Edit tour

Windows Analysis Report
LisectAVT_2403002A_19.exe

Overview

General Information

Sample name:	LisectAVT_2403002A_19.exe
Analysis ID:	1482445
MD5:	afb12495b0c9be1ad8acc1709ff5eb1e
SHA1:	425cdd67c93562d960e4f86d9dab43b735bf84e8
SHA256:	8c385cb00ccafc20b0e9112948b85590cc3979c489f3902918f978acd6aa508b
Tags:	AgentTeslaexe
Infos:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Yara detected AgentTesla

Yara detected AntiVM3

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

Injects a PE file into a foreign processes

Machine Learning detection for sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

LisectAVT_2403002A_19.exe (PID: 3924 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002A_19.exe" MD5: AFB12495B0C9BE1AD8ACC1709FF5EB1E)

LisectAVT_2403002A_19.exe (PID: 2708 cmdline: "C:\Users\user\Desktop\LisectAVT_2403002A_19.exe" MD5: AFB12495B0C9BE1AD8ACC1709FF5EB1E)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://0xmrmagnezi.github.io/malware%20analysis/AgentTesla/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Username": "logs1@agceram.com", "Password": "Vo^vcAf9", "Host": "smtp.agceram.com"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x30f50:$a3: MailAccountConfiguration 0x30f69:$a5: SmtpAccountConfiguration 0x30f30:$a8: set_BindingAccountConfiguration 0x2fec7:$a11: get_securityProfile 0x2fd68:$a12: get_useSeparateFolderTree 0x316c1:$a13: get_DnsResolver 0x30177:$a14: get_archivingScope 0x2ff9f:$a15: get_providerName 0x3268b:$a17: get_priority 0x31c5f:$a18: get_advancedParameters 0x3106a:$a19: get_disabledByRestriction 0x2fb3e:$a20: get_LastAccessed 0x30211:$a21: get_avatarType 0x31d76:$a22: get_signaturePresets 0x3080f:$a23: get_enableLog 0x3001c:$a26: set_accountName 0x321c1:$a27: set_InternalServerPort 0x2f4c9:$a28: set_bindingConfigurationUID 0x31d3c:$a29: set_IdnAddress 0x3253f:$a30: set_GuidMasterKey 0x30077:$a31: set_username
00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0xf0c00:$a3: MailAccountConfiguration 0x126820:$a3: MailAccountConfiguration 0xf0c19:$a5: SmtpAccountConfiguration 0x126839:$a5: SmtpAccountConfiguration 0xf0be0:$a8: set_BindingAccountConfiguration 0x126800:$a8: set_BindingAccountConfiguration 0xefb77:$a11: get_securityProfile 0x125797:$a11: get_securityProfile 0xefa18:$a12: get_useSeparateFolderTree 0x125638:$a12: get_useSeparateFolderTree 0xf1371:$a13: get_DnsResolver 0x126f91:$a13: get_DnsResolver 0xefe27:$a14: get_archivingScope 0x125a47:$a14: get_archivingScope 0xefc4f:$a15: get_providerName 0x12586f:$a15: get_providerName 0xf233b:$a17: get_priority 0x127f5b:$a17: get_priority 0xf190f:$a18: get_advancedParameters 0x12752f:$a18: get_advancedParameters 0xf0d1a:$a19: get_disabledByRestriction
00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x326e4:$s10: logins 0x36e048:$s11: credential 0x1e27:$m1: yyyy-MM-dd hh-mm-ssCookieapplication/zipSCSC_.jpegScreenshotimage/jpeg/log.tmpKLKL_.html<html></html>Logtext/html[]Time 0x2945:$m3: >{CTRL}</font>Windows RDPcredentialpolicyblobrdgchrome{{{0}}}CopyToComputeHashsha512CopySystemDrive\WScript.ShellRegReadg401 0x1cbc:$m4: %startupfolder%\%insfolder%\%insname%/\%insfolder%\Software\Microsoft\Windows\CurrentVersion\Run%insregname%SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunTruehttp 0x1f48:$m5: \WindowsLoad%ftphost%/%ftpuser%%ftppassword%STORLengthWriteCloseGetBytesOpera
00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x99b0a:$a3: MailAccountConfiguration 0x99b23:$a5: SmtpAccountConfiguration 0x99aea:$a8: set_BindingAccountConfiguration 0x98c0c:$a11: get_securityProfile 0x98ab0:$a12: get_useSeparateFolderTree 0x9a1d6:$a13: get_DnsResolver 0x98eb8:$a14: get_archivingScope 0x98ce4:$a15: get_providerName 0x9b081:$a17: get_priority 0x9a744:$a18: get_advancedParameters 0x99c24:$a19: get_disabledByRestriction 0x988b8:$a20: get_LastAccessed 0x98f52:$a21: get_avatarType 0x9a85b:$a22: get_signaturePresets 0x994f5:$a23: get_enableLog 0x98d61:$a26: set_accountName 0x9ac85:$a27: set_InternalServerPort 0x986a5:$a28: set_bindingConfigurationUID 0x9a821:$a29: set_IdnAddress 0x9af3f:$a30: set_GuidMasterKey 0x98dbc:$a31: set_username
Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x2e5fb:$a3: MailAccountConfiguration 0x2e614:$a5: SmtpAccountConfiguration 0x2e5db:$a8: set_BindingAccountConfiguration 0x2d6fd:$a11: get_securityProfile 0x2d5a1:$a12: get_useSeparateFolderTree 0x2ecc7:$a13: get_DnsResolver 0x2d9a9:$a14: get_archivingScope 0x2d7d5:$a15: get_providerName 0x2fb72:$a17: get_priority 0x2f235:$a18: get_advancedParameters 0x2e715:$a19: get_disabledByRestriction 0x2d3a9:$a20: get_LastAccessed 0x2da43:$a21: get_avatarType 0x2f34c:$a22: get_signaturePresets 0x2dfe6:$a23: get_enableLog 0x2d852:$a26: set_accountName 0x2f776:$a27: set_InternalServerPort 0x2d196:$a28: set_bindingConfigurationUID 0x2f312:$a29: set_IdnAddress 0x2fa30:$a30: set_GuidMasterKey 0x2d8ad:$a31: set_username
Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2e13a:$s1: get_kbok 0x2e9c9:$s2: get_CHoo 0x2f562:$s3: set_passwordIsSet 0x2dfe6:$s4: get_enableLog 0x2d480:$g1: get_Clipboard 0x2d48e:$g2: get_Keyboard 0x2d49b:$g3: get_Password 0x2e894:$g4: get_CtrlKeyDown 0x2e8a4:$g5: get_ShiftKeyDown 0x2e8b5:$g6: get_AltKeyDown 0x9647:$m1: yyyy-MM-dd hh-mm-ssCookieapplication/zipSCSC_.jpegScreenshotimage/jpeg/log.tmpKLKL_.html<html></html>Logtext/html[]Time 0xb878:$m1: yyyy-MM-dd hh-mm-ssCookieapplication/zipSCSC_.jpegScreenshotimage/jpeg/log.tmpKLKL_.html<html></html>Logtext/html[]Time 0xa165:$m3: >{CTRL}</font>Windows RDPcredentialpolicyblobrdgchrome{{{0}}}CopyToComputeHashsha512CopySystemDrive\WScript.ShellRegReadg401 0xc395:$m3: >{CTRL}</font>Windows RDPcredentialpolicyblobrdgchrome{{{0}}}CopyToComputeHashsha512CopySystemDrive\WScript.ShellRegReadg401 0x94dc:$m4: %startupfolder%\%insfolder%\%insname%/\%insfolder%\Software\Microsoft\Windows\CurrentVersion\Run%insregname%SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunTruehttp 0xb70d:$m4: %startupfolder%\%insfolder%\%insname%/\%insfolder%\Software\Microsoft\Windows\CurrentVersion\Run%insregname%SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\RunTruehttp 0x9768:$m5: \WindowsLoad%ftphost%/%ftpuser%%ftppassword%STORLengthWriteCloseGetBytesOpera 0xb999:$m5: \WindowsLoad%ftphost%/%ftpuser%%ftppassword%STORLengthWriteCloseGetBytesOpera
Click to see the 12 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x2f350:$a3: MailAccountConfiguration 0x2f369:$a5: SmtpAccountConfiguration 0x2f330:$a8: set_BindingAccountConfiguration 0x2e2c7:$a11: get_securityProfile 0x2e168:$a12: get_useSeparateFolderTree 0x2fac1:$a13: get_DnsResolver 0x2e577:$a14: get_archivingScope 0x2e39f:$a15: get_providerName 0x30a8b:$a17: get_priority 0x3005f:$a18: get_advancedParameters 0x2f46a:$a19: get_disabledByRestriction 0x2df3e:$a20: get_LastAccessed 0x2e611:$a21: get_avatarType 0x30176:$a22: get_signaturePresets 0x2ec0f:$a23: get_enableLog 0x2e41c:$a26: set_accountName 0x305c1:$a27: set_InternalServerPort 0x2d8c9:$a28: set_bindingConfigurationUID 0x3013c:$a29: set_IdnAddress 0x3093f:$a30: set_GuidMasterKey 0x2e477:$a31: set_username
0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x2ee0b:$s1: get_kbok 0x2f74e:$s2: get_CHoo 0x303a7:$s3: set_passwordIsSet 0x2ec0f:$s4: get_enableLog 0x332a2:$s8: torbrowser 0x31c7e:$s10: logins 0x315f6:$s11: credential 0x2e02c:$g1: get_Clipboard 0x2e03a:$g2: get_Keyboard 0x2e047:$g3: get_Password 0x2f5ed:$g4: get_CtrlKeyDown 0x2f5fd:$g5: get_ShiftKeyDown 0x2f60e:$g6: get_AltKeyDown
3.2.LisectAVT_2403002A_19.exe.400000.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
3.2.LisectAVT_2403002A_19.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
3.2.LisectAVT_2403002A_19.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
3.2.LisectAVT_2403002A_19.exe.400000.0.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x31150:$a3: MailAccountConfiguration 0x31169:$a5: SmtpAccountConfiguration 0x31130:$a8: set_BindingAccountConfiguration 0x300c7:$a11: get_securityProfile 0x2ff68:$a12: get_useSeparateFolderTree 0x318c1:$a13: get_DnsResolver 0x30377:$a14: get_archivingScope 0x3019f:$a15: get_providerName 0x3288b:$a17: get_priority 0x31e5f:$a18: get_advancedParameters 0x3126a:$a19: get_disabledByRestriction 0x2fd3e:$a20: get_LastAccessed 0x30411:$a21: get_avatarType 0x31f76:$a22: get_signaturePresets 0x30a0f:$a23: get_enableLog 0x3021c:$a26: set_accountName 0x323c1:$a27: set_InternalServerPort 0x2f6c9:$a28: set_bindingConfigurationUID 0x31f3c:$a29: set_IdnAddress 0x3273f:$a30: set_GuidMasterKey 0x30277:$a31: set_username
3.2.LisectAVT_2403002A_19.exe.400000.0.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x30c0b:$s1: get_kbok 0x3154e:$s2: get_CHoo 0x321a7:$s3: set_passwordIsSet 0x30a0f:$s4: get_enableLog 0x350a2:$s8: torbrowser 0x33a7e:$s10: logins 0x333f6:$s11: credential 0x2fe2c:$g1: get_Clipboard 0x2fe3a:$g2: get_Keyboard 0x2fe47:$g3: get_Password 0x313ed:$g4: get_CtrlKeyDown 0x313fd:$g5: get_ShiftKeyDown 0x3140e:$g6: get_AltKeyDown
0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack	Windows_Trojan_AgentTesla_d3ac2b2f	unknown	unknown	0x31150:$a3: MailAccountConfiguration 0x66d70:$a3: MailAccountConfiguration 0x31169:$a5: SmtpAccountConfiguration 0x66d89:$a5: SmtpAccountConfiguration 0x31130:$a8: set_BindingAccountConfiguration 0x66d50:$a8: set_BindingAccountConfiguration 0x300c7:$a11: get_securityProfile 0x65ce7:$a11: get_securityProfile 0x2ff68:$a12: get_useSeparateFolderTree 0x65b88:$a12: get_useSeparateFolderTree 0x318c1:$a13: get_DnsResolver 0x674e1:$a13: get_DnsResolver 0x30377:$a14: get_archivingScope 0x65f97:$a14: get_archivingScope 0x3019f:$a15: get_providerName 0x65dbf:$a15: get_providerName 0x3288b:$a17: get_priority 0x684ab:$a17: get_priority 0x31e5f:$a18: get_advancedParameters 0x67a7f:$a18: get_advancedParameters 0x3126a:$a19: get_disabledByRestriction
0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack	MALWARE_Win_AgentTeslaV3	AgentTeslaV3 infostealer payload	ditekSHen	0x30c0b:$s1: get_kbok 0x6682b:$s1: get_kbok 0x3154e:$s2: get_CHoo 0x6716e:$s2: get_CHoo 0x321a7:$s3: set_passwordIsSet 0x67dc7:$s3: set_passwordIsSet 0x30a0f:$s4: get_enableLog 0x6662f:$s4: get_enableLog 0x350a2:$s8: torbrowser 0x6acc2:$s8: torbrowser 0x33a7e:$s10: logins 0x6969e:$s10: logins 0x333f6:$s11: credential 0x69016:$s11: credential 0x2fe2c:$g1: get_Clipboard 0x65a4c:$g1: get_Clipboard 0x2fe3a:$g2: get_Keyboard 0x65a5a:$g2: get_Keyboard 0x2fe47:$g3: get_Password 0x65a67:$g3: get_Password 0x313ed:$g4: get_CtrlKeyDown
0.2.LisectAVT_2403002A_19.exe.263f1f8.0.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 10 entries

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 52.165.165.26 - Destination IP: 192.168.2.6

Timestamp:	2024-07-25T23:07:28.622794+0200
SID:	2022930
Source Port:	443
Destination Port:	49724
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 52.165.165.26 - Destination IP: 192.168.2.6

Timestamp:	2024-07-25T23:06:51.230552+0200
SID:	2022930
Source Port:	443
Destination Port:	49718
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: LisectAVT_2403002A_19.exe

Avira: detected

Found malware configuration

Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Username": "logs1@agceram.com", "Password": "Vo^vcAf9", "Host": "smtp.agceram.com"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: LisectAVT_2403002A_19.exe

Joe Sandbox ML: detected

Source: LisectAVT_2403002A_19.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: LisectAVT_2403002A_19.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h

0_2_077CBD40

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE

Source: unknown

DNS traffic detected: query: smtp.agceram.com replaycode: Name error (3)

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: smtp.agceram.com

Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://KMcLhe.com
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003718000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://b6QQBzu4tg.com
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://b6QQBzu4tg.comt-
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LisectAVT_2403002A_19.exe	String found in binary or memory: http://www.phapsoftware.hotgoo.net
Source: LisectAVT_2403002A_19.exe	String found in binary or memory: http://www.phapsoftware.hotgoo.net)C
Source: LisectAVT_2403002A_19.exe	String found in binary or memory: http://www.phapsoftware.hotgoo.net:
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org%4
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org%GETMozilla/5.0
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_19.exe, 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
Source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
Source: 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
Source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924, type: MEMORYSTR	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f Author: unknown
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR	Matched rule: AgentTeslaV3 infostealer payload Author: ditekSHen

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_0244E2E8	0_2_0244E2E8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_0244C8F4	0_2_0244C8F4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_0244196C	0_2_0244196C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_059C5650	0_2_059C5650
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_059C5DB8	0_2_059C5DB8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_059C88C8	0_2_059C88C8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B3C4F8	0_2_05B3C4F8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B3D580	0_2_05B3D580
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B30006	0_2_05B30006
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B30040	0_2_05B30040
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_0706F700	0_2_0706F700
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_07062CBC	0_2_07062CBC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_07067870	0_2_07067870
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EA608	0_2_070EA608
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070E92B6	0_2_070E92B6
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EB021	0_2_070EB021
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070E9E60	0_2_070E9E60
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070E2E88	0_2_070E2E88
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EE6CE	0_2_070EE6CE
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EE4BA	0_2_070EE4BA
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EE4C0	0_2_070EE4C0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EE228	0_2_070EE228
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EE222	0_2_070EE222
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EE012	0_2_070EE012
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EE020	0_2_070EE020
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070ECE40	0_2_070ECE40
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070E9E5E	0_2_070E9E5E
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070ECE50	0_2_070ECE50
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070EDCA0	0_2_070EDCA0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070ED981	0_2_070ED981
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_070ED990	0_2_070ED990
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C1D68	0_2_077C1D68
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C99C0	0_2_077C99C0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C884A	0_2_077C884A
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C0FE0	0_2_077C0FE0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C0FDD	0_2_077C0FDD
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C3270	0_2_077C3270
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C3240	0_2_077C3240
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C6AE8	0_2_077C6AE8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C6EC8	0_2_077C6EC8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C7132	0_2_077C7132
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C7104	0_2_077C7104
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C2C48	0_2_077C2C48
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C2C38	0_2_077C2C38
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C64D8	0_2_077C64D8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C70D3	0_2_077C70D3
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C18A0	0_2_077C18A0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_077C1890	0_2_077C1890
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_016CA918	3_2_016CA918
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_016CD32D	3_2_016CD32D
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_016C8338	3_2_016C8338
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_016CC338	3_2_016CC338
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_016C4EB0	3_2_016C4EB0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_016C7F60	3_2_016C7F60
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_016C3330	3_2_016C3330
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_0175E500	3_2_0175E500
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_017528C8	3_2_017528C8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_01757E5E	3_2_01757E5E
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_0175B2E0	3_2_0175B2E0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_01754055	3_2_01754055
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_017540A8	3_2_017540A8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_01757710	3_2_01757710
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_018447B4	3_2_018447B4
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_01845D08	3_2_01845D08
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_018469F1	3_2_018469F1
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_01845CC3	3_2_01845CC3
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_01911548	3_2_01911548
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_01913420	3_2_01913420
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_01919140	3_2_01919140
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_0666C330	3_2_0666C330
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_06664018	3_2_06664018
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_066648E8	3_2_066648E8
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_06663CD0	3_2_06663CD0
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 3_2_0666D090	3_2_0666D090

Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2135032484.0000000003877000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameStoreElement.dllB vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe, 00000000.00000000.2095078039.000000000031C000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameTransform.exe> vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2133894157.000000000087E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2139898296.0000000007980000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameStoreElement.dllB vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameConfigNodeType.dll> vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemelMAmtZMwaCsjWTKCJLFbgvBrBIVp.exe4 vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemelMAmtZMwaCsjWTKCJLFbgvBrBIVp.exe4 vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2139548814.00000000070C0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameConfigNodeType.dll> vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemelMAmtZMwaCsjWTKCJLFbgvBrBIVp.exe4 vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4555594381.0000000001337000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs LisectAVT_2403002A_19.exe
Source: LisectAVT_2403002A_19.exe	Binary or memory string: OriginalFilenameTransform.exe> vs LisectAVT_2403002A_19.exe

Source: LisectAVT_2403002A_19.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
Source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
Source: 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
Source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924, type: MEMORYSTR	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR	Matched rule: Windows_Trojan_AgentTesla_d3ac2b2f reference_sample = 65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4, os = windows, severity = x86, creation_date = 2021-03-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.AgentTesla, fingerprint = cbbb56fe6cd7277ae9595a10e05e2ce535a4e6bf205810be0bbce3a883b6f8bc, id = d3ac2b2f-14fc-4851-8a57-41032e386aeb, last_modified = 2022-06-20
Source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR	Matched rule: MALWARE_Win_AgentTeslaV3 author = ditekSHen, description = AgentTeslaV3 infostealer payload

Source: LisectAVT_2403002A_19.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: LisectAVT_2403002A_19.exe, cH059DXZwiwMSJ2G47.cs	Cryptographic APIs: 'CreateDecryptor'
Source: LisectAVT_2403002A_19.exe, cH059DXZwiwMSJ2G47.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@1/0

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LisectAVT_2403002A_19.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Mutant created: \Sessions\1\BaseNamedObjects\NHrnrOpF

Source: LisectAVT_2403002A_19.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: LisectAVT_2403002A_19.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.00000000036C6000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: unknown	Process created: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe "C:\Users\user\Desktop\LisectAVT_2403002A_19.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process created: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe "C:\Users\user\Desktop\LisectAVT_2403002A_19.exe"
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process created: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe "C:\Users\user\Desktop\LisectAVT_2403002A_19.exe"	Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: LisectAVT_2403002A_19.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: LisectAVT_2403002A_19.exe

Static file information: File size 1353734 > 1048576

Source: LisectAVT_2403002A_19.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: LisectAVT_2403002A_19.exe, cH059DXZwiwMSJ2G47.cs

.Net Code: bSDmNBc20XsjgSo7cL1(t1K8HKc62TdnTiDZSHE(16777449)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{bSDmNBc20XsjgSo7cL1(t1K8HKc62TdnTiDZSHE(16777271)),bSDmNBc20XsjgSo7cL1(t1K8HKc62TdnTiDZSHE(16777251))})

.NET source code contains potential unpacker

Source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, B.cs

.Net Code: A System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_0244196C pushfd ; iretd	0_2_0244189A
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_059CB7BA push ss; retf	0_2_059CB7C6
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_059CB7F7 push ss; retf	0_2_059CB7C6
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_059CB3DA push ss; retf	0_2_059CB3E6
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_059CBC48 push ss; retf	0_2_059CBC56
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_059CAFA2 push ss; retf	0_2_059CAFAE
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_059C3E5F push ss; retf	0_2_059C3E6E
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B361B2 push esp; ret	0_2_05B361B9
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B333BF push cs; retf	0_2_05B333CE
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B33978 push cs; retf	0_2_05B33986
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B35B48 push esp; retf	0_2_05B35B57
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B53DB9 push cs; retf	0_2_05B53DBB
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B4FDA7 push 0C8D8BFFh; iretd	0_2_05B4FDAC
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B4EDAD push cs; retf	0_2_05B4EDAE
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B53D8D push cs; retf	0_2_05B53D8E
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B525FE push cs; retf	0_2_05B525FF
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B4EDE4 push cs; retf	0_2_05B4EDE5
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B4FDE5 push cs; retf	0_2_05B4FDE7
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B53D3E push ss; retf	0_2_05B53D40
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B53538 push cs; retf	0_2_05B5353A
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B5452D push cs; retf	0_2_05B5452F
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B5052C push ss; retf	0_2_05B5052D
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B5351B push cs; retf	0_2_05B5351D
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B54D01 push cs; retf	0_2_05B54D02
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B5650C push cs; retf	0_2_05B5650D
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B50575 push cs; retf	0_2_05B50576
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B4FD56 push cs; retf	0_2_05B4FD58
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B53D56 push ss; retf	0_2_05B53D57
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B5454A push cs; retf	0_2_05B5454C
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B55CBD push cs; retf	0_2_05B55CBF
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Code function: 0_2_05B51CBB push cs; retf	0_2_05B51CBC

