg%cwt%d$func$hazardous (%%h) bids naming experimental$ons$phz$rest$ses-$sub-
API String ID: 0-186570146
Opcode ID: 759ba73a22d8b178c849599ed98c100fe1996aa10cb3c9af3503211aae75acf0
Instruction ID: e51a5ba3ded76593d526ff1cf41bd05e351d72bc95f533a06b1c17c393d10245
Opcode Fuzzy Hash: 759ba73a22d8b178c849599ed98c100fe1996aa10cb3c9af3503211aae75acf0
Instruction Fuzzy Hash: C533CE6290D6C289FB21EB24D4403FCABA1EB52719FD8C273D65D436D5EFA9D249C320

Function 00007FF7D1EE01D0 Relevance: 55.7, Strings: 44, Instructions: 738COMMON

Download Yara Rule

Strings

dwi, xrefs: 00007FF7D1EE08C3
::autoBids:GE usedSeqName:'%s' seqName:'%s' internalSeqName:'%s' seriesDesc:'%s' scanSeq:'%s' stepDesc:'%s' bidsData:'%s' bidsSuffix:'%s', xrefs: 00007FF7D1EE0E73
ase, xrefs: 00007FF7D1EE0D76
PDw, xrefs: 00007FF7D1EE0728
anat, xrefs: 00007FF7D1EE0609, 00007FF7D1EE0664, 00007FF7D1EE06CF, 00007FF7D1EE08EE
Gradient Echo, xrefs: 00007FF7D1EE04B1
fmap, xrefs: 00007FF7D1EE07F6, 00007FF7D1EE0918
EP\GR, xrefs: 00007FF7D1EE031B
Spin Echo, xrefs: 00007FF7D1EE04F9
2DFAST, xrefs: 00007FF7D1EE0746
T2w, xrefs: 00007FF7D1EE071C
fieldmap, xrefs: 00007FF7D1EE07C6
asl, xrefs: 00007FF7D1EE0780
discard, xrefs: 00007FF7D1EE054C
FLAIR, xrefs: 00007FF7D1EE06F7
FSE, xrefs: 00007FF7D1EE06B7
_acq-, xrefs: 00007FF7D1EE09D9
perf, xrefs: 00007FF7D1EE0798
STAR, xrefs: 00007FF7D1EE0764
func, xrefs: 00007FF7D1EE0838, 00007FF7D1EE086A
tof, xrefs: 00007FF7D1EE08CF
T2starw, xrefs: 00007FF7D1EE061D
_echo-%d, xrefs: 00007FF7D1EE0CBD
B0map, xrefs: 00007FF7D1EE05BE
bold, xrefs: 00007FF7D1EE084C, 00007FF7D1EE0881
discard, xrefs: 00007FF7D1EE0589
p%d, xrefs: 00007FF7D1EE0A9A
3 Plane Loc, xrefs: 00007FF7D1EE0571
3db0map, xrefs: 00007FF7D1EE05E1
GR\IR, xrefs: 00007FF7D1EE06A3
_dir-, xrefs: 00007FF7D1EE0B49
Missing GE protocol data block (0025,101B), xrefs: 00007FF7D1EE049E
EFGRE3D, xrefs: 00007FF7D1EE063F
angio, xrefs: 00007FF7D1EE0902
LoopingStar, xrefs: 00007FF7D1EE0819
GRE, xrefs: 00007FF7D1EE033C
EP\RM, xrefs: 00007FF7D1EE04C9, 00007FF7D1EE0511, 00007FF7D1EE098D
derived, xrefs: 00007FF7D1EE0E86
m%d, xrefs: 00007FF7D1EE0AE8
_run-%ld, xrefs: 00007FF7D1EE0C6E
Warning: , xrefs: 00007FF7D1EE0492
EP\SE, xrefs: 00007FF7D1EE02FD, 00007FF7D1EE0975
EPI, xrefs: 00007FF7D1EE07DE, 00007FF7D1EE0899
3dradial, xrefs: 00007FF7D1EE0684

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: 2DFAST$3 Plane Loc$3db0map$3dradial$::autoBids:GE usedSeqName:'%s' seqName:'%s' internalSeqName:'%s' seriesDesc:'%s' scanSeq:'%s' stepDesc:'%s' bidsData:'%s' bidsSuffix:'%s'$B0map$EFGRE3D$EPI$EP\GR$EP\RM$EP\SE$FLAIR$FSE$GRE$GR\IR$Gradient Echo$LoopingStar$Missing GE protocol data block (0025,101B)$PDw$STAR$Spin Echo$T2starw$T2w$Warning: $_acq-$_dir-$_echo-%d$_run-%ld$anat$angio$ase$asl$bold$derived$discard$discard$dwi$fieldmap$fmap$func$m%d$p%d$perf$tof
API String ID: 0-107873500
Opcode ID: ea1cf4c74424d540d8e61e21679b75e5a7a243508ad7fe03ef7583d3a6f2cc7d
Instruction ID: b9376d35973b2d8814dd7e453e41556116ee506fa108346bed8bfd60bbc1b5a5
Opcode Fuzzy Hash: ea1cf4c74424d540d8e61e21679b75e5a7a243508ad7fe03ef7583d3a6f2cc7d
Instruction Fuzzy Hash: 11829D32A0A7C399FB25EB64D4002BCBBA0EB55349FC48133DA4D47696EFADE545C720

Function 00007FF7D1F2BC8C Relevance: 50.9, APIs: 25, Strings: 3, Instructions: 1888COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F2BFC3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F2C226
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F2C4E9
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F2C789
memcpy_s.LIBCPMT ref: 00007FF7D1F2C996
memcpy_s.LIBCPMT ref: 00007FF7D1F2CA32
memcpy_s.LIBCPMT ref: 00007FF7D1F2CEEA
memcpy_s.LIBCPMT ref: 00007FF7D1F2CF25
memcpy_s.LIBCPMT ref: 00007FF7D1F2D051
memcpy_s.LIBCPMT ref: 00007FF7D1F2D178
memcpy_s.LIBCPMT ref: 00007FF7D1F2D223
memcpy_s.LIBCPMT ref: 00007FF7D1F2D26B
memcpy_s.LIBCPMT ref: 00007FF7D1F2D295
memcpy_s.LIBCPMT ref: 00007FF7D1F2D346
memcpy_s.LIBCPMT ref: 00007FF7D1F2D546
memcpy_s.LIBCPMT ref: 00007FF7D1F2D58B
memcpy_s.LIBCPMT ref: 00007FF7D1F2D642
memcpy_s.LIBCPMT ref: 00007FF7D1F2D76F
memcpy_s.LIBCPMT ref: 00007FF7D1F2CE3A

Part of subcall function 00007FF7D1F2E0DC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F2E10E

memcpy_s.LIBCPMT ref: 00007FF7D1F2CEB5
memcpy_s.LIBCPMT ref: 00007FF7D1F2D929

Strings

, xrefs: 00007FF7D1F2D81C
. %s %s %s %s %s %s %s %s %s, xrefs: 00007FF7D1F2BC92
, xrefs: 00007FF7D1F2D6EF

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: memcpy_s$_invalid_parameter_noinfo
String ID: $ $. %s %s %s %s %s %s %s %s %s
API String ID: 2880407647-716453832
Opcode ID: 01b64208cec8b84eb9bf333fb0b3ec4395e48e78363da6f1f03c87aab2650e5a
Instruction ID: af0ab78f4c931942aa1b2038a1c71ea9a9f1d166e5d28986ad9d7f409e091a23
Opcode Fuzzy Hash: 01b64208cec8b84eb9bf333fb0b3ec4395e48e78363da6f1f03c87aab2650e5a
Instruction Fuzzy Hash: 9B03C772A1A2824FF775DE24E8507EE7791FB44388FD05136EA0A97B44DB79EA00CB50

Function 00007FF7D1EBB4F0 Relevance: 47.7, APIs: 1, Strings: 25, Instructions: 2206COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F34008: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F33F74

_fread_nolock.LIBCMT ref: 00007FF7D1EBB62C

Strings

This JPEG decoder can only decompress lossless JPEG ITU-T81 images (SoF must be 0XC3, not %#02X), xrefs: 00007FF7D1EBBF30
Unable to load 0XC3 JPEG %s, xrefs: 00007FF7D1EBD934
JPEG signature 0xFFD8FF not found at offset %d of %s, xrefs: 00007FF7D1EBD8FA
DHT has %d combinations with %d bits, xrefs: 00007FF7D1EBB990
Scalar data must be 1..16 bit, RGB data must be 8-bit (%d-bit, %d frames), xrefs: 00007FF7D1EBBEEB
btMarkerType %#02X length %d@%ld, xrefs: 00007FF7D1EBB770
Decoding error: no Huffman tables., xrefs: 00007FF7D1EBBFEA
Segment larger than image, xrefs: 00007FF7D1EBD852
[Huffman Length %d], xrefs: 00007FF7D1EBB8F5
{{{{, xrefs: 00007FF7D1EBC078
Huffman table corrupted., xrefs: 00007FF7D1EBBFA8
btMarkerType == 0xDD: unsupported Restart Segments, xrefs: 00007FF7D1EBD819
JPEG signature 0xFFD8FF found at offset %d of %s, xrefs: 00007FF7D1EBB676
{{{{, xrefs: 00007FF7D1EBC086
[Predictor: %d Transform %d], xrefs: 00007FF7D1EBBE7D
Huffman size array corrupted., xrefs: 00007FF7D1EBBF6C
JPEG header tag must begin with 0xFF, xrefs: 00007FF7D1EBD88E
{{{{, xrefs: 00007FF7D1EBC06C
Unable to open 0XC3 JPEG %s, xrefs: 00007FF7D1EBB5E1
DHT combination %d has a value of %d, xrefs: 00007FF7D1EBBC8C
{{{{, xrefs: 00007FF7D1EBC07F
[FrameCount %d], xrefs: 00007FF7D1EBBDD8
Error: , xrefs: 00007FF7D1EBB5CA, 00007FF7D1EBBECD, 00007FF7D1EBBF14, 00007FF7D1EBBF56, 00007FF7D1EBBF92, 00007FF7D1EBBFD4, 00007FF7D1EBD803, 00007FF7D1EBD83C, 00007FF7D1EBD875, 00007FF7D1EBD8E1, 00007FF7D1EBD91B
[Precision %d X*Y %d*%d Frames %d], xrefs: 00007FF7D1EBB867
JPEG ends %ld@%ld, xrefs: 00007FF7D1EBD7DD

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _fread_nolock_invalid_parameter_noinfo
String ID: [FrameCount %d]$ [Huffman Length %d]$ [Precision %d X*Y %d*%d Frames %d]$ [Predictor: %d Transform %d]$DHT combination %d has a value of %d$DHT has %d combinations with %d bits$Decoding error: no Huffman tables.$Error: $Huffman size array corrupted.$Huffman table corrupted.$JPEG ends %ld@%ld$JPEG header tag must begin with 0xFF$JPEG signature 0xFFD8FF found at offset %d of %s$JPEG signature 0xFFD8FF not found at offset %d of %s$Scalar data must be 1..16 bit, RGB data must be 8-bit (%d-bit, %d frames)$Segment larger than image$This JPEG decoder can only decompress lossless JPEG ITU-T81 images (SoF must be 0XC3, not %#02X)$Unable to load 0XC3 JPEG %s$Unable to open 0XC3 JPEG %s$btMarkerType %#02X length %d@%ld$btMarkerType == 0xDD: unsupported Restart Segments${{{{${{{{${{{{${{{{
API String ID: 2335118202-2257852587
Opcode ID: b6175d5251575f17ba2e1124bd934f2b728273f68aa999196ffda70ad60d172c
Instruction ID: 787520bdf751dd036187b59dfef392b2a5f0edb117f413c1900a936d48f269f1
Opcode Fuzzy Hash: b6175d5251575f17ba2e1124bd934f2b728273f68aa999196ffda70ad60d172c
Instruction Fuzzy Hash: D433D163E18BC686E700DF28D5042BDBBA0F795B48F91A226DB8D53652EF78E1D5C700

Function 00007FF7D1EA74A0 Relevance: 33.8, Strings: 26, Instructions: 1347COMMON

Download Yara Rule

Strings

%d n_tags CSA Image Header corrupted (0029,1010) see issue 633., xrefs: 00007FF7D1EA89F4
B_value, xrefs: 00007FF7D1EA785A
(Corrupt) CSA reports negative b-value! %g, xrefs: 00007FF7D1EA7916
%g, xrefs: 00007FF7D1EA83F4
ICE_Dims, xrefs: 00007FF7D1EA7700
M, xrefs: 00007FF7D1EA7525
CC:ComplexAdd, xrefs: 00007FF7D1EA76B5
BandwidthPerPixelPhaseEncode, xrefs: 00007FF7D1EA7EFB
PhaseEncodingDirectionPositive, xrefs: 00007FF7D1EA8827
Unable to determine slice order from CSA tag MosaicRefAcqTimes, xrefs: 00007FF7D1EA8723
NumberOfImagesInMosaic, xrefs: 00007FF7D1EA77A5
DiffusionGradientDirection %f %f %f, xrefs: 00007FF7D1EA7B15
MosaicRefAcqTimes, xrefs: 00007FF7D1EA80A8
%d CSA of %s %d, xrefs: 00007FF7D1EA7617
ProtocolSliceNumber, xrefs: 00007FF7D1EA8779
No variability in slice times (3D EPI?), xrefs: 00007FF7D1EA848C
SliceMeasurementDuration, xrefs: 00007FF7D1EA7D4E
SliceNormalVector %f %f %f, xrefs: 00007FF7D1EA7D1A
ImageHistory, xrefs: 00007FF7D1EA7630
sliceTimes %g, xrefs: 00007FF7D1EA83BB
Error: , xrefs: 00007FF7D1EA80DF, 00007FF7D1EA81C6, 00007FF7D1EA89DA
Warning: , xrefs: 00007FF7D1EA7901, 00007FF7D1EA8717
SliceNormalVector, xrefs: 00007FF7D1EA7B49
Multiband x%d sequence: setting slice order as UNKNOWN (instead of %d), xrefs: 00007FF7D1EA875D
DiffusionGradientDirection, xrefs: 00007FF7D1EA7945
Please increase kMaxEPI3D and recompile, xrefs: 00007FF7D1EA80F8, 00007FF7D1EA81DF