Source: LisectAVT_2403002A_19.exe

Static PE information: section name: .text entropy: 7.467762882649221

Source: LisectAVT_2403002A_19.exe, cH059DXZwiwMSJ2G47.cs	High entropy of concatenated method names: 'K6vBdJtEV9CtgiF4530', 'K43VbotkfxV3XGKTbI2', 'vA9qhjtrhDfhrGAGNQu', 'WuwJyZtC1yqYHqUdBJ4', 'xq44yGOdCs', 'EW59yAtLmGT2wOOw1yN', 'uDdCeAt1LxmphtCFHEf', 'uBoCq5tKrPeyXBcT0ST', 'd2Lk9XtmmG3ibUrqPNF', 'uvk6dDtOgEDxmtOQENJ'
Source: LisectAVT_2403002A_19.exe, mbgRn93H9fOEwNi84F.cs	High entropy of concatenated method names: 'gpavuIes11', 'U7lvv7DE81', 'AlLvbEqqnF', 'q9RvJVabDm', 'RUdvdbmNa9', 'Vn9vDqVgXt', 'sVavSlFFFN', 'mfNvcM1Kev', 'EMKvsfn7hL', 'n2tv90WckO'
Source: LisectAVT_2403002A_19.exe, B0GaMFGWZVBKutsWoi.cs	High entropy of concatenated method names: 'Y9M9nHSAgP', 'xCt9Yd93Hv', 'huh9HTvT4i', 'Pkm9lvRg9D', 'KIx92dUS3y', 'YUn9alya5E', 'Iea9L9MdKh', 'Oq5975mm0u', 'nCD9AeotIa', 'jVR9UfdQwE'
Source: LisectAVT_2403002A_19.exe, MySettings.cs	High entropy of concatenated method names: 'AutoSaveSettings', 'PDspSdbGhXBl10f8eY', 'AwnGEFaOVq0AkHQfSj', 'sLpmOY2GZ73XIvN2MA', 'BSiQ1MQ7G7XGStQjTT', 'eJGd23BT1FU0NQutVJ', 'kXDDTIXfIy8gxsTheG', 'MByA9v887YvTBi88Os', 'QPO2JKWB2xgwsiRDDj', 'HM56sMVwPXTyLqKrKO'
Source: LisectAVT_2403002A_19.exe, kYSGbrwSsqJeCXa50u.cs	High entropy of concatenated method names: 'yf4rbAM77', 'yW19v2yW1kyNTtI0of', 'qUuQrCd0BfbOCPuxgh', 'UsoLoB4JTp9mY53r8y', 'VaVkJ7mvBPnr9mTUYV', 'oF5bbMOFAISsIyHf8N', 'KkQSWrj9nvSnt5UHqm', 'Q6r6RvA3bTLEMVMBAH', 'rTyiif6lW5QnQaucP9'
Source: LisectAVT_2403002A_19.exe, EnybaQYZHUfl0AY4Kv.cs	High entropy of concatenated method names: 'j0T9Zvjh2Z', 'QvB9m0ES8W', 'lH69X6Yix6', 'FolderExists', 'Vpg9VO8sPD', 'k99oHQ79wrylD9ywf3j', 'FB0WGK7RTqU5YvSZkn8', 'b4w8WY7GS9gJV7lrPoX', 'EkGqDA7lMB6yQPyVobi', 'UhMg0V7w5S5RqlcfOLD'
Source: LisectAVT_2403002A_19.exe, Iwar6LTVyLJIYNFeKq.cs	High entropy of concatenated method names: 'eL1tej6pr', 'fwspAepvF', 'rmgzThSAa', 'mSjMNrJgQMa2rphhJy', 'nBJTWUIASttG8EpEJI', 'bXa0Bpq1igHJaxqtV7', 'm9e93nD2bFQMK7jDX6', 'qkiWGesOhosyoEWLEC', 'oUW6UyMcnU6tIicRkG', 'EqvJVrzdvkjRhZdkIf'
Source: LisectAVT_2403002A_19.exe, kkvskdfeYkTCGH4QCu.cs	High entropy of concatenated method names: 'Dispose', 'WKb9uQT9Vb', 'knh9vMZOq7', 'MCd9bAwiqf', 'qkJ9JeZUgM', 'Fs1p3whAl2aAmiZ1nFd', 'ni6hJRh6oyorB6koGtN', 'sPHh6Jh2JWifSRRO1Zu', 'kDsPWIh4XbqxHn9bLCe', 'QfJjPBhjAQCpvGGub9J'
Source: LisectAVT_2403002A_19.exe, diRugZnHpoqLNbmiVS.cs	High entropy of concatenated method names: 'uhXv6vMe8', 'OnCreateMainForm', 'crui29wf2R4wViCnQg', 'XoN2PrSJ2ptNOnXNtm', 'p61SJkTHwiDhooM9x9', 'RZFAhdgGTg4eqsRl9H', 'nldMgJHh78E71nWILm', 'Y8VhyvYEFadPh1NiEA', 'VBUWY5hOb20oKxnpc8', 'Vap7rqeCGNPD9VwiuV'
Source: LisectAVT_2403002A_19.exe, NCnVCRCOcqiIrEJ2Pu.cs	High entropy of concatenated method names: 'Ho4hJYjReZ', 'XIIhDvpdRA', 'Equals', 'GetHashCode', 'u0chSCE64S', 'ToString', 'jSPGx87qHNGxeNr0bRB', 'hsBSf27Da93MQqJcApx', 'cHoEsg7vbNj9qB2rsCU', 'q9lfZ973o6DKKycg7hC'
Source: LisectAVT_2403002A_19.exe, epnHaRKKxYFXWgnn30.cs	High entropy of concatenated method names: 'uxorhQaaj2S0j', 'cWVlx3cLBAC11E66TTw', 'TwHSvkc1tSnA3Ux0k0m', 'zxg0aicKmlkDakParkg', 'ytuRQpcpdEsx1WQBBFy', 'BGQOICcip7jN2oYhu5r', 'kWp4o2cmJ8YS0qv1fUN', 'K28E3scOK1PkS8yBc3h', 'c2Qkqbcyk8q5p2UxBDX', 'ydcG86cdEZ6S2hL708E'
Source: LisectAVT_2403002A_19.exe, mM8S6l48iXbmSiYJgF.cs	High entropy of concatenated method names: 'bnS91NwTwQ', 'okE9wFLDU2', 'nBV9CtJvOk', 'e6M9r8DjQn', 'Pr79MlhNYn', 'A73ERP5iYp7bOlIKnAf', 'r26RP05LColFKafXCNQ', 'UIlr3251LytAd9CXBlb', 'SNgxYP5kCqhk1AVwHU9', 'w5LvtQ5puZmi7lUet0c'
Source: LisectAVT_2403002A_19.exe, dddyjkdWYYf4iuTMYB.cs	High entropy of concatenated method names: 'WM1vgwflps', 'nsevPVyR9F', 'gyyvefoJ5v', 'joxvR74bBR', 'zWPvqNs3dI', 'g1rv5lh995', 'phEvN7dYyC', 'gGMvKr6xKV', 'FCJvfHHtow', 'C3Nv0jDerh'
Source: LisectAVT_2403002A_19.exe, OOBG4wMoWIMqqZ8j4I.cs	High entropy of concatenated method names: 'Dispose', 'r8599q7Gpf', 'afReff5GGx', 'Drde0kA1yy', 'orA9hD0HDm', 'jXu944alXg', 'kIX9Ff9qEo', 'O3fuuNeCRe9SoYu4Xd8', 'IxTCnNeEdFBeJilE7Jj', 'apQWIwekOPgqfiFs1a2'
Source: LisectAVT_2403002A_19.exe, hhPE52P5kOn4XIqs61.cs	High entropy of concatenated method names: 'eL49PwmL4U', 'nUv9eJrsr6', 'KXj9RVlmr7', 'a8k9qk0jd9', 'Its95EqrHY', 'hj6CQ2ftqdG7DWwdM6X', 'CpH5sTfrSlcvCVhbeck', 'RKwB3rfCy5Qm23Pa2CK', 'sMLInkf7mmIH3HBk76P', 'UF9DbafcPoobT4SidWl'
Source: LisectAVT_2403002A_19.exe, jXoxD01lmspGfxigSN.cs	High entropy of concatenated method names: 'zjMK5baIf', 'fQj0AMJfs', 'dBvLupEuBZMksOmtHB', 'VGk2BSkI8TLYIcaENj', 'dqWHTmrKvZSVV8WHgF', 'RewEALCGk25BUxg8HA', 'fbKEAvp48RvKEnuMYH', 'x4eEoeipORC09bVMxD', 'Rro7YOLr0GDgTeYjkB', 'Aj71He1UXOoG44HYF6'
Source: LisectAVT_2403002A_19.exe, i1mSeP8ShkOZGmKpbT.cs	High entropy of concatenated method names: 'LDA9NfaBm8', 'FO89KUEfEa', 'xA29fmILCR', 'RKj90bwgF0', 'qa79oLyEWL', 'wGM9Q0gXh3', 'O5Q9ECJc2Y', 'emx9IGk2rv', 'eBp9yfkd9D', 'Ac5eSI55BrD4JMp0a1o'
Source: LisectAVT_2403002A_19.exe, VJYh0y0os2gJpvgGSw.cs	High entropy of concatenated method names: 'uhM9BOFA2d', 't5N9TrnjmT', 'sij9WETnjQ', 'CXZ9iRIlFV', 'F2Y98S7rph', 'UVwAWynLuYnEv8B09lO', 'NkUYYEn111lsEsbG5ji', 'LVwSocnKiWhw8Nj8Neo', 'BP57RHnmm2ahfLss318', 'puA8JInOuW8tyADTde9'

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: 0.2.LisectAVT_2403002A_19.exe.263f1f8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924, type: MEMORYSTR

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Memory allocated: 2440000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Memory allocated: 25B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Memory allocated: 45B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Memory allocated: 8DA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Memory allocated: 9DA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Memory allocated: 9FC0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Memory allocated: 1800000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Memory allocated: 3330000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Memory allocated: 3110000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Window / User API: threadDelayed 7106			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Window / User API: threadDelayed 2706			Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe TID: 5140	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe TID: 1764	Thread sleep time: -43305s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe TID: 1172	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe TID: 3300	Thread sleep count: 41 > 30	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe TID: 3300	Thread sleep time: -37815825351104557s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe TID: 5388	Thread sleep count: 7106 > 30	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe TID: 5388	Thread sleep count: 2706 > 30	Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Thread delayed: delay time: 43305	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: LisectAVT_2403002A_19.exe	Binary or memory string: WvlkX0nHXu9RNOwHGFS
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware SVGA II
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: LisectAVT_2403002A_19.exe, 00000000.00000002.2133894157.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, LisectAVT_2403002A_19.exe, 00000003.00000002.4556026872.0000000001648000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Code function: 3_2_016C64F0 LdrInitializeThunk,

3_2_016C64F0

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Memory written: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Process created: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe "C:\Users\user\Desktop\LisectAVT_2403002A_19.exe"

Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\FTP Navigator\Ftplist.txt	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\Desktop\LisectAVT_2403002A_19.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Source: Yara match	File source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.LisectAVT_2403002A_19.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.LisectAVT_2403002A_19.exe.3670ab0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 3924, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: LisectAVT_2403002A_19.exe PID: 2708, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	111 Process Injection	1 Masquerading	2 OS Credential Dumping	211 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	1 Credentials in Registry	1 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	141 Virtualization/Sandbox Evasion	Security Account Manager	141 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	24 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	22 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
LisectAVT_2403002A_19.exe	100%	Avira	HEUR/AGEN.1323708
LisectAVT_2403002A_19.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://b6QQBzu4tg.com	0%	Avira URL Cloud	safe
https://api.ipify.org%GETMozilla/5.0	0%	Avira URL Cloud	safe
http://www.phapsoftware.hotgoo.net:	0%	Avira URL Cloud	safe
http://www.phapsoftware.hotgoo.net	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	0%	Avira URL Cloud	safe
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://KMcLhe.com	0%	Avira URL Cloud	safe
https://api.ipify.org%4	0%	Avira URL Cloud	safe
http://www.phapsoftware.hotgoo.net)C	0%	Avira URL Cloud	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	Avira URL Cloud	safe
http://b6QQBzu4tg.comt-	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
smtp.agceram.com	unknown	unknown	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:HTTP/1.1	LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.phapsoftware.hotgoo.net)C	LisectAVT_2403002A_19.exe	false	Avira URL Cloud: safe	unknown
http://www.phapsoftware.hotgoo.net:	LisectAVT_2403002A_19.exe	false	Avira URL Cloud: safe	unknown
http://DynDns.comDynDNS	LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.phapsoftware.hotgoo.net	LisectAVT_2403002A_19.exe	false	Avira URL Cloud: safe	unknown
https://api.ipify.org%4	LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://KMcLhe.com	LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ipify.org%GETMozilla/5.0	LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://b6QQBzu4tg.com	LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003718000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	LisectAVT_2403002A_19.exe, 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	LisectAVT_2403002A_19.exe, 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, LisectAVT_2403002A_19.exe, 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://b6QQBzu4tg.comt-	LisectAVT_2403002A_19.exe, 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1482445
Start date and time:	2024-07-25 23:05:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	LisectAVT_2403002A_19.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@1/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 338 Number of non-executed functions: 38
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: LisectAVT_2403002A_19.exe

Simulations

Behavior and APIs

Time	Type	Description
17:06:32	API Interceptor	11077746x Sleep call for process: LisectAVT_2403002A_19.exe modified

Process:	C:\Users\user\Desktop\LisectAVT_2403002A_19.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1314
Entropy (8bit):	5.3387892510515025
Encrypted:	false
SSDEEP:	24:MLU84jE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4sAmE4Ks:MgvjHK5HKH1qHiYHKh3oPtHo6hAHKzeL
MD5:	8C61F9E2B19E0315722C135D70192939
SHA1:	BFC216104805B4183FD0A9153EE0B39076AECCBC
SHA-256:	AFA04F5408E6285A7B01334D40EA524ADB37116790061849F4D6B48D880D93A0
SHA-512:	55CC4879F5AC9C5BDB659D0DC915102B39BC2035CF1C3CADBF3BE6A4447B5613A9D665FC06AD3F461803D04495AAD5EAB0758C02B8F110090FF6F791B80B270D
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.914654400470132
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	LisectAVT_2403002A_19.exe
File size:	1'353'734 bytes
MD5:	afb12495b0c9be1ad8acc1709ff5eb1e
SHA1:	425cdd67c93562d960e4f86d9dab43b735bf84e8
SHA256:	8c385cb00ccafc20b0e9112948b85590cc3979c489f3902918f978acd6aa508b
SHA512:	04c93c61b68ee781010dbb913b364e11101bd096f76df001474af226e467b1bf2f84774d1188a50eedf78f9334a64e9c34de4f33ef2884e36f9a6e255e8b5f08
SSDEEP:	24576:5vUYwEInDMNjcqkUg4V1NhGMlBXkZubMS:hxInghcqko5hGMlBZL
TLSH:	CA557D15B742C080F5AE2572CDE1F7F4063AFC3BDA069A1B114B3E89B0777578A36686
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....d.a.................l...8........... ........@.. ....................... ............@................................

File Icon


Icon Hash:	177145d6cc4c702d

Static PE Info

General

Entrypoint:	0x4f8ade
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x610D641C [Fri Aug 6 16:32:28 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xf8a90	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xfc000	0x5335c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x150000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xf6ae4	0xf6c00	b20995509ce244f5110496bca7b18c11	False	0.7260677874873354	data	7.467762882649221	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.sdata	0xfa000	0x1e8	0x200	ba1a51c546597b8fdcb7d0154e4ab651	False	0.857421875	data	6.638446248926509	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xfc000	0x5335c	0x53400	30d1b1c9a3102b6e5db769c997b2a829	False	0.16797754786036037	data	3.9807510411396274	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x150000	0xc	0x200	3026b6c6be0212e10af937d9912ba24c	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xfc160	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2834 x 2834 px/m	0.2162989471193659
RT_ICON	0x10c988	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 262144, resolution 2835 x 2835 px/m	0.1527058614669941
RT_GROUP_ICON	0x14e9b0	0x22	data	0.8529411764705882
RT_VERSION	0x14e9d4	0x3b6	data	0.4263157894736842
RT_MANIFEST	0x14ed8c	0x5d0	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators	0.40725806451612906

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-25T23:07:28.622794+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49724	52.165.165.26	192.168.2.6
2024-07-25T23:06:51.230552+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49718	52.165.165.26	192.168.2.6

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 25, 2024 23:07:58.601195097 CEST	58811	53	192.168.2.6	1.1.1.1
Jul 25, 2024 23:07:58.613771915 CEST	53	58811	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 25, 2024 23:07:58.601195097 CEST	192.168.2.6	1.1.1.1	0xa910	Standard query (0)	smtp.agceram.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 25, 2024 23:07:58.613771915 CEST	1.1.1.1	192.168.2.6	0xa910	Name error (3)	smtp.agceram.com	none	none	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	17:06:31
Start date:	25/07/2024
Path:	C:\Users\user\Desktop\LisectAVT_2403002A_19.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\LisectAVT_2403002A_19.exe"
Imagebase:	0x1d0000
File size:	1'353'734 bytes
MD5 hash:	AFB12495B0C9BE1AD8ACC1709FF5EB1E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_AgentTesla_d3ac2b2f, Description: unknown, Source: 00000000.00000002.2135032484.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2134202692.00000000025B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	17:06:33
Start date:	25/07/2024
Path:	C:\Users\user\Desktop\LisectAVT_2403002A_19.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\LisectAVT_2403002A_19.exe"
Imagebase:	0xe40000
File size:	1'353'734 bytes
MD5 hash:	AFB12495B0C9BE1AD8ACC1709FF5EB1E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_AgentTesla_d3ac2b2f, Description: unknown, Source: 00000003.00000002.4555380450.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AgentTeslaV3, Description: AgentTeslaV3 infostealer payload, Source: 00000003.00000002.4558492296.0000000003331000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	9.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.3%
Total number of Nodes:	219
Total number of Limit Nodes:	9

Executed Functions

Function 077C45A8 Relevance: 3.1, APIs: 2, Instructions: 100
memoryinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 077C455E
WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 077C4640

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: AllocMemoryProcessVirtualWrite
String ID:
API String ID: 645232735-0
Opcode ID: 70ed16d1109d6f7a791743f92ae57d19cbcfa2a93a2f59f2354f7cae07358af0
Instruction ID: 6ce37906bad26035849cb0945d54310ee8c1e505e3f8c9723dafda5a5be16d7c
Opcode Fuzzy Hash: 70ed16d1109d6f7a791743f92ae57d19cbcfa2a93a2f59f2354f7cae07358af0
Instruction Fuzzy Hash: 0E414AB290035A9FDF10CFA9C8457DEBBF4BF88324F14842EE559A7240C7789555CBA1

Function 070E2E88 Relevance: 3.1, Strings: 2, Instructions: 564
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:, xrefs: 070E3144
~, xrefs: 070E30DA

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: :$~
API String ID: 0-2431124681
Opcode ID: 486bd8561891a2ce4e0560a0d795fc7a5f5c3c2d67062b23749a48d93e63c281
Instruction ID: 9ed106bb243ef15effb7873df920e263e35a3ddb106814a23e3c064dc1f3b62d
Opcode Fuzzy Hash: 486bd8561891a2ce4e0560a0d795fc7a5f5c3c2d67062b23749a48d93e63c281
Instruction Fuzzy Hash: 6A42F5B5A00219DFDB65CFA9C840A9DBBB6FF49300F1181E9E509AB321D731EA91DF50

Function 070E9E60 Relevance: 1.5, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

P\q, xrefs: 070E9F2E

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: P\q
API String ID: 0-2033188233
Opcode ID: 3dc6eac40f8d22c234ae2dcdde1aea22880d8efc3b5885e4d0dcf8150ba08805
Instruction ID: 26afd8cce2988fa217b9ba9f5286b8fad5aff302ed5c8eed9af2c973fcb3654f
Opcode Fuzzy Hash: 3dc6eac40f8d22c234ae2dcdde1aea22880d8efc3b5885e4d0dcf8150ba08805
Instruction Fuzzy Hash: 3091D3B4E142098FCB08CFAAC580A9EFBB2BF89300F20952AD515BB358D735A941CF54

Function 077C884A Relevance: 1.5, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

vd7, xrefs: 077C8A42

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: vd7
API String ID: 0-432321585
Opcode ID: 00c4d0b81c24c94288cd0897d40523ff9c644c42febc2fdb3802dcbc78aaf64c
Instruction ID: f09afc2ec5534a0577f4915c2a1aac41fc50832deade1a2abcd2ca391fda3db7
Opcode Fuzzy Hash: 00c4d0b81c24c94288cd0897d40523ff9c644c42febc2fdb3802dcbc78aaf64c
Instruction Fuzzy Hash: F08128B0E29209DFCB04CFA5D5845AEFBF6FB8A390F14A42ED406A7254D734A945CF06

Function 070E9E5E Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

P\q, xrefs: 070E9F2E

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: P\q
API String ID: 0-2033188233
Opcode ID: ffc2157989adaeb78992d466f81fc88b2efbc798bbe38a050d7c430d047044c0
Instruction ID: fba88ac3f5f5e1caac97373cdd627659a190a56c1cabe8cfbd6f7a32f069e2a2
Opcode Fuzzy Hash: ffc2157989adaeb78992d466f81fc88b2efbc798bbe38a050d7c430d047044c0
Instruction Fuzzy Hash: 7891E4B4E142098FCB08CFAAC5806DEFBB2BF89300F20952AD515BB358D735A941CF54

Function 070EA608 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

Gr_, xrefs: 070EA7E3

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: Gr_
API String ID: 0-861945472
Opcode ID: a4f4199dcdc3816d9ba1233ffb8215d000928b425973da5a4379fa7ae9fb58d3
Instruction ID: be1e62ec0a9b2b85f2fd1fc6b065b42a0faeb9fd4977da8d1374ca1b9ba9f280
Opcode Fuzzy Hash: a4f4199dcdc3816d9ba1233ffb8215d000928b425973da5a4379fa7ae9fb58d3
Instruction Fuzzy Hash: 2A513BB0E152098FCB08CFA9C4406AEFBF6BF8E210F15D26AD465B7255D7349A418F94

Function 059C88C8 Relevance: .9, Instructions: 909COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38005bfdbcc1aee8153181395c524f7110745a2700ebd90d93fb619ce25b6fdd
Instruction ID: e35f2c21337774ecdfd9ae2fe4aef8bc30b3b05b8ecc49a53fd29b70b14969f0
Opcode Fuzzy Hash: 38005bfdbcc1aee8153181395c524f7110745a2700ebd90d93fb619ce25b6fdd
Instruction Fuzzy Hash: 9F825C75A04209DFCB15CF68C584AAEBFF6FF88310F158599E406AB3A1D731E981CB52

Function 05B3C4F8 Relevance: .7, Instructions: 668COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139162388.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b30000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10e604895168ea5ff09c83ddba6573e7a92ffc375b1715cc46ff7331e5d74cfc
Instruction ID: 318bd3981be627b86535804316ddac50ba9fe3369a28ed313e833d4352e5a5b0
Opcode Fuzzy Hash: 10e604895168ea5ff09c83ddba6573e7a92ffc375b1715cc46ff7331e5d74cfc
Instruction Fuzzy Hash: B252F530600604CFDB14DBA8C589A6DBBF2FF88315F1585A8E44AAB361DB75FD46CB80

Function 059C5650 Relevance: .6, Instructions: 562COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 197d785ca75f25edb161a741763156c42413438276255bf390f8974a3a6827a0
Instruction ID: 9fd35cc408cce904efe826428b3a668d816708ff74600f91e0da0c53917368a9
Opcode Fuzzy Hash: 197d785ca75f25edb161a741763156c42413438276255bf390f8974a3a6827a0
Instruction Fuzzy Hash: 27224A70A002199FDB14DFA9C854BAEBBF6FF88300F158569E806DB391DB74AD41CB91

Function 077C99C0 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 359416be758ed61c41923f02a7b638b8b31bd2bddd898fd4f55fc0f153e8f5a8
Instruction ID: 5caf03f9c5e38436b6a3eb0c7b239fbd1d21d48532eff814b12dc40b54081c95
Opcode Fuzzy Hash: 359416be758ed61c41923f02a7b638b8b31bd2bddd898fd4f55fc0f153e8f5a8
Instruction Fuzzy Hash: 76D1ADB0B006058FEB69DB76C4507AEB7F6AF89744F14486EC24A9B290DF34E901CF51

Function 059C5DB8 Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28af89a6846669b3045258c680d55a1101d238df1da2054922c5ae703636f5e7
Instruction ID: 19ccf38d104ee12564d99aa39b3eaec51205c08f9ff562d3610a0f261616d62e
Opcode Fuzzy Hash: 28af89a6846669b3045258c680d55a1101d238df1da2054922c5ae703636f5e7
Instruction Fuzzy Hash: 99D14970A04119DFDF14CFA9C984AADBFF6BF89301F5580A9E405AB3A1D731E942CB52

Function 077C1D68 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b052de2cbbd21427ec241dafbb1e8d90f8267f7cc0d411859f0159627e7a9ed
Instruction ID: bab55dd55f6bd71386ce738c80567a46214364f8b66cbf226761c4c7023bdc6c
Opcode Fuzzy Hash: 0b052de2cbbd21427ec241dafbb1e8d90f8267f7cc0d411859f0159627e7a9ed
Instruction Fuzzy Hash: 10618BB4E0524D9FCB04CFAAD4406EEFBF2AF89350F54C52AD405A735AD7349A428FA0

Function 070E92B6 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 595d72558d59d4cb63cefb17773b4248b09808f483a4239582bf1d345b20f5f1
Instruction ID: bc300a26ee616d91dd9cdbefa89ad6393a8f76a863d0761409fb07c3cd31ad14
Opcode Fuzzy Hash: 595d72558d59d4cb63cefb17773b4248b09808f483a4239582bf1d345b20f5f1
Instruction Fuzzy Hash: FF31EAB1E05618CFEB58CF6BD840A9EFBF7AFC8200F14C1AAD509A7254DB345A458F51

Function 070EB021 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69be3c85f0af5550a38ed952b7e22b026bcbdedbc742b7887de3103fa60ff4b3
Instruction ID: 73924b3554efd99f6416ac7cbffb7d2f67bb1ad947a5e3147a61110dae1845fb
Opcode Fuzzy Hash: 69be3c85f0af5550a38ed952b7e22b026bcbdedbc742b7887de3103fa60ff4b3
Instruction Fuzzy Hash: 9A3107B1E016188FDB18CFAAC94569EBBF3AFC9310F14C16AD409AA364DB345955CF50

Function 05B40CAC Relevance: 2.6, Strings: 2, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

g, xrefs: 05B40D57
h, xrefs: 05B40CE2

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: g$h
API String ID: 0-5770363
Opcode ID: 6aacd80190ed6a37c6fd951508e36395b2e677d4cff3ed6f082333843944f3ee
Instruction ID: eecbce1585bf793284f661ee322c09913a2093b0e72534513ad51d4470e06d4b
Opcode Fuzzy Hash: 6aacd80190ed6a37c6fd951508e36395b2e677d4cff3ed6f082333843944f3ee
Instruction Fuzzy Hash: 3C41C778901229CFDB24CF60D998AE9BBB6FB49301F0041E9E50AA3A90DB745E84CF51

Function 077C482D Relevance: 1.7, APIs: 1, Instructions: 247
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077C4A6E

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 63e285cb806ab4dccaf78b5c90921f7d9cf06dae4b2d8ee2058bb2b9cd6be630
Instruction ID: 487dc70a30c73e261c732f401a0f53d9af0768c4bd05b1665c478c493aff94d1
Opcode Fuzzy Hash: 63e285cb806ab4dccaf78b5c90921f7d9cf06dae4b2d8ee2058bb2b9cd6be630
Instruction Fuzzy Hash: D0A15FB1D0025ADFEF20CFA9C851BADBBB2BF48310F1485ADD859A7240DB749985CF91

Function 077C4838 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077C4A6E

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: e10aa649fae12496ec010e22fa907b4f08267a9515bf36e7c22d2dbdd2e655c7
Instruction ID: 5fc17ad529024b96caec087e70049e86ef289bbc87df0bab9511ba0875b23cff
Opcode Fuzzy Hash: e10aa649fae12496ec010e22fa907b4f08267a9515bf36e7c22d2dbdd2e655c7
Instruction Fuzzy Hash: 039160B1D0025ADFEF20CF69C851BADBBB2BF48310F1485ADD859A7240DB749985CF51

Function 0244D989 Relevance: 1.7, APIs: 1, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0244DBEE

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 86007f36967b6389b23a42637b44138aa6677823e63a99d127c57ce176e5b883
Instruction ID: 793c6dd0278ad9d3c1cddd44b4decd6497724a30a03d4ddc641fa62424ae1a2a
Opcode Fuzzy Hash: 86007f36967b6389b23a42637b44138aa6677823e63a99d127c57ce176e5b883
Instruction Fuzzy Hash: 45811270A00B05CFE724DF6AD45475ABBF2FB88204F00892ED49AD7B50EB75E949CB91

Function 0244FB84 Relevance: 1.6, APIs: 1, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0244FCA2

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: dcff1181cbb3fc14b4cfc55d5b54bb550c535baf495d2c7abb7d7d123abb5b71
Instruction ID: d7639f16f6b151f23a42d1f888d6ad5bc0266eaae4341e108d71952ed9047d22
Opcode Fuzzy Hash: dcff1181cbb3fc14b4cfc55d5b54bb550c535baf495d2c7abb7d7d123abb5b71
Instruction Fuzzy Hash: 3551D2B1D103499FEF14CFAAC984ADEBFB5BF48314F25812AE819AB210D7719945CF90

Function 0244CC7C Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0244FCA2

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: d4bde6880274151e1d4187eeddd4a5295a86847bb4dd9bcd3786220d7c5b5b71
Instruction ID: cc350712d98da33599be937f392ec37c25c9d2e97c25c9db98c339fb241fc723
Opcode Fuzzy Hash: d4bde6880274151e1d4187eeddd4a5295a86847bb4dd9bcd3786220d7c5b5b71
Instruction Fuzzy Hash: 2351C2B1D103499FEB14CF99C984ADEBBB5FF48314F25812AE819AB210DB71A945CF90

Function 077C45B0 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 077C4640

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: a089e140acc36d8dec299ab8ee7589b17be875a268a0d3ae3dc42bff417f172e
Instruction ID: 167809c823a3765ba74d5f668e11d9e3905d9e93bf89f4967d09a91f1f72f5f9
Opcode Fuzzy Hash: a089e140acc36d8dec299ab8ee7589b17be875a268a0d3ae3dc42bff417f172e
Instruction Fuzzy Hash: 3221F5B19003599FDF10CFAAC885BDEBBF5BF48314F10842AE919A7240D7789954CBA5

Function 077C4698 Relevance: 1.6, APIs: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077C4720

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: ed101e5445ad90b9be3769636f74ff10a9e59995252d410973298671cf2533f7
Instruction ID: fffe4e4a3b160cd748e23d109830748c6d2ce9f8ed66cbd40d6ba8bf66246b3c
Opcode Fuzzy Hash: ed101e5445ad90b9be3769636f74ff10a9e59995252d410973298671cf2533f7
Instruction Fuzzy Hash: D621F6B1D003499FDB10CFAAC881ADEBBF5FF48320F148429E558A7240D7749515DBA5

Function 077C4411 Relevance: 1.6, APIs: 1, Instructions: 67
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077C4496

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: bb097a454d36ea674304214c204e388f603bfc6b87ff69242f0a083438cf6e1c
Instruction ID: 0e72960348fb672b9d6ea9b6b4d23231d2f4e88a30e84f897b644dd375c0bfd3
Opcode Fuzzy Hash: bb097a454d36ea674304214c204e388f603bfc6b87ff69242f0a083438cf6e1c
Instruction Fuzzy Hash: 4C2159B1D003099FDB10CFAAC4817EEBBF4AF48320F14842DD558A7240D7789945CFA5

Function 02447C3A Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02447CC7

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ae9591964031958876f92f1ac2fab48fd03f7421a909b2b5b561fcbaddb1996b
Instruction ID: 9e96fd1a75b850e8999c7a501f8de73f5227c9601976e928cc4770b03a629863
Opcode Fuzzy Hash: ae9591964031958876f92f1ac2fab48fd03f7421a909b2b5b561fcbaddb1996b
Instruction Fuzzy Hash: 5B21E3B59002499FEB10CFAAD984ADEFBF5EB48324F14841AE918A3310D775AA54CF61

Function 077C46A0 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077C4720

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 46267344f902e52f5e1796c0e4d6c4e5cfec830c5718c6746e5695e2566751cf
Instruction ID: c535a16c2692841c20bb1624afe99be8769984721d208be77e9fe263f680d14a
Opcode Fuzzy Hash: 46267344f902e52f5e1796c0e4d6c4e5cfec830c5718c6746e5695e2566751cf
Instruction Fuzzy Hash: 612116B19003499FDB10CFAAC881BDEBBF5FF48320F10842DE518A7240C7789910CBA5

Function 077C4418 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077C4496

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 84e9aa3a8bb4fb0089eee16fa49d93068943c90f4337ea05e55a772fc3c73c44
Instruction ID: 4d98e5606d5ac55a8d12e281c6338f9437029a9160b599929b9a3879591a1d75
Opcode Fuzzy Hash: 84e9aa3a8bb4fb0089eee16fa49d93068943c90f4337ea05e55a772fc3c73c44
Instruction Fuzzy Hash: EF2138B1D003498FDB10DFAAC4857AEBBF4AF88320F14842DD519A7240CB789944CFA5

Function 02447C40 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02447CC7

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 8bdf34a26640bc8ba78ed96ec89325d03938ec1f9ad385c57d273ec081efdf77
Instruction ID: 02a4930774f3d4ca7ccf106cc12b361908ec33487b64a0cbd2c7c844a262e8ac
Opcode Fuzzy Hash: 8bdf34a26640bc8ba78ed96ec89325d03938ec1f9ad385c57d273ec081efdf77
Instruction Fuzzy Hash: C721E3B59002499FDB10CFAAD984ADEFBF4EB48320F14841AE918A3310D374A950CF61

Function 0244CB08 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0244DC69,00000800,00000000,00000000), ref: 0244DE7A

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3306f104e1186fbde50f00414d371f52756cf9063ff45aba05a0c5849f251678
Instruction ID: ec8195a05f3828bfcdc8a50be0892ec18e2324ded8ccc7bbb35dbe1cca3583a2
Opcode Fuzzy Hash: 3306f104e1186fbde50f00414d371f52756cf9063ff45aba05a0c5849f251678
Instruction Fuzzy Hash: E51103B6D00749CFEB10CF9AC444B9EFBF4EB98324F10846AE519A7200C7B5A545CFA5

Function 0244DE08 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0244DC69,00000800,00000000,00000000), ref: 0244DE7A

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b0425e1cb52fb0ae7ff40a4c850b961a55574148da544ef07ef6e7835b8449f0
Instruction ID: 3c5751178137345876f50f7d701d46e6b0cd0a70ec5b25921a5f65018cf21b4e
Opcode Fuzzy Hash: b0425e1cb52fb0ae7ff40a4c850b961a55574148da544ef07ef6e7835b8449f0
Instruction Fuzzy Hash: E21103B6D00349CFDB10CF9AC544BDEFBF4AB98324F10846AE919A7200C7B5A545CFA5

Function 077C44E8 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 077C455E

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fe259ed21bfdfa7f7cd952011b927cff6e52884764315f181f78a5cb0ecfda65
Instruction ID: 50e68b3bbf459a361578f8eb5538db8054e289de909061158efcc37aa54c8276
Opcode Fuzzy Hash: fe259ed21bfdfa7f7cd952011b927cff6e52884764315f181f78a5cb0ecfda65
Instruction Fuzzy Hash: FB11477290024A9FDF10CFAAC844BDEBFF5AF88320F24841DE959A7250C7759510CFA1

Function 077C44F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 077C455E

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bacae2c5aa1f7d22b22594c0d6035ba49cb459a080542abd543d15b47d789ead
Instruction ID: 1cbd84d0450384743c6c237b4608af25ca6b7e9486ec844bfeb91dbe71d30736
Opcode Fuzzy Hash: bacae2c5aa1f7d22b22594c0d6035ba49cb459a080542abd543d15b47d789ead
Instruction Fuzzy Hash: 4C1156B29003499FDF10CFAAC844BDEBFF5EF88720F108819E519A7250C775A510CBA1

Function 077C4360 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 077C43CA

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 9cd875ab08eb6128479484819eaa97c36dcd09229df677da8d017186ab8c746d
Instruction ID: 25a18654e504e561db35b5935301187f63fa3defcbda07e0a828eebf7012f22c
Opcode Fuzzy Hash: 9cd875ab08eb6128479484819eaa97c36dcd09229df677da8d017186ab8c746d
Instruction Fuzzy Hash: D6115BB1D0034A8FDB20DFAAC44579EFBF4AF88320F24841DD159A7240C775A500CF95

Function 077C4368 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 077C43CA

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 56aabb15c96a17efed2ed4c94ad8c2bf12716e7d366b5af97d7632afbe8757ed
Instruction ID: d654cfc07c9b3b14c2f3f67b24dd93c4b80e1265911c68fdcb451cd925d224ca
Opcode Fuzzy Hash: 56aabb15c96a17efed2ed4c94ad8c2bf12716e7d366b5af97d7632afbe8757ed
Instruction Fuzzy Hash: 6F1106B1D003498FDB20DFAAC84579EFBF5AF88724F24881DD519A7240CB79A944CBA5

Function 0244DB88 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 0244DBEE

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 6118dc574c0b6235605f27704570cb00399423f72df63ba851a8061368022ada
Instruction ID: 9526e956ee9fcb0f8c0871c3c2f576f1eb4c3776bd4f21f42da9d4e9b04689d4
Opcode Fuzzy Hash: 6118dc574c0b6235605f27704570cb00399423f72df63ba851a8061368022ada
Instruction Fuzzy Hash: 42110FB6D00749CFDB10CF9AC544B9FFBF4AB88224F10841AD819A7210C7B9A545CFA1

Function 05B35F38 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,04AF6428,?,?,?,?,?,?,05B35DF0,00000000,00000000,?), ref: 05B35F9D

Memory Dump Source

Source File: 00000000.00000002.2139162388.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b30000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: cef78606e3bc58929201ddc6d789b15fdb25732d59e10f9482e06a9e1e4ea719
Instruction ID: 463f3ce7783304e01deaa71b25c4c6994dbab063c7f1d2bb62cdd68614b9408f
Opcode Fuzzy Hash: cef78606e3bc58929201ddc6d789b15fdb25732d59e10f9482e06a9e1e4ea719
Instruction Fuzzy Hash: 6411C2B68007499FDB20DF9AD985BDEBBF8EB48320F108459E559A7240C3B9A544CFA1

Function 05B358A8 Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,04AF6428,?,?,?,?,?,?,05B35DF0,00000000,00000000,?), ref: 05B35F9D

Memory Dump Source

Source File: 00000000.00000002.2139162388.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b30000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 6efb500fc3ef1ec2678b228550cee4d95199c0553325aae357be506290467b74
Instruction ID: ccf8ba0c6921a80e8e165f182e37b380fde7559d644952b652ce1c63b14834c9
Opcode Fuzzy Hash: 6efb500fc3ef1ec2678b228550cee4d95199c0553325aae357be506290467b74
Instruction Fuzzy Hash: EB11E3B58047499FDB20DF9AC945BDEBBF8EB48320F108459E519B7240C3B5A944CFA1

Function 077C8EBA Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 077C8F1D

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 9733402075762a6c90e2514d3c28fa4a19ba675541aa90b1bdd89bac75b973f1
Instruction ID: e2c7f216f5f06facd4587cd13fc2f0c03229edfa21b3888be2b56b15d8dd95db
Opcode Fuzzy Hash: 9733402075762a6c90e2514d3c28fa4a19ba675541aa90b1bdd89bac75b973f1
Instruction Fuzzy Hash: 821106B5800349DFDB10CF99D584BDEBFF8EB58320F10841AE559A7600C3B9A544CFA1

Function 077C8EC0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 077C8F1D

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 83a47d45478ac4bec3c705890f090681c3c2714624aaf6eac9c1e0036bb9148a
Instruction ID: 3a21b62dd79f28100f9dc07a3488462c9e0dbc0baf5a08fa0c25f1943de096ae
Opcode Fuzzy Hash: 83a47d45478ac4bec3c705890f090681c3c2714624aaf6eac9c1e0036bb9148a
Instruction Fuzzy Hash: 0411D0B58003499FDB10DF9AD985BDEBBF8EB48320F20841AE518A7200C3B5A944CFA1

Function 05B50A6D Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

%, xrefs: 05B50B83

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 5f7aa83a6388c462128954d397d3ce637def82d455c591595bc7e6ae4d4620be
Instruction ID: 482766894559e2095cc04e1ba8f9c396ebce51cab8d0ee28b2cb39de3806a563
Opcode Fuzzy Hash: 5f7aa83a6388c462128954d397d3ce637def82d455c591595bc7e6ae4d4620be
Instruction Fuzzy Hash: 5941FC38901228CFDB25DF60DD98A99BBB5FF49301F0040E5E50AA3760DB749E85DF51

Function 05B4C788 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

b, xrefs: 05B4C7BE

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: 6faf8d5cf9963f3631d8c762c27e4ce6d91b63586a271c81f17ed69456c7e186
Instruction ID: 8c47934e80c5889dfa5c4fdec72c5d8a28d21504fcfb58606efd8ff85331bc87
Opcode Fuzzy Hash: 6faf8d5cf9963f3631d8c762c27e4ce6d91b63586a271c81f17ed69456c7e186
Instruction Fuzzy Hash: 3D21D574A012288FDB25DF25C998ADEB7B6FB49205F0045E5C90AA3744DB36AF81CF52

Function 05B5333D Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

^, xrefs: 05B53411

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: ^
API String ID: 0-1590793086
Opcode ID: d9fc340ca9cdd76b9c85d1a6300486b79e0b39920849cff2927b9bd6f1ab22fe
Instruction ID: 3fcbc38570c46cece26493c173c30bd2bf988ca0fbaf6bf02f7a58abe38fce2b
Opcode Fuzzy Hash: d9fc340ca9cdd76b9c85d1a6300486b79e0b39920849cff2927b9bd6f1ab22fe
Instruction Fuzzy Hash: 6831C278D06228CFDB64DF24D998BA9BBB5FB48301F0010E9D50AA3750DB386E84DF51

Function 05B41F47 Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

}, xrefs: 05B41FC8

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: }
API String ID: 0-4239843852
Opcode ID: 0a9e7161bdef4cda4e013f313fc5157375d3be13da9fffd2a9e116dfac7f86a5
Instruction ID: d5fc0f0e981ed4015ddfd87bf7f98e994c35f4a9e51d89bdea20d0aea82ab6ea
Opcode Fuzzy Hash: 0a9e7161bdef4cda4e013f313fc5157375d3be13da9fffd2a9e116dfac7f86a5
Instruction Fuzzy Hash: 7A21E474A4522ACFDB25DF25DD98A9DB7BAFB48300F0081E5C90AA3741DB34AE81CF41

Function 05B52A30 Relevance: 1.3, Strings: 1, Instructions: 45COMMON

Download Yara Rule

Strings

#, xrefs: 05B52AFF

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 02ab7f4ba4c9757f60ab586e6fe7923cec59c031539a4e2ccba9535e15832cd8
Instruction ID: aa2f56ae756ab638a9e09643a98e10da67e438958267a5b45ac549c39e5631df
Opcode Fuzzy Hash: 02ab7f4ba4c9757f60ab586e6fe7923cec59c031539a4e2ccba9535e15832cd8
Instruction Fuzzy Hash: 7121D8B891222ACFDB64CF24DD98AE9B7B5FB48311F0042E5D80AA3290E7345E84CF01

Function 05B439C6 Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

L, xrefs: 05B43A21

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 14eb4722ce476d14498f639c06162b4b93daf378728af23ffd528691bff1271d
Instruction ID: c8a40208a1b03d4641061a5e4f5216c06668c7b93fafa39a90434928c221da81
Opcode Fuzzy Hash: 14eb4722ce476d14498f639c06162b4b93daf378728af23ffd528691bff1271d
Instruction Fuzzy Hash: BF019774905528CFDB68DF64DD95B9EBBB2FB48242F0000E5D60AB3240DB346E81CF55

Function 05B557D0 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

V, xrefs: 05B5580A

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: V
API String ID: 0-1342839628
Opcode ID: d0e4cbdf95fdddf03d306c15805c555b12040cab090ac6495212db4b71a1ed2b
Instruction ID: ad37a6a12ec6ddffa4307ff7487e33a2ab1287ec39ef76ac4aca6d223476688f
Opcode Fuzzy Hash: d0e4cbdf95fdddf03d306c15805c555b12040cab090ac6495212db4b71a1ed2b
Instruction Fuzzy Hash: C8E09A34A141248FDB28DF21ECA86CAFB72FF46301F0441E5D54653551DB314D02CF44

Function 05B4C8A3 Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

Y, xrefs: 05B4C8D1

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: Y
API String ID: 0-3233089245
Opcode ID: 24bc7a8e507b85e57bca719de88c92e7ca5a10a87328ed934c684c35ede7db1f
Instruction ID: 632188c17bd6e9b036084e690370eb8599c65d57208c117f3a8564ecb8a75735
Opcode Fuzzy Hash: 24bc7a8e507b85e57bca719de88c92e7ca5a10a87328ed934c684c35ede7db1f
Instruction Fuzzy Hash: 59E01A30904199CFDB24DF54E994B9DB7B6BB44301F0081D5C146722C0CB346D40CF95

Function 05B4DAC4 Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

O, xrefs: 05B4DAF2

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: 60ffbcd7ff1581c4105509c2973e6daba99da61ab06b2d2e28877f4f785918be
Instruction ID: 2410549f879e313311b0e781f324302f7a7242f0d3e7b87e12a2f22fa23d13e2
Opcode Fuzzy Hash: 60ffbcd7ff1581c4105509c2973e6daba99da61ab06b2d2e28877f4f785918be
Instruction Fuzzy Hash: CFE01A7491102C8BDB24DF15D884B9EB7B2BB48300F4044D4C14A72280CF34AE44CF8A

Function 05B4EDF5 Relevance: 1.3, Strings: 1, Instructions: 9COMMON

Download Yara Rule

Strings

C, xrefs: 05B4EE1A

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: b59e4de51fa564ca3466a8f7cd7212b8aea1d5a4d221b3bbb015861b0ea59a8d
Instruction ID: 5045854370fdff9ce5cff91a477b0d1ff2b7310ef4ac29ebe0b2fd1e281d2b31
Opcode Fuzzy Hash: b59e4de51fa564ca3466a8f7cd7212b8aea1d5a4d221b3bbb015861b0ea59a8d
Instruction Fuzzy Hash: 96D09278900228CFCB24CF20C8A9A99BB76FB48301F1001D5C40E63680CB385F80CF06

Function 059C6D28 Relevance: .7, Instructions: 695COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c6fe30350190664a7efdb258bd976dccb61cb66b29f3db04a584c57d323b8c9
Instruction ID: 2c0aa8c6cc74007529d65fe1b67e46401dd3b82cd1d60bec034fbd6c0d8dc5b6
Opcode Fuzzy Hash: 7c6fe30350190664a7efdb258bd976dccb61cb66b29f3db04a584c57d323b8c9
Instruction Fuzzy Hash: C7520E74A00219CFEB54DBE4C864B9EBFB6FB84300F1081A9D20AAB355DF359E859F51

Function 07068BE8 Relevance: .5, Instructions: 524COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36a7f219884d985f334352ecf6859490771cde795625b643bac361219dfef266
Instruction ID: 04f71fa1dbd4e2a81ab92428ebcb87c33a8d3fc32b29f33102566caf4f5e8a96
Opcode Fuzzy Hash: 36a7f219884d985f334352ecf6859490771cde795625b643bac361219dfef266
Instruction Fuzzy Hash: 97129CB4B102158FDB64DF64C868BAE77F2BF89310F1482A9E505AB291DB75EC41CB50

Function 059CE8C8 Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 646221499a70c3b8f7dd2e29e3dd2a523504c7118863a0e151edd98216e46d6a
Instruction ID: 0eb2df175b0576135f5e2913f69186aad169700be565f2610ba2f43984b6ba62
Opcode Fuzzy Hash: 646221499a70c3b8f7dd2e29e3dd2a523504c7118863a0e151edd98216e46d6a
Instruction Fuzzy Hash: BC42E330D04619CFCF15EFA8C8446ECBBB5BF49300F518699D54A7B264EB30AA99CF91

Function 059CE8B9 Relevance: .5, Instructions: 519COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73575d43c2fd29523201fda212b766d49bc48b1fb77c3f7a878871b33c8b35b5
Instruction ID: 345bf9a61f6b5a7f0baafd865b1abc68f20366befaaa47d5caad7709c8342d6f
Opcode Fuzzy Hash: 73575d43c2fd29523201fda212b766d49bc48b1fb77c3f7a878871b33c8b35b5
Instruction Fuzzy Hash: 4442F330D04619CFCB15EFA8C8446ECBBB5BF49300F5186D9D54A7B264EB30AA99CF91

Function 059C63A0 Relevance: .5, Instructions: 469COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67407072298d2f4a254c2aa4e9447107d3ff3ee480ce449ba0f0e83096444cf7
Instruction ID: 85e4f8dc008c213fa72ec26f80649395f79f8dbbb3cb950b45e80262d1f326d8
Opcode Fuzzy Hash: 67407072298d2f4a254c2aa4e9447107d3ff3ee480ce449ba0f0e83096444cf7
Instruction Fuzzy Hash: 0D123930A00259DFDB14CF68D984AAEBFF6FF88314F1485A9E50A9B261DB31ED41CB51

Function 07060063 Relevance: .4, Instructions: 410COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736713afb9d976e9f13e4a42772490349e88a978afee7a63a6c52634c3784ef0
Instruction ID: 2067cffff66b17701b4065bf357254b6ceeec42f27f5811b72eab7b2d2f17e48
Opcode Fuzzy Hash: 736713afb9d976e9f13e4a42772490349e88a978afee7a63a6c52634c3784ef0
Instruction Fuzzy Hash: 2D02F270640205DFDB48DB68D4A8AAD7BF2FF89311F1582A8E409DB362DB35EC85CB50

Function 059C9948 Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e76665015f6ce284d04b3fc549f479e6c34894c99a5011e9004ff34aa4ea00c
Instruction ID: c3b6585d427783e8380a9f0d9daa31ab8455e68630ca6964511d45216412f71c
Opcode Fuzzy Hash: 7e76665015f6ce284d04b3fc549f479e6c34894c99a5011e9004ff34aa4ea00c
Instruction Fuzzy Hash: B5F1FA75A00515DFCB04CFADD588AADBFF6BF88310B168099E415AB362CB35EC41CB51

Function 059C4AE8 Relevance: .4, Instructions: 370COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d0371ebbea825cb15691f50b557ace566cd86c8f152a164c60568f54b93041
Instruction ID: 663013fe9e62db165d778c891fee8a646677b2b98c6853c6ec52d4d383a28d22
Opcode Fuzzy Hash: 18d0371ebbea825cb15691f50b557ace566cd86c8f152a164c60568f54b93041
Instruction Fuzzy Hash: 08D19D307002149FEF05AF64D864B7E7FAABBC8341F148968E50ACB395CF759D818B96

Function 059CA61C Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fafbefcc28c49888620ec0890ba166dec914f50cf0566ecf4ab8d7020497bf41
Instruction ID: a79648ee4eeef101da0eabd4955699329b86b772f2fa5479bb826dd23c60b22a
Opcode Fuzzy Hash: fafbefcc28c49888620ec0890ba166dec914f50cf0566ecf4ab8d7020497bf41
Instruction Fuzzy Hash: 7DB1AB71A04348DFEB11EFA5C9446AEBFB6FF84300F2444AEC509AB245DB359952CF92

Function 070643F0 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ace3a50fbeb628baba796dcc70b7b64c11076fdb01604cb5d07293b87c361b00
Instruction ID: a941528aba826a605a8cf1401b56e3aabecd68917927a2d4664b89b89964458c
Opcode Fuzzy Hash: ace3a50fbeb628baba796dcc70b7b64c11076fdb01604cb5d07293b87c361b00
Instruction Fuzzy Hash: BCD15EB0600745CFC725DF34C4A8AAEB7F6BF85320B144B69E5529B2E1CB35D985CB11