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: %d CSA of %s %d$ SliceNormalVector %f %f %f$ sliceTimes %g$ Multiband x%d sequence: setting slice order as UNKNOWN (instead of %d)$%d n_tags CSA Image Header corrupted (0029,1010) see issue 633.$%g$(Corrupt) CSA reports negative b-value! %g$B_value$BandwidthPerPixelPhaseEncode$CC:ComplexAdd$DiffusionGradientDirection$DiffusionGradientDirection %f %f %f$Error: $ICE_Dims$ImageHistory$M$MosaicRefAcqTimes$No variability in slice times (3D EPI?)$NumberOfImagesInMosaic$PhaseEncodingDirectionPositive$Please increase kMaxEPI3D and recompile$ProtocolSliceNumber$SliceMeasurementDuration$SliceNormalVector$Unable to determine slice order from CSA tag MosaicRefAcqTimes$Warning:
API String ID: 0-682885501
Opcode ID: 53a3e9050eaed5b5c6d250bea1b076486633d00f8c46d874d0ef054a8fd5ed9c
Instruction ID: aa2d7f126a33020324a7c8f253e27ea2d4b22dcb6fd74271bf36cb111932b16f
Opcode Fuzzy Hash: 53a3e9050eaed5b5c6d250bea1b076486633d00f8c46d874d0ef054a8fd5ed9c
Instruction Fuzzy Hash: FAD20632E0868745FB10FB2596112BDE361AF55786FC58337EA4D62296EFBCE580C720

Function 00007FF7D1EC7AB0 Relevance: 30.8, APIs: 1, Strings: 16, Instructions: 1071COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF7D1EC7BDD

Part of subcall function 00007FF7D1F34008: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F33F74

Strings

MBACCEL, xrefs: 00007FF7D1EC8145
IOPT, xrefs: 00007FF7D1EC84DA, 00007FF7D1EC8590, 00007FF7D1EC8655
GE Protocol Block %s bytes %d compressed, %d uncompressed @ %d, xrefs: 00007FF7D1EC8A0B
%s, xrefs: 00007FF7D1EC8A44
New XML-based GE Protocol Block is not yet supported: please report issue on dcm2niix Github page, xrefs: 00007FF7D1EC7D84
ViewOrder %d SliceOrder %d, xrefs: 00007FF7D1EC8A2C
MBACCEL, xrefs: 00007FF7D1EC8019
MPhVar, xrefs: 00007FF7D1EC89E6
DELACQ, xrefs: 00007FF7D1EC8267, 00007FF7D1EC82F9
MPh, xrefs: 00007FF7D1EC899B
NOSLC, xrefs: 00007FF7D1EC80CD, 00007FF7D1EC81BC
Minimum, xrefs: 00007FF7D1EC89B5
PSEQ, xrefs: 00007FF7D1EC8496
Warning: , xrefs: 00007FF7D1EC7D78
AYS1, xrefs: 00007FF7D1EC8699, 00007FF7D1EC873D, 00007FF7D1EC881B
DER, xrefs: 00007FF7D1EC7D90

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _fread_nolock_invalid_parameter_noinfo
String ID: ViewOrder %d SliceOrder %d$%s$AYS1$DELACQ$DER$GE Protocol Block %s bytes %d compressed, %d uncompressed @ %d$IOPT$MBACCEL$MBACCEL$MPh$MPhVar$Minimum$NOSLC$New XML-based GE Protocol Block is not yet supported: please report issue on dcm2niix Github page$PSEQ$Warning:
API String ID: 2335118202-2173506598
Opcode ID: df52e3fad216742f87c28a08b7fdae711f0bb1de282ef37e6b1aadc4a76466f9
Instruction ID: 63efe29c36020de2eb249ab270e97f0138fa673b981645e54d72895fe0b48292
Opcode Fuzzy Hash: df52e3fad216742f87c28a08b7fdae711f0bb1de282ef37e6b1aadc4a76466f9
Instruction Fuzzy Hash: ADA21222A0D6D349F711AF21DA506BDABA2FB45B85FC84033EA4D07799DEBCE541C720

Function 00007FF7D1ED0660 Relevance: 25.1, Strings: 19, Instructions: 1385COMMON

Download Yara Rule

Strings

%d%c, xrefs: 00007FF7D1ED08B3, 00007FF7D1ED0973
No bvec/bval files created. Only one B-value reported for all volumes: %g, xrefs: 00007FF7D1ED1175
Warning: Isotropic DWI series, all bvecs are zero (issue 405), xrefs: 00007FF7D1ED12A2
.bval, xrefs: 00007FF7D1ED086A, 00007FF7D1ED197A
.bvec, xrefs: 00007FF7D1ED091A, 00007FF7D1ED1ACA
%dB=%gVec=%g%g%g, xrefs: 00007FF7D1ED1809
%g, xrefs: 00007FF7D1ED1A05, 00007FF7D1ED1B66
Note: %d volumes appear to be ADC or trace images that will be removed to allow processing, xrefs: 00007FF7D1ED12B4
.mvec, xrefs: 00007FF7D1ED1AAB
%g, xrefs: 00007FF7D1ED1A2E, 00007FF7D1ED1B8C
bxyz %g %g %g %g, xrefs: 00007FF7D1ED0D34
Assuming volumes without gradients are actually B=0, xrefs: 00007FF7D1ED0DDC
Diffusion image without gradients: assuming %d volume B=0 series, xrefs: 00007FF7D1ED07FE
%g , xrefs: 00007FF7D1ED19D4, 00007FF7D1ED1B34
This diffusion series does not have a B0 (reference) volume, xrefs: 00007FF7D1ED0F50
Note: this appears to be a b=0+trace DWI; ADC/trace removal has been disabled., xrefs: 00007FF7D1ED1288
DTI volumes re-ordered by ascending b-value, xrefs: 00007FF7D1ED14B2
Warning: , xrefs: 00007FF7D1ED0DC8, 00007FF7D1ED0F44
Note: B0 not the first volume in the series (FSL eddy reference volume is %d), xrefs: 00007FF7D1ED0F70

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: %dB=%gVec=%g%g%g$%d%c$%g$%g$%g $.bval$.bvec$.mvec$Assuming volumes without gradients are actually B=0$DTI volumes re-ordered by ascending b-value$Diffusion image without gradients: assuming %d volume B=0 series$No bvec/bval files created. Only one B-value reported for all volumes: %g$Note: %d volumes appear to be ADC or trace images that will be removed to allow processing$Note: B0 not the first volume in the series (FSL eddy reference volume is %d)$Note: this appears to be a b=0+trace DWI; ADC/trace removal has been disabled.$This diffusion series does not have a B0 (reference) volume$Warning: $Warning: Isotropic DWI series, all bvecs are zero (issue 405)$bxyz %g %g %g %g
API String ID: 0-3641361548
Opcode ID: 329d59e2c8e1c7a2936894f5037754560164683aee2ef299b68ae492b7acd3e5
Instruction ID: 2abefa66ba660b811cf3e9599aa1ade7ddab8754fe06d01651b178c765314a64
Opcode Fuzzy Hash: 329d59e2c8e1c7a2936894f5037754560164683aee2ef299b68ae492b7acd3e5
Instruction Fuzzy Hash: 4BD2E072A1868786F711EB3690502BDE7A0EF96781FCC8333DA0E636A5DF68E5458710

Function 00007FF7D1F51370 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF7D1F513BE
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F51A2A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F51BA0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F51E5E
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F5207E
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F522BB
memcpy_s.LIBCPMT ref: 00007FF7D1F52396
memcpy_s.LIBCPMT ref: 00007FF7D1F52441
memcpy_s.LIBCPMT ref: 00007FF7D1F52510

Strings

1#IND, xrefs: 00007FF7D1F514AB
1#INF, xrefs: 00007FF7D1F514E7
1#QNAN, xrefs: 00007FF7D1F514D7
1#SNAN, xrefs: 00007FF7D1F514CE

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 1ee5398776f9af26dde42304b4723d55d7a91c4185ad31717c0496e9a4aed98f
Instruction ID: e404e4461bcc979b0a6dec740d281d4f7664416da5fa7dbacab74dce5a16aef6
Opcode Fuzzy Hash: 1ee5398776f9af26dde42304b4723d55d7a91c4185ad31717c0496e9a4aed98f
Instruction Fuzzy Hash: CBB2C7B2A1D2838BF7649E64D4507FDB7A1FB44388FD45236DA0D57A84DBB8BA00CB50

Function 00007FF7D1ED9880 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 153processsynchronizationCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32 ref: 00007FF7D1ED9AD5
WaitForSingleObject.KERNEL32 ref: 00007FF7D1ED9AE9
CloseHandle.KERNEL32 ref: 00007FF7D1ED9AF4
CloseHandle.KERNEL32 ref: 00007FF7D1ED9AFF

Strings

"%s -n -f -%d ", xrefs: 00007FF7D1ED9957
"%s -n ", xrefs: 00007FF7D1ED99BE
h, xrefs: 00007FF7D1ED9A70
-b 960, xrefs: 00007FF7D1ED98DA
Compress: %s, xrefs: 00007FF7D1ED9B21
, xrefs: 00007FF7D1ED9AAB
Compression failed %s, xrefs: 00007FF7D1ED9B0E

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: CloseHandle$CreateObjectProcessSingleWait
String ID: $ -b 960$"%s -n "$"%s -n -f -%d "$Compress: %s$Compression failed %s$h
API String ID: 2059082233-2097650071
Opcode ID: f354950aef0cb641ed91c50596b18135f535fe706d5fd955bd7da55104e0f41b
Instruction ID: 70ce0fd7007887d13d190b0911b2b1614653dd8763525c7a30be6d13c3f70b9b
Opcode Fuzzy Hash: f354950aef0cb641ed91c50596b18135f535fe706d5fd955bd7da55104e0f41b
Instruction Fuzzy Hash: E071A332A19BC289E720DF71E8003EDB7A1F795788FC89226E64D47A95DFB8D245C710

Function 00007FF7D1EF9B20 Relevance: 14.0, APIs: 9, Instructions: 542COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1EF9CC3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1EF9CC9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1EF9E59
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1EF9E5F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1EF9FA1
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1EF9FAD
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1EFA0BB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1EFA0C1

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: b2e8038e7b5fb91330691ad2a0267609fd33dcb0f6f0eb0af220bf7dd0156a3d
Instruction ID: 3b64db49b238296e48888c3cd981428d3d4c3451aa075f99fdaaabcbd5925ee0
Opcode Fuzzy Hash: b2e8038e7b5fb91330691ad2a0267609fd33dcb0f6f0eb0af220bf7dd0156a3d
Instruction Fuzzy Hash: 86128E62B09B8685FB14AF26E4442ADE391EB48BD4FD44632EF9D0B795DEBCE051C310

Function 00007FF7D1F49FA8 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F49B8C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F49BCD
Part of subcall function 00007FF7D1F49B8C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F49C4B
Part of subcall function 00007FF7D1F49B8C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F49C9C

CreateFileW.KERNEL32(00000000,?,00007F11,00007FF7D1F49F43), ref: 00007FF7D1F4A0AE
CreateFileW.KERNEL32 ref: 00007FF7D1F4A0FE
GetLastError.KERNEL32 ref: 00007FF7D1F4A12E
GetFileType.KERNEL32 ref: 00007FF7D1F4A143
GetLastError.KERNEL32 ref: 00007FF7D1F4A14D
CloseHandle.KERNEL32 ref: 00007FF7D1F4A180
CloseHandle.KERNEL32 ref: 00007FF7D1F4A2E3
CreateFileW.KERNEL32 ref: 00007FF7D1F4A318
GetLastError.KERNEL32 ref: 00007FF7D1F4A327

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 6ae3318d764e2841dbb9c4d0a8b76a8c581cf06badfc56cd323177b6ba16f3f0
Instruction ID: 8b6620e7fa206aa2e8c1e3b19102c2d71634733452b886941d939b07d3642379
Opcode Fuzzy Hash: 6ae3318d764e2841dbb9c4d0a8b76a8c581cf06badfc56cd323177b6ba16f3f0
Instruction Fuzzy Hash: 48C1E037B29A4285FB10EFA8C4906AC7761FB49BA8B805236DA2E57394CF78E551C350

Function 00007FF7D1EC52A0 Relevance: 13.0, Strings: 10, Instructions: 536COMMON

Download Yara Rule

Strings

Adjusting for negative MosaicRefAcqTimes (issue 271)., xrefs: 00007FF7D1EC53A9
Acquisition crossed midnight: check slice timing, xrefs: 00007FF7D1EC54E3
Slice timing range appears reasonable (range %g..%g, TR=%g ms), xrefs: 00007FF7D1EC5A34
SBRef, xrefs: 00007FF7D1EC57FE
Slice timing range of 2nd volume: range %g..%g, TR=%g ms), xrefs: 00007FF7D1EC5920
Slice timing appears corrupted (range %g..%g, TR=%g ms), xrefs: 00007FF7D1EC5B24
Siemens MoCo? Bogus slice timing (range %g..%g, TR=%g seconds), xrefs: 00007FF7D1EC5A7E
Warning: , xrefs: 00007FF7D1EC539D, 00007FF7D1EC54D7, 00007FF7D1EC5A72, 00007FF7D1EC5B18
CSA slice timing based on 2nd volume, 1st volume corrupted (CMRR bug, range %g..%g, TR=%g ms), xrefs: 00007FF7D1EC5AF9
Slice timing range of first volume: range %g..%g, TR=%g ms), xrefs: 00007FF7D1EC5828

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: Acquisition crossed midnight: check slice timing$Adjusting for negative MosaicRefAcqTimes (issue 271).$CSA slice timing based on 2nd volume, 1st volume corrupted (CMRR bug, range %g..%g, TR=%g ms)$SBRef$Siemens MoCo? Bogus slice timing (range %g..%g, TR=%g seconds)$Slice timing appears corrupted (range %g..%g, TR=%g ms)$Slice timing range appears reasonable (range %g..%g, TR=%g ms)$Slice timing range of 2nd volume: range %g..%g, TR=%g ms)$Slice timing range of first volume: range %g..%g, TR=%g ms)$Warning:
API String ID: 0-3250764433
Opcode ID: 629c30cc16033f2f8c5d03226d929a64739b32ddc05145178062a057f5b72033
Instruction ID: 595c39ea95d19392dd9aaf3975da4951bc68c1dec2a714212024332bd6ed061b
Opcode Fuzzy Hash: 629c30cc16033f2f8c5d03226d929a64739b32ddc05145178062a057f5b72033
Instruction Fuzzy Hash: C532E832F15A8A85F712EB3689411FCF352EF6A785FD8C733DA0D32261DB68A185C650

Function 00007FF7D1F4F348 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F41E94: GetLastError.KERNEL32 ref: 00007FF7D1F41EA3
Part of subcall function 00007FF7D1F41E94: FlsGetValue.KERNEL32 ref: 00007FF7D1F41EB8
Part of subcall function 00007FF7D1F41E94: SetLastError.KERNEL32 ref: 00007FF7D1F41F43