Function 07066510 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 770d7e9a1c91ca692fcb52e7cb5ff1fb68f551cf26080f24b2a199fb139ec5fa
Instruction ID: 14dbc2fffe69f0cbdcede9cabb81df577edcdf68857ab864e6d8644a59e18b7d
Opcode Fuzzy Hash: 770d7e9a1c91ca692fcb52e7cb5ff1fb68f551cf26080f24b2a199fb139ec5fa
Instruction Fuzzy Hash: 53C15B74A01109DFDB04DB68D558EACB7F2FF85311F2582A9E405AB3A1DB36ED42CB60

Function 07061B08 Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68ae7b37947e5afb95c3b2fd43a1a6b5e8c53c7d5be4a348d310f5e3b4fd1244
Instruction ID: b12bb2111bfc74544125ea8dbe1cf3026d005df70d632c86f9c7985c5a4bac36
Opcode Fuzzy Hash: 68ae7b37947e5afb95c3b2fd43a1a6b5e8c53c7d5be4a348d310f5e3b4fd1244
Instruction Fuzzy Hash: D6C11874B00219CFCB58DF68D558AADBBF2BF89710B1146A8E506AB3A1DB71EC41CF50

Function 059CD37C Relevance: .3, Instructions: 279COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 604308771cc528cf8fdde38dc35e8ecb542292bfae093f2a6b2d7bec0c0b0ff3
Instruction ID: 5db09242abb3c9f537c325870c0b67a7af285784a8bc6eac385b78757f0424bf
Opcode Fuzzy Hash: 604308771cc528cf8fdde38dc35e8ecb542292bfae093f2a6b2d7bec0c0b0ff3
Instruction Fuzzy Hash: 79A19C71E003599FDB05DFA9C854AEEFBB6EF88300F14816AE405BB351DB75A805CB91

Function 059C6392 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27d1dd949b7599a7a04d7adfae6efd5d689db091e3c960b48fc4a303f1886e2c
Instruction ID: 0d20de95b02416b4a6ebddde5fb9ce067d016cb9955c87dac1a58405227697fe
Opcode Fuzzy Hash: 27d1dd949b7599a7a04d7adfae6efd5d689db091e3c960b48fc4a303f1886e2c
Instruction Fuzzy Hash: A8C15A70A00209DFDB14CF69C984EAEBFF6FF88314F158599E80AAB261D731E941CB51

Function 0706EBC0 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4863edb0511da4d0790de3670361c275fff8607ca8f20d7b1739aeac217cf515
Instruction ID: a8214a28ae6b03bdc0e7c6b6ea47d51c5b48e47d3a03b91d1c58b48cc7c624af
Opcode Fuzzy Hash: 4863edb0511da4d0790de3670361c275fff8607ca8f20d7b1739aeac217cf515
Instruction Fuzzy Hash: F5B14D74A00209CFDB45DF68D5A8A9DBBF2FF89310F2481A8D405AB366DB35DD45CB60

Function 05B46583 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c474500337b3450bed57f32cea366ae4f0342afa70dae6bb1032eab5417e6f2
Instruction ID: 93d1f044767519de7718b38be45f756d3d6352baa8cd90be84c6d8552e608e86
Opcode Fuzzy Hash: 5c474500337b3450bed57f32cea366ae4f0342afa70dae6bb1032eab5417e6f2
Instruction Fuzzy Hash: 5FF18278902169CFDB25DF10DD989A9FBB6FB88340F1081EAD90963364DB715E86DF80

Function 07065840 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efe0d3c7a2d19db456e19e5d7e474841b3186da608662b104877e9f140805afc
Instruction ID: 6f635141b60651d192fa7c84812fe38aeeeb509c1f5028b5cfe0e214d09161ea
Opcode Fuzzy Hash: efe0d3c7a2d19db456e19e5d7e474841b3186da608662b104877e9f140805afc
Instruction Fuzzy Hash: B481A0B1A00206CFDB54DB68C864BAD77F1FF49314F148165E445EB3A1DB769C428BA0

Function 05B5EF68 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba43d69d4e01756c3d5d020468fe88dff16afaf2fa88348b4daa33ae04207ce
Instruction ID: 8bcfe76a3fff0031ca7e654f24afb06c5ca4c062aafdcdc70119531eb0efc368
Opcode Fuzzy Hash: 9ba43d69d4e01756c3d5d020468fe88dff16afaf2fa88348b4daa33ae04207ce
Instruction Fuzzy Hash: 7C815DB1E003598FDB08DFA9C8546AEBBF6FF88310F14816AE409EB354DB746901CB91

Function 059C52F6 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4c0da16aaf9cc8a3d20df3e8fffea020d067b8cb73049a1141e6380c33ca8fd
Instruction ID: df6dd2a3691de8550a1114585aaa06cff5c5911adfe968b3a85f534e79ea82ec
Opcode Fuzzy Hash: a4c0da16aaf9cc8a3d20df3e8fffea020d067b8cb73049a1141e6380c33ca8fd
Instruction Fuzzy Hash: 9B816A34A04205CFDB18CFA8D888969BBF6FF89300B1681ADD406EB365DB71F841CB52

Function 07067674 Relevance: .2, Instructions: 203COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0caf55295cc9d68c18917cbfffe1bea82bc43e35ffaee3c886a812bcba03d87
Instruction ID: 7c87f6c37b9295c0dc65c374ca9f223a8678c9c2bf385d893dd84c8c7ce5fd5b
Opcode Fuzzy Hash: f0caf55295cc9d68c18917cbfffe1bea82bc43e35ffaee3c886a812bcba03d87
Instruction Fuzzy Hash: 3C715CB0B042099FEB54DBA8D868BED7BF1FF89310F144269E505EB3A1CB759841CB61

Function 059C6970 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36bc8d0e9e9b19669d40e8cf9c194d997c5c41ca0f40adbbbfb39ea54281acbc
Instruction ID: b1b4d2f803d4717c15126ccf544baab3a517a5a1c0492ae99091d7d0533663e9
Opcode Fuzzy Hash: 36bc8d0e9e9b19669d40e8cf9c194d997c5c41ca0f40adbbbfb39ea54281acbc
Instruction Fuzzy Hash: 6C71F6347042458FCB15DF2DC498A6A7FEABF89740B1540A9E806CB3B1DB70DC41CBA2

Function 070657F8 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc10ac46df50a48ab395dd5ce102a0aef2355b4ad35eebaf7c45f0efd312851e
Instruction ID: fd48ecb4166aab7e5bae377c7f9452b920f50dbaf80ad78892e06b31772703cb
Opcode Fuzzy Hash: bc10ac46df50a48ab395dd5ce102a0aef2355b4ad35eebaf7c45f0efd312851e
Instruction Fuzzy Hash: 9C51F2757002109FDB08ABB9D864AAE7BE7EFC5350B048469E506CB3A2DF35DC06C7A1

Function 059CA55C Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36c446830d196c16bd635246458d1277b336e00eeec0099bd2d79d0e2179b049
Instruction ID: be34a4721923bd310539e88f88cecdffd5005f422d873ec4063663dfb5384bd1
Opcode Fuzzy Hash: 36c446830d196c16bd635246458d1277b336e00eeec0099bd2d79d0e2179b049
Instruction Fuzzy Hash: 20510830300601CFE764DB68C898BA67BAAFF84715F5184ADE15E8B361CE71EC86CB51

Function 05B5E2F0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12c722cce141c05cd2df6bdef24d4482366e54904b1749ecf1fb061d33f53b30
Instruction ID: 4bee2a5d2a49cc9092a3d569d5b73c4bb769d23a5b6fd47cc9396e10ac448d2e
Opcode Fuzzy Hash: 12c722cce141c05cd2df6bdef24d4482366e54904b1749ecf1fb061d33f53b30
Instruction Fuzzy Hash: A5516471E102499FDB18DFA9C844AAFFBFAEF88310F10846AD815E7350DB74A905CB90

Function 07063168 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170a465d214f82cf19ec8001c60d7c0ae063a3802aab40268c558ceb4fa4e193
Instruction ID: 12101278059ee4dc3a7dc2fcf2da1d242d58eb168218072904c7928f736eb695
Opcode Fuzzy Hash: 170a465d214f82cf19ec8001c60d7c0ae063a3802aab40268c558ceb4fa4e193
Instruction Fuzzy Hash: 43515D707002068FDB59DB68C4A8B99BBF2BF89700F148269E516DB3A1CF70EC45CB90

Function 070643DF Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 833c7928b67a38db5802d1f6ed8727289748a1b38355426558d37ea61a79a6a2
Instruction ID: ff636a55013aeb81b377e71fe0138153c6a977a632d6ca23a5b27d9def71e4ae
Opcode Fuzzy Hash: 833c7928b67a38db5802d1f6ed8727289748a1b38355426558d37ea61a79a6a2
Instruction Fuzzy Hash: 1551BEB4600341CFD7249F29C468AAABBB6BF85320F104B6DF5628B2E1CB75E941CB11

Function 059CBD70 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d506bb1de419d761f057963eb76623abf5cfd74bee2ad783862874879b84ac8
Instruction ID: fd7756cd28a17f93c012d87383bc4d5f7df3cee3f493b039297b44bd8243892b
Opcode Fuzzy Hash: 2d506bb1de419d761f057963eb76623abf5cfd74bee2ad783862874879b84ac8
Instruction Fuzzy Hash: DF41F2317047015BEB29BAB9942063E7ADBEFC6240B5448BDD617DF780EF24DC0687A6

Function 059C2028 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0281c1b121cc5f33d7c3d5c04a185ce7829677474489fdb2bdebf760dc9720b
Instruction ID: fe076afb1f3a920ce7071e35fc67581e60efe38fd2207e0bf67a188a8886181e
Opcode Fuzzy Hash: e0281c1b121cc5f33d7c3d5c04a185ce7829677474489fdb2bdebf760dc9720b
Instruction Fuzzy Hash: B94123357046109FDF19A739982462E3AEBBFC6A00B1445ADDA06CB395EF25CD02C7E3

Function 07062E40 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78e77edbb474d4d7938c4fcde2a30b9bd7065f07601e6124b62b3d41deeb93bb
Instruction ID: 5fe4c6986dacf13c96e19de428a9d2131580dfa20414590add6ac3f243bc5448
Opcode Fuzzy Hash: 78e77edbb474d4d7938c4fcde2a30b9bd7065f07601e6124b62b3d41deeb93bb
Instruction Fuzzy Hash: 49518EB43006028FDB68DF29CCACB6977E6BF85614F058269E55ACB2A1DF34E851CB50

Function 07063157 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e78da90678696fdba532c2a008e5953a6c62b36d7d0dd7a3984360e0f2b852f
Instruction ID: f51ae52639cdd844a0a2241bc5a80bb9790601861bc7d6a12d19c968efdd7043
Opcode Fuzzy Hash: 1e78da90678696fdba532c2a008e5953a6c62b36d7d0dd7a3984360e0f2b852f
Instruction Fuzzy Hash: 515138B57001068FDB58DF65C898B9ABBF2BF49714F148269E416DB2A1CF70EC45CB90

Function 07066D61 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8d9387cbb643f46f303435a44bba11b384bc0dbd89163ff581532b4d3fe8f5d
Instruction ID: c19e4918f273a858d309324a03f63a472f6cde23a02da96cde4580be73c9ac52
Opcode Fuzzy Hash: a8d9387cbb643f46f303435a44bba11b384bc0dbd89163ff581532b4d3fe8f5d
Instruction Fuzzy Hash: DD51B2B1A40206CFEB54CF68C969BAD77F1EF49304F1482A9E049EB3A1DB769D41CB50

Function 07065890 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf6aa1455d08e0d3f800f7aa5de92f8e8fd5fa08da6ddf502be5a319b8a616d2
Instruction ID: 39b64e1f973bf425c01c44c6eb290e56d5576e37d34b89ef1d6d2edd6ffe9a7d
Opcode Fuzzy Hash: cf6aa1455d08e0d3f800f7aa5de92f8e8fd5fa08da6ddf502be5a319b8a616d2
Instruction Fuzzy Hash: D951A070200616CFD7149B29D498A697BE2FF85328F209A6DE919CB360DF71EC85CB90

Function 05B54D12 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd1d12e9c59ec49b094ff0e09aa1e9ebbb123acb903e6f596fa97cb89de0b92f
Instruction ID: 9f53d6520be3faf0cb786cb19692a58582c45f078817a6ca632be5bde7efeb3a
Opcode Fuzzy Hash: fd1d12e9c59ec49b094ff0e09aa1e9ebbb123acb903e6f596fa97cb89de0b92f
Instruction Fuzzy Hash: D0819378901128DFDB25CFA0CD58AA9BBB5FF88340F0041EAD90967361DB356E81DF50

Function 07061AF8 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2378af6d539199203d17e3e2436a21696c670970e5f4e7e079d0e832239d9a84
Instruction ID: 5b83615e9a7670b6d6086934091f08ebe8e46de948edfd800b78cf655427ce76
Opcode Fuzzy Hash: 2378af6d539199203d17e3e2436a21696c670970e5f4e7e079d0e832239d9a84
Instruction Fuzzy Hash: A15117B4B00615CFC758DF28C598A997BF1BF49725B1146A8E406EB3A1DB71EC41CF50

Function 059C9790 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff74f8ca3c8ac8a33cf5bcc2086ac59647f824a295483be48b5b1136fadf0b93
Instruction ID: 1b17a95f2758eb0c954066cf85735c3d53fcbe395c619f5525da18536a4c454c
Opcode Fuzzy Hash: ff74f8ca3c8ac8a33cf5bcc2086ac59647f824a295483be48b5b1136fadf0b93
Instruction Fuzzy Hash: 69419E35B042049FDB049B68D855A6E7FB7FBCC710F1444A9E906DB391CE35AC028BA2

Function 059CDAAC Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d9d7eff6cbe469d00bfc2ebc5b36709edd7101e96f253eca26441f48d2bef4
Instruction ID: 1f20b9ad6d7f9633e22fe1c84b76ddda61e3b9b0c4765d5ca325af5f96989329
Opcode Fuzzy Hash: 11d9d7eff6cbe469d00bfc2ebc5b36709edd7101e96f253eca26441f48d2bef4
Instruction Fuzzy Hash: DC419670E046169FDB03EF65C948AAA7FBABB44340F5848AED507E7294F634C9108A93

Function 05B5B578 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f22f228059bd752c1f47c5abc6040830c2963ad3128d18bf1c4d9e6e64a615f
Instruction ID: be671a7254ba16fd528bf05a0fd855b9b2278aebbc679db4227e56da04ca4b57
Opcode Fuzzy Hash: 4f22f228059bd752c1f47c5abc6040830c2963ad3128d18bf1c4d9e6e64a615f
Instruction Fuzzy Hash: 3241AE75E00208CBDB18EFB4C4547EDBBB2FB88325F1405A9D902B7344DB35A986CBA5

Function 059C8B93 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e45efda896e43b62512d1c33e29f4ea4b8b7840cc37a2f9eb7178d0a1436cc2
Instruction ID: 823c1cd1481187fedb270349617ca3bcc86abd3f0066e2f49d27b43ff163025e
Opcode Fuzzy Hash: 5e45efda896e43b62512d1c33e29f4ea4b8b7840cc37a2f9eb7178d0a1436cc2
Instruction Fuzzy Hash: 5741C375A04249DFCF11CFA4C844AAEBFB6FF89350F008499E805AB2A1D331E955CB51

Function 059CE6A7 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55b2d87797998213febf4ff23af2dba4e73ab5b3ea1cc42095b218e0cedbeb07
Instruction ID: ae419833181af1b88fca295ef1fb6d0e59c868c100a07201667ded7481ee2e0e
Opcode Fuzzy Hash: 55b2d87797998213febf4ff23af2dba4e73ab5b3ea1cc42095b218e0cedbeb07
Instruction Fuzzy Hash: 3741A371E042169FDF03EF65C949AED7FBABB44240F5808AED407A7294F6348A118A93

Function 07060B68 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbd832cbe49ff5df6fa044b79822431aedc9fa5e2bfb4c09297f6fd5965614f6
Instruction ID: 6d5c46b0c21b478d17afcbf68524864412b9deaa05a0ab6296b938a13b514097
Opcode Fuzzy Hash: cbd832cbe49ff5df6fa044b79822431aedc9fa5e2bfb4c09297f6fd5965614f6
Instruction Fuzzy Hash: D741A1703406029FD728AB24C8A9F6AB7F6FF85314F1086ADD0459B2A1CF75EC46CB91

Function 059C3CE8 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4dda423f613cfe6980cd16a1e07ee1e4ab2fd7b1a5b339fa3658cf93f96766a
Instruction ID: 935730e5ce9cdd390145bb75352eb24c07b483aac5d3ae42c4a134cea50d0dda
Opcode Fuzzy Hash: f4dda423f613cfe6980cd16a1e07ee1e4ab2fd7b1a5b339fa3658cf93f96766a
Instruction Fuzzy Hash: 5751CD74E00208DFDB04DFAAD484AAEBFF2FF88300F14846AE815A7265DB749942CF51

Function 07060B78 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2684b05ebc6f31eee2d95296ea06e12310da85b0d9488ad45a2e20296ce04a39
Instruction ID: 8e2bbd334fca13bb459d5ce16635a60a2c48c47e23945d2d43e126f3ee6481f9
Opcode Fuzzy Hash: 2684b05ebc6f31eee2d95296ea06e12310da85b0d9488ad45a2e20296ce04a39
Instruction Fuzzy Hash: 894190703406028FD768AB28C4A9B6AB7F6BF84314F108669D1059B390DF75EC46CB90

Function 059CA340 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66940b5b174085cc9b3a951167afbad8372372e81757cd8093bf431cac4bebfc
Instruction ID: 09c8a7893c1b66eed94181e7d08d30693d83ba08269b8c19148ac2b618a80526
Opcode Fuzzy Hash: 66940b5b174085cc9b3a951167afbad8372372e81757cd8093bf431cac4bebfc
Instruction Fuzzy Hash: B7411774A00259CFDB10DFA9C685AADBFF2BF48304F944199E504AB361D775AE04CF91

Function 07065D28 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3ac73371182efe999e1ba46adde917b61bc557d2bd32340b90047dce92eedc3
Instruction ID: 05d53c9250729b485a862dbfa107c1b58d52b713bf60493da41fff2e4c47e3f1
Opcode Fuzzy Hash: a3ac73371182efe999e1ba46adde917b61bc557d2bd32340b90047dce92eedc3
Instruction Fuzzy Hash: 7041A0B93002128FDB68DB28CCACB6973E6AF85214F15426AE556CB2B1DF30EC51CB50

Function 059C3CD8 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3edbe9bde492dd58eb226b4725b76a0ac4aecf534c7b26e88059a93e8422f29a
Instruction ID: ec309a63cf872b51e17df82cccd8be431e5a8d11cee5f97f1ab1aaa29674e639
Opcode Fuzzy Hash: 3edbe9bde492dd58eb226b4725b76a0ac4aecf534c7b26e88059a93e8422f29a
Instruction Fuzzy Hash: 6441E274E002089FEB04DFA9D444AEEBBF2FF89300F14C46AE815A7265DB759945CB51

Function 05B5A08C Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fbd2656e18c1b4e5362250671998ae52b576495548c9e1e26d89ace1211fd47
Instruction ID: 41a8c8b59526e490ba8dc036fd00aa60ea7e1add60f137699474fbe6a336a6cf
Opcode Fuzzy Hash: 5fbd2656e18c1b4e5362250671998ae52b576495548c9e1e26d89ace1211fd47
Instruction Fuzzy Hash: 3A3130717001048FDB18EE7DD854BAD77E6FF89635B1405ADEA16DB3A0DA32E801CB50

Function 059CD400 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60cb9035c9893eb17cd701da810baffd01ac6ef7d4be3d0f3d3b58fa9ea8091a
Instruction ID: a4bf76d82a696fb4f6f1e4e8cdd9010ad0789487ef4a1c8d7eb8af6da5f4652a
Opcode Fuzzy Hash: 60cb9035c9893eb17cd701da810baffd01ac6ef7d4be3d0f3d3b58fa9ea8091a
Instruction Fuzzy Hash: FE418930A04208DFDB119FA5D9889ADFFB2FF84304F22416DD4057B25ACB3198A2DF81

Function 05B5E32C Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0fad9c64ab87f1dadb451d488e22914c65dec81b491e99e4b39ba74c1abb6bf
Instruction ID: 4e77043ea0a2cc5fae13add3755fac8bce93bf934e991337be10a0857cb4be31
Opcode Fuzzy Hash: d0fad9c64ab87f1dadb451d488e22914c65dec81b491e99e4b39ba74c1abb6bf
Instruction Fuzzy Hash: F341E3B1D00309DBEB24DFAAC584A9EFBB5BF48314F248069D508BB254D7B56A45CF90

Function 070642C8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11ad1d28ee4a1ae69e142132b96a3f4a36c0d9eaef87e75dc468a8cf79600336
Instruction ID: bc94aab64408728d9a6ab518a49e37dcbb6cd3449bcd2a68d4d15aeb88672b03
Opcode Fuzzy Hash: 11ad1d28ee4a1ae69e142132b96a3f4a36c0d9eaef87e75dc468a8cf79600336
Instruction Fuzzy Hash: 0A3139717002259FCB149F68C898AADBBB6FF88720F114699F5259B2B1DB71DE01CB90

Function 070618C8 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 963ce7e798c60cade4ef14eed9a26e10e10dd0f6361390eb095bd5b8331f7c73
Instruction ID: 99942cec12522142914ba583db00e47b1e84400e178199b96c01d582403bf6e6
Opcode Fuzzy Hash: 963ce7e798c60cade4ef14eed9a26e10e10dd0f6361390eb095bd5b8331f7c73
Instruction Fuzzy Hash: 2D3169747106058FD798DB29C458B6AB3E6BF85604F0586A9E45ACB3B1EE30EC02CB60

Function 05B47C0B Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f4fb49434c6a99af0413e94c0fffdb77522a4f380fe3db6f32c9ba5cc176ca5
Instruction ID: 8ceca5506e68d6713cd5c90df3782d78ae25202acdbe90063d0a23d855d3f4dd
Opcode Fuzzy Hash: 1f4fb49434c6a99af0413e94c0fffdb77522a4f380fe3db6f32c9ba5cc176ca5
Instruction Fuzzy Hash: 5051C774901269CFDB65DF65CD98ADABBB6FB49300F0081EAD509A3250EB74AEC5CF40

Function 070642D8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ffd6a55a3790159605bde29df7f9808afff6ccac84f81b566f611481fb46fb1
Instruction ID: 9d3fac5e2440b9f5bb33a9aef21c43702cb7a0406d14acdb71ec4ae1783260aa
Opcode Fuzzy Hash: 2ffd6a55a3790159605bde29df7f9808afff6ccac84f81b566f611481fb46fb1
Instruction Fuzzy Hash: 05311871700225DFCB149F68C898AADBBB6FF88720F114269F5259B2B1CB71DD41CB91

Function 07065860 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c52092514e00ce1776f5bfaf49e296827309a59dc4b1b546037ca3ac53df3338
Instruction ID: b7da353c03901a14fe173c3d59a3ff2cbc7db219449dbc6141a625fc015b5630
Opcode Fuzzy Hash: c52092514e00ce1776f5bfaf49e296827309a59dc4b1b546037ca3ac53df3338
Instruction Fuzzy Hash: BE411AB1A0021ACFDB14DF68C854BEDB7B1FF48314F1481A9D505AB361DB35A841CFA0

Function 070618B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22bf659225cbef939d629ced5d197e57da2727e200bca32a35bcd425ef9e5499
Instruction ID: e3698e37263795b8f8a12d078c4896b5d8a1073feb77b9abf5d6c8a1aad2ca74
Opcode Fuzzy Hash: 22bf659225cbef939d629ced5d197e57da2727e200bca32a35bcd425ef9e5499
Instruction Fuzzy Hash: F1318B757106058FD758DB29C858BA973E6FF88604F1586A9E55ACB371EE30EC02CB60

Function 059CDE6E Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 774644d5b2e19e05e1c68b427521454b23337cbf8dc4ede9683176d2ba611917
Instruction ID: 2500b4a09902f9bb5519d4f53afe938fe865da48bfde67f6b5cfacf8e9600878
Opcode Fuzzy Hash: 774644d5b2e19e05e1c68b427521454b23337cbf8dc4ede9683176d2ba611917
Instruction Fuzzy Hash: F8310471B043999BCB06EBA0C850AEEFBB7BF89300F0041B9D505B7291EB75AD058B91

Function 059C42B0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b392b3d5e23633aca591d5b2beacc52fd378a8af51d09ed13bc33d223736356e
Instruction ID: 63780b37bcc81ab43e977fc5c3a24ec7cffb0f017cb66c1d47c9f1e6bab91b1b
Opcode Fuzzy Hash: b392b3d5e23633aca591d5b2beacc52fd378a8af51d09ed13bc33d223736356e
Instruction Fuzzy Hash: AB319035304119AFDF01AFA8E965A6E3F67FB88301F004068F90A97394DF35D9A5DB92

Function 05B5E2E4 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cdaa024267e7f89727c358d7b9e18bb598b4250b3758baa23834a778643c379
Instruction ID: f3dafd4409738c13540b7a306f13845596de77881aeccc6423d751c519985e42
Opcode Fuzzy Hash: 2cdaa024267e7f89727c358d7b9e18bb598b4250b3758baa23834a778643c379
Instruction Fuzzy Hash: 2941BFB1D00359DBDB18CF9AC884A9EFBB5FF48710F64816AE818BB214D7B46845CF90

Function 05B4D2AE Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af5c94f92bfb93ca097b898803e77275a5bad6268d6b801e05d6cb739642dcc7
Instruction ID: 76ef41590f28f302d3d8de04328cf1e9d1c207e5cc834cb34b868dfa0766f26d
Opcode Fuzzy Hash: af5c94f92bfb93ca097b898803e77275a5bad6268d6b801e05d6cb739642dcc7
Instruction Fuzzy Hash: E741C978A00269CFCB24DF65D994ADEB7B5FF49300F1081EAD90AA7650DB74AE81CF41

Function 059C050F Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e018f7e39c0b1258b00f43637435c1ae775f75d2fba7dc5223aa0e8401abf8b2
Instruction ID: de5f417805d7125ea7e2c59bc8b1cc0583eb3a33f7bac1afd1a3e8d928cfbbca
Opcode Fuzzy Hash: e018f7e39c0b1258b00f43637435c1ae775f75d2fba7dc5223aa0e8401abf8b2
Instruction Fuzzy Hash: 6331A3B8D05248DFDB00DFA5E589AEEBFB6FB48300F10856AE815A3340D7755A46CF51

Function 059C0520 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac01bd761e431228077190a416080e351b0ceb8df420502cbd4a0b5d58a4c5df
Instruction ID: 2cf4c894a23d1681f1136641799800f2953464dff1d708d9139db42725c577dd
Opcode Fuzzy Hash: ac01bd761e431228077190a416080e351b0ceb8df420502cbd4a0b5d58a4c5df
Instruction Fuzzy Hash: 9841D1B4D04248DFDB00CFA5E988AEEBFB6FB88300F10856AE815A3340D7755A46CF52

Function 059CCD40 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b070b4831560c7e29213ea3bd1cce8d86ba86f64c4c970d1762d468394e36f2
Instruction ID: df67b3c10a8760a4b1bf8ba5b83411ef5924557bb1eb7f57e3b0bae4d38107d0
Opcode Fuzzy Hash: 1b070b4831560c7e29213ea3bd1cce8d86ba86f64c4c970d1762d468394e36f2
Instruction Fuzzy Hash: 8F313831A001088FDB10DFA8C945AADBBF5BF4A204F2441AAD519EB261DB35AE40CFA1

Function 059CD398 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80f8be52e30deb9872aa4f26c95d841bd7264f8eae1bbe9c46fc216ccb882fa4
Instruction ID: ef07072f5f6c4c4d7ce35fd3e0271811a2f66a6244f940756d52d8f0cde6b7da
Opcode Fuzzy Hash: 80f8be52e30deb9872aa4f26c95d841bd7264f8eae1bbe9c46fc216ccb882fa4
Instruction Fuzzy Hash: 9731BF71A102599BDB05EBA4C8509EEFBBBFFC9300F1041B9D90677291EB71AD058BA1

Function 059C6C18 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1d47af28268b66b769680654d10b3229bf4d2df5ec6c7af841d05706ea6ba0f
Instruction ID: f98f1b82ad0ae9f0d63bc33b8c9a4d764ce747f3abe80ac1f2421200ad6f41c5
Opcode Fuzzy Hash: d1d47af28268b66b769680654d10b3229bf4d2df5ec6c7af841d05706ea6ba0f
Instruction Fuzzy Hash: 9E21743030511147DB145A2DD96463D6E9BFFC5614F1484BDEA06CB398EE65DC81D392

Function 05B5551A Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c7abb8b8042c31decc094468d7f730015836e16900d6ee898ac081da111f7a9
Instruction ID: 812b0e56ed5306c47dd9fd485fb8e105efb1f575e9455737b7ceb7b7451934eb
Opcode Fuzzy Hash: 7c7abb8b8042c31decc094468d7f730015836e16900d6ee898ac081da111f7a9
Instruction Fuzzy Hash: D741A678901228CFCB25DF25D9A99DDB7B6FB48302F1041E9D90AA3750DB349E81CF55

Function 059C6C09 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2e76c963a15e8eacfca6206f8c78893e33968ef59522481b4a52994319350cd
Instruction ID: 93162cd012249dc1da66fb075664678184144915d58489340bacd79e32993d86
Opcode Fuzzy Hash: c2e76c963a15e8eacfca6206f8c78893e33968ef59522481b4a52994319350cd
Instruction Fuzzy Hash: 4F21F5313052214BDB255B3DD9A463D2E9FFFC5600B1444BDEA06CB394EE25DC41A393

Function 059C9937 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 654bc1bcc5bcdd6fc684d1e70a1b0c7f73acfe27183e3c81c513e1f306b5cbad
Instruction ID: 2baf167ddd3871675faaf790915eaa3e49f1bfc6f9b150946d3d8f74abc01138
Opcode Fuzzy Hash: 654bc1bcc5bcdd6fc684d1e70a1b0c7f73acfe27183e3c81c513e1f306b5cbad
Instruction Fuzzy Hash: 66314D71A005159FCB04CF6DC888AAEBBB6FF88310B158199E515A73A5CB34EC52CB91

Function 059CDABC Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00f9d917456a3a07a1d105426096070cfd76f5825d6d12397b27f86fbf4543df
Instruction ID: 31cfdfa8678f08996000085c8f32be603bfae5981dba62765610fb617a491509
Opcode Fuzzy Hash: 00f9d917456a3a07a1d105426096070cfd76f5825d6d12397b27f86fbf4543df
Instruction Fuzzy Hash: D3216D71B105448FD700DF7DD89496ABBFAFF85700B1445AEE605DB221EB30E904CB62

Function 059CA60C Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f25f936e0538a870fd5f71398c70036255819440f288d5e3875322f9a3760e1f
Instruction ID: 9caf3d629c692a9339a650ac1349e7be0914e362f64519c02e489b618c7321a7
Opcode Fuzzy Hash: f25f936e0538a870fd5f71398c70036255819440f288d5e3875322f9a3760e1f
Instruction Fuzzy Hash: 0B21C431E0410AD7EB15BF68C5541AEBF72EF41300B5049EED56EA7244EB31ED148B93

Function 05B561CA Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb20543465b7a150d0216aaa9a99423b5a267f94f3a688d8f9cd89bf7694a27
Instruction ID: 356385f64eacf0b109f13b097a4ea2fac1c9a7a059f6b861ffa0dbdc74fb5c3a
Opcode Fuzzy Hash: 2eb20543465b7a150d0216aaa9a99423b5a267f94f3a688d8f9cd89bf7694a27
Instruction Fuzzy Hash: AE41C578A01228CFCB64DF24D998AADBBB5FF49355F1040E9D90AA3790DB346E84CF15

Function 05B43B5A Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d288d9831583d118099cc8fad9205cb8f431e0e6f9f9150f41785312a488911d
Instruction ID: b1d9ece8e0817820d1263cd419e06f592d421fa1eb7c6c92daf73c16264c605c
Opcode Fuzzy Hash: d288d9831583d118099cc8fad9205cb8f431e0e6f9f9150f41785312a488911d
Instruction Fuzzy Hash: D0417078900268CFDB25DF61CDA9ADDBBB6FB48341F1041E9D90AA3290DBB55E84CF40

Function 0706C260 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5320278bf2a54b49291680744d73827ea01cb17af226941585e6afe56413aaf0
Instruction ID: 37e7d8a601f5b2de8ab808dbaf987127b8641f2ee3796a18d209ba7459e2090c
Opcode Fuzzy Hash: 5320278bf2a54b49291680744d73827ea01cb17af226941585e6afe56413aaf0
Instruction Fuzzy Hash: 4021FCB27006428FE79597B9CC947873BE6FF45208B18429AD485CF316DB21F807C7A1

Function 059CF4A1 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fc1cf818085531388bd13f23d13632396d8fb6a0f2a90fb2269794b2ec2007d
Instruction ID: c67e4d99e1c1b1dd81f2487122465efacf8b6bc3c8256875dacf90ace6dbd11e
Opcode Fuzzy Hash: 8fc1cf818085531388bd13f23d13632396d8fb6a0f2a90fb2269794b2ec2007d
Instruction Fuzzy Hash: C2215C71B105448FC700DF79D894AAABBFAFF4A700B5541AAE605DB371EB30E944CB62

Function 05B5F2B8 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 860d102f9a2b9b0efd9047259507ead261996ef5ff4760a821ec6bb45be2880d
Instruction ID: e3882bf65e9fa2ba01f10600ec9be7278666857e4bf408936e491e622a5bec9f
Opcode Fuzzy Hash: 860d102f9a2b9b0efd9047259507ead261996ef5ff4760a821ec6bb45be2880d
Instruction Fuzzy Hash: 6221E1726002008FDB19EB79D44459BBBE6FF84214754C8EDD606DB351EB71FD0A8B91

Function 07061DFD Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f1d10937971e6627661a237c18f5e34b6b38c341e7cf8bb1dab810a637973b7
Instruction ID: 2a952e21d33b21f2a5a3e9324175479533a5e586ea8fa9faac1134cf1673120f
Opcode Fuzzy Hash: 6f1d10937971e6627661a237c18f5e34b6b38c341e7cf8bb1dab810a637973b7
Instruction Fuzzy Hash: A8312B79B00109CFDB54DB64C559AADBBF6EF88315F5442A9D801AB3A0CB32ED41CF60

Function 07065068 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f68c296c3250bc66383cb3a02de97f5a06ca39b175ad95b7c85efd035816dc
Instruction ID: baa39792a174cc40da54480a911238bcdbb32659e89bfcf1e9fe7e9b527acf4d
Opcode Fuzzy Hash: 10f68c296c3250bc66383cb3a02de97f5a06ca39b175ad95b7c85efd035816dc
Instruction Fuzzy Hash: B321B2B0610709CFC724EE35C8648AB77B6BF82205B504B7DE5528B290DB35D865CBA1

Function 059CDD40 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fdd6fc7abb0cb2bb16300b4b0b0d5cf9d4dbcf8b402435e0f0a136c08bf7e8ff
Instruction ID: 43c58a87689e93821a41165aa617dd7e1487faaa783a4aa5e93305b75694b6b3
Opcode Fuzzy Hash: fdd6fc7abb0cb2bb16300b4b0b0d5cf9d4dbcf8b402435e0f0a136c08bf7e8ff
Instruction Fuzzy Hash: 3F210431B002548FCB14EB68D854AADBFF2EFC9220F1444AED406EB391CB359C06CB91

Function 0082D4D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133757535.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_82d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bbc9c80f8d9ed391be64826613991b8abf16ead644c5a6044515420da58e129
Instruction ID: 35a8ef758ce4823ce5b73fc0e919104485542c92961e762d9809f7e1fae95baa
Opcode Fuzzy Hash: 0bbc9c80f8d9ed391be64826613991b8abf16ead644c5a6044515420da58e129
Instruction Fuzzy Hash: 96213A72504344DFDB04DF14EAC0B26BFA5FB98318F20C16DE9098B256C376D896CBA1

Function 0082D3EC Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133757535.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_82d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff89c2bd02ee0f6f08d0735031ce2760b07f16d375c17f09eb265b0ff7d6ff42
Instruction ID: 43b3dd3e734fc2f5755ee91e31aada8a74e7c97e90d97ba3f3f9869244ad9fe1
Opcode Fuzzy Hash: ff89c2bd02ee0f6f08d0735031ce2760b07f16d375c17f09eb265b0ff7d6ff42
Instruction Fuzzy Hash: 532137B2504344EFDB04EF14E9C0B26BF65FB94324F20C56DE9098B256C336E896CBA1

Function 05B55CCF Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32a9220b13c3673c8f412bcc1af419a80f023f7eee4aa974c805d004910aa85a
Instruction ID: 02452e1d82df1d70ffa764c0add530496d538db1c606f02e41aafe5af3114ec7
Opcode Fuzzy Hash: 32a9220b13c3673c8f412bcc1af419a80f023f7eee4aa974c805d004910aa85a
Instruction Fuzzy Hash: 61418B78D41229DFDB28DF25D9A8ADDBBB1FB48301F0041E9D80AA3A50DB349E80CF55

Function 05B5BE38 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e491cc748347143f164cf03f3906cd6f72b5edc4bf01242911a437555bc049
Instruction ID: 878f77cb1fdca725737b53f273976a7b79cea8177de9efa67369f4b2a336c637
Opcode Fuzzy Hash: a3e491cc748347143f164cf03f3906cd6f72b5edc4bf01242911a437555bc049
Instruction Fuzzy Hash: 5521D332A10219AFDB05AFA4D859D9EBBB6FF88310F144555F102AB360DF35A845CF90

Function 059C4FA0 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b157807e7598c269ac8df22c03bb51545dcb773120cd47fba55e38b8af93d41
Instruction ID: 1de78a4f0fd15bbccf2c91bd56b6283c1ada32435cfc7108770377670bf28506
Opcode Fuzzy Hash: 6b157807e7598c269ac8df22c03bb51545dcb773120cd47fba55e38b8af93d41
Instruction Fuzzy Hash: 7221F0357045118BD7199E29C8A493ABF96FFC9752B0945BCE90ACB390DF31EC428BC2

Function 059C1F06 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c89fd1abf923e2663347d79bf93874b53791674c8904b4a56cc9ab741657703
Instruction ID: e5655e05a6bb1ec2df125a6ca8f0e8e3c4e606757ec1a33164a3b96ff404c95c
Opcode Fuzzy Hash: 3c89fd1abf923e2663347d79bf93874b53791674c8904b4a56cc9ab741657703
Instruction Fuzzy Hash: 1321BB30B042158BDB09EB68D4546AEBFA2FF85300F208969D402AB681CF359C42CBD9

Function 059C0661 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 334af21f2a69a8d03713e150e1a976ebfbbdaecb88b09bbd4f4e389295e10a0a
Instruction ID: 73e1a4f376072cd8988cefb886815507392c4abbf24e82f8ea3080412c77929e
Opcode Fuzzy Hash: 334af21f2a69a8d03713e150e1a976ebfbbdaecb88b09bbd4f4e389295e10a0a
Instruction Fuzzy Hash: F821D3B5D05209DFCB10CFA5E585AEEBFB9FB88300F10856AE815A3250D7359A42CF51

Function 05B59E40 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 705cf745d7fc04bb30ca7f7ff23c9f1a89f52fc3eea0cc562eb13de474e6f591
Instruction ID: aa58e36401b8762dc670da49a7ac4e3f5b4e56db8dcf94ec79ce0990bb08fc5b
Opcode Fuzzy Hash: 705cf745d7fc04bb30ca7f7ff23c9f1a89f52fc3eea0cc562eb13de474e6f591
Instruction Fuzzy Hash: 9B31FF32910B0ADACB01EFA8C854899F7B1FF95300B118B5AE95967121FB30E695CB80

Function 0083D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133780476.000000000083D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_83d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51ba8407e4f8234302854d4a1ffe04a2fc4a62b012f35330a95c605c067caa1c
Instruction ID: 77ef7121e2ef703b5aa88653cfeb24654b3a4ae1a912c3739b62d42a9b607708
Opcode Fuzzy Hash: 51ba8407e4f8234302854d4a1ffe04a2fc4a62b012f35330a95c605c067caa1c
Instruction Fuzzy Hash: 4A212675504304EFDB05DF14E9C0B26BBA5FBC4318F20C56DE9098B292C77AE856CAA1

Function 0083D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133780476.000000000083D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_83d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0c4090bf4ba9e65c3344d0fda71493a743f608e91cb3720b26c20882c99d923
Instruction ID: e559a46907b30124bbac940d3958c98b96dce6743fcd0743c2ffc40b8c64f57d
Opcode Fuzzy Hash: c0c4090bf4ba9e65c3344d0fda71493a743f608e91cb3720b26c20882c99d923
Instruction Fuzzy Hash: 4D213775504704DFCB18DF14E5D0B26BB65FBC4B14F20C56DD90A8B252C37AD807CAA1

Function 059CD3E0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 599c560f9dd1304fcfe8b969bea8f615ab1228f143d7aa806549041081ee2db5
Instruction ID: 85b73a6e87c7c80bd99139ae3e3fc43617b8bf473286ee2240dd1563a446698a
Opcode Fuzzy Hash: 599c560f9dd1304fcfe8b969bea8f615ab1228f143d7aa806549041081ee2db5
Instruction Fuzzy Hash: 232126B19043499FDB11CF99D880ADEBFF8FB48310F10446EE45AA7201C774A904CBA5

Function 07067EB8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10770dba545a2eb6b41a8e47c99f1348b94db3a1d81856fa21e7a4be694af87f
Instruction ID: 07e08fc930b46ad45dac25dbb2287e16bb94a05db0ea1776a3db292157d6bc51
Opcode Fuzzy Hash: 10770dba545a2eb6b41a8e47c99f1348b94db3a1d81856fa21e7a4be694af87f
Instruction Fuzzy Hash: FF217C71201603CBE729DB25E854F9ABBE2EFC0314F14EB6DD0594B255DBB8A8058BD2

Function 07065058 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b89573e09e550043a18e04610e390d3284643c0900910daad5eb73ef2052bb2
Instruction ID: d11eef4c679ea0daa57d4005e60ce68d404675c129546a3cac0405316113b063
Opcode Fuzzy Hash: 2b89573e09e550043a18e04610e390d3284643c0900910daad5eb73ef2052bb2
Instruction Fuzzy Hash: B321F5B0514749CFC720EE35CC648AB7BB5BF82205B500B7EE4928B281DB35D965CB91

Function 0706747C Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a83d0e668a8b0da90c4025ddce7e800e140463880ac6a0c844621d87a8369f37
Instruction ID: 84ede45f1dba010292b4be7439ca45d0a2490ee31ae1fb7d3793e354d28300ad
Opcode Fuzzy Hash: a83d0e668a8b0da90c4025ddce7e800e140463880ac6a0c844621d87a8369f37
Instruction Fuzzy Hash: E3215171200603CBE725DB29D898FAABBE2FFC0314F14EB2CD15947255DBB4A8058BD1

Function 070619F8 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0bfc8f61e2b9baca64649a666695df70e1ca37e1feec881b8a170593ba6a0bb
Instruction ID: cb0294059f86f650fb75301428eaa02175867df96a18cb96a2193f2794868413
Opcode Fuzzy Hash: c0bfc8f61e2b9baca64649a666695df70e1ca37e1feec881b8a170593ba6a0bb
Instruction Fuzzy Hash: EB312630210605CFC7A8DB28C498BA67BE6FF85711F5585A9E15ECB3A1DF71A886CB40

Function 059CBD60 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1556a2e14c03d096b37013d90ae6b7c0e94f6310de0f1784d2ef251856cd746e
Instruction ID: 91e5fbdab3b383f0fd164a4d4ba801b07768b6c929b47d74bba9451b4f735183
Opcode Fuzzy Hash: 1556a2e14c03d096b37013d90ae6b7c0e94f6310de0f1784d2ef251856cd746e
Instruction Fuzzy Hash: 7721A1313007018BE725AB79955053A7BEBFFC6204B8449BDCA178B794DF35E802C7A1

Function 070619F7 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d63d74ddf4324846ef9a8bead1f9912a46830a37b90db4a8b95f94a1276cb64
Instruction ID: 90f6212be9e98cf6944f968046baa359edfdbf0d5b7b41a6d0a597fb1d0eb55d
Opcode Fuzzy Hash: 5d63d74ddf4324846ef9a8bead1f9912a46830a37b90db4a8b95f94a1276cb64
Instruction Fuzzy Hash: A9211530210605CFC7A8DB28D498BA67BE2FF89711F5585A9E15ECB361DE71EC86CB40

Function 059CE588 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d95fc25cfe963c3d9f5b2692d71f957f62c2fb83a113ebdef5cc1088113ec72
Instruction ID: 886c5625ece07735a7d2aba2c73095443b828f8c792bc3a2ac73a62551cae82b
Opcode Fuzzy Hash: 9d95fc25cfe963c3d9f5b2692d71f957f62c2fb83a113ebdef5cc1088113ec72
Instruction Fuzzy Hash: 5F217A319107088BDB01EFA8D9556EEBBB2FF89300F00856ED4567B250EF35A945CB92

Function 05B4F28B Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e9383b618eca58b589a00d9dae5ab257f45c8726d6d6029108d7177f2acf0d3
Instruction ID: 62277bc84e54362002cdcd0233fc92caac134fc6af4c0425bc97b07ba0f846d6
Opcode Fuzzy Hash: 1e9383b618eca58b589a00d9dae5ab257f45c8726d6d6029108d7177f2acf0d3
Instruction Fuzzy Hash: 8D419F78901628CFDB25DF21CD99A99BBB6FF88305F1040E9D90967362DB742E84CF41

Function 059CCD30 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e04769688bedde21a32d7f1cf2ea1895bd5f552be2bcc7bfb4a7c36e573afe62
Instruction ID: 0dc103c15ec3655db7c32c038f1c0d0cc45c0832de7d2fc713245030befbb954
Opcode Fuzzy Hash: e04769688bedde21a32d7f1cf2ea1895bd5f552be2bcc7bfb4a7c36e573afe62
Instruction Fuzzy Hash: 5B2138749081049FCB44EFA8D445AED7FF5EF0A200F1044EAE958AB361EB319E41DF91

Function 059CD3EC Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d667797b5d9310d4551026aec0e382dc2e1d2705640fe1d246efefd3d043ba4f
Instruction ID: f6d7c37bcdf83e5ca0963ef627a6b80612f1ba0e6559a6d4dda28df04010cd7c
Opcode Fuzzy Hash: d667797b5d9310d4551026aec0e382dc2e1d2705640fe1d246efefd3d043ba4f
Instruction Fuzzy Hash: DC21F4B19013499FDB10CF9AD884AAEFBF8FB48314F10446EE51AA7300D375A904CBA5

Function 059CA5FC Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc27ea51f6149128084bb5ea816f463ff9430815d72a944a2dc91dd9b97d2398
Instruction ID: 593ffeeb14bf096ffaea3e9711f8f79cfd159edc190ab6680031fe35cca52885
Opcode Fuzzy Hash: dc27ea51f6149128084bb5ea816f463ff9430815d72a944a2dc91dd9b97d2398
Instruction Fuzzy Hash: 7B11A772F4510AEBCB11AA54D9585FDBFB5EB43341B604CEAC05DB3184E6308D358B9A

Function 05B59CA0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64935d9d0add9f37b1a384071db9f68beef8b91406bbb2da8fbd0ed0d3b8fc5f
Instruction ID: bca22feda144540497ad918028531196034fc2ec3cfaf3f4444db7752326db60
Opcode Fuzzy Hash: 64935d9d0add9f37b1a384071db9f68beef8b91406bbb2da8fbd0ed0d3b8fc5f
Instruction Fuzzy Hash: C711CA303002145BFB04B76AD811B6FB6DBEBC9B04F14442EE146DB79ACEB6EC4197A1

Function 07067188 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0832bd3c56ec3141a492ecab13711a87519c48b61fa954da7e2107ac7afde760
Instruction ID: 011310bdd5298b0ebd1f483cc8e4c193e0eab72f8073d5ba968f831e4a14de40
Opcode Fuzzy Hash: 0832bd3c56ec3141a492ecab13711a87519c48b61fa954da7e2107ac7afde760
Instruction Fuzzy Hash: 701121B1701701CFC739AB38892852A77E6AF8663532447BED0695B7E0DB36D843CB41

Function 059C1E18 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 720f27084be5c837b5a0d8366b700849a7cb84b3fe1cfd40440137be651fbc25
Instruction ID: 859f095e02cfca16371fa220122adcab63bbeb24f2a7b8801f8f868642faedf0
Opcode Fuzzy Hash: 720f27084be5c837b5a0d8366b700849a7cb84b3fe1cfd40440137be651fbc25
Instruction Fuzzy Hash: 1221683090120ADFDB11DF68D594A8EBFB2FF45304F14896DD406AB242CB35AC82CF95

Function 059CE299 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ed53a7db445f9e89c3b5347d9c3e591ee2740cdf937e5e25bbd1d360d4f269c
Instruction ID: d39498d706cf45ac02cf47d0dfe376b732b83fbf8a49efbfec492cf1833db31e
Opcode Fuzzy Hash: 7ed53a7db445f9e89c3b5347d9c3e591ee2740cdf937e5e25bbd1d360d4f269c
Instruction Fuzzy Hash: 7421F2B19013499FDB10CFAAD884A9EFBF8FB48310F14846EE419A7300D775A904CBA5

Function 059CE598 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bca222a2cc1524e343f94b872e4e5144108e04180c442171acb36e2f03422e6f
Instruction ID: bbcbf3ed9590a7c23568b51ca51b0ae60ba0a3227db83ef853aa8b029a99df63
Opcode Fuzzy Hash: bca222a2cc1524e343f94b872e4e5144108e04180c442171acb36e2f03422e6f
Instruction Fuzzy Hash: 52216A30A10708CBDB05EF68C9546EEBBB6FF89300F00866ED4567B250EF75A944CB92