TranslateName.LIBCMT ref: 00007FF7D1F4F3B2
TranslateName.LIBCMT ref: 00007FF7D1F4F3ED
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF7D1F3F6C4), ref: 00007FF7D1F4F434
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF7D1F3F6C4), ref: 00007FF7D1F4F46C
GetLocaleInfoW.KERNEL32 ref: 00007FF7D1F4F629

Strings

utf8, xrefs: 00007FF7D1F4F550

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 3f04d9c349e0b75f803c62b6ccd01276b638b9628991a84529f4f02861413e56
Instruction ID: a63aa357a0de8bc931ea89b1b1b6325c00c81fd06966398ce81ece3cd502d30a
Opcode Fuzzy Hash: 3f04d9c349e0b75f803c62b6ccd01276b638b9628991a84529f4f02861413e56
Instruction Fuzzy Hash: 8A919B32A0A74386FB24AF25D411ABDA3A4EF84B84FC44132DA5C47796DFBCE551C760

Function 00007FF7D1F4FD90 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F41E94: GetLastError.KERNEL32 ref: 00007FF7D1F41EA3
Part of subcall function 00007FF7D1F41E94: FlsGetValue.KERNEL32 ref: 00007FF7D1F41EB8
Part of subcall function 00007FF7D1F41E94: SetLastError.KERNEL32 ref: 00007FF7D1F41F43

Part of subcall function 00007FF7D1F41E94: FlsSetValue.KERNEL32 ref: 00007FF7D1F41ED9
Part of subcall function 00007FF7D1F41E94: FlsGetValue.KERNEL32 ref: 00007FF7D1F41F79

GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF7D1F4FF00

Part of subcall function 00007FF7D1F41E94: FlsSetValue.KERNEL32 ref: 00007FF7D1F41F06
Part of subcall function 00007FF7D1F41E94: FlsSetValue.KERNEL32 ref: 00007FF7D1F41F17
Part of subcall function 00007FF7D1F41E94: FlsSetValue.KERNEL32 ref: 00007FF7D1F41F28
Part of subcall function 00007FF7D1F41E94: FlsSetValue.KERNEL32 ref: 00007FF7D1F41F98
Part of subcall function 00007FF7D1F41E94: FlsSetValue.KERNEL32 ref: 00007FF7D1F41FC0

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF7D1F3F6BD), ref: 00007FF7D1F4FEE7
ProcessCodePage.LIBCMT ref: 00007FF7D1F4FF2A
IsValidCodePage.KERNEL32 ref: 00007FF7D1F4FF3C
IsValidLocale.KERNEL32 ref: 00007FF7D1F4FF52
GetLocaleInfoW.KERNEL32 ref: 00007FF7D1F4FFAE
GetLocaleInfoW.KERNEL32 ref: 00007FF7D1F4FFCA

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 1a2a135b9d7da3f1633a07635c2881b81a6f4241d1857b2d733b26467811d055
Instruction ID: 7f3a8a99e22c2f91789af4a097c41c78fddaef8a300282fe9ceac5b09d17111d
Opcode Fuzzy Hash: 1a2a135b9d7da3f1633a07635c2881b81a6f4241d1857b2d733b26467811d055
Instruction Fuzzy Hash: A5716D22F1A6438AFB20AB68D450ABCB3A0BF45B54FC44137DE5D53695EFBCA845C360

Function 00007FF7D1EC74F0 Relevance: 10.3, Strings: 8, Instructions: 325COMMON

Download Yara Rule

Strings

GE BVal scaling (e.g. %g -> %g s/mm^2), xrefs: 00007FF7D1EC7895
Impossible GE slice orientation!, xrefs: 00007FF7D1EC7658
Limited validation for non-HFS (Head first supine) GE DTI: confirm gradient vector transformation, xrefs: 00007FF7D1EC75B0
Unable to determine DTI gradients, 0018,1312 should be either R or C, xrefs: 00007FF7D1EC75DC
Saving %d DTI gradients. GE Reorienting %s : please validate. isCol=%d sliceDir=%d flp=%d %d %d, xrefs: 00007FF7D1EC76B4
Warning: , xrefs: 00007FF7D1EC75A4, 00007FF7D1EC75D0, 00007FF7D1EC7622, 00007FF7D1EC76E7
Reorienting for ROW phase-encoding untested., xrefs: 00007FF7D1EC76F3
Limited validation for non-Axial DTI: confirm gradient vector transformation., xrefs: 00007FF7D1EC762E

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: GE BVal scaling (e.g. %g -> %g s/mm^2)$Impossible GE slice orientation!$Limited validation for non-Axial DTI: confirm gradient vector transformation.$Limited validation for non-HFS (Head first supine) GE DTI: confirm gradient vector transformation$Reorienting for ROW phase-encoding untested.$Saving %d DTI gradients. GE Reorienting %s : please validate. isCol=%d sliceDir=%d flp=%d %d %d$Unable to determine DTI gradients, 0018,1312 should be either R or C$Warning:
API String ID: 0-2243388974
Opcode ID: 3e8b99e89ed26eda98a5be68949f605edd6bffbf876c0099810ccb778283cb36
Instruction ID: 8b926140136754f7245999dd84cc72eedcc733a9a103ffafe14b50eb0993d928
Opcode Fuzzy Hash: 3e8b99e89ed26eda98a5be68949f605edd6bffbf876c0099810ccb778283cb36
Instruction Fuzzy Hash: 38F1F532E18AC785F321AB36D4412FEF361AF69345FD89733DA49225A1DF78A191C610

Function 00007FF7D1ED4670 Relevance: 9.2, Strings: 7, Instructions: 413COMMON

Download Yara Rule

Strings

.nii, xrefs: 00007FF7D1ED4AA1
Hint: using external compressor (pigz) should help., xrefs: 00007FF7D1ED4A2F
Saving uncompressed data: image too large for pigz., xrefs: 00007FF7D1ED4D4F
Saving uncompressed data: internal compressor unable to process such large files., xrefs: 00007FF7D1ED4A0A
The 'optimal' piped gz is only available for Unix, xrefs: 00007FF7D1ED4ACA
Warning: , xrefs: 00007FF7D1ED49FE, 00007FF7D1ED4A23, 00007FF7D1ED4ABE, 00007FF7D1ED4D43
Error: Image size is zero bytes %s, xrefs: 00007FF7D1ED496D

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: Hint: using external compressor (pigz) should help.$.nii$Error: Image size is zero bytes %s$Saving uncompressed data: image too large for pigz.$Saving uncompressed data: internal compressor unable to process such large files.$The 'optimal' piped gz is only available for Unix$Warning:
API String ID: 0-338368965
Opcode ID: 24c36f200ddf45e6bf35d79fbd1f9bbcaeca1855b7e788024e2e2060c4b2cc75
Instruction ID: 46398b3c04c8faa236dde2aaee3e78764414052fbbaca19086b323b14e0b614b
Opcode Fuzzy Hash: 24c36f200ddf45e6bf35d79fbd1f9bbcaeca1855b7e788024e2e2060c4b2cc75
Instruction Fuzzy Hash: C122A152E08BC685F711DB39C5052FC6360FB69B48F98A322DB8C26A53EF75A2D5C310

Function 00007FF7D1EC5C80 Relevance: 9.2, Strings: 7, Instructions: 408COMMON

Download Yara Rule

Strings

Slice =, xrefs: 00007FF7D1EC62F6
Gantry Tilt Parameters (see issue 253), xrefs: 00007FF7D1EC6229
[%g %g %g], xrefs: 00007FF7D1EC6247, 00007FF7D1EC6288, 00007FF7D1EC62C6, 00007FF7D1EC6308
Read =, xrefs: 00007FF7D1EC6235
CrossReadPhase =, xrefs: 00007FF7D1EC62B7
Phase =, xrefs: 00007FF7D1EC6276
Gantry Tilt based on 0018,1120 %g, estimated from slice vector %g, xrefs: 00007FF7D1EC633F

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: CrossReadPhase =$ Phase =$ Read =$ Slice =$Gantry Tilt Parameters (see issue 253)$Gantry Tilt based on 0018,1120 %g, estimated from slice vector %g$[%g %g %g]
API String ID: 0-3860303150
Opcode ID: 04aada7aeb09845d0c7404f90cae7492d78697d29cfb1274b5bfc191f7d03a8f
Instruction ID: b27275b4ecbf9bca79fe6b95842f6d4f09316a07758cb5a5e495d2a5718630e6
Opcode Fuzzy Hash: 04aada7aeb09845d0c7404f90cae7492d78697d29cfb1274b5bfc191f7d03a8f
Instruction Fuzzy Hash: 6912D732D18BCA45F313EB3794420AEE365AFAF385F989723FD45315A2DB68B491C610

Function 00007FF7D1F3CFE0 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF7D1F3D059
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7D1F3D071
RtlVirtualUnwind.KERNEL32 ref: 00007FF7D1F3D0AC
IsDebuggerPresent.KERNEL32 ref: 00007FF7D1F3D0E5
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7D1F3D0EF
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7D1F3D0FA

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 47fdae16ebf1079ddbd4b1c9fbbe3b3341ae965c24583196bff6b1b50e43e0f7
Instruction ID: bcae1a7ab234d115705edd0ad8d820bd43619fb13eac1060cd234782381b7d93
Opcode Fuzzy Hash: 47fdae16ebf1079ddbd4b1c9fbbe3b3341ae965c24583196bff6b1b50e43e0f7
Instruction Fuzzy Hash: 40317336619B8286FB60DF25E8502AEB3A4FB88754FD00136EA8D43B95DF7CD245CB10

Function 00007FF7D1ED2BA0 Relevance: 8.2, Strings: 6, Instructions: 722COMMON

Download Yara Rule

Strings

%g, xrefs: 00007FF7D1ED2E05
Only able to make equidistant slices from 8,16,24-bit integer or 32-bit float image data., xrefs: 00007FF7D1ED2D26
Unable to equalize slice distances: slice order not consistently ascending:, xrefs: 00007FF7D1ED2DDC
Recompiling with '-DmyInstanceNumberOrderIsNotSpatial' might help., xrefs: 00007FF7D1ED2E2F
dx=[0, xrefs: 00007FF7D1ED2DE8
_Eq, xrefs: 00007FF7D1ED35FA

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: %g$ Recompiling with '-DmyInstanceNumberOrderIsNotSpatial' might help.$Only able to make equidistant slices from 8,16,24-bit integer or 32-bit float image data.$Unable to equalize slice distances: slice order not consistently ascending:$_Eq$dx=[0
API String ID: 0-240521882
Opcode ID: 71039d9a1c5abf8947328fbe7c9500fa9436a35e44032906f9598eb7a8058e8d
Instruction ID: 883911e4dd0b21a0b6b3fbb9e78ed3df8fb4ceec23694bb45c1852942df64afb
Opcode Fuzzy Hash: 71039d9a1c5abf8947328fbe7c9500fa9436a35e44032906f9598eb7a8058e8d
Instruction Fuzzy Hash: 5F62D463E18AC686F711EB35C1011BDA360FF6A785F899322EA4D22652EF78F1D5C310

Function 00007FF7D1F23954 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7D1F23980
GetCurrentThreadId.KERNEL32 ref: 00007FF7D1F2398E
GetCurrentProcessId.KERNEL32 ref: 00007FF7D1F2399A
QueryPerformanceCounter.KERNEL32 ref: 00007FF7D1F239AA

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: e08836070db3463b502a8494ab3437ea19ceef2585b69433a160db3d3184c76f
Instruction ID: e944ab6b3fa61c08fb92773042bd432e6c65dda1d109ab373ebbaa51fbacb636
Opcode Fuzzy Hash: e08836070db3463b502a8494ab3437ea19ceef2585b69433a160db3d3184c76f
Instruction Fuzzy Hash: 11112E26B19F028AFB00DF60E8552BC73A4F719758FC41E32EA6D46BA4EFB8D1548350

Function 00007FF7D1EDACE0 Relevance: 5.6, Strings: 4, Instructions: 606COMMON

Download Yara Rule

Strings

Unexpected error for image with varying echo time or intensity scaling, xrefs: 00007FF7D1EDADAB
Philips enhanced DICOMs (hint: export as classic DICOM), xrefs: 00007FF7D1EDADF8
Warning: , xrefs: 00007FF7D1EDADEC
Error: , xrefs: 00007FF7D1EDAD92

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: Error: $Philips enhanced DICOMs (hint: export as classic DICOM)$Unexpected error for image with varying echo time or intensity scaling$Warning:
API String ID: 0-4224283466
Opcode ID: 916b861704e1a0facf353e8f2e55d143f8e5dc9812680dd2dcb5e5d26e0c2235
Instruction ID: 6fa4a909004bf8cc45863b14fd18878ba0342aa3d4473773f108187cd97d0bb7
Opcode Fuzzy Hash: 916b861704e1a0facf353e8f2e55d143f8e5dc9812680dd2dcb5e5d26e0c2235
Instruction Fuzzy Hash: 3562F373A086C68AE301DF29D0441ADB7A0FB46755F984236EF4C67694DBBCE685CB20

Function 00007FF7D1EA4330 Relevance: 5.2, Strings: 4, Instructions: 170COMMON

Download Yara Rule

Strings

Signed 8-bit DICOM?, xrefs: 00007FF7D1EA44A1
jpeg decode failure w*h %d*%d bpp %d sgnd %d components %d OpenJPEG=%s, xrefs: 00007FF7D1EA4554
Error: , xrefs: 00007FF7D1EA448A, 00007FF7D1EA4523
Catastrophic decompression error, xrefs: 00007FF7D1EA453C

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: Catastrophic decompression error$Error: $Signed 8-bit DICOM?$jpeg decode failure w*h %d*%d bpp %d sgnd %d components %d OpenJPEG=%s
API String ID: 0-3859879881
Opcode ID: 6d6047694ecd5671db32fe1836baf9ef272ca10d16fdbe67bbe5bc33812ea412
Instruction ID: 40c1e40be755f030c11f663945e36a872a224d680bc990a5c762719a9fbbb04e
Opcode Fuzzy Hash: 6d6047694ecd5671db32fe1836baf9ef272ca10d16fdbe67bbe5bc33812ea412
Instruction Fuzzy Hash: CA51EF32A1815386FB14EB25D1510BDB7E1FB84741BC98237DA4E43792DEBDE846C760

Function 00007FF7D1F2DBC0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF7D1F2DC26
memcpy_s.LIBCPMT ref: 00007FF7D1F2DC51

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: de19a3698e521d6e194cd6b965e764a287842a06b48c1a7e19f664814d18974c
Instruction ID: 8e9b68df93887155370d4f8a1913b4a92d5308fba01b1ed618950ea6aac9b5f5
Opcode Fuzzy Hash: de19a3698e521d6e194cd6b965e764a287842a06b48c1a7e19f664814d18974c
Instruction Fuzzy Hash: 1CC1F372B1A68687EB24DF19A044A6EF791F794B84FD48136EB4E83744DB7DE801CB40

Function 00007FF7D1EE8E90 Relevance: 4.6, APIs: 3, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindClose.KERNEL32 ref: 00007FF7D1EE8F6C
FindFirstFileA.KERNEL32 ref: 00007FF7D1EE8FCA
FindClose.KERNEL32 ref: 00007FF7D1EE9047

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Find$Close$FileFirst
String ID:
API String ID: 3046750681-0
Opcode ID: 36035ada41cbf875887cab854e4d8928e77aaee3b599aa288af78d084ad34640
Instruction ID: 01d6af39ed340e1decc5ed121e56530a89cf6958a1f46b99ff2483c06b02acc6
Opcode Fuzzy Hash: 36035ada41cbf875887cab854e4d8928e77aaee3b599aa288af78d084ad34640
Instruction Fuzzy Hash: 6D518832B096C295FB19AB2595503BDB691FB457B0FC48332EBB9037D5CFAC91A18350

Function 00007FF7D1ED3710 Relevance: 4.2, Strings: 3, Instructions: 483COMMON

Download Yara Rule

Strings

Only able to correct gantry tilt for 16-bit integer data with at least 3 slices., xrefs: 00007FF7D1ED38CD
Gantry Tilt Correction is new: please validate conversions, xrefs: 00007FF7D1ED3919
_Tilt, xrefs: 00007FF7D1ED3DEA

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: Gantry Tilt Correction is new: please validate conversions$Only able to correct gantry tilt for 16-bit integer data with at least 3 slices.$_Tilt
API String ID: 0-1603146100
Opcode ID: 83157dc4c679a53d94ad43dd24f2ab991c713363f2f92ce93476435903076a18
Instruction ID: 59800db0973b2ed95184ae1ac5aa1c12daf36604c53fe936dfdcc8a77c85039f
Opcode Fuzzy Hash: 83157dc4c679a53d94ad43dd24f2ab991c713363f2f92ce93476435903076a18
Instruction Fuzzy Hash: 14322922E18BC685F3119B3990011FDB361FF69789F899322DF8862657EB79E1D1C700

Function 00007FF7D1ED3F00 Relevance: 4.2, Strings: 3, Instructions: 428COMMON

Download Yara Rule

Strings

Only able to correct gantry tilt for 16-bit integer or 32-bit float data with at least 3 slices., xrefs: 00007FF7D1ED4082
Gantry Tilt Correction is new: please validate conversions, xrefs: 00007FF7D1ED409E
_Tilt, xrefs: 00007FF7D1ED451A

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: Gantry Tilt Correction is new: please validate conversions$Only able to correct gantry tilt for 16-bit integer or 32-bit float data with at least 3 slices.$_Tilt
API String ID: 0-819331202
Opcode ID: f8c5359cf54bb5b46fee5b8a62226f191758d49d2e5797ba754a33cf1f19cada
Instruction ID: fc5404f79929960c1da4128762f9399da1702e9fed6b047cce1805a228f3d597
Opcode Fuzzy Hash: f8c5359cf54bb5b46fee5b8a62226f191758d49d2e5797ba754a33cf1f19cada
Instruction Fuzzy Hash: 7A22EA22D18AC685E712DB39D1412BDB364FFA9784F489322EF8962A56DF78E1C5C700

Function 00007FF7D1F4284C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF7D1F3F896), ref: 00007FF7D1F428C0

Strings

GetLocaleInfoEx, xrefs: 00007FF7D1F42868, 00007FF7D1F42879

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 601089d7e969631625e377f4e733eabe0b6dacd75f54d91ce2f9ca999909c7fa
Instruction ID: daf39344e5121ad1af1f31fe4f974c7aff854aa111a26950d96ea5f2b2fc7728
Opcode Fuzzy Hash: 601089d7e969631625e377f4e733eabe0b6dacd75f54d91ce2f9ca999909c7fa
Instruction Fuzzy Hash: 99014F21B0AA4285F744AB96B4404AEE760BF94BD0FD84037EE4D47BA6CE7CD5458750

Function 00007FF7D1F4A97C Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF7D1F4ABCB
RaiseException.KERNEL32 ref: 00007FF7D1F4ABDC

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: e09166026033f30ff712a53cff017bf52887700c2c78ccfd07b929437c523ddf
Instruction ID: ca86050825f4dbbff7b6d44addba9228a921f199c6c95ed67d5b523f483f28a7
Opcode Fuzzy Hash: e09166026033f30ff712a53cff017bf52887700c2c78ccfd07b929437c523ddf
Instruction Fuzzy Hash: 17B1AD73605B8A8BEB15CF29C88676C7BA0F744B48F988832DB5E837A4CB79D451C710

Function 00007FF7D1EA4A20 Relevance: 3.2, Strings: 2, Instructions: 716COMMON

Download Yara Rule

Strings

Warning: , xrefs: 00007FF7D1EA51E5
Intensity scale/slope using 0028,1053 and 0028,1052, xrefs: 00007FF7D1EA51F1

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: Intensity scale/slope using 0028,1053 and 0028,1052$Warning:
API String ID: 0-4216484025
Opcode ID: b10021c7575b4f0b83b275058d7772bf7d65f792c8ed733881a361dbac06450e
Instruction ID: f4d2cc82617e8b43ca9386e8e2354671ddc9a8dbc81d6ad8ea7737119ba375d5
Opcode Fuzzy Hash: b10021c7575b4f0b83b275058d7772bf7d65f792c8ed733881a361dbac06450e
Instruction Fuzzy Hash: A8523623E24B8686E701DB3985451BCB3A1FF5AB81BD9D333E61972196FB68B1C5C340

Function 00007FF7D1EA8D30 Relevance: 2.8, Strings: 2, Instructions: 274COMMON

Download Yara Rule

Strings

Segami coordinates defy DICOM convention, please check orientation, xrefs: 00007FF7D1EA8F11
Warning: , xrefs: 00007FF7D1EA8F05

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: Segami coordinates defy DICOM convention, please check orientation$Warning:
API String ID: 0-3532807886
Opcode ID: 17efb371edb96efee73708b437a58e0fc255acb5f970f5d75138df4e59e32445
Instruction ID: 9d6ee156e7eb175b2352cc52b05b567b21b75a64f474e188c7046e0793d2c64b
Opcode Fuzzy Hash: 17efb371edb96efee73708b437a58e0fc255acb5f970f5d75138df4e59e32445
Instruction Fuzzy Hash: 38E1A432D18BC589F322DF3AD4510E8B364FF69789B959312EE4862556EB38B2D5CB00

Function 00007FF7D1F43640 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

gfff, xrefs: 00007FF7D1F437CA
e+000, xrefs: 00007FF7D1F4374D

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: b55c49f3ea648b1e20f59d2488b2321bdd6c609c27c4364612acfa661c398168
Instruction ID: 912677269da1d74baa632461a7a10b7418ab1e99156f55488ebc80783fbe90e8
Opcode Fuzzy Hash: b55c49f3ea648b1e20f59d2488b2321bdd6c609c27c4364612acfa661c398168
Instruction Fuzzy Hash: 34515766B1D2DB46F724DE359801B6DEB91E744B94FC88232CBA84BAC5CEBDE4448710

Function 00007FF7D1EEA010 Relevance: 1.8, Strings: 1, Instructions: 517COMMON

Download Yara Rule

Strings

double, xrefs: 00007FF7D1EEA026

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: double
API String ID: 0-3672634095
Opcode ID: f837be984a96834ac4a54e6f515a209f5299b1f39f18ed9ca28277458a3d2c69
Instruction ID: 3e034fe579bcc5d5cd03b5be44988959e5ee3edb5b3e3e21974ebf1ac624cedf
Opcode Fuzzy Hash: f837be984a96834ac4a54e6f515a209f5299b1f39f18ed9ca28277458a3d2c69
Instruction Fuzzy Hash: 6422AF72B086438AEB289F26D55037DB7E1FB84749F94813ADA4D97B88DFBDE4108710

Function 00007FF7D1F4F6A4 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F41E94: GetLastError.KERNEL32 ref: 00007FF7D1F41EA3
Part of subcall function 00007FF7D1F41E94: FlsGetValue.KERNEL32 ref: 00007FF7D1F41EB8
Part of subcall function 00007FF7D1F41E94: SetLastError.KERNEL32 ref: 00007FF7D1F41F43

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7D1F4FE93,?,00000000,00000092,?,?,00000000,?,00007FF7D1F3F6BD), ref: 00007FF7D1F4F742

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 2e597ddbf51ab4dcc8cd4951dfe137517ddb790ef5d415ede5a3fe7330aa2487
Instruction ID: 388eb2ecf5da98c3bb22f33d4073819e5ccdc79bede2fb425795ad1424bf29e2
Opcode Fuzzy Hash: 2e597ddbf51ab4dcc8cd4951dfe137517ddb790ef5d415ede5a3fe7330aa2487
Instruction Fuzzy Hash: 4E11D567A196468AFB149F29D040AACBBA0FB50BE0FC58136C65D833D0DABCD5D1C750

Function 00007FF7D1F4F774 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F41E94: GetLastError.KERNEL32 ref: 00007FF7D1F41EA3
Part of subcall function 00007FF7D1F41E94: FlsGetValue.KERNEL32 ref: 00007FF7D1F41EB8
Part of subcall function 00007FF7D1F41E94: SetLastError.KERNEL32 ref: 00007FF7D1F41F43

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7D1F4FE4F,?,00000000,00000092,?,?,00000000,?,00007FF7D1F3F6BD), ref: 00007FF7D1F4F7F2

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 91d1b86c2f9b2c6e6bcaee49d6f296dc4e91b979ddeed6c144d25158c3689c9f
Instruction ID: 47cf7cfa3ae0635daba5c7bc1cb8e9fe3ea69676341913d975f6d9c024e5a04e
Opcode Fuzzy Hash: 91d1b86c2f9b2c6e6bcaee49d6f296dc4e91b979ddeed6c144d25158c3689c9f
Instruction Fuzzy Hash: 0B01B572E0928346F710AF19E440BBDB692EB407A4FD59333D66C876C5DFBC98858710

Function 00007FF7D1F423CC Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF7D1F4281B,?,?,?,?,?,?,?,?,00000000,00007FF7D1F4ECF4), ref: 00007FF7D1F4241B

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 3d4a13de03cb24b047339c751064bca2a3f13f79a775ad748efe909a38125564
Instruction ID: 914a1a50643fa27a8b366956134b2fb55100a65243a65f9211d639404f669911
Opcode Fuzzy Hash: 3d4a13de03cb24b047339c751064bca2a3f13f79a775ad748efe909a38125564
Instruction Fuzzy Hash: 83F06972B09A4682F704EB55F8905A9A365EB88780FD48036EA4D93765DE7CD851C310

Function 00007FF7D1F431AC Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF7D1F434EE

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: dd206188ed4be3ccf569dd58d7a752e2fe124406fd47b503c67296ddfe1848b7
Instruction ID: 7179424a35d745827318db9c09f9e4a9d0aab4cb9cc204d5691b011257d1f233
Opcode Fuzzy Hash: dd206188ed4be3ccf569dd58d7a752e2fe124406fd47b503c67296ddfe1848b7
Instruction Fuzzy Hash: E1A13562B0A79B86FB21DF25A400BBDBBA0AB50B84FC48132DE8D47795DE7DE501C711

Function 00007FF7D1F30470 Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

, xrefs: 00007FF7D1F3067A

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 528c0707e23f800773d583d0de476b2094275924d902d28d43e68404760adb93
Instruction ID: 95f54dda784becf4493ede2817cb7e6b5d1b3a8b6602f54b7f13aeb1e4e40cd9
Opcode Fuzzy Hash: 528c0707e23f800773d583d0de476b2094275924d902d28d43e68404760adb93
Instruction Fuzzy Hash: 01B1AD72A0A6478AF765AF69C05023DBBA0EB85B48FE40137DA4D47399CFB9D440CB60

Function 00007FF7D1EF8A50 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00007FF7D1EF8A94

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
API String ID: 0-1713319389
Opcode ID: dc14a3d88ef48ca0b84f420a2205e3a1ed2f2f3d9d377c772f49ae6e1dc9da6f
Instruction ID: cd7862ded77f9fe512ea5d76bc36965327b54e05c63e7ca1344a87cdccd1d41e
Opcode Fuzzy Hash: dc14a3d88ef48ca0b84f420a2205e3a1ed2f2f3d9d377c772f49ae6e1dc9da6f
Instruction Fuzzy Hash: B341576271C7C689FB629F25A4213FEBA90AB49781FC80133DE8E43786DE6CD105C710

Function 00007FF7D1EBF890 Relevance: .6, Instructions: 602COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfdabc77b97d7983bf7513d726577fffb3a2755aac7c4dcb0a9ede4c48239abc
Instruction ID: bc22ba6c899c9a6ff4931589a61b103fe7f4a0e30a30380d4b5c4bdd707a0fb3
Opcode Fuzzy Hash: cfdabc77b97d7983bf7513d726577fffb3a2755aac7c4dcb0a9ede4c48239abc
Instruction Fuzzy Hash: 1552DB32C38FCD49E223DA3654526B6E365AFBF1C6F15D313F94674962EF18A0D29A00

Function 00007FF7D1EF1480 Relevance: .6, Instructions: 557COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7111742be941fb321514fac3296d8355e3d90c9524e2ba41395e77a98019652
Instruction ID: b5d7332132eff0b5970a9d010f7c5a335d6ae646b25faa20917c6cbd26561698
Opcode Fuzzy Hash: c7111742be941fb321514fac3296d8355e3d90c9524e2ba41395e77a98019652
Instruction Fuzzy Hash: 774238B391478ACBE708DF39C44422C7BB1FB45B49BC4822ACE1987798DB79D845CB60

Function 00007FF7D1EF0B70 Relevance: .6, Instructions: 551COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4fa313f5fc8428c974cab07d3beb6cc9bb44bb79baf27dd03157d810cd01b84
Instruction ID: 937944ef31baa2ee9173218e7b8a62a65e54bb65917e12f8bee9fac5382e3743
Opcode Fuzzy Hash: d4fa313f5fc8428c974cab07d3beb6cc9bb44bb79baf27dd03157d810cd01b84
Instruction Fuzzy Hash: 33322573A186A686E7A59F28C44077D7BB5F744B49FC5413ADE4A93788CB7CD880CB20