Function 059CDD68 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 585c955d8734cd10ab3e8606e691df687eef8f0ff44caacaa66629cc924c05c6
Instruction ID: 910b1be20aa29e98e78c6b0589a530d8a3726debb5c74b289364665b033f386e
Opcode Fuzzy Hash: 585c955d8734cd10ab3e8606e691df687eef8f0ff44caacaa66629cc924c05c6
Instruction Fuzzy Hash: B211B271B002549FD719EB68C454A6EBFF2EF8A610F1544ADD406EB391CB359C06CB91

Function 0706BEE3 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bf75d127514a96bfc14c0d78c7ecf68dfb78496a81f6a832561360784b98bd5
Instruction ID: fbc63a779b4b8d6faf1cf2928da73b1a186a7d92d1b2dee057a07f3487570f1c
Opcode Fuzzy Hash: 7bf75d127514a96bfc14c0d78c7ecf68dfb78496a81f6a832561360784b98bd5
Instruction Fuzzy Hash: FD11A0BA7002048BC705EB79A45867E7FE7EBC8311B144169E906C7390EFB88D06AB91

Function 059C4AD7 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e03b66bde9d606a0046ca9c0353217ca021bcaf21d859638d4f259b647ea06a7
Instruction ID: 376ab3e4ad3635fb1d8c4c18cf0d55d2b208f914f07c1c21007907cd1eef47b1
Opcode Fuzzy Hash: e03b66bde9d606a0046ca9c0353217ca021bcaf21d859638d4f259b647ea06a7
Instruction Fuzzy Hash: 51110431B00114CFDF11EA55D4A8B6D7FBEFB84222F0486ACE80AC7340DB36D8818B96

Function 07061810 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68bc4a430728d7d230b9111765b58d76ceb0aea45c1009a95f9824b1e01f5be0
Instruction ID: 79da4c4973a69365ec4bd6522ba568f916727bcaf2815c43964c920bf589bb38
Opcode Fuzzy Hash: 68bc4a430728d7d230b9111765b58d76ceb0aea45c1009a95f9824b1e01f5be0
Instruction Fuzzy Hash: 9211BF71B00609CFC724AF79D46885ABBF6EF8661171406BEE056CB370DA31EC81CB52

Function 059C9781 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6a06234eb71a9c9ee1617b93026e27eb46e96f9871d2359bff375e1f78e5134
Instruction ID: 18fd19b704ea694f2828535430ee518bfb1132a35961098c9e16052cd67adf18
Opcode Fuzzy Hash: b6a06234eb71a9c9ee1617b93026e27eb46e96f9871d2359bff375e1f78e5134
Instruction Fuzzy Hash: DD113A36A101049FDB05DF64D959BE9BFBAFF8C311F144569E902A7790CA32AC51CB90

Function 059CFE88 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed179406c7a4d245cea8ee9a52afda93de916b5564bf3ea3899b272275cc8030
Instruction ID: 4528e7afe481702bd0e26f82a31382f18a0178e4e84183b5773ac7f22b1deec6
Opcode Fuzzy Hash: ed179406c7a4d245cea8ee9a52afda93de916b5564bf3ea3899b272275cc8030
Instruction Fuzzy Hash: 2A01D8363046508FE320A6B9A88466EBF9BFBC5364B1415BEE60AC7351CE61DC41C391

Function 059C42AF Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 326ec12a03464bf61bf221a22e3a037aec4c1c41d0857c13ff693724c0b81cd6
Instruction ID: 7a6c1b5cff3b50005b4f838a8d92bcf792ee415de7468e40b11ca6df1cfd5b52
Opcode Fuzzy Hash: 326ec12a03464bf61bf221a22e3a037aec4c1c41d0857c13ff693724c0b81cd6
Instruction Fuzzy Hash: A21106357041149FDF01AFA8E525B6A3F66FB84311F008069F90ADB355DB39CD95CB91

Function 07066900 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de046464b75acdbe96d00b0bfa43ac6a34969a040c38287b5bffa08fb6eeb959
Instruction ID: cb8584483dc17875f02f0e2715cd1de36f4b99fbdd1508e2b2ada55d35820d5e
Opcode Fuzzy Hash: de046464b75acdbe96d00b0bfa43ac6a34969a040c38287b5bffa08fb6eeb959
Instruction Fuzzy Hash: E911EFB63006059FDB09EF34C858AA97BA6FF85300B048168E5058B772DB31EA05DBD0

Function 059C0359 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50cddbdbf4dc50b91a696708ddfdfcad36927c517b9671fb3ee1557c42e77312
Instruction ID: bb9d9a1a6d30bbb41356800f9873329836d38bba7ac2ca2a6d29fdb1f11fedbe
Opcode Fuzzy Hash: 50cddbdbf4dc50b91a696708ddfdfcad36927c517b9671fb3ee1557c42e77312
Instruction Fuzzy Hash: CE114875D05218EFCB14EFA8E8449EEFBBAFF85300F10956AE405A3210EB709985CB85

Function 07065EE1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d54d131cddf9a3de9657f9b7fbaf4bea283f901139b4f7c879790dbdd2c4348
Instruction ID: 93c2fa258ab213fa63bb79a138080f40b668be2ecff7581aa1aa673572b137ae
Opcode Fuzzy Hash: 6d54d131cddf9a3de9657f9b7fbaf4bea283f901139b4f7c879790dbdd2c4348
Instruction Fuzzy Hash: 19112071A002119FCB60DB68CC58BED77F1AF84710F1482A8E559AB2E0DBB0A941CB80

Function 070655BC Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01ae94c7f181008d231fbac23b0d0acd60127f0ded287ef5589f90c41eab3d3d
Instruction ID: a7039c57f59c75f76394133f52f4302228060fd35e1a63d3cb8c4f93cbc22a75
Opcode Fuzzy Hash: 01ae94c7f181008d231fbac23b0d0acd60127f0ded287ef5589f90c41eab3d3d
Instruction Fuzzy Hash: EB11A071B006169FCB64DB68CC58BAE77F2EF84710F148668E519AB2E0DB70A955CB80

Function 0082D4D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133757535.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_82d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction ID: 81683351b666725e7cbcec3eb6d9605b69812536b9deb21c0cb0d340095c368f
Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction Fuzzy Hash: 4711D3B6504380DFCB15CF10D6C4B16BF71FB94318F24C6A9D8094B256C37AD896CBA1

Function 0082D3E7 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133757535.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_82d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction ID: 5222ee8e61a1cdae47ca96f0b26163b687cc4f16e35d7da989c66662fe06b885
Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
Instruction Fuzzy Hash: DE11AF76504384DFCB05DF10D5C4B56BF62FB94324F24C6A9D8094B656C33AE856CBA1

Function 05B4242C Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 571f13d43b82d4e50d6af653927bcd5fc5de50b3ea3d4923788880eb6648a9d5
Instruction ID: 3831e7b316121424882b403c1cf42ad6d93dea526ab74331ba1f3f5a527b447d
Opcode Fuzzy Hash: 571f13d43b82d4e50d6af653927bcd5fc5de50b3ea3d4923788880eb6648a9d5
Instruction Fuzzy Hash: F931E478901268CFDB29DF64DD98E99BBB2FB49301F0044E9D60AB32A0DB755E81CF50

Function 05B477DE Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23bb8abdc2f237246dc9a2c5560b84a8eadff2e49702b25d12e281205b291f2
Instruction ID: 076434c52f28caa4f917fc041393a6e4ab2fb545b4804ed65958fbd3780c9396
Opcode Fuzzy Hash: e23bb8abdc2f237246dc9a2c5560b84a8eadff2e49702b25d12e281205b291f2
Instruction Fuzzy Hash: 4421D434910659CFDB20DF65C854AE9B7B2FF89301F4081DAD50AAB260EB349EC5DF41

Function 05B4CAEC Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faa03fe0a8334faa4335c79ab0bdebce707d1c47e3e0bd945188fc2fb9241c46
Instruction ID: 5fa43fe6e3230ae11f6ec017b093435807de4a570c05891ba0f79c792d620115
Opcode Fuzzy Hash: faa03fe0a8334faa4335c79ab0bdebce707d1c47e3e0bd945188fc2fb9241c46
Instruction Fuzzy Hash: 1931A778901268CFDB25DF20D999A9ABB76FF48340F1041E9D90AA3354DB365E85CF41

Function 05B5B0F0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f66d8d8857dc268e7e9af660995492f4ac9b70f592c12c90bb405e183e362046
Instruction ID: 904112c97eb7fce834f410e58a3240779919f781d419436f85c23dd42e8da59b
Opcode Fuzzy Hash: f66d8d8857dc268e7e9af660995492f4ac9b70f592c12c90bb405e183e362046
Instruction Fuzzy Hash: A311C4317246109BE3149A69D84175B77DBF788750F10456EE287C7785DFB5BC028B90

Function 05B46072 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c7ac2065c83ff24f68ef25486a3859e7098f489b162b9703ec9c795fed74947
Instruction ID: a6bce204b5357aaf96a3f178f7772cb4055bc42f6fbaf75b82e5d40f536a6d3a
Opcode Fuzzy Hash: 4c7ac2065c83ff24f68ef25486a3859e7098f489b162b9703ec9c795fed74947
Instruction Fuzzy Hash: FC21D678A05229CFDB24DF24DD89EA8B7B6FB49300F0484E9D50AA7660DB359E81CF01

Function 0706BF68 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce9407d07cf6151fecca37d1d3335ca9ffb07e0a10651a5d9a2ea68245cf6770
Instruction ID: 8eebf2ebfcde053c6d77052f22d11844153d15f04f8313482596b7390ad0bd7e
Opcode Fuzzy Hash: ce9407d07cf6151fecca37d1d3335ca9ffb07e0a10651a5d9a2ea68245cf6770
Instruction Fuzzy Hash: B901D4BA3002008BC755A73A946823E7AD7DFC9265718413DED02C7380EF7CDC029792

Function 059C0368 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e1f140a60936cb4e9ffb675ed4bd05f239fac3150ca07b8bb3ba4dfaa81edc0
Instruction ID: 0676bfea9497af987a22183da0731bcb551d039c65844ab9a9fb6babddfd007f
Opcode Fuzzy Hash: 7e1f140a60936cb4e9ffb675ed4bd05f239fac3150ca07b8bb3ba4dfaa81edc0
Instruction Fuzzy Hash: 7E111B75D05218DFCB14EFA9E8489EEFBBAFF85300F00956AE405B7210EB709945CB85

Function 05B42668 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbfb898512a4eddb29199b5fba0ff39837a30edf1edb0e157ee3b9269016e11e
Instruction ID: b88ca7ddebcd952dca327440d77ffc5b7f7695bee35e4621e0c55eaab47b3fc1
Opcode Fuzzy Hash: cbfb898512a4eddb29199b5fba0ff39837a30edf1edb0e157ee3b9269016e11e
Instruction Fuzzy Hash: 2821C578901228CFDB64DF65D999B9EBBB5FB48305F0040EAD50AA3680DF385E80CF55

Function 0083D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133780476.000000000083D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_83d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
Instruction ID: 1a2612ff7d19f45c97de8da82ce0bd9abbc93b088d012f72f6cd01c4a92d1dc0
Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
Instruction Fuzzy Hash: 0A118B75504384DFCB16DF10D5C4B16BBA2FB84314F24C6A9D8498B6A6C33AE85ACBA1

Function 0083D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2133780476.000000000083D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_83d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
Instruction ID: ff84532550aef4b1fb8ec5d210c19192ffcade067e018fdd68d73b7c57218f33
Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
Instruction Fuzzy Hash: CA11BB75504780CFCB15CF10E5D4B15BBA2FB84714F24C6AAD8498B656C33AD80ACBA2

Function 059CF108 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce396e6f766eb4ef6db303283a1952e4a79314d3d3929cd0310985fceefd38e0
Instruction ID: a2598495a4e1c0d94cccac7081755456ffc0f16d62c249b4c264b5fba182ca9f
Opcode Fuzzy Hash: ce396e6f766eb4ef6db303283a1952e4a79314d3d3929cd0310985fceefd38e0
Instruction Fuzzy Hash: 11112135910519DFCF00FFA8D9458EDBB75FF45311F00825AE955AB210EB30AA58DBD2

Function 05B5EDD0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b54e9ef9cd413cc8d461a3c18f84d46207bd20bf761ad728aa94787aec323a8
Instruction ID: 7e4bd0f012f499c262e9d8b5f7e95ba1378a5c383a258238a5de9bbaccaaeffd
Opcode Fuzzy Hash: 9b54e9ef9cd413cc8d461a3c18f84d46207bd20bf761ad728aa94787aec323a8
Instruction Fuzzy Hash: 231123B1D04608CFDB14CF9AC444BAEFBF4EB88220F10842AE818A7300D3B4A545CFA5

Function 05B46BAD Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3416c39d1451e9018d7f2576d5b53d6481e66eed1d342a119821496f91952c9d
Instruction ID: 1d843c226f93353937bd40e660a1bad1d22503bca070633cf326401c3d81f808
Opcode Fuzzy Hash: 3416c39d1451e9018d7f2576d5b53d6481e66eed1d342a119821496f91952c9d
Instruction Fuzzy Hash: CF21D478A01228CFDB65DF24D999A9EB7BAFB49301F1041E9D54AA3390DF345E80CF51

Function 0706BE48 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b162e3af555ff0d4901aa67c5a3f43d3e4b42803fe679a5c14eb51d71b331327
Instruction ID: c9d4859350f63a269c97347e1b0aa6a77503f930595606ad04ad9a5ab278b536
Opcode Fuzzy Hash: b162e3af555ff0d4901aa67c5a3f43d3e4b42803fe679a5c14eb51d71b331327
Instruction Fuzzy Hash: E501ADF93001054B87156B79D56813F3BE79FC56A47284229EB02C7B85DE78EC038B92

Function 05B40E53 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1188ccd555351307addbed4677339111b4fdf0719b4dc6f679af9b49dbefcac9
Instruction ID: 24c5642c7a2db585d0b9f90fcebed18e4a1deeadabad527ec9c1c8646a2ea8d8
Opcode Fuzzy Hash: 1188ccd555351307addbed4677339111b4fdf0719b4dc6f679af9b49dbefcac9
Instruction Fuzzy Hash: F8212734A012288FDB24CF60CDA9A9EB7B6FB49302F0041E9C40AA3740DB349E81CF56

Function 0706EBB0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b0ab2f9e4f890b91127d4bb634079798d05a992eedd0a334955550c98ea7e71
Instruction ID: cecc5b1374f87713a022a00df6e1e1b00aba3ab3b8716e11c03f14136130ea5e
Opcode Fuzzy Hash: 5b0ab2f9e4f890b91127d4bb634079798d05a992eedd0a334955550c98ea7e71
Instruction Fuzzy Hash: C011A178A013098BCF049FA4D92D2EE7FF6BB89210F244169D902A7395DF715D01CF60

Function 059C1F90 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b399bee7fefedda617758820752c02aa0ccb4dea216e67b9efc3d79f22835f46
Instruction ID: 1e433305d1b10d826b9e40ee0ebf472775b8ffb91acff8e25deef89a9c05c9d8
Opcode Fuzzy Hash: b399bee7fefedda617758820752c02aa0ccb4dea216e67b9efc3d79f22835f46
Instruction Fuzzy Hash: 700180357002148FD714DB29E498A6ABFE6FFC9610B1489AEE44AC7361DF71EC05CB51

Function 05B403CA Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2079bf4e4e944a45408003e0d3fca7822f7cb0cec6ed6274c9f148acf287ba0
Instruction ID: 3749d31e5c8351d30e3de2e361d85b1f225bb6526de675948d9b24aaed5985d2
Opcode Fuzzy Hash: b2079bf4e4e944a45408003e0d3fca7822f7cb0cec6ed6274c9f148acf287ba0
Instruction Fuzzy Hash: 2821D874A00268CFDB25DF25D998A9DB7B6FB49301F1044E5C90AA3391DB34AF81CF55

Function 070617FF Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 680bf8ab5e324837161815b214ba135cd9e4961791345024a01bd760ac0576de
Instruction ID: a1eaabc3ae5d893bd0705ac2ec0038e2d5eeeae4f6368bbceb0c5400159663d8
Opcode Fuzzy Hash: 680bf8ab5e324837161815b214ba135cd9e4961791345024a01bd760ac0576de
Instruction Fuzzy Hash: AD01F5717096448FC7259F79D86481A7FF5AF86611B0806BAE055CB2B1DB31EC40C752

Function 070672A8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 648425fdbdc0dc62232fc2dbed5fc01d2841296dc1d947b3f7398c0fdeb3b2e1
Instruction ID: ff365ec622d1332c60d57dc4a2a08d47aae3b68204e4fb59983ac24f46446fd3
Opcode Fuzzy Hash: 648425fdbdc0dc62232fc2dbed5fc01d2841296dc1d947b3f7398c0fdeb3b2e1
Instruction Fuzzy Hash: B801D4726042169FD714CB6DE854BAABFE5EB85318F14457AE508CB311DBB1EC4087D1

Function 05B53FE0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b75f3cb0bc38a6ce78f02155cb4528b09f7e6dc6a7d0675dd84d2dea8bc71b96
Instruction ID: 78c047cd600e081249740d8c9ae74486163d12004c5e729d8b3fd248c5af530b
Opcode Fuzzy Hash: b75f3cb0bc38a6ce78f02155cb4528b09f7e6dc6a7d0675dd84d2dea8bc71b96
Instruction Fuzzy Hash: DB21B478901269CFCB24CFA4D998AADBBB6FB48341F0041E9D40AA7794DB745E84CF41

Function 0706BF43 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0fc98ee22b4326309f49bd9e74fe57013b46a199ab2536e2ae8d301e66d65e
Instruction ID: ac1ba1c52da6c55776e6933b4489df125ba4235a0127ae015c194c912e6f0065
Opcode Fuzzy Hash: 6d0fc98ee22b4326309f49bd9e74fe57013b46a199ab2536e2ae8d301e66d65e
Instruction Fuzzy Hash: 890181BA7001108BCB15A739946837E3AD7EBC8216B18416DED06C7784EF7CDC47A781

Function 059C2170 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2650bdbedd9be5bb692240c3c829b55d59cf0b40553da9dacffe016c5a3b166
Instruction ID: 822bd06be52b5ed35408d4cf87ed3bab316f1f5810f80298f494c6dced4bc062
Opcode Fuzzy Hash: f2650bdbedd9be5bb692240c3c829b55d59cf0b40553da9dacffe016c5a3b166
Instruction Fuzzy Hash: 7001A7383087508FCB19A738DD1C56D7BB57F8660170542ACD546CB3A2DF24DD01C796

Function 05B4DF9D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b97a30e471bbfa7d12c0d0bcfefb16d10eb2ebeea5a1db81c3bc341cc8a8e4df
Instruction ID: 8d788867854bb55736d550ea2ed59262d5416346b3cea88287dff532c21fca27
Opcode Fuzzy Hash: b97a30e471bbfa7d12c0d0bcfefb16d10eb2ebeea5a1db81c3bc341cc8a8e4df
Instruction Fuzzy Hash: 6521E738A001688FCB24DF24C998ADEB7B6FF49301F1400E9D90AA3750CB746E81CF52

Function 0706BF5B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaf5188c9c567c170b5600360ffa21840ddebcb5e3dfcd0829c8bc06d1929594
Instruction ID: 6745f2dc179e078a8d9c5652df30f6800b1f9f071bd7db4639fcddffd551b23d
Opcode Fuzzy Hash: eaf5188c9c567c170b5600360ffa21840ddebcb5e3dfcd0829c8bc06d1929594
Instruction Fuzzy Hash: BD01D1BA30021087C715A73A946833E3AD7EBC8216B08412DED02C7380EFBC9C02A792

Function 059CCE6A Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38ad6106c1a2a77554268909e1a4a2777ab49d332fcd58f89e6ce9f06bb7fc54
Instruction ID: 17845fbc36d7c0eebfcd72b2cb1345a24e120a7d7bfb9a5533378726f0c1ad13
Opcode Fuzzy Hash: 38ad6106c1a2a77554268909e1a4a2777ab49d332fcd58f89e6ce9f06bb7fc54
Instruction Fuzzy Hash: 8AF0F972F89105AFC7126B54D9181A57FB1EB83250B144CEFC06EE3284E1304D118BC6

Function 05B44A63 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 903b68248b18f62aa4767b747943055fed20b017debea763d4ac499ee472dcea
Instruction ID: 41e7727d24fbf07172ec8a0cc6e797a3506fab846ac919cf845de604ea71fc1c
Opcode Fuzzy Hash: 903b68248b18f62aa4767b747943055fed20b017debea763d4ac499ee472dcea
Instruction Fuzzy Hash: BE21D038E42229CFDB25DF24C888A9DBBB6FB48301F1044E9C40AA7350DB34AE81CF50

Function 059C1FA0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06db2895600cc162b1561305d8b1bae4656fd4a694a0044afbfd8ad176a863c0
Instruction ID: 20dbbb07acf96be6ce3a10addd00e726603d265aab77091392aba67964ffce5e
Opcode Fuzzy Hash: 06db2895600cc162b1561305d8b1bae4656fd4a694a0044afbfd8ad176a863c0
Instruction Fuzzy Hash: 8B015E347006148FD718DB29E49896ABBEAFFC961071488AEE41ACB361CF71EC41CB51

Function 059CE837 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28f606564fbe30f70938b63cb87432a806abe294da84ec3bb62b0eb0224f35d5
Instruction ID: 77b43ccf007c55d7e66b0f804923a76271287ccdbda44a20df6c97f4a43ba522
Opcode Fuzzy Hash: 28f606564fbe30f70938b63cb87432a806abe294da84ec3bb62b0eb0224f35d5
Instruction Fuzzy Hash: D301DF32A0120E9FCB10AFB5DC445D9FB76FF99314F11C62AE00667200E775A59ACB90

Function 05B497DF Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9466f7a021571cb57955a4f5616c13451b467f382388089eb40c39f948b03d65
Instruction ID: eed91d37fc1099da6e21fffb1dc2df03961158edd6d125441939fe106e3d70a5
Opcode Fuzzy Hash: 9466f7a021571cb57955a4f5616c13451b467f382388089eb40c39f948b03d65
Instruction Fuzzy Hash: C621D638941128DFCB25DF60DDACA99BBB6FF08302F0041E6D50AA32A0DB746E85DF45

Function 0706C2D0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05cc47e17a8042cc09be00abc31a5aa61462e9857653216263fff661e65c3a25
Instruction ID: 19401a084289b5a165a6c292bf16efb31fc6a3120c7b8aab56dc20bea34c6ad2
Opcode Fuzzy Hash: 05cc47e17a8042cc09be00abc31a5aa61462e9857653216263fff661e65c3a25
Instruction Fuzzy Hash: 1AF0EC3A3501148FDB80EB6EE448959B7E9EFC963531900BAE509DB771DA71EC05CB60

Function 0706BE38 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fcaa6649e30a985f37a05306b3f6d8c867c073a0455af7a0caf0f92c4b1140a
Instruction ID: d5a1355d418079e27eb7732b1c20998ff67ede9cf64f6c65dc3f6dffd8e69378
Opcode Fuzzy Hash: 4fcaa6649e30a985f37a05306b3f6d8c867c073a0455af7a0caf0f92c4b1140a
Instruction Fuzzy Hash: 3BF0C2B931420057C715AB69E46423F3BE7DBC5654B28415DEE02C3785DE6CEC078782

Function 05B4ECEB Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d77a9dfa5eba75774bf92655838064433b659df93610b0e76d92209ce2b879a
Instruction ID: 5e34da655700399e73c3d28ebc32e017af32d9d897f53b3aa150035f62564144
Opcode Fuzzy Hash: 7d77a9dfa5eba75774bf92655838064433b659df93610b0e76d92209ce2b879a
Instruction Fuzzy Hash: 04113A39D51169CFCB24DF20D899A9CB7B6FB48346F1401E5D406A3290DB786E86CF01

Function 05B4302C Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2beeebfebd8609de73b809bb6a239768134ffe7e6b57965f704e436d33138ae5
Instruction ID: eabf079ffe8ebe2990b4c43673637ce1611676a659d9ff5c09725b3cadd90a28
Opcode Fuzzy Hash: 2beeebfebd8609de73b809bb6a239768134ffe7e6b57965f704e436d33138ae5
Instruction Fuzzy Hash: 97110674D01219DFCB28DFA4E998A9DBBB6FF48301F0040A9E50AA7750DB386E84CF55

Function 07068B19 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c1f23797835c6dfe0e79efaaff946836b556e9c65d7b417dbdd3382cb97844c
Instruction ID: ff649f891141ca9e625b28cc94d5ed2dbfe33e03ac7c94a90e7f12309f15bef6
Opcode Fuzzy Hash: 7c1f23797835c6dfe0e79efaaff946836b556e9c65d7b417dbdd3382cb97844c
Instruction Fuzzy Hash: 2EF028F1204706CBDB24C625C4647A6BBE8EF09224F04C76DD08A836D1EB75F842C780

Function 07066889 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 884aadb7a4ed77ec5a73859bf41cfe4688f1e994c084cbf45811881a0c081536
Instruction ID: 8560703e718b76c66b18b4048775dc1dbe50f8a603ca18d3183cdf6f74ca1029
Opcode Fuzzy Hash: 884aadb7a4ed77ec5a73859bf41cfe4688f1e994c084cbf45811881a0c081536
Instruction Fuzzy Hash: F5F02871504254EFD705DBB4D414B5D3BAAFF89300F0486A8D4059B2B2DF32CE50D791