Function 00007FF7D1EBDBF0 Relevance: .5, Instructions: 545COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8683c18f80fc8099da97e537cf7758924c2234e33f420e9c64a345e160b6a66
Instruction ID: d3adb5608c6cb16201e83b2f56b4db9edda5258a4a0c24c7ebceccefb3fb8194
Opcode Fuzzy Hash: e8683c18f80fc8099da97e537cf7758924c2234e33f420e9c64a345e160b6a66
Instruction Fuzzy Hash: 32225A72E091D34AEB19DB359A1067CBFE0FB91706BC95237D68987691CE7CE1049B20

Function 00007FF7D1EF2380 Relevance: .4, Instructions: 440COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f51498a23c7fe4528131d8492c96e17404a09e61959052b70d4180fb78db7e0
Instruction ID: f61b5a3df9d412dcce8cd2850e8dec0b1baa3eae3a84358c81ac8db541d161d2
Opcode Fuzzy Hash: 2f51498a23c7fe4528131d8492c96e17404a09e61959052b70d4180fb78db7e0
Instruction Fuzzy Hash: B502D632A186C387E7199F39C4546BDBB61F795B49FD44236DE4A03B88DBB9D801CB20

Function 00007FF7D1EE94D0 Relevance: .4, Instructions: 436COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fe515e924697e4754a7b9be74e8f603c3a4453559beef1b955641a4b1557e62
Instruction ID: 191d41a4d3466922d61bf8666db25c9c082a1e6a68b0874f51c75b3c6e321228
Opcode Fuzzy Hash: 4fe515e924697e4754a7b9be74e8f603c3a4453559beef1b955641a4b1557e62
Instruction Fuzzy Hash: D5F1D772B2849207FB4CE631853857E6396EB897C4B89813AEB478B789DD3CF600D710

Function 00007FF7D1EBEE80 Relevance: .4, Instructions: 406COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 196dee2e07d45065f9ca36583ee37b111fc1f8d687465d08bf64a04afbd346c0
Instruction ID: 240df8a2ac2e36fd205f4bbd6c9e23911264c7e47d0159e42556274ecc975eaa
Opcode Fuzzy Hash: 196dee2e07d45065f9ca36583ee37b111fc1f8d687465d08bf64a04afbd346c0
Instruction Fuzzy Hash: A602BF72A196438BF718EF28EA4467DFFA1FB45305FC5423AC54A57AA0DEBCA405CB10

Function 00007FF7D1EC12D0 Relevance: .4, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5688c62244fb0a2e80c2f2b7c06afa48cb41fe50c9b07ca24339ecb2c32fcf13
Instruction ID: d73f00e3e836e329f0b9347769e7ff7d8041c9a36c6bc52b76e359d082da111e
Opcode Fuzzy Hash: 5688c62244fb0a2e80c2f2b7c06afa48cb41fe50c9b07ca24339ecb2c32fcf13
Instruction Fuzzy Hash: 59F11A22D28F8989F253E63644521BAE3556F7F3C2F69D323FD1A71962EB2970D38500

Function 00007FF7D1EDA690 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b08396e706362938a933dabc720f5f4be93a4fb08d2643d5f952c24f22eb4f4b
Instruction ID: 52df1330e0c3cc448332182a2ffd7d5a1fcd118b7a1b4c7dac31cd9fad28c31d
Opcode Fuzzy Hash: b08396e706362938a933dabc720f5f4be93a4fb08d2643d5f952c24f22eb4f4b
Instruction Fuzzy Hash: 84F1FA32A15A8589E717CF39C4406ECB361EF5A785FD8C333E60A63654EB79E286C700

Function 00007FF7D1F3121C Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b0bff10e396ca46b48ce760d88a0451720b76154645b685e0820460601c585c
Instruction ID: 72b08b6b74649454235e88626b1befc90560e652f7ad57335aa61ca5ac9042a5
Opcode Fuzzy Hash: 4b0bff10e396ca46b48ce760d88a0451720b76154645b685e0820460601c585c
Instruction Fuzzy Hash: 84E1C2F2A0E64385F764AA28C5543BCA7A1EB47B54FD88237CE4D466D5CFB9E841C320

Function 00007FF7D1F31654 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae86b5f8e2e9307827d5a0ade63e169f48868122f484ef29a4008eedf44e342d
Instruction ID: f8fb325301e8c5d862f3f8d73562c892c8ebdbfcabc3e1532ca3b74535995e33
Opcode Fuzzy Hash: ae86b5f8e2e9307827d5a0ade63e169f48868122f484ef29a4008eedf44e342d
Instruction Fuzzy Hash: CFD1D8A6A0E64385FB69EE25845027DA7A0EF46B48FD84236CE0E076D4CFB9D845D360

Function 00007FF7D1EE9AE0 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 382e08043a492466b8441b32154079ad7560ae129940cb466131f451d84420f3
Instruction ID: af8e63298b9457785c985cad275cdfecf9cf7cb52c4e5b08810077f8468f37dd
Opcode Fuzzy Hash: 382e08043a492466b8441b32154079ad7560ae129940cb466131f451d84420f3
Instruction Fuzzy Hash: 26D1EF22B1868246FB05AB3985602BDB3A1FB99784FC49236EF4E07796DF7CE145C710

Function 00007FF7D1F3F50C Relevance: .3, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: c4563f8d8b63ef00dd112a50512fba6631c6dced540f49864ef41fe71ca8986b
Instruction ID: 8dbb445a5c4de183dbe11454610974ccdd2dd27206f893eccd2b120418e436ef
Opcode Fuzzy Hash: c4563f8d8b63ef00dd112a50512fba6631c6dced540f49864ef41fe71ca8986b
Instruction Fuzzy Hash: A8C10766A0A78385FB64EB6198107BEA7A0FB94788FC04033DE8E87695DFBCD505C711

Function 00007FF7D1F2B780 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58efd631e641bd9ca32e9aa88200dc949f1884dbee9860a31afe10df2b989db8
Instruction ID: c157d9b70ce00463e6c1a54a31b4b9a93850cc2a8bf250142da8c4573a05aca4
Opcode Fuzzy Hash: 58efd631e641bd9ca32e9aa88200dc949f1884dbee9860a31afe10df2b989db8
Instruction Fuzzy Hash: EE915732B1E2474EFB246A2590503BDA690AF50784FC8057BDE6EC77C5DEBCE4069B20

Function 00007FF7D1EF0150 Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45c53b3af3f0319fbfa94a2c5a0afc15484f0c54c9c9bf40bfe0d01c6d019678
Instruction ID: 45de88beb38c0a0083bea35d747703b1fb5951555a33b68d2204d8e103e8330b
Opcode Fuzzy Hash: 45c53b3af3f0319fbfa94a2c5a0afc15484f0c54c9c9bf40bfe0d01c6d019678
Instruction Fuzzy Hash: 60C16433A086E28BE7059F18C414ABC7BA1F385B49FD49232DE9943691DF7ED982C710

Function 00007FF7D1EF1DF0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e2083d46bd4b7a26d9f39de07a892b38428959663df14ff7024aae774888abe
Instruction ID: 6e4de5a5ebeee50776b381d775606a93dd7d5a08209529074d3885f85833b65f
Opcode Fuzzy Hash: 7e2083d46bd4b7a26d9f39de07a892b38428959663df14ff7024aae774888abe
Instruction Fuzzy Hash: E0B1F473B1868386F764CB24E504BBEA7A1FB94789FC19136DA4993A45EB7CD540CB00

Function 00007FF7D1F30B8C Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0921e74ecfc77a830cc7ee40ab710a87c17b039f059e78c798ee67696d133f3
Instruction ID: 19390237057191882cb7004171e306733b5651e818ab0447d54e1f64e327ed21
Opcode Fuzzy Hash: d0921e74ecfc77a830cc7ee40ab710a87c17b039f059e78c798ee67696d133f3
Instruction Fuzzy Hash: D5B19E72A0AB8686F764AF79D05423CBBA0E745B48FE40137DA4E47395CFB9E481C724

Function 00007FF7D1EC0540 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6dfa4132987efb00b7bc91e0653d1a3b7adae640ed01511bbe083080c6069ca
Instruction ID: 774ac13df7dfbe2f882ee28413d63dc8189e402dbed9c5779f83f4d8d242fe3f
Opcode Fuzzy Hash: a6dfa4132987efb00b7bc91e0653d1a3b7adae640ed01511bbe083080c6069ca
Instruction Fuzzy Hash: EEB18332D28B8886E312DB379581069F360FFAE385B19D712FA5432A75DB74F5A1DB00

Function 00007FF7D1F40A94 Relevance: .2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 94a24ab3190b2ca47de919b2c49ef95649998a3820ac0d8a0084ad7c5089cf58
Instruction ID: b9dfeee8ed441118bae790dbfed70a69147322893bfad0506092b3515ff4df5a
Opcode Fuzzy Hash: 94a24ab3190b2ca47de919b2c49ef95649998a3820ac0d8a0084ad7c5089cf58
Instruction Fuzzy Hash: B481E032A06B4682FB60EE65D091BBCA360FB44B98FD44637EE5E97784CF78D0418314

Function 00007FF7D1F43CC0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 720fc957217993d2413a349eb46441890ffc18f0f9755261a1ea987ff66862c4
Instruction ID: 7375766bff23a0d3451d64b552ee4c40ff26c4cdc450010ef603348ceb09158e
Opcode Fuzzy Hash: 720fc957217993d2413a349eb46441890ffc18f0f9755261a1ea987ff66862c4
Instruction Fuzzy Hash: 0D81F372A0979A46F774EF19945077EEAA0FB85794FD04236EA8D43B99CF7DE0008B10

Function 00007FF7D1F021C0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeee1151a4e17d2d524b67e577428e6dec8f0af85041f0512304db25273809a1
Instruction ID: 59c6b9988b22f755165bd93f3342abe231d864534521553dc89aa83136e5047f
Opcode Fuzzy Hash: aeee1151a4e17d2d524b67e577428e6dec8f0af85041f0512304db25273809a1
Instruction Fuzzy Hash: C4712232716786C7E304DF54E044A6EBBB4FB54F92F824026DB8883B54DB78D919C760

Function 00007FF7D1F01EE0 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e4979ce7f4c72f26285734273875726796c42b21647b1f932dbbcd417121bd2
Instruction ID: 511632626f5d38091ad9a6e50d2dd39cf20eb1c3b42826d944d4fad07f4525ed
Opcode Fuzzy Hash: 9e4979ce7f4c72f26285734273875726796c42b21647b1f932dbbcd417121bd2
Instruction Fuzzy Hash: CF71443BB1578187E700EF05D044ABDBBB5FBA8B92B85412AEB8883754D77CD849C720

Function 00007FF7D1F4990C Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d83a1f52615c6b1d539613ce49cfdb13e728e6daccfc8f2bceaed30867e100ba
Instruction ID: 2624731c65436df113c2185c2c81a0212436cd633bd2dab19eda08cd305d5f2d
Opcode Fuzzy Hash: d83a1f52615c6b1d539613ce49cfdb13e728e6daccfc8f2bceaed30867e100ba
Instruction Fuzzy Hash: AD610822F0E25346FB64A9288454A7DE681BF48374FD8023BD62E476D5DEFDE9008720

Function 00007FF7D1F01C50 Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fef2e355fbe4284fcceb409446763f6a6a678ce0df4a27e4a89a14d870b16e11
Instruction ID: e91d9c6a62261eef831b8a4dccd6b6938b66a4d033a0b0d5b6d0074d54c34317
Opcode Fuzzy Hash: fef2e355fbe4284fcceb409446763f6a6a678ce0df4a27e4a89a14d870b16e11
Instruction Fuzzy Hash: 8961F67A60978287D320AF15E0006BDB7B1FB68B91F814026EF8883758EB7DE845C710

Function 00007FF7D1F2FD10 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
Instruction ID: 5dd0b5cb531e737123f0049e6079b0e0722adfc13b0e1904e95427b69263f206
Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
Instruction Fuzzy Hash: F7519732A35A52C6F7259B29C05073CA7A0EB48F58FE44172CE4D97795CB7AE843C750

Function 00007FF7D1F2FB0C Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction ID: f8fda16bff8d2750ae04873bc1898555df75606c24d2c0e9728ad61ee2ca6b2e
Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction Fuzzy Hash: A1518636A39A53C5F7249B29C05022CB7A0EB45B68FE84172CE4D97794CB7AED43C750

Function 00007FF7D1F2F908 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction ID: fd5efefbeb8bac588d3c6b12945d6714df6ffbc3ef300f368c7f491f0d97127c
Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction Fuzzy Hash: 0E518572B3A652C6F7249B29C44022DB7A0EB48B58FE44172CE4D97794CB7AEC42CB50

Function 00007FF7D1F32DD0 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
Instruction ID: 18266857533247f1e7f1f2e5cd8e022d1b32dba714120a18783128eb90981fe5
Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
Instruction Fuzzy Hash: EE41C452D0B64B44FB95A92805147BDEA80FF62BA0DE852B6DD9E133D7CD8C66C78230

Function 00007FF7D1F3E674 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ErrorLanguagesLastPreferredRestoreThread
String ID:
API String ID: 588628887-0
Opcode ID: e50006b700149c4487d781c9bcaa9e849795e8676ece0648cd48462f4d8adc66
Instruction ID: 76855850dd394d4438639921f98ac74e55fb2907572a324a658f9a0a74b54d7a
Opcode Fuzzy Hash: e50006b700149c4487d781c9bcaa9e849795e8676ece0648cd48462f4d8adc66
Instruction Fuzzy Hash: 6341E362715A5681FF04DF2AE91456DB3A1FB48FC0B899033EE0D97B59EE7DC4428300

Function 00007FF7D1F369EC Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d89c1cd8f55d39baaf9049337690faae93ddb2e6b970829e00280fc3f990e20
Instruction ID: dafbdb9aaeeddd5012523e21284bb6db956e900380f8f8331b8838dfa43fcf8f
Opcode Fuzzy Hash: 1d89c1cd8f55d39baaf9049337690faae93ddb2e6b970829e00280fc3f990e20
Instruction Fuzzy Hash: DD31BE32E1E10345FFA97A6B895517D9652AF82360EE4C033C50E05A99CDEAEB439531

Function 00007FF7D1F41E94 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7D1F41EA3
FlsGetValue.KERNEL32 ref: 00007FF7D1F41EB8
FlsSetValue.KERNEL32 ref: 00007FF7D1F41ED9
FlsSetValue.KERNEL32 ref: 00007FF7D1F41F06
FlsSetValue.KERNEL32 ref: 00007FF7D1F41F17
FlsSetValue.KERNEL32 ref: 00007FF7D1F41F28
SetLastError.KERNEL32 ref: 00007FF7D1F41F43
FlsGetValue.KERNEL32 ref: 00007FF7D1F41F79
FlsSetValue.KERNEL32 ref: 00007FF7D1F41F98

Part of subcall function 00007FF7D1F422E0: HeapAlloc.KERNEL32(?,?,00000000,00007FF7D1F4206E,?,?,00000001,00007FF7D1F3B1C5,?,?,?,?,00007FF7D1F4238C), ref: 00007FF7D1F42335

FlsSetValue.KERNEL32 ref: 00007FF7D1F41FC0

Part of subcall function 00007FF7D1F42358: RtlRestoreThreadPreferredUILanguages.NTDLL ref: 00007FF7D1F4236E
Part of subcall function 00007FF7D1F42358: GetLastError.KERNEL32 ref: 00007FF7D1F42378

FlsSetValue.KERNEL32 ref: 00007FF7D1F41FD1
FlsSetValue.KERNEL32 ref: 00007FF7D1F41FE2

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Value$ErrorLast$AllocHeapLanguagesPreferredRestoreThread
String ID:
API String ID: 2298676826-0
Opcode ID: ae8c889daf4f83288940a34e56abfaa73a37c4ba43885ec04674de17234a2947
Instruction ID: 81193f7e22d6f057d22fca7206b1a4aa8fed0830925eb12c3253af9b3fd1d56e
Opcode Fuzzy Hash: ae8c889daf4f83288940a34e56abfaa73a37c4ba43885ec04674de17234a2947
Instruction Fuzzy Hash: 3E417E90E0F24342FB68B3A1655197DD1825F547B4FD80737E93E16AD3EEACB4828220

Function 00007FF7D1EEF7A0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 62registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(00007FF7D1EA28AA), ref: 00007FF7D1EEF7F3
RegSetValueExA.ADVAPI32 ref: 00007FF7D1EEF83D
RegSetValueExA.ADVAPI32 ref: 00007FF7D1EEF872
RegSetValueExA.ADVAPI32 ref: 00007FF7D1EEF8B8
RegCloseKey.ADVAPI32 ref: 00007FF7D1EEF8C3

Strings

filename, xrefs: 00007FF7D1EEF895
Software\dcm2nii, xrefs: 00007FF7D1EEF7E5
isMaximize16BitRange, xrefs: 00007FF7D1EEF847
isGZ, xrefs: 00007FF7D1EEF812
Saving defaults to registry, xrefs: 00007FF7D1EEF801

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Value$CloseOpen
String ID: Saving defaults to registry$Software\dcm2nii$filename$isGZ$isMaximize16BitRange
API String ID: 3241186055-436654976
Opcode ID: 61270a6ad698467f891d179e7e89d2a0ff0f0e17bae1021c12cf743661252381
Instruction ID: a9ed2ba0f972cbdbf41757da70be6384dfa62fccac34d6ad1b499bcd7ec13cbb
Opcode Fuzzy Hash: 61270a6ad698467f891d179e7e89d2a0ff0f0e17bae1021c12cf743661252381
Instruction Fuzzy Hash: 51316476619A8285FB60EB10F45075EB760FB887A4FC05232EA9E43BA5DF7CD245CB10

Function 00007FF7D1F0BBC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7D1F0BC39
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7D1F0BC85
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7D1F0BDD1
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1F0BE00
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1F0BE06
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1F0BE0C

Strings

true, xrefs: 00007FF7D1F0BD24
false, xrefs: 00007FF7D1F0BCF7
bad locale name, xrefs: 00007FF7D1F0BDF3

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name$false$true
API String ID: 4121308752-1062449267
Opcode ID: 455d85d1e1719540321226ea78411d4d820de843b926771242500a86266a190d
Instruction ID: a19324f43311598b80972b0bea26f9a4a586e6c59b86ed87de387b1fda7ecf07
Opcode Fuzzy Hash: 455d85d1e1719540321226ea78411d4d820de843b926771242500a86266a190d
Instruction Fuzzy Hash: 02715D36A0B7428AFB11EB64E4503BDA3A0EF44B44FD40436EA8D57A96DFBCE415C324

Function 00007FF7D1EA6B10 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 300COMMON

Download Yara Rule

Strings

Only loaded %zu of %d bytes for %s, xrefs: 00007FF7D1EA6D30
%d is not enough bytes for RLE compression '%s', xrefs: 00007FF7D1EA6B5F
File not large enough to store image data: %s, xrefs: 00007FF7D1EA6FA1
Unable to open %s, xrefs: 00007FF7D1EA6BBF
RLE header corrupted %d != %d, xrefs: 00007FF7D1EA6F87
Error: , xrefs: 00007FF7D1EA6B46, 00007FF7D1EA6BA8, 00007FF7D1EA6D0F, 00007FF7D1EA6F2C, 00007FF7D1EA6F6E
RLE header error, xrefs: 00007FF7D1EA6F45

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: %d is not enough bytes for RLE compression '%s'$Error: $File not large enough to store image data: %s$Only loaded %zu of %d bytes for %s$RLE header corrupted %d != %d$RLE header error$Unable to open %s
API String ID: 0-702537721
Opcode ID: cb9a10bf10ebc5d47a0dcaa03fd428d869ffd2a3d99e30b712dc65fe27e505db
Instruction ID: 36abd232e792bbe5e795f22802232723118139054e56930fd0d1dc80e867c76c
Opcode Fuzzy Hash: cb9a10bf10ebc5d47a0dcaa03fd428d869ffd2a3d99e30b712dc65fe27e505db
Instruction Fuzzy Hash: 1EC1F322A1968386FB10FB28D6112BDA351FF55B84FC45136EA4E06287DFBCE581C720

Function 00007FF7D1EA3E10 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F34008: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F33F74

_fread_nolock.LIBCMT ref: 00007FF7D1EA3F0C

Strings

Unable to open %s, xrefs: 00007FF7D1EA3EA7
Frame %d Tag %#x length %d end at %ld, xrefs: 00007FF7D1EA4042
Only found %d of %d JPEG fragments. Please use dcmdjpeg or gdcmconv to uncompress data., xrefs: 00007FF7D1EA40E0
Unable to read %s, xrefs: 00007FF7D1EA3F47
JPEG signature 0xFFD8FF not found at offset %d of %s, xrefs: 00007FF7D1EA40A5
Error: , xrefs: 00007FF7D1EA3E8E, 00007FF7D1EA3F2E
Warning: , xrefs: 00007FF7D1EA4091

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _fread_nolock_invalid_parameter_noinfo
String ID: Error: $Frame %d Tag %#x length %d end at %ld$JPEG signature 0xFFD8FF not found at offset %d of %s$Only found %d of %d JPEG fragments. Please use dcmdjpeg or gdcmconv to uncompress data.$Unable to open %s$Unable to read %s$Warning:
API String ID: 2335118202-2013829625
Opcode ID: dd5e6cf17cedc2cb10fd6fff3a49fb607776602b9054ab26081bc49b3cdafac7
Instruction ID: 11ea831ea762fe22bd5a120b8478475def658d529096df0b8ce5312341006313
Opcode Fuzzy Hash: dd5e6cf17cedc2cb10fd6fff3a49fb607776602b9054ab26081bc49b3cdafac7
Instruction Fuzzy Hash: EC810662A091D346FB24F725E9512BEF690EB81791FC44136DA9E43B83DEBCE141DB20

Function 00007FF7D1EC6590 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 116COMMON

Download Yara Rule

Strings

Check file permissions: Unable to open input %s, xrefs: 00007FF7D1EC65EF
Naming conflict (duplicates?): '%s' '%s', xrefs: 00007FF7D1EC6630
Check file permission. Unable to open output %s, xrefs: 00007FF7D1EC6687
Unable to write %zu bytes to output %s, xrefs: 00007FF7D1EC6755
Warning: , xrefs: 00007FF7D1EC6621
Error: , xrefs: 00007FF7D1EC65D8, 00007FF7D1EC6670, 00007FF7D1EC673C

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: Check file permission. Unable to open output %s$Check file permissions: Unable to open input %s$Error: $Naming conflict (duplicates?): '%s' '%s'$Unable to write %zu bytes to output %s$Warning:
API String ID: 3215553584-3127093300
Opcode ID: 8c74aef1d487d215c064b51ef7ce80bda96a711c873442f2d6c415898b1bbe25
Instruction ID: e3dd3f1bd53ce732277cef010fcc2069d399ae29ca6a6a35d9b1630641e3509f
Opcode Fuzzy Hash: 8c74aef1d487d215c064b51ef7ce80bda96a711c873442f2d6c415898b1bbe25
Instruction Fuzzy Hash: 12413820A0A64385FB14F711E9222BEE291AF49B80FC44437D94E47797EEACE605C720

Function 00007FF7D1EA6740 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 245COMMON

Download Yara Rule

Strings

Only loaded %zu of %d bytes for %s, xrefs: 00007FF7D1EA69AA
File not large enough to store image data: %s, xrefs: 00007FF7D1EA6AEC
Unable to open %s, xrefs: 00007FF7D1EA6846
PMSCT_RLE1 should be 16-bits per sample (please report on Github and use pmsct_rgb1)., xrefs: 00007FF7D1EA67ED
Error: , xrefs: 00007FF7D1EA6770, 00007FF7D1EA67D4, 00007FF7D1EA682F, 00007FF7D1EA6989
%d is not enough bytes for PMSCT_RLE1 compression '%s', xrefs: 00007FF7D1EA6789

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: %d is not enough bytes for PMSCT_RLE1 compression '%s'$Error: $File not large enough to store image data: %s$Only loaded %zu of %d bytes for %s$PMSCT_RLE1 should be 16-bits per sample (please report on Github and use pmsct_rgb1).$Unable to open %s
API String ID: 0-3495368373
Opcode ID: 93c04be7446efc0185852297bff2f0133c01f8692a7c3721f909c3dca0d2bcc7
Instruction ID: e36d4ed6135edc575dba470f56e5a5fce0bfe17a56a57c8a0837f4f6c0ab7194
Opcode Fuzzy Hash: 93c04be7446efc0185852297bff2f0133c01f8692a7c3721f909c3dca0d2bcc7
Instruction Fuzzy Hash: 8BA1D212E1A68382FB11FB25D6222FDA350FB56B85FC49236DE4D16297EF7CA185C310

Function 00007FF7D1EA6380 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 223COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF7D1EA652F

Strings

File not large enough to store JPEG-LS data: %s, xrefs: 00007FF7D1EA671E
Only loaded %zu of %d bytes for %s, xrefs: 00007FF7D1EA656C
Unable to open %s, xrefs: 00007FF7D1EA6494
CharLS failed to read header., xrefs: 00007FF7D1EA6691
CharLS failed to read image., xrefs: 00007FF7D1EA670D
Error: , xrefs: 00007FF7D1EA647E, 00007FF7D1EA654E

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _fread_nolock
String ID: CharLS failed to read header.$CharLS failed to read image.$Error: $File not large enough to store JPEG-LS data: %s$Only loaded %zu of %d bytes for %s$Unable to open %s
API String ID: 840049012-3872915605
Opcode ID: 8c79799dc7b25bc7bc1b0e20e4e3ef1fdafc8dcd7136076cbce58ca2df211909
Instruction ID: 0d018b9e8801456947d5e93a144113c5180e729c901ba7ab08f00264208c967f
Opcode Fuzzy Hash: 8c79799dc7b25bc7bc1b0e20e4e3ef1fdafc8dcd7136076cbce58ca2df211909
Instruction Fuzzy Hash: BBB19652E19BC281F711EB29D9152BCA360FB99B84F84A236DF8D53653EF78E1D48310

Function 00007FF7D1F2E48C Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F2E4CF
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F2E8BC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F2EB58

Strings

p, xrefs: 00007FF7D1F2E5F9
f, xrefs: 00007FF7D1F2E5F1
p, xrefs: 00007FF7D1F2E581

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: 85ae536d754c5330b9b6c5f284b4c300e67536344b00a331531d5bb608221f7e
Instruction ID: 38c4124b39daeb5f718dcdfa4318d92db869de8c06676f4cbec8ce31fac13a1f
Opcode Fuzzy Hash: 85ae536d754c5330b9b6c5f284b4c300e67536344b00a331531d5bb608221f7e
Instruction Fuzzy Hash: B112B362E4E14386FB64BA15D0542BDF691FB80750FE84177E6CA876C6DFBCE4848B20

Function 00007FF7D1F45AA8 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F45ED5

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 7b550cea447a70494f5d17b69c48232a8b54ac4b82832f8077795fc2890d9678
Instruction ID: 00db2b649124cc3e39ecd337dcbaa7bb2d3d83aee4023b83e54038af3944d91f
Opcode Fuzzy Hash: 7b550cea447a70494f5d17b69c48232a8b54ac4b82832f8077795fc2890d9678
Instruction Fuzzy Hash: A6C19F32A0E78791F761BB159454ABDB761EF81B80FD54232DA8D073A1DEFCE8498720

Function 00007FF7D1F247D4 Relevance: 10.7, APIs: 7, Instructions: 214COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(?,?,?,?,00007FF7D1F241D1,?,?,00000000,00007FF7D1F23FC9,?,?,00000000,00007FF7D1F0DBCD), ref: 00007FF7D1F247E2
MultiByteToWideChar.KERNEL32 ref: 00007FF7D1F24882
MultiByteToWideChar.KERNEL32 ref: 00007FF7D1F2492A
LCMapStringEx.KERNEL32 ref: 00007FF7D1F24961

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ByteCharMultiWide$EncodePointerString
String ID:
API String ID: 2166641964-0
Opcode ID: 50faad2094a0bc8d302c4ba82df96944f813a6275792af1b8ef16e2e1ba9eb6e
Instruction ID: 75db11d2659867d07f027808d461f6ceb071839155594f0f192f2dae41918816
Opcode Fuzzy Hash: 50faad2094a0bc8d302c4ba82df96944f813a6275792af1b8ef16e2e1ba9eb6e
Instruction Fuzzy Hash: B7919F32A0A74386FB60EF11E44036DA2A1FB45BA8FC40636EA5D97BD5DFBCD4458720

Function 00007FF7D1EC9CD0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 105COMMON

Download Yara Rule

Strings

Unable to open '%s', xrefs: 00007FF7D1EC9D45
Warning: , xrefs: 00007FF7D1EC9D77, 00007FF7D1EC9DC8
Error: , xrefs: 00007FF7D1EC9D2E
loadOverlay fread error., xrefs: 00007FF7D1EC9DD4
File not large enough to store overlay: %s, xrefs: 00007FF7D1EC9D86