Function 05B5FDA0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 574b468e27d226a72e321b3e6c0bc5c91abb3021fa158c1b8dda3174b4bfe0ce
Instruction ID: dc7d6158f8a55e6f06b29c6768f6ec1ec69d6b3cfb8c1e1497bb1388724b7ba4
Opcode Fuzzy Hash: 574b468e27d226a72e321b3e6c0bc5c91abb3021fa158c1b8dda3174b4bfe0ce
Instruction Fuzzy Hash: 23F03671B101189B8F59A6A958546BEBBBEDBC8520B1000B9DA05A7380DA319F12C7D6

Function 05B47086 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d7a871c1562e8f717b38aaa9fc0fc93fd8dc07ee9c2ed4bf115bebb632c2304
Instruction ID: 7f6fa955bed1839b5e5babcd9821f80214d495a41a3cc15570973738e99a31da
Opcode Fuzzy Hash: 1d7a871c1562e8f717b38aaa9fc0fc93fd8dc07ee9c2ed4bf115bebb632c2304
Instruction Fuzzy Hash: A311EC38901118CFCB25DF65DA99ADDBBB6FB49301F1440A4D50AA3750DB34AE89CF41

Function 07068B28 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30e9c32d341171aa32223b574ae0c3ecea382a8491c8f17691ea2524a928b29d
Instruction ID: d8d4f4a34f5b4a830088e7c00a3a8f6a1af051abc61498bd3ae52569dc7fe68c
Opcode Fuzzy Hash: 30e9c32d341171aa32223b574ae0c3ecea382a8491c8f17691ea2524a928b29d
Instruction Fuzzy Hash: 24F0FCF1300705DBD728CA15C46476ABBE9EF44324F04D76DD50A876E0EB75E882C790

Function 059CE848 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd629b0e5b8cb9a44857a67bab98df1d818e1eb056cb3d34675d90f7a28b071
Instruction ID: cba92da945fa70f1eb6c2ecd7179fcf8d2fbe477192e126dd0533b00de04e524
Opcode Fuzzy Hash: 7bd629b0e5b8cb9a44857a67bab98df1d818e1eb056cb3d34675d90f7a28b071
Instruction Fuzzy Hash: E701A232A1060E9BCF10AEA5CC444D9FB76FFD9304B00862AE00527110E770A595CB90

Function 059CD064 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6adcad3aa9c12e53186e4cd5f55fd331498ce4a52c94e56cd83aefb2928a015e
Instruction ID: 178cef69c97e8700b19dc9af9b55822a429d4d55f56e1697af7a2be8912903ef
Opcode Fuzzy Hash: 6adcad3aa9c12e53186e4cd5f55fd331498ce4a52c94e56cd83aefb2928a015e
Instruction Fuzzy Hash: 6EF0F671B0025997E709AB68C4246AE7AA3EFC4700F100C6DD502A7780DEB66D064BDA

Function 0706EAA9 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c94491cfd95f791037f309a575e608b35f38a98b7207e58e9c4d9748696759b
Instruction ID: 362b28da14875550f20bf95252f07371121ebed12628fcc35c1b88f6e7cc1034
Opcode Fuzzy Hash: 3c94491cfd95f791037f309a575e608b35f38a98b7207e58e9c4d9748696759b
Instruction Fuzzy Hash: 7A014FB4D01309CFC704DF64D5595AEFBF1BF05200F109569D815A7341DB759902CF91

Function 070620B0 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb3e5c25d70a7935574caf3bf347e792a86f9a3b8653b55b45f453f15f0ac2c7
Instruction ID: ba83b322a8c0328b913bbad9899b0d7e82b027da92adbce3f53aa71a4859f9d4
Opcode Fuzzy Hash: bb3e5c25d70a7935574caf3bf347e792a86f9a3b8653b55b45f453f15f0ac2c7
Instruction Fuzzy Hash: 3EF0FAB03142098BC3209739DCA8B6A3BEAFBC1210F0405AED345CB251DFB0AC41C392

Function 070620C0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f3bac82adfb7384c069ec8fb65990b1dfa749d7f05d1d6a4e0851e7f729eedf
Instruction ID: 013d260bb65d9c0f7eb5db4c3807d2695e9d3bd448e130cd15bdc743eb96f866
Opcode Fuzzy Hash: 3f3bac82adfb7384c069ec8fb65990b1dfa749d7f05d1d6a4e0851e7f729eedf
Instruction Fuzzy Hash: 1CF0BE70700209CFC324A63EC968B6E7BFABBC0610F044069D309CB350DEB1AC41C3A2

Function 059CBF62 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 925a4926047f4d79dee393e63ead930d96d2305519876bdbf7190d88e96754fa
Instruction ID: a721651d3f8f1f6f48501bbc6d982a394f2fc293893128a531cb22a4d3c7a855
Opcode Fuzzy Hash: 925a4926047f4d79dee393e63ead930d96d2305519876bdbf7190d88e96754fa
Instruction Fuzzy Hash: 55F0E931B045149FD708AA6AD404A1E3BDFEFC8614700406FE405C7351DE35EC028F95

Function 059CDCCF Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9050f61542b173240da1959b793c697fab724687ede02e33f3caf825401d05ce
Instruction ID: 54a920504327aaac3604115cce67551bff699639ddeb1b44bad7e4f5c2fdc36a
Opcode Fuzzy Hash: 9050f61542b173240da1959b793c697fab724687ede02e33f3caf825401d05ce
Instruction Fuzzy Hash: A5F0E971F0025997D709BF68D0246AE7BB3EFC8700F10086DD502AB780DEB55D064BD6

Function 059CD044 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1596cf454104719b9fc265328e51e4dbc7def1078b6b3299bf41470cb5ef000d
Instruction ID: 4563f59e6f537ac9487df78daf5e9216cadf31684def345d17e886dd2020fcbd
Opcode Fuzzy Hash: 1596cf454104719b9fc265328e51e4dbc7def1078b6b3299bf41470cb5ef000d
Instruction Fuzzy Hash: B9F0273020E390CFD30ADF389850422BFB1EA8230034489FFD549CB3A2CA39D846CB62

Function 05B42B6D Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 217e2a2457c8160785ac681354b8c83bddaa215e52e5930b6ea6288ac9eebf1a
Instruction ID: 0a1970812cd1c568b9725ff8144b6401e9c19f9b059fb58e812c8b3457358a14
Opcode Fuzzy Hash: 217e2a2457c8160785ac681354b8c83bddaa215e52e5930b6ea6288ac9eebf1a
Instruction Fuzzy Hash: 1201E574A015688FDB38DF25D9989AEB777EB4A201F0050D9C60AB3744DF346E82CF96

Function 0706EAB8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 216d113292aa32e5d9861904731395177870f59e9e63c637640be08674e214f0
Instruction ID: 8128f4dbe4daff292d70aff5ea637359cc9bc52886c0fccee02e3ec8292428ff
Opcode Fuzzy Hash: 216d113292aa32e5d9861904731395177870f59e9e63c637640be08674e214f0
Instruction Fuzzy Hash: CB01B6B4D0120ACFCB14EF68C5589AEBBF1BF48200F509569D815AB350DB799A02CF91

Function 070670F2 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acb0125608abcdeca018eb3a1820d011cab5d07428afea2ecfea9587478f310a
Instruction ID: 03eb3b304c456c3f794ef2c1e5422c17cfabab15d36bac13f17f3254b9b0af77
Opcode Fuzzy Hash: acb0125608abcdeca018eb3a1820d011cab5d07428afea2ecfea9587478f310a
Instruction Fuzzy Hash: E2011D75600216CFCB14DF68C884A99B7F1FF48314F1081A9E155AB361CB34AC42CF60

Function 059CBF70 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbc437d8b3bb50ede412e68d48af46ea6a66b731ba2ea3931b6fbb2ee9a9b0b0
Instruction ID: 1eecea2c3fc9d38f6710547888746b6870a53453cbd1cdad63374f516c79a5f7
Opcode Fuzzy Hash: cbc437d8b3bb50ede412e68d48af46ea6a66b731ba2ea3931b6fbb2ee9a9b0b0
Instruction Fuzzy Hash: 35E06535B105245F4B18AB6AD454A2E7BEFEFC8A51340405FE409C7361DF35ED028F95

Function 0706C340 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867d4cead3fe8bdfdd7fa7d9ea86f96e7053a63bd4a04b7e7e345d2acf3b27f2
Instruction ID: 9e8292ca4d4bf858146d36428937b844ff6217decef44e7f33a9692177dba04a
Opcode Fuzzy Hash: 867d4cead3fe8bdfdd7fa7d9ea86f96e7053a63bd4a04b7e7e345d2acf3b27f2
Instruction Fuzzy Hash: 17E0D87A30011443CA50D25FB414AEEB7DAC7C96B67080036E64CC3640EA54A80A42B4

Function 05B532A4 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7e657385c3ef9baff06f1b5262d94378e1c4a9b03edc454806e88159f4b4cf9
Instruction ID: 0b19c2a4e0a8ec3f1c3b54615c7a27b33e83cb24a6d2543625f1bf3779fd77d5
Opcode Fuzzy Hash: f7e657385c3ef9baff06f1b5262d94378e1c4a9b03edc454806e88159f4b4cf9
Instruction Fuzzy Hash: 10012570C1065ACEDB24DF24C9546AAB7B1FF99300F0086A9D00877651EB70AEC4CF41

Function 05B52603 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e5bc3914ea05a03ed82c5a913d3267700f152b46e81e1294ed7fb1c484280a
Instruction ID: 5d26d4bcb628ce571f432bafe6760b44f5075aecbf5523344287ffcba3012576
Opcode Fuzzy Hash: 59e5bc3914ea05a03ed82c5a913d3267700f152b46e81e1294ed7fb1c484280a
Instruction Fuzzy Hash: 19F0E73898111ACFCB28DBA5D998AAABBB6FF49201F0080E6C50B67652DB316D41CE55

Function 05B51546 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 539fff79e3b94e6f19b4ffda1c7d178a160cf21824b561e9260356a762ec72e6
Instruction ID: b148f8fd25bb93f2b455590c6de9afe24abf5c6ce07de11f0da23c02ccd053fd
Opcode Fuzzy Hash: 539fff79e3b94e6f19b4ffda1c7d178a160cf21824b561e9260356a762ec72e6
Instruction Fuzzy Hash: 8A01F678A4111ACFDB24CF24D894AE9B7B5FB48340F4040E5D80AA3790DB34AE81CF52

Function 05B4F41E Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7994c44979b781574735abaaedb39216226f4bde09ae838813676dd045815fbf
Instruction ID: 43153aa2f2d04bd4da7e88ed52b28cf7f6ec017281f939fcc3596c576c31fc6b
Opcode Fuzzy Hash: 7994c44979b781574735abaaedb39216226f4bde09ae838813676dd045815fbf
Instruction Fuzzy Hash: 2C014378945128CFDB68DF25D99A9D9B7B5FB49301F0041E9D40EA3391DB349E80CF54

Function 05B52671 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4495fb80fb97ca4800760943bd7ffbd336b15ef14f2eae73f2e3c43ab1613619
Instruction ID: 72551535b6c051e93a8281035fa70ed7651b383aea286308d47394f3e1f059c7
Opcode Fuzzy Hash: 4495fb80fb97ca4800760943bd7ffbd336b15ef14f2eae73f2e3c43ab1613619
Instruction Fuzzy Hash: 28F0EC34981016CFCB28EB54D998AA9BBB2FF49205F0080E6C50BA7752CB316D41CF55

Function 070674EC Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 558056074136fa82f58c86727b1a0a7876e52c2ebfa140393a43f907b64a2fc5
Instruction ID: 6cb4c40ce10658474523a02823e9ed611c25e8818be86774460a10abca9b070e
Opcode Fuzzy Hash: 558056074136fa82f58c86727b1a0a7876e52c2ebfa140393a43f907b64a2fc5
Instruction Fuzzy Hash: FEE026313040109F8208666EA8A88BEBBCAEBCA220B80407DF10DE3311CD51DC0243A5

Function 07068B91 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f340dd6c16eabd8a1e657657e8cee7d809379da9db5b8a6628d0e70072761a79
Instruction ID: ff39fdab34d6d601105bb48d4727a268bca77fe1409cd83e044adbe92a9b696d
Opcode Fuzzy Hash: f340dd6c16eabd8a1e657657e8cee7d809379da9db5b8a6628d0e70072761a79
Instruction Fuzzy Hash: 15E0D8313081105BC204936EA454A9EBBDAEBCE520B4441BEE14CD3312DF51DC0543A1

Function 059CF0F8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6997e68429997a3e03f99186904706dda019c2fbeeb00d48da2b56cfaad77ff9
Instruction ID: 0f970b118152833c3a82b6cfdcb3b7222885d6a76ba64ed329363597f5f306ea
Opcode Fuzzy Hash: 6997e68429997a3e03f99186904706dda019c2fbeeb00d48da2b56cfaad77ff9
Instruction Fuzzy Hash: 6DF0A032804A0A8BDB01BE78E9125DCBB70EF52201F04426AD9956B110FA2096699BD2

Function 0706DE31 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6134244238aaeeccc51377e04acb76b3afe23b579303a510a9853694d91d3e76
Instruction ID: 3797dd24a13e3ceec19c3199a7d293cad13e58f806fc5d75272500a5a65d293a
Opcode Fuzzy Hash: 6134244238aaeeccc51377e04acb76b3afe23b579303a510a9853694d91d3e76
Instruction Fuzzy Hash: 05F0E5313046608FC714DB6CE494FA53BE5AF8A201F1940EAF485C73B1CA20AC04DB60

Function 070676E4 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb0ef43f8bcaf1cc1c9e55d24329f79acf10dce49daa751ad93b79e7b9db0361
Instruction ID: b915f74a5bd1effca36d34433c43bde72d4661c9d67d9ffbe7a175c215b32699
Opcode Fuzzy Hash: bb0ef43f8bcaf1cc1c9e55d24329f79acf10dce49daa751ad93b79e7b9db0361
Instruction Fuzzy Hash: 25E09B74314550CFC7589B6DE4D8EB63BE5BF9A210F1445AAF546C73B1CA50EC04DB60

Function 059CFC20 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15fa7f60f350cb86ee653a3b1ad5cb433ac606d7a44e9b509fa0c8a7b8cb75d6
Instruction ID: 262a0a936999b6c6f43b37d18d860ef81d6f12dc88d245ee2771aac970b4f832
Opcode Fuzzy Hash: 15fa7f60f350cb86ee653a3b1ad5cb433ac606d7a44e9b509fa0c8a7b8cb75d6
Instruction Fuzzy Hash: 33E068B39D440586C305BA24C80A28D3FF5EF22300F2487A9D8AB2D2E0F12480A64681

Function 059C0121 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4763d4d054475ba359c4b6d1bc3bacc1cad7260cae10426ed4e917d02baeabd
Instruction ID: a5549b18b7282e8b131f177bab410b4011883cd1726be8819edff9e1f1141d5e
Opcode Fuzzy Hash: d4763d4d054475ba359c4b6d1bc3bacc1cad7260cae10426ed4e917d02baeabd
Instruction Fuzzy Hash: 57F06531805648DFC310EFA4D44579DBB74FF56300F50969DD40926221EB709AC1DB82

Function 05B4D86A Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b704c5eaf13b122450f93ab4478989cacd0f64317506dbfbdd4229ce6829207
Instruction ID: 84598d513fc2294ef18a7666cf53ba186c76b9f77df845d94cfbf80425b9f844
Opcode Fuzzy Hash: 2b704c5eaf13b122450f93ab4478989cacd0f64317506dbfbdd4229ce6829207
Instruction Fuzzy Hash: 22F0E734A04518CFDB69DF64D9A899DB7B6FB48302F0010E9D60AA7352CB31AE81CF49

Function 05B47A7C Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 986d20c3f847c07e4f6adfff057b953854fe1109cb83172040b2bcd054538237
Instruction ID: a9ce74b3032935fb0c7fdfc0bfaf70c4c1fe2f37f7c4bf1650618bdca4e7e5d8
Opcode Fuzzy Hash: 986d20c3f847c07e4f6adfff057b953854fe1109cb83172040b2bcd054538237
Instruction Fuzzy Hash: A4F0C434A00118CFDB29DF64E994ADEB7BAEB4D311F1040E8D64AA7391CB30AE91CF55

Function 059C0470 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 143b3ba463b412281d78c27f3d15a80201ce50b1bb396f078cb2982f9c21742d
Instruction ID: 58381a54c61cdf188834e93998179a1abd7e488e34143ec579cd322beadf5cbc
Opcode Fuzzy Hash: 143b3ba463b412281d78c27f3d15a80201ce50b1bb396f078cb2982f9c21742d
Instruction Fuzzy Hash: 1AF0E571809348DAC310EBA8D404BAD7BB8EB45200F0096DED44553163E7709A80D382

Function 059C0F77 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b19615a4591cf7c923fec2f1560532ff841de7a87f9409f64cf7db25ab1880d3
Instruction ID: bca0c7f8f2db6ae64fc5b9baafe69ede392eff65cdd31cd33dfdec52a1f5ddf5
Opcode Fuzzy Hash: b19615a4591cf7c923fec2f1560532ff841de7a87f9409f64cf7db25ab1880d3
Instruction Fuzzy Hash: D5F03975A05244DFC700DF68D888ADC7FF0EF09201F1000E99849973A2E6309F44CB52

Function 05B4D9A7 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ef67a6a4833ec7c90b5a3ef4364bf3d59a99e6a70a6fb3ac874922bdf718ba
Instruction ID: 42d1ac0929c5affc56fd7f707e9956ecb62a678a7b65ed109194daf5d3605b63
Opcode Fuzzy Hash: b0ef67a6a4833ec7c90b5a3ef4364bf3d59a99e6a70a6fb3ac874922bdf718ba
Instruction Fuzzy Hash: 55F06234902115CFCB24DF20DC98A9DB776FB49301F2041E5D40BA3254DB345E44CF40

Function 05B5B1D8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab87c094bece1298ceff269970a4419049c568fd88ee6be0885c80caf723800
Instruction ID: 3f136d86b91698987f1a60a3634ff00db609114f0e5ecabd8f5358af754d2d20
Opcode Fuzzy Hash: 6ab87c094bece1298ceff269970a4419049c568fd88ee6be0885c80caf723800
Instruction Fuzzy Hash: 5DE06D35A001199FCB14EAADD8086DEBBF4FB84321F00456AD95AE3340D734AA19CBD4

Function 0706DDF0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60035252017654d565b0fcaff2a1e551585cc10e31a873e0604f7ebf35ba4870
Instruction ID: c6329226ebe170eee10ec7c1128ab8bcdf11866e1c3c4dd6b0ee49a03afbcdbe
Opcode Fuzzy Hash: 60035252017654d565b0fcaff2a1e551585cc10e31a873e0604f7ebf35ba4870
Instruction Fuzzy Hash: 88E0DFB5A08208DBCB18AFA4DC153AC7BF5EB86309F1046E8E81023360C730AA74DA91

Function 05B596D8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 718ea9ac2c09cc52fa0d7912a355d5cbdbb0456fb7b9bc1f98081478a6cc7ee8
Instruction ID: d717029cfacfa02833e90fedebfcbdcf0742cbd489759c459836ef5b5bbde72f
Opcode Fuzzy Hash: 718ea9ac2c09cc52fa0d7912a355d5cbdbb0456fb7b9bc1f98081478a6cc7ee8
Instruction Fuzzy Hash: 66E05E2079822433FE0831AA5821BAF608F4BC8F16F10816FE5069B7CACDE66C4247E5

Function 05B413C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cac0691a4011ec02b99e9493dde02573c97feb34d40b8319381fdc6d2117b5db
Instruction ID: 705221c333264d133bb94c870103a650aeae425330293e70bb59a408661f240c
Opcode Fuzzy Hash: cac0691a4011ec02b99e9493dde02573c97feb34d40b8319381fdc6d2117b5db
Instruction Fuzzy Hash: 03F0F9349050188BDB28DF34E99899EB776BB48205F0001D9C20A73280CB316E41CF51

Function 05B4C2CB Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5dd29ebdf5a8f1ca89b7d89856db2b39cc7c4ddcc8edc85b745b7eff14ea3d1
Instruction ID: f777d5b8fa8732b3fa8465147b35f83c50f1dafdaa4a9aa3b5311686b19f9b95
Opcode Fuzzy Hash: b5dd29ebdf5a8f1ca89b7d89856db2b39cc7c4ddcc8edc85b745b7eff14ea3d1
Instruction Fuzzy Hash: 63F0BD74A15128CFDB26DF64D894A9DB777FB48201F1042D9C50AB3280CB386F41CF55

Function 07069BB0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d082bd4396ddbaf8920f0d4cbaaf663cba0f42a6135da8de32868c6878c91ca0
Instruction ID: 7b0df8372e56bf81d1903115b8f5f42a3ab466f456e56459b0e9dd40c14cbb17
Opcode Fuzzy Hash: d082bd4396ddbaf8920f0d4cbaaf663cba0f42a6135da8de32868c6878c91ca0
Instruction Fuzzy Hash: D5E0D8B185C2589BC704CBB4E55476C7FB4AB47311F1052DDD88453362C7706F44DB82

Function 07068AD8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fae2579ff97be0c824f76cadf3d2a08c3801b8ff5a94fc8a6938f5df067219c
Instruction ID: 918ef6bb07a930468306c290d712322bccfb2469f20eb6707cad02ac42716e59
Opcode Fuzzy Hash: 7fae2579ff97be0c824f76cadf3d2a08c3801b8ff5a94fc8a6938f5df067219c
Instruction Fuzzy Hash: C9E0DFB080A358EBC705DFA0F4147AEBB74E74A201F0082A9C88423282CB715E44C7C1

Function 059CD828 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b305bf6ef54fc569879a4f97d2d5bc211351e191693d9f9e5fd35a5ae81676c
Instruction ID: 9ddf5e81fe65369eab34bafab47a9d19e705ea6341d346012e1bd44da6de3705
Opcode Fuzzy Hash: 4b305bf6ef54fc569879a4f97d2d5bc211351e191693d9f9e5fd35a5ae81676c
Instruction Fuzzy Hash: BCE02672B842848BC309F668E866BA8BB61EB80250F010078C1049B358FE2CA90F43D2

Function 07067E79 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2abd87011c6174a8f4bccd487f32f02c57a43ad377c350f4b07c1a3a58f5e046
Instruction ID: 69e63562fad29eb2c091cbd591f9e0d332700ad02873aba5a8e0092cf1be4f33
Opcode Fuzzy Hash: 2abd87011c6174a8f4bccd487f32f02c57a43ad377c350f4b07c1a3a58f5e046
Instruction Fuzzy Hash: 3EE086B194A208DBD708DFA4A4593DC7B74FB46308F2063ADD40423351C7784E45CB81

Function 059C1DA7 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a080322cd9cb62de2f18dafebad3b64eb88f40f4682006cc129d6471672402a8
Instruction ID: 43f503e66d1446368bf80ed6afb5b653de5e0b142cce1a44a5f6f3e99f9b230b
Opcode Fuzzy Hash: a080322cd9cb62de2f18dafebad3b64eb88f40f4682006cc129d6471672402a8
Instruction Fuzzy Hash: A9E04F30C19208DFEB04DFA4D4453987FB5FB4A301F2046E8D80967351D7325E95D795

Function 059C04C9 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45aeb0ec4569da2538322dff1850f31694a3f41c78d85f03176326f06ffa513a
Instruction ID: 5f94fe72c785e3b793ad516e3ef9bb901a1e8e266e991e8de4904d0b9c8f65a2
Opcode Fuzzy Hash: 45aeb0ec4569da2538322dff1850f31694a3f41c78d85f03176326f06ffa513a
Instruction Fuzzy Hash: EFE09A76805208EFDB20DFA4E44878CBFB6FB09300F0482A9EC5852260E3314A92DB81

Function 059CFC30 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed336c41348baaf23530c2a38b85a266bf1c3efd71b4092be0900a07d9909041
Instruction ID: 5597c838f5a6e43dd92174717081694983f8a806a3827f3d304b7e914817f98c
Opcode Fuzzy Hash: ed336c41348baaf23530c2a38b85a266bf1c3efd71b4092be0900a07d9909041
Instruction Fuzzy Hash: 71E026B1AD850D6AC706BF54D4080D83FB9EB01340BA0859AD84B2C2A8F63090A19AC6

Function 059C0130 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fc78a7f491e4f72aa4db3f783d2473c89ba3b76fcf148a6bfda9d2ca70fd6f1
Instruction ID: 4ca58709ab73f0492436b6a61384c61d8a3e3c20f65f1317395f33a4796d1405
Opcode Fuzzy Hash: 3fc78a7f491e4f72aa4db3f783d2473c89ba3b76fcf148a6bfda9d2ca70fd6f1
Instruction Fuzzy Hash: 2FE04F3180974DDAC700EFB8C504AADB7B8FF82300F409B9ED44927221EB719AC0DB92