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: Error: $File not large enough to store overlay: %s$Unable to open '%s'$Warning: $loadOverlay fread error.
API String ID: 3215553584-3934613708
Opcode ID: 611e5907b5638d2ca8dc58eafd4ad51142a688d5033ae80e8cf799f041580011
Instruction ID: dd728824ea8dad63a9a16fb22c702db189c3d342e79d86f732cda2ed54bfb9d5
Opcode Fuzzy Hash: 611e5907b5638d2ca8dc58eafd4ad51142a688d5033ae80e8cf799f041580011
Instruction Fuzzy Hash: D241D021A0A68385FB04FB16E8110BDF691BF80B81FC44433E90D57B96DEBCE502C720

Function 00007FF7D1F2A2C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7D1F2A4CF,?,?,00000000,00007FF7D1F2621E,?,?,00000000,00007FF7D1F260E1), ref: 00007FF7D1F2A34D
GetLastError.KERNEL32(?,?,00000000,00007FF7D1F2A4CF,?,?,00000000,00007FF7D1F2621E,?,?,00000000,00007FF7D1F260E1), ref: 00007FF7D1F2A35B
LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7D1F2A4CF,?,?,00000000,00007FF7D1F2621E,?,?,00000000,00007FF7D1F260E1), ref: 00007FF7D1F2A385
FreeLibrary.KERNEL32(?,?,00000000,00007FF7D1F2A4CF,?,?,00000000,00007FF7D1F2621E,?,?,00000000,00007FF7D1F260E1), ref: 00007FF7D1F2A3F3
GetProcAddress.KERNEL32(?,?,00000000,00007FF7D1F2A4CF,?,?,00000000,00007FF7D1F2621E,?,?,00000000,00007FF7D1F260E1), ref: 00007FF7D1F2A3FF

Strings

api-ms-, xrefs: 00007FF7D1F2A36D

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 9aec78e6c4a818002c86e712d7cd306b2f6e4b64e32d3ee7f789896bee796bdd
Instruction ID: eccdeb7a6b2d100c6ee334b41e96ca8d5d4f30c7e0b258031fac27d1bbd779e6
Opcode Fuzzy Hash: 9aec78e6c4a818002c86e712d7cd306b2f6e4b64e32d3ee7f789896bee796bdd
Instruction Fuzzy Hash: DA319426A1BA43E1FF11AB52981057DA2D5BF44BA0FC90636DD5E87B80DEFDE9448320

Function 00007FF7D1F54510 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF7D1F54541
GetLastError.KERNEL32 ref: 00007FF7D1F5454D
CloseHandle.KERNEL32 ref: 00007FF7D1F54565
CreateFileW.KERNEL32 ref: 00007FF7D1F54590
WriteConsoleW.KERNEL32 ref: 00007FF7D1F545AF

Strings

CONOUT$, xrefs: 00007FF7D1F54571

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 7bf14181dd3224a628412136c22249f5e026b227c355fd16445bebdb9f90d852
Instruction ID: 2de522ec6522b7610b2b171568d21d585cdb04624957c2471c7532a539d26744
Opcode Fuzzy Hash: 7bf14181dd3224a628412136c22249f5e026b227c355fd16445bebdb9f90d852
Instruction Fuzzy Hash: C6119021B19A5286F350AB12F85472DB3A0FB88BE4FC40336EA5D87B95DFBCD5448760

Function 00007FF7D1F4200C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000001,00007FF7D1F3B1C5,?,?,?,?,00007FF7D1F4238C), ref: 00007FF7D1F4201B
FlsSetValue.KERNEL32(?,?,00000001,00007FF7D1F3B1C5,?,?,?,?,00007FF7D1F4238C), ref: 00007FF7D1F42051
FlsSetValue.KERNEL32(?,?,00000001,00007FF7D1F3B1C5,?,?,?,?,00007FF7D1F4238C), ref: 00007FF7D1F4207E
FlsSetValue.KERNEL32(?,?,00000001,00007FF7D1F3B1C5,?,?,?,?,00007FF7D1F4238C), ref: 00007FF7D1F4208F
FlsSetValue.KERNEL32(?,?,00000001,00007FF7D1F3B1C5,?,?,?,?,00007FF7D1F4238C), ref: 00007FF7D1F420A0
SetLastError.KERNEL32(?,?,00000001,00007FF7D1F3B1C5,?,?,?,?,00007FF7D1F4238C), ref: 00007FF7D1F420BB

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: d199095e2cf1d858357b71359ed8f1a3202ac8f110e51d99d102442d11648244
Instruction ID: bf0730d8184cecf7cf058b63137a7fd520f47bf11bd8fc17c2a0a23f9ba1d154
Opcode Fuzzy Hash: d199095e2cf1d858357b71359ed8f1a3202ac8f110e51d99d102442d11648244
Instruction Fuzzy Hash: 68116020A0F24382FB68B3A5B55193DE1935F487B4FC44737E83E167D7DEACA4818220

Function 00007FF7D1F0B860 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7D1F0B8E0
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7D1F0B928
_Getctype.LIBCPMT ref: 00007FF7D1F0B945
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7D1F0B9E0

Strings

bad locale name, xrefs: 00007FF7D1F0BA08

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 2967684691-1405518554
Opcode ID: 7ae66d1ac27228b445a57c4c57f0b1d7ebfb8b3c90bce80988a74158f0241bca
Instruction ID: 6536f975567baf2389f34c3f3db21f534a1f387a5b85b9da40d02a19e87c137a
Opcode Fuzzy Hash: 7ae66d1ac27228b445a57c4c57f0b1d7ebfb8b3c90bce80988a74158f0241bca
Instruction Fuzzy Hash: 6E515A36B0AB4289FB15EB60D4503ADA3B4EF44B48FC4443ADE4D27A9ACF78E555C320

Function 00007FF7D1EA5EF0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 115COMMON

Download Yara Rule

Strings

Unable to decode JPEG image., xrefs: 00007FF7D1EA604C
Error: , xrefs: 00007FF7D1EA5F17, 00007FF7D1EA5F93, 00007FF7D1EA6033
Unable to find '%s', xrefs: 00007FF7D1EA5F30
File too small '%s', xrefs: 00007FF7D1EA5FAC

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: Error: $File too small '%s'$Unable to decode JPEG image.$Unable to find '%s'
API String ID: 0-4142917058
Opcode ID: a6b52d2ea12b55eec12d765f2abb676f630618fa5558c81f35938df9eb96996e
Instruction ID: 74403a7ce970a5b7c75574edf7d1af7206f3416654b0f714d9c842d6a439755b
Opcode Fuzzy Hash: a6b52d2ea12b55eec12d765f2abb676f630618fa5558c81f35938df9eb96996e
Instruction Fuzzy Hash: AA414D11B0A14341FB44F766AA622FDD2519F85BC0FC85137EA0E4B79BDDACE5418760

Function 00007FF7D1F0C780 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 86COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00007FF7D1F0C78B
std::_Xinvalid_argument.LIBCPMT ref: 00007FF7D1F0C7AB

Strings

vector too long, xrefs: 00007FF7D1F0C7A4
invalid string position, xrefs: 00007FF7D1F0C7C4
string too long, xrefs: 00007FF7D1F0C784

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Xinvalid_argumentstd::_
String ID: invalid string position$string too long$vector too long
API String ID: 909987262-44858055
Opcode ID: bd28f856483bfd9c1d1e79dfd090b8b180c5fd5875acab489d6ba561ced19aa4
Instruction ID: 448a3946b4eae31ed0acaa297f39552711019b55c18b3c74eb8782778f2b11b7
Opcode Fuzzy Hash: bd28f856483bfd9c1d1e79dfd090b8b180c5fd5875acab489d6ba561ced19aa4
Instruction Fuzzy Hash: 5F018421E19B8681F704BB15E9501ACA360EB58FC4FD40433DB1D077A6DFA8E5628710

Function 00007FF7D1EAA410 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F34008: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F33F74

_fread_nolock.LIBCMT ref: 00007FF7D1EAA4B4

Strings

D, xrefs: 00007FF7D1EAA4D5
I, xrefs: 00007FF7D1EAA4DF
M, xrefs: 00007FF7D1EAA4F3
C, xrefs: 00007FF7D1EAA4E9

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _fread_nolock_invalid_parameter_noinfo
String ID: C$D$I$M
API String ID: 2335118202-1885297566
Opcode ID: 263ab0b10f4c91250136c99cc1027bb54a86970303c758ee8fbedb07496dc528
Instruction ID: 8934d57451c9e3b548a8bae2c7602834844613d692d0cfe18c6a4f4352c25180
Opcode Fuzzy Hash: 263ab0b10f4c91250136c99cc1027bb54a86970303c758ee8fbedb07496dc528
Instruction Fuzzy Hash: D5216B61F0D7C344FF71B222A5193BEE6909F89785FC40076E98C07A86CEACE5848724

Function 00007FF7D1EFB520 Relevance: 7.7, APIs: 5, Instructions: 219COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF7D1EFB77D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1EFB7F6
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1EFB7FC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1EFB808
__std_exception_copy.LIBVCRUNTIME ref: 00007FF7D1EFB838

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3066656306-0
Opcode ID: e1e042e14a3659f31b2c62a5dc5e13cc227b1d69d20ab28c3c8694dbd64677dd
Instruction ID: 24c5d26673729049d6a8788a8291453ec392b6af392d7d67dc07c6143a885fbd
Opcode Fuzzy Hash: e1e042e14a3659f31b2c62a5dc5e13cc227b1d69d20ab28c3c8694dbd64677dd
Instruction Fuzzy Hash: D791A322F19B8289FB10EBA4D4403ACB372EB54798FC58232DF5C16795EFB8A095C350

Function 00007FF7D1EFAA10 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7D1EFAA25
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7D1EFAA4A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7D1EFAA74
std::_Facet_Register.LIBCPMT ref: 00007FF7D1EFAAEB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7D1EFAB05

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: bcb80ff039b4583962a29173988767fd1a848c7a6baf74b3d1860103b69cdd1b
Instruction ID: d15f3842e01935b1db4ff90ded099622a8f58bd8969916b0cf9d6b4f3d641f51
Opcode Fuzzy Hash: bcb80ff039b4583962a29173988767fd1a848c7a6baf74b3d1860103b69cdd1b
Instruction Fuzzy Hash: E441AD72A09A4281FB14AF16E54166CB3A1EBC4B90FD84533DE5D8B794DEBCE846C720

Function 00007FF7D1EFA900 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7D1EFA915
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7D1EFA93A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7D1EFA964
std::_Facet_Register.LIBCPMT ref: 00007FF7D1EFA9DB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7D1EFA9F5

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 279ab251462d56655ff617b1c407d6231ef5214ecfaeaf373e466734b78663ee
Instruction ID: b16059b67e00b7e0a31c79563d795011b915e7127f8e4cce9ebe83911fc0f361
Opcode Fuzzy Hash: 279ab251462d56655ff617b1c407d6231ef5214ecfaeaf373e466734b78663ee
Instruction Fuzzy Hash: C0318225A09A4381FB15BB16E54027DF361EB88BA0FC80533DE5D5B695DEBCE482C320

Function 00007FF7D1EFA7F0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7D1EFA805
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7D1EFA82A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7D1EFA854
std::_Facet_Register.LIBCPMT ref: 00007FF7D1EFA8CB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7D1EFA8E5

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: bec7f2564c0c4f68e3616b4143741bc03f7d08056f9435149e66e0455e6dbb54
Instruction ID: 9a561cbc5ada066f2ec864f368df3cea8e9ffcd740d8a9815e35e9872246e311
Opcode Fuzzy Hash: bec7f2564c0c4f68e3616b4143741bc03f7d08056f9435149e66e0455e6dbb54
Instruction Fuzzy Hash: B5316B61A09A8381FB15AB16E94417CF361EB88BA0FC81673DE5C5B695DEECE443C320

Function 00007FF7D1F46F68 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF7D1F46F90
_set_statfp.LIBCMT ref: 00007FF7D1F46FAB
_set_statfp.LIBCMT ref: 00007FF7D1F46FC7
_set_statfp.LIBCMT ref: 00007FF7D1F47003

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: b66abe065252185f8fa3bb5ba8c3ba670dcdf456a1522c01c0552b2ae02114b6
Instruction ID: 9f50c4816ecf5f46950bbb037ab2e64d9c76d086aab58bc268b80a1a708d5c85
Opcode Fuzzy Hash: b66abe065252185f8fa3bb5ba8c3ba670dcdf456a1522c01c0552b2ae02114b6
Instruction Fuzzy Hash: BA119122E5EA1301F7687268E455BBD91406F54374EC40637FABF162EAEE9CBC434220

Function 00007FF7D1F420D4 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF7D1F3CF6F,?,?,00000000,00007FF7D1F3D20A,?,?,?,?,00000001,00007FF7D1F3D196), ref: 00007FF7D1F420F3
FlsSetValue.KERNEL32(?,?,?,00007FF7D1F3CF6F,?,?,00000000,00007FF7D1F3D20A,?,?,?,?,00000001,00007FF7D1F3D196), ref: 00007FF7D1F42112
FlsSetValue.KERNEL32(?,?,?,00007FF7D1F3CF6F,?,?,00000000,00007FF7D1F3D20A,?,?,?,?,00000001,00007FF7D1F3D196), ref: 00007FF7D1F4213A
FlsSetValue.KERNEL32(?,?,?,00007FF7D1F3CF6F,?,?,00000000,00007FF7D1F3D20A,?,?,?,?,00000001,00007FF7D1F3D196), ref: 00007FF7D1F4214B
FlsSetValue.KERNEL32(?,?,?,00007FF7D1F3CF6F,?,?,00000000,00007FF7D1F3D20A,?,?,?,?,00000001,00007FF7D1F3D196), ref: 00007FF7D1F4215C

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 11ed3c31986e3bb66f1396569acc31b777f6f33d5a19c8be0da621ab11954aeb
Instruction ID: 1d110a021acd9526f9e17971faf9274f8c3368ae5e6990ff122bab27e53f4c40
Opcode Fuzzy Hash: 11ed3c31986e3bb66f1396569acc31b777f6f33d5a19c8be0da621ab11954aeb
Instruction Fuzzy Hash: 04114C64F0E24342FB58B3A1B941A7EE1515FD47E4FD84337E93D16AE6DEACE4818220

Function 00007FF7D1F451A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F45449

Part of subcall function 00007FF7D1F52BE0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F52BFD

Strings

UTF-8, xrefs: 00007FF7D1F453CC
ccs, xrefs: 00007FF7D1F45395
UTF-16LEUNICODE, xrefs: 00007FF7D1F453ED

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 3f9fd48418ee9049b42827c6af697c0a8273b0b57a41299ed6ed16fe25be707a
Instruction ID: a51fa6d83d49f962f875d444ecc045a47c5abb50bb482ba0bd71bf1f3842f4d9
Opcode Fuzzy Hash: 3f9fd48418ee9049b42827c6af697c0a8273b0b57a41299ed6ed16fe25be707a
Instruction Fuzzy Hash: 3D81D832E0F20385F7757E288550A7CEB929F12748FD45033DA4D966B5DEEDE9418321

Function 00007FF7D1EA5C60 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 164COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F34008: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F33F74

_fread_nolock.LIBCMT ref: 00007FF7D1EA5CF8

Strings

Error: , xrefs: 00007FF7D1EA5DF9, 00007FF7D1EA5E65
OpenJPEG j2k_to_image failed to decode %s, xrefs: 00007FF7D1EA5E7E
OpenJPEG failed to read the header %s (offset %d), xrefs: 00007FF7D1EA5E12

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _fread_nolock_invalid_parameter_noinfo
String ID: Error: $OpenJPEG failed to read the header %s (offset %d)$OpenJPEG j2k_to_image failed to decode %s
API String ID: 2335118202-3735568513
Opcode ID: b88d8623ef6da2290ffc135cbacd41d8f718ee9e9eaa754b62a66ea95b26b017
Instruction ID: 1551f538d8cd662884c93d824dbe86932396a67e4f48c41dcad98ff13f161db0
Opcode Fuzzy Hash: b88d8623ef6da2290ffc135cbacd41d8f718ee9e9eaa754b62a66ea95b26b017
Instruction Fuzzy Hash: 6A51A221A0E68351FB14FB22A9112BEE251AF85BC5FC48133EE4E07797DEBCE5458360

Function 00007FF7D1F0BA20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7D1F0BA9F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7D1F0BAE7
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7D1F0BB86

Strings

bad locale name, xrefs: 00007FF7D1F0BBAE

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 2775327233-1405518554
Opcode ID: b3924e87a8a86487818cc1f9be843c62c13d5611f31044e5534d4a88fb8a1bd6
Instruction ID: 87566fa5d0e55cf512bf596ac2e785ef4108e94376590aea6f2e4e2593aedd4f
Opcode Fuzzy Hash: b3924e87a8a86487818cc1f9be843c62c13d5611f31044e5534d4a88fb8a1bd6
Instruction Fuzzy Hash: 05413872B1BB428AFB20EF60D4503ADA3A4EF44748FC80836DE4D17A99DE78D554D324

Function 00007FF7D1F0C9D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON

Download Yara Rule

Strings

ios_base::badbit set, xrefs: 00007FF7D1F0C9EE
ios_base::failbit set, xrefs: 00007FF7D1F0C9FA
ios_base::eofbit set, xrefs: 00007FF7D1F0CA01

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID:
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 0-1866435925
Opcode ID: b7b73ae4726a147e360b7547f1cfe7d10219da0bec4bd1049acf7e12e481333e
Instruction ID: 5140fcfbdafa03feeeddf7595e2d2a0dca6ec00b7acdff8025f2f5cb7b0b29b0
Opcode Fuzzy Hash: b7b73ae4726a147e360b7547f1cfe7d10219da0bec4bd1049acf7e12e481333e
Instruction Fuzzy Hash: 1A1104A1A1A74781FF14EB45E8423ADA361EF40794FD44233E65D57AD1DEBCE091C310

Function 00007FF7D1F48940 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF7D1F489BF
WriteFile.KERNEL32 ref: 00007FF7D1F48C87
WriteFile.KERNEL32 ref: 00007FF7D1F48CCD
GetLastError.KERNEL32 ref: 00007FF7D1F48D83

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 3926d29593cca1dd60ee25bbeee60efb10e21b1836d66007c1359bef881524bf
Instruction ID: 4578166c99555ddcb25f1dcb6bba5075bf8fb7eb2ff3cec4f464c71b4edbae59
Opcode Fuzzy Hash: 3926d29593cca1dd60ee25bbeee60efb10e21b1836d66007c1359bef881524bf
Instruction Fuzzy Hash: 25D12332B0AA8289F710DFA5D4506ACB7B1FB547D8BC44636CE9E97B99DE78D006C310

Function 00007FF7D1F37834 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00007FF7D1F37867
GetFileInformationByHandle.KERNEL32 ref: 00007FF7D1F378C9
GetLastError.KERNEL32 ref: 00007FF7D1F3795A
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00007FF7D1F3776C), ref: 00007FF7D1F379A6

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: b3468f792c5774b2e3b790318a6432931e598d6492c111e5695a15b8e92e096c
Instruction ID: 98ed8ae98974772e31f7a0538babcd93e227d0e27b20ee4c8bdb78d6a0892927
Opcode Fuzzy Hash: b3468f792c5774b2e3b790318a6432931e598d6492c111e5695a15b8e92e096c
Instruction Fuzzy Hash: 38517122E0A6438AFB10EF71D4503BDB7A1BB48B58FD04636DE8E47689DFB8D5418760

Function 00007FF7D1EFB1B0 Relevance: 6.1, APIs: 4, Instructions: 114COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1EFB24E
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1EFB25A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1EFB304
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7D1EFB310

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: b82053fc28dea60f8720819ff5fe1aa5cbb0930f62553f8de36c53841d2d97f8
Instruction ID: 89c7171de3942057ed852ae4c56d91f489ed57e5cf4b706ef2fda63a843b4e21
Opcode Fuzzy Hash: b82053fc28dea60f8720819ff5fe1aa5cbb0930f62553f8de36c53841d2d97f8
Instruction Fuzzy Hash: 1D417F32A0AB4381FB14AB11E54026DA2A5EF48BE0FD44732EB7D477D5EFACE0518310

Function 00007FF7D1F3BC54 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 136COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF7D1F3BCF9

Strings

acos, xrefs: 00007FF7D1F3BD0C
!, xrefs: 00007FF7D1F3BD2E

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _set_statfp
String ID: !$acos
API String ID: 1156100317-2870037509
Opcode ID: 6b6b68e7e6f7b0689f63ed66e57111d1e1d31793ca11e1de66a794b35f96872d
Instruction ID: 77e3f2cf2e2f1c2d824e7044678d90a46961023c1db07e005b55c3beeeb9e09f
Opcode Fuzzy Hash: 6b6b68e7e6f7b0689f63ed66e57111d1e1d31793ca11e1de66a794b35f96872d
Instruction Fuzzy Hash: 7061A531D1DF4689F723AB34A82023ED755AFA63D1FD18337E95E35A60DF6CA0828610

Function 00007FF7D1F48FD8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF7D1F490EF
GetLastError.KERNEL32 ref: 00007FF7D1F49111

Strings

U, xrefs: 00007FF7D1F4909B

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 6c9a2b913951fe26aa79f9b53ee533db686114b69ead27decefc55a08e349be0
Instruction ID: 03a6c6e7623e6555d40b52e69db7d08c0f56ef9e3879adc83e0dc683c757241f
Opcode Fuzzy Hash: 6c9a2b913951fe26aa79f9b53ee533db686114b69ead27decefc55a08e349be0
Instruction Fuzzy Hash: 1641C532719A4281EB20EF25E4457ADA760FB88794FC04136EE4D87798DFBCD541C750

Function 00007FF7D1F0C660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7D1F250F4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7D1F23D6E), ref: 00007FF7D1F25144
Part of subcall function 00007FF7D1F250F4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7D1F23D6E), ref: 00007FF7D1F25185

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1F0C6EC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1F0C76F

Strings

VUUUUUUU, xrefs: 00007FF7D1F0C695

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExceptionFileHeaderRaise
String ID: VUUUUUUU
API String ID: 240014264-1633625446
Opcode ID: d01d11c48238500559a459622ab73ef3881e4c61b065a5a05acc5725cdf7797e
Instruction ID: cd50a364c07f048f11f117d0ea90bab789325c43c775830a9792aa4e3fe8e231
Opcode Fuzzy Hash: d01d11c48238500559a459622ab73ef3881e4c61b065a5a05acc5725cdf7797e
Instruction Fuzzy Hash: 862162F2B16B8A45EF08AB65D45536CA3A6AB08F85FD48033DA4C4A755EE6CD5908310

Function 00007FF7D1EFBA70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7D1EFBB3C
__std_exception_copy.LIBVCRUNTIME ref: 00007FF7D1EFBB74

Strings

ios_base::failbit set, xrefs: 00007FF7D1EFBA70

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
String ID: ios_base::failbit set
API String ID: 1109970293-3924258884
Opcode ID: bbb60abdfecf297e8c715d33eadb58548088e3da8de6079333506d49083b79cc
Instruction ID: 48f3a23d8ff9890b7744434136a2db20fd480c3a2a9d9931af51df731abb626d
Opcode Fuzzy Hash: bbb60abdfecf297e8c715d33eadb58548088e3da8de6079333506d49083b79cc
Instruction Fuzzy Hash: ED21BB61E19B8681FB00AB65E4412BDA350FF99764FD45332FAAD027D5DF6CE190C710

Function 00007FF7D1F46374 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF7D1F463B4
GetCurrentDirectoryW.KERNEL32 ref: 00007FF7D1F46406

Strings

:, xrefs: 00007FF7D1F463CA

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 0f2d146c96f42cada3d26242bb42ed2a6e5d4cfda2e12a69576790ce88aa050e
Instruction ID: f09825cc4afd991040fc83f42d5cfd29ce6ac60124ac7c882f8dd6f34c582168
Opcode Fuzzy Hash: 0f2d146c96f42cada3d26242bb42ed2a6e5d4cfda2e12a69576790ce88aa050e
Instruction Fuzzy Hash: 5E21B472B0964381FB20AB11D45467DB3B2FB84B84FC54136DA8D43694DFBCEA858761

Function 00007FF7D1F250F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7D1F23D6E), ref: 00007FF7D1F25144
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7D1F23D6E), ref: 00007FF7D1F25185

Strings

csm, xrefs: 00007FF7D1F25172

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 20aced4310abe6bcba6037d86eb030d2afde8de7bedf6493a29df9e994f2959e
Instruction ID: ab7443b2dde17eaeda2de0a7e283ae68122ec2b086b37a29a87399e383a3e21a
Opcode Fuzzy Hash: 20aced4310abe6bcba6037d86eb030d2afde8de7bedf6493a29df9e994f2959e
Instruction Fuzzy Hash: 19114C32A19B4282EB209F25E44026DB7E1FB88B98FD84271DA8C47B68DF7CD5518700

Function 00007FF7D1F3AF28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7D1F3AF58
GetDriveTypeW.KERNEL32 ref: 00007FF7D1F3AF98

Strings

:, xrefs: 00007FF7D1F3AF81

Memory Dump Source

Source File: 00000000.00000002.2015432681.00007FF7D1EA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7D1EA0000, based on PE: true

Associated: 00000000.00000002.2015418515.00007FF7D1EA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015488420.00007FF7D1F57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015514505.00007FF7D1F83000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D1F84000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D2006000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015529401.00007FF7D200E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2015869567.00007FF7D2010000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7d1ea0000_dcm2niix.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: a6abd80bc77e6d2b1458c29463bf82190bb0509aad5c9ca66e652a306c8d58a0
Instruction ID: 0d3c4d72bfd2e95801bb6c963642513313930d103a7b7a1fce1fe543c8fc19e1
Opcode Fuzzy Hash: a6abd80bc77e6d2b1458c29463bf82190bb0509aad5c9ca66e652a306c8d58a0
Instruction Fuzzy Hash: CA018FA2A1E60382F720BF61A46127EB3A0EF44748FC10137E54D86681EFBCE5458B24

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	6.5850747384413095
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	dcm2niix.exe
File size:	968'192 bytes
MD5:	0d831c8a0b2379cd73393d725ba8f95c
SHA1:	bd2cdd77c5fe97e2b238fb7f1f8ea6342e1d5b18
SHA256:	34de9d74012c9768ed8318d69c0bb0a2b34cb50f787a20f95ab4781c2bcaeb71
SHA512:	0fb88a4b440f12fb93f45f6947e6d9c589bf605fcbeb4d9f1123817187752e5c529fbb7b9e690c34c657d8b72eb6f935866ae975f1e36d851d2f9b6a263e82ca
SSDEEP:	24576:XfyrO84gvaKvQwSbmTXkO/gmpxUNsVyz/luG8Z5JUe:PxgvgwvkO/gmpSDz/G5
TLSH:	E1259E46A3A510FDC567C178C9666A07EAB1309503305BFB1BD18AB52F23AF05E7FB12
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...................................D....................%]......%.......%.......%.......................%.......%.......%.......%_....

Entrypoint:	0x1400836dc
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x65CFAE96 [Fri Feb 16 18:51:02 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	7de9a4c2977e8c4166f418a6a66112b5

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb5f98	0xb6000	8c29b626e4ef00f88cafd468e98ff52c	False	0.5078366457760989	data	6.553625256220452	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xb7000	0x2b984	0x2ba00	f6854a3ea5debc9ab13168f9ff8e066e	False	0.41244515580229224	data	5.691796207879042	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xe3000	0x8c744	0x2e00	02f4287b7be72289ff6c5d39e6331b17	False	0.20991847826086957	data	4.069272388030607	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x170000	0x66f0	0x6800	d53716c7f7e099ecc2a3dfa139ac6fcf	False	0.4874924879807692	data	5.961544602157479	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x177000	0x1f4	0x200	97be48bebbea4e765d6cb6967c113286	False	0.537109375	data	4.220872291010496	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x178000	0x1e0	0x200	a801c98b309dbc1142bbe1764e1fead3	False	0.52734375	data	4.7122981932940915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x179000	0xcb4	0xe00	51388e937bd6ba69ec7e781bf633a933	False	0.46205357142857145	data	5.238677135255283	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report dcm2niix.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: dcm2niix.exePID: 2132, Parent PID: 1028

General

Chronological Activities

Analysis Process: conhost.exePID: 2276, Parent PID: 2132

General

Chronological Activities

Windows Analysis Report
dcm2niix.exe

Function 00007FF7D1EEF640 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 76
registryCOMMON

Function 00007FF7D1F42448 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Function 00007FF7D1EEF8F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 210
COMMON

Function 00007FF7D1F49300 Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Function 00007FF7D1F376E0 Relevance: 6.1, APIs: 4, Instructions: 90
fileCOMMON

Function 00007FF7D1F48DB8 Relevance: 3.1, APIs: 2, Instructions: 74
fileCOMMON

Function 00007FF7D1F42358 Relevance: 3.0, APIs: 2, Instructions: 18
threadCOMMONLIBRARYCODE