Function 059CA230 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11f1c0dcc36f5c1ddb631035b5d77cbce598ec7da7dbaca326534c412c481505
Instruction ID: 507a3a236c7d3195307bc4691f49637375cc6089007bdd4339a966da2d58b7ce
Opcode Fuzzy Hash: 11f1c0dcc36f5c1ddb631035b5d77cbce598ec7da7dbaca326534c412c481505
Instruction Fuzzy Hash: 70E0C274E04208EFCB44DFA8E544A9DBBF4FB88300F1081E9D819A3364D631AA40CF51

Function 059CA22F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 874d4ae15b985a80b21c1f9f18d9bc5091062305f2f670cb213b3ec0c5149de5
Instruction ID: 920441d10a8538b565d8e44fde5ba7cefb1980997f5f67bdb5c8d9ea95bd7adb
Opcode Fuzzy Hash: 874d4ae15b985a80b21c1f9f18d9bc5091062305f2f670cb213b3ec0c5149de5
Instruction Fuzzy Hash: 9CE0C274E04208EFCB44DFA8E584A9CBBF4FB88300F1081E9D819A7364D6319A40CF41

Function 0706CEC0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d20d8af34eb1b5c5463a16fd64d4e73721867bba30f35bcdd20c83b2b54f3b
Instruction ID: 79024683af6fde38f47da1d3e2b9ae140ee6ce95713782749184bcda5239ccf6
Opcode Fuzzy Hash: f1d20d8af34eb1b5c5463a16fd64d4e73721867bba30f35bcdd20c83b2b54f3b
Instruction Fuzzy Hash: 22E0DFB880A288CBDB08DFA0A8183ED7F70EB47209F0002ECC84426251D7741B45D742

Function 059C0480 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f3ab7dde3519039b407c19b40d9e6abdcd16a7afbb5ee2de366a377bc7fe840
Instruction ID: a41dcfa1261b1857359bdd6e9f387d5ca65df21830ea0b0302cc85c1314b2a11
Opcode Fuzzy Hash: 1f3ab7dde3519039b407c19b40d9e6abdcd16a7afbb5ee2de366a377bc7fe840
Instruction Fuzzy Hash: EDE0483180970CDAC700EFA8C404A5DBBFCEB45300F1096DDD44557261FB709AD0D781

Function 059CCCF1 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 407ce5b5a11c8f01634ef3c35cf2d3f552a9d45f17451a0093fedff69ce2a5da
Instruction ID: a661febb8989dff61f37f4b7d4218259ca2e7ec314682b71a1be66d63490a13d
Opcode Fuzzy Hash: 407ce5b5a11c8f01634ef3c35cf2d3f552a9d45f17451a0093fedff69ce2a5da
Instruction Fuzzy Hash: 6FE04F7084D254DBD7059FA4E4013A87F75EF43305F1009EED85D16251DB354E90DB81

Function 059CD878 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ce95964964a3efb2b27d3a770478288b6aab0e795255780c4f199d193db0fde
Instruction ID: ca4c36cb4e71233a04e33cd0e41ead0973eb890c996b42ff468edb0ceb348988
Opcode Fuzzy Hash: 2ce95964964a3efb2b27d3a770478288b6aab0e795255780c4f199d193db0fde
Instruction Fuzzy Hash: FFE02672A06300CFC315DF24C801A257BA2AF4030174884FEC00D8B3B2CB37E882CB82

Function 0706CF00 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a081501b88b82ac23c93f092a483f876d5289b642ba86a288e5bc76f2b63c49
Instruction ID: 2b0fae08057a3c107aed2cbf357f9edab8cf4006356f40cd3cc5891094022bd4
Opcode Fuzzy Hash: 1a081501b88b82ac23c93f092a483f876d5289b642ba86a288e5bc76f2b63c49
Instruction Fuzzy Hash: E6E07DB4147240CBD315CB20C0583AB3BB0EF42108F0423CCC08407261C371AE41E610

Function 059C0F88 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c021aa6b3b1d4c900814c19cc8248b82c82249f73b471fa4d7f30ee60eb98f2
Instruction ID: c97c8c239160d76873c8cc59d7b7ffaf0e50703fc2e786c8dd6e7732fcf735a5
Opcode Fuzzy Hash: 4c021aa6b3b1d4c900814c19cc8248b82c82249f73b471fa4d7f30ee60eb98f2
Instruction Fuzzy Hash: 0CE09A74914248DFC744DFA8D549A9D7BF4BB48205F1045E9984997361D670AB80CB52

Function 05B50740 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c9f9cfe97ca5a79072516ad4af25ef3e47f0ee50dc40a70cca17a693f5b697
Instruction ID: 59de7373d24a8bb478fd0ec598b3f62ae770ecfbfcc7738b8c2c3f466557a9ad
Opcode Fuzzy Hash: c1c9f9cfe97ca5a79072516ad4af25ef3e47f0ee50dc40a70cca17a693f5b697
Instruction Fuzzy Hash: 4EF07438901629CFDB29DF21CD699A9B7B2FB49202F0044E9D80AA3650EB745E85DF15

Function 0706C33B Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c9096f1a7345d5bfac2250cec701fb6424c4b31dab0bc87a2c369ec3c90902a
Instruction ID: 6c8fc206a6c1cdc91cdd7027b5f2099cd4fdd14398f8922d4412c15ca733f159
Opcode Fuzzy Hash: 1c9096f1a7345d5bfac2250cec701fb6424c4b31dab0bc87a2c369ec3c90902a
Instruction Fuzzy Hash: 01D0C97A700665676A14A16F681557B7ACFD6C9AA57084036AA09D3340EEA4EC0242B4

Function 07069BC0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99b3253f5d7dde8ea728aa0d26973439314d208c3d9a5972da94ef47752707c8
Instruction ID: 983b84525f6916b1e7e4033fc026da9626d08ff5902eff184ed938c24df5fbe5
Opcode Fuzzy Hash: 99b3253f5d7dde8ea728aa0d26973439314d208c3d9a5972da94ef47752707c8
Instruction Fuzzy Hash: A9E08CB0818218DFC704DFA4E518A6CBBB4AF4A311F1052D9E84827361C730AE44DB40

Function 059C04D8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 653d2308afba96ce211a2200042c8e2f424ccfd89a66740b72995b92a043a6b5
Instruction ID: eecbaa1fca91c8102a3199baa329087f22b54ef6c01f97761cf1c6aa648f3d17
Opcode Fuzzy Hash: 653d2308afba96ce211a2200042c8e2f424ccfd89a66740b72995b92a043a6b5
Instruction Fuzzy Hash: 91E08C3590420CEBCB20DF94E808A9DBFB9FB08300F1092A5EC0452220E7315A91DB82

Function 059CCC67 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cef6db53dbfd49bb30c5e511b608698fed232ade91ab86ad8374f6a5cd7fa41a
Instruction ID: 81101d2f9dede3f4fbf41d672f86d065c477efc85e9252677f4fba2204d6ac0a
Opcode Fuzzy Hash: cef6db53dbfd49bb30c5e511b608698fed232ade91ab86ad8374f6a5cd7fa41a
Instruction Fuzzy Hash: D3E01770889209DBD300CFA8E884BAA7BB8FB07649F0009A9941D97221DB759E56CB81

Function 05B58D10 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 453d6f08ee4440831cce63b56fb8798e9f7e035a7db93ca00afc21ab36b44ed6
Instruction ID: a0c41d7533f067112e2a84dc7a9e14bb960a0a89b66802c24fe559663e522169
Opcode Fuzzy Hash: 453d6f08ee4440831cce63b56fb8798e9f7e035a7db93ca00afc21ab36b44ed6
Instruction Fuzzy Hash: A3E0B674A48208EFC708DBA4E545AA97BB4FB45311F2051E8E9096B360D7706E40DB81

Function 05B57FA0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa7295612af84a53e6f16856a012960ae72d7db0831a7eb4ef8e719f81f21826
Instruction ID: 29091a3f4e7cbbbd9b89f2d48c1f11666e32bc08defeb54b88b587666f9fbd89
Opcode Fuzzy Hash: fa7295612af84a53e6f16856a012960ae72d7db0831a7eb4ef8e719f81f21826
Instruction Fuzzy Hash: 93E01234A48249DFC704DFA4D444BADBBB5FB45311F1041E8E90D67361DB706E41DB91

Function 05B58650 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5ffab76f6f04e952e2fc242c84e1f14bbfebf7a99a5fddd20f55e50d835d351
Instruction ID: 1552ee47a47559b0fe97d6a2c3f03f0dd0555ae8fd69bba4f48af717af2895b8
Opcode Fuzzy Hash: c5ffab76f6f04e952e2fc242c84e1f14bbfebf7a99a5fddd20f55e50d835d351
Instruction Fuzzy Hash: CCE0EC34948248DFC708DFA4D444FADBBB4FB46311F2042E8E81967361D771AE45DB81

Function 05B579D8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58adec1007c400a26f147e7684a5642798a45f74fc9da9a1e8904e121591f623
Instruction ID: fed55cf065c2929089c7f8f136e33dc26da33a9b72152c64ad393db0b8551ea5
Opcode Fuzzy Hash: 58adec1007c400a26f147e7684a5642798a45f74fc9da9a1e8904e121591f623
Instruction Fuzzy Hash: 9AE0EC34A48248EFC708DFA8D545BADBBB8FB46311F1042E8D90967361DB70AE80DB91

Function 05B428C1 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc17bef29812960634392b87d28944602c69aabd388863eaa0f376a6e021be73
Instruction ID: ebd52bb26a62fb4fa9fdd48f3f162943079a0d78d1d1fc6108118911e4687a48
Opcode Fuzzy Hash: dc17bef29812960634392b87d28944602c69aabd388863eaa0f376a6e021be73
Instruction Fuzzy Hash: D6F09E74906158CFCB65CF55EA99A9DB775FF4C301F0010E9D40AA3251DB346E84CF51

Function 05B59860 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01761886fd1d580108347abc96f34aa50cd4fe135add9964d283f4a185b900ba
Instruction ID: 576357d0226a5f046e06a11008a3b1ee9d8a499627702df31aec3d83548ef0bb
Opcode Fuzzy Hash: 01761886fd1d580108347abc96f34aa50cd4fe135add9964d283f4a185b900ba
Instruction Fuzzy Hash: 3BE0EC34948208DFC704DFA4D549BADBBB5FB46351F1041E8D80967361C771AE40DB81

Function 05B5F260 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76c8f060f59bda48e6047b1e6cec470dadeb65cb9498edf6538ed586d69f8dae
Instruction ID: 501b0f2be6470dae3082e64d660398f1a33b252a3e764aa3d786c4bf61b96a2a
Opcode Fuzzy Hash: 76c8f060f59bda48e6047b1e6cec470dadeb65cb9498edf6538ed586d69f8dae
Instruction Fuzzy Hash: F9E08630A04209EFCB40EFE4E9418AD7BB5FB883107204559D80593314FB326F05EB51

Function 0706DE00 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9efe2bfef29cb8e1d4cc9ae990b7469eb5786f24315f868b520fea6c4cf0b4c
Instruction ID: d39818d22556e6e4b501b2c5638036b88c206a3f134e15154036aae5031aedf9
Opcode Fuzzy Hash: b9efe2bfef29cb8e1d4cc9ae990b7469eb5786f24315f868b520fea6c4cf0b4c
Instruction Fuzzy Hash: 6DD05BB4A4D258DBCB08AFB498146BC7FB4FB42309F5056E9D41423354C7715E54DB51

Function 07067E88 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d89c394efc5df1493049cf6224e613b06666a3a88fff3611da9f7970c983b78f
Instruction ID: fe0329a23d1b1517cd55e014ece18ff1854964a48f0b7235f8fd736a2982e033
Opcode Fuzzy Hash: d89c394efc5df1493049cf6224e613b06666a3a88fff3611da9f7970c983b78f
Instruction Fuzzy Hash: 0AD05BB4809208DBC714DFB4D4186AD7BBCFB85309F5053ACD40423350C7715E84D791

Function 0706CED0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf85b321e3a31ebc4347b787f0edca2cceeb848c84b72b730a49b3f806af106e
Instruction ID: d2316d8b2ef12dc004654aba13cfe2b6ad5493b0e9faf00fde9c2157913bef02
Opcode Fuzzy Hash: bf85b321e3a31ebc4347b787f0edca2cceeb848c84b72b730a49b3f806af106e
Instruction Fuzzy Hash: 3ED012B4849208DBD704DBA4D4186AD7BB5EB45309F5057A8D44423254C7716A40D791

Function 07066D70 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f093eca3795ec12a6bba0af3dc88e0e96f388318c9c8945f04c5b1ab7e23a2d
Instruction ID: 17bfaf00e93010bba0a32bd064db7d0773e2b9e20a85320319b6a979a7dac4b4
Opcode Fuzzy Hash: 0f093eca3795ec12a6bba0af3dc88e0e96f388318c9c8945f04c5b1ab7e23a2d
Instruction Fuzzy Hash: 90D05EB0C0A259DBC704AFB4A8186ADBBF8AB42305F5046EDD81427390C7725EA0DB91

Function 07068AE8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f7dbd13f1c769e0d4c83be3a45e9c6bedafb5cfeea16ae4e241339e49c299fe
Instruction ID: 24ac5cc18030c35c3bad58b66bf35e899b5357d7dea50e9e911eaa31c7a15172
Opcode Fuzzy Hash: 0f7dbd13f1c769e0d4c83be3a45e9c6bedafb5cfeea16ae4e241339e49c299fe
Instruction Fuzzy Hash: 1DE05EB0C09308DBC704DFB4E4496AEBBB8FB4A302F5092ACD80923390CB715E84DB95

Function 059C1DB8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8ca9b1afb1663767f9f13014d2631a54892193719da2cc5058049d6c40b3710
Instruction ID: de0d67772d23aec7ff4201d6acbd03efc3d5655a01f9650ad9cd1545377c4a0b
Opcode Fuzzy Hash: e8ca9b1afb1663767f9f13014d2631a54892193719da2cc5058049d6c40b3710
Instruction Fuzzy Hash: 37E01730819208EBD704EFA4E4057ADBFB9FB46302F5046ECD80A23255CB725E94EB96

Function 059CCD00 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daaa40cd06830aebaa23296d10ab3f1d3d7bb5ce24f5a2743152363e8e29790f
Instruction ID: cf5ab495fecd6c91c258799e888239aef4973be7372c4a209648986f2879d295
Opcode Fuzzy Hash: daaa40cd06830aebaa23296d10ab3f1d3d7bb5ce24f5a2743152363e8e29790f
Instruction Fuzzy Hash: 89D05E7184D258DBDB05EFB4A4016ACBFB9BB42301F6046EED81D23395DB715E80DB92

Function 059C7790 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction ID: fef3eb8c69b38aff5bed5fbb630b3b4bad2a6b61d3313b67eaa2f5283814b112
Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
Instruction Fuzzy Hash: F3C08C3320C1282BA22890CF7C80EB3BF8DD3C22B5A2502BFF61CC72009842AC8045F6

Function 059CAFB0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c775222f03fc902d60dd9683508627898159228f5bcf9dc849fc85b59330e5d
Instruction ID: 3f0a07fa5bd5552cffb82ee26e6ba88423cc20d442f1ce1ca217449738f8d238
Opcode Fuzzy Hash: 8c775222f03fc902d60dd9683508627898159228f5bcf9dc849fc85b59330e5d
Instruction Fuzzy Hash: B4D05E7490A20CDBC724EFA4E4046ADBBB9FB41305F5046ECD80523350C7756E80DB92

Function 059CAFAF Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aa5048e57380568f0d0e118d4aad48f75ae1373a18a26231ca9a9ad9313c464
Instruction ID: cc5f472104a6da917d8c982fb6363cc61a7d731a61d20cdc7f615be5d46ac76e
Opcode Fuzzy Hash: 7aa5048e57380568f0d0e118d4aad48f75ae1373a18a26231ca9a9ad9313c464
Instruction Fuzzy Hash: DBD05E7490A20CDBC724EFA0E4446ACBF79FB41305F1046ECD80927350C7755E81DB82

Function 0706EC4F Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f32c15b2c6866fe1b468eaec51c63a4343c7a42510d1286df1d59caaea5953e1
Instruction ID: 33d7871e1c3f5d679891898805ece5a7bba2f035ca762f982aca0623d56c1202
Opcode Fuzzy Hash: f32c15b2c6866fe1b468eaec51c63a4343c7a42510d1286df1d59caaea5953e1
Instruction Fuzzy Hash: 5CE01739B00218CFDF14DBA4D859AECB3B2FF88326F0481A9D1049B291CB75D942CF42

Function 059CC0A0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8f3e7475111dda9e61b80e7d32ac0de5c88d52f68e23c5a77279444b390f467
Instruction ID: f3e5eccbf5e4cabb349559f1ce275228107028e211114af75899f13d343c67e0
Opcode Fuzzy Hash: f8f3e7475111dda9e61b80e7d32ac0de5c88d52f68e23c5a77279444b390f467
Instruction Fuzzy Hash: 5CD0A72220D3A40BD7057778A42A35D7F995F85510F0400DFD40DC7651DBC91D41C7C3

Function 059C53D7 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2223a26dde32e7ecb2ff69245ca47b8039af90126b4c3aace11c6d0e962e570
Instruction ID: c8edff2405beedffdc796b1ffa2c4ce02b5a4c7825eba28cdafa97f09050421d
Opcode Fuzzy Hash: f2223a26dde32e7ecb2ff69245ca47b8039af90126b4c3aace11c6d0e962e570
Instruction Fuzzy Hash: 1CD0C2380543494BE706E3B0BC56B243F2AEBC0300F404728B10851166DFAC5589A691

Function 059CE260 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d981263c4084f365419478e1138a5df1f7fc69ba4dc6f9f6f9737fbd23c8e13
Instruction ID: 1c667e57f1d48247ab8c70f7e3fb7402dba3fcbb4a7e901672180343b859a694
Opcode Fuzzy Hash: 7d981263c4084f365419478e1138a5df1f7fc69ba4dc6f9f6f9737fbd23c8e13
Instruction Fuzzy Hash: A8D05E32600559EB8600BB959844C9BBF6DAFC9756B05C096E1085B2A0EA22A4118BD4

Function 05B46543 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29fbd516145868b548f53b80ab33c8b60fdbae44449afe0e459b367e2a387f0c
Instruction ID: c1361063d3228cc3d552a56ca17d058ce424870d7cea7989ffbdd1ab718777c7
Opcode Fuzzy Hash: 29fbd516145868b548f53b80ab33c8b60fdbae44449afe0e459b367e2a387f0c
Instruction Fuzzy Hash: 67E0C234A45119CFDB24DF55D898A98B7B6BB0A300F1044E9D50AA76A1CB35AD81CF46

Function 05B404E9 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f83815e86ba06641464d103a29e07339811c41e4b52de8393704c488302663e
Instruction ID: 53fadffb568458026cabe0d6c131b597febaaf6573f529129dbd0a8ed8ca9ccd
Opcode Fuzzy Hash: 8f83815e86ba06641464d103a29e07339811c41e4b52de8393704c488302663e
Instruction Fuzzy Hash: 0BE0ED34A01058DFCB25CF14D9D8ADDB7BABB88301F4004E5D50AA3394CB346E81CF56

Function 05B417EC Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf4cbe6650365e430738d145387edc19a6b04241ec090f34c16f561409e144d
Instruction ID: 353c5e41564601257e8670e286bddc07077fd32c1d8bfc825f6c90161c114d8d
Opcode Fuzzy Hash: fcf4cbe6650365e430738d145387edc19a6b04241ec090f34c16f561409e144d
Instruction Fuzzy Hash: 1AE0E534A01119CFCB24CF24DD95AAEB7B6FB49300F4040E5D50AA3794CB34AE40CF52

Function 059C983D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc5ad97496cbe5d0db83b4ba374f5969ea178dc8b58476004faaadf7640628bf
Instruction ID: e2f4c67998eb53ad5a80eb255c31d763af86de1798c5214540ee60487cbe2dbb
Opcode Fuzzy Hash: bc5ad97496cbe5d0db83b4ba374f5969ea178dc8b58476004faaadf7640628bf
Instruction Fuzzy Hash: CAD0673AB101089FDB049F98E8549DDFBB6FB98221B048126F915A3260C7319965DB50

Function 05B5279C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 898f71a41d3c09907abb241dab1051ce101d9fe7767cf596bf21067897679e33
Instruction ID: 6ec011e701a7cb2c472af59f4b8657e3b062583ab4a73fe8dacc0cce351674a3
Opcode Fuzzy Hash: 898f71a41d3c09907abb241dab1051ce101d9fe7767cf596bf21067897679e33
Instruction Fuzzy Hash: F6F09274D05228CFCB65DF28D994699B7B2FB44201F1041E9C40EA2290DB386E80CF51

Function 07060DF3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 146fd0f45c02a4d77e5a9dac1a9f6b752c7c993cfd2ae8b416170b11a7db7ca3
Instruction ID: 460567e30d5ec657e44663409604b1aeca6a4d97fd564fc63c8a41c22876d0f8
Opcode Fuzzy Hash: 146fd0f45c02a4d77e5a9dac1a9f6b752c7c993cfd2ae8b416170b11a7db7ca3
Instruction Fuzzy Hash: D2E01275A4016DCBDB00DB94C859BEEB772BF48314F210565C4017F290CA789541CB64

Function 059CCC78 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc028d2411e9e5765eb904c9f71aa368330e7dd81362b143197eaf765689da63
Instruction ID: 1d29584e16bf5f6df32c6d07d61a0e0804e1725f675098b670f8bba00ba894ad
Opcode Fuzzy Hash: cc028d2411e9e5765eb904c9f71aa368330e7dd81362b143197eaf765689da63
Instruction Fuzzy Hash: 2BD0C970489208DBD744DFA4E805B6A7FBCF746615F0019D8981D63261DB715E40DB92

Function 05B410B3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f89d97b25352cba85fd99a61f384f4e5893b152e687265b2c451014b7faa7e37
Instruction ID: 01aeeafd09740cc2660e82718f59703fc903d97532ffb38dd2e1b467bea8bfd6
Opcode Fuzzy Hash: f89d97b25352cba85fd99a61f384f4e5893b152e687265b2c451014b7faa7e37
Instruction Fuzzy Hash: 77E09234A14118CBCB24DF64DCD4A9DB7B7BB89381F4005D9E50AA3684CB346E508F5A

Function 05B42381 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e21d8b32fff2037552b29d2ec4e844c51a2780c7ef4c652f383cd56153b7434c
Instruction ID: 113a5dd6bf9a136a869b40127cf27c832b0ca91c8126b4962369891bd5d4bc07
Opcode Fuzzy Hash: e21d8b32fff2037552b29d2ec4e844c51a2780c7ef4c652f383cd56153b7434c
Instruction Fuzzy Hash: 84E01A34904518CBDB28DF94E984ADDB7BABB44301F0081D5C10A66280CB34AE40CF55

Function 059C0181 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc886c2a1d16f81356bb941b9fc265e7dd03d4f4577725ad36166e3a37fb5ec7
Instruction ID: 8cedf5af85e1510b6fe0bb03bc5a897e6c941e5273ddc0195447752a834b04f5
Opcode Fuzzy Hash: fc886c2a1d16f81356bb941b9fc265e7dd03d4f4577725ad36166e3a37fb5ec7
Instruction Fuzzy Hash: 18D012357050215FD71CC548F891AD6E399BF9D314B18C1ADA41DD7701CA61ED8387C0

Function 05B406D0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be709cd6c429d52ff40e07d97e6d03d0407a89aafa912df75aa64a5f4744fd2
Instruction ID: 2de83a1a4226220d12524a97d614e087cf6e7049ff5314fe21a339af91fc6161
Opcode Fuzzy Hash: 8be709cd6c429d52ff40e07d97e6d03d0407a89aafa912df75aa64a5f4744fd2
Instruction Fuzzy Hash: 87E0EC34916118CFCB25CF18D999E98F7B9FF09311F1440E9E50AA72A4CB34AE54CF02

Function 059CC0B0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd3ec86f3a5d5d20356acaec7559becb2cc2d54282c904964f912d36984897f3
Instruction ID: e0eae13a798c9beb2e02df042ca551950b4384025b3bb09ead6da6af8b984bc6
Opcode Fuzzy Hash: bd3ec86f3a5d5d20356acaec7559becb2cc2d54282c904964f912d36984897f3
Instruction Fuzzy Hash: 1EC08C3230473813C919316C642A26E7A8E9FC0624F0000DEE90E436408F852D00CACB

Function 059CE270 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90b94d7f7c45c778a7e7d4cab48c32de97c150011259d797c6287aeac6a139aa
Instruction ID: 44a3677132a5588dc2ea4ed43e50eb494c53b9aaf060e85bd6cfd98f983e6124
Opcode Fuzzy Hash: 90b94d7f7c45c778a7e7d4cab48c32de97c150011259d797c6287aeac6a139aa
Instruction Fuzzy Hash: BFC012322001187B4A01AB85D800C86BFADEF89654304C0A6E5088B121D622E51297D1

Function 059C53E8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c19eec87f92823cc109b459f2f0b186ed925cc8646cdea3bc2744fb62f761276
Instruction ID: 2e0281e0480a72d797e855c134b46638fe36fb0e730424722a058f44a695519d
Opcode Fuzzy Hash: c19eec87f92823cc109b459f2f0b186ed925cc8646cdea3bc2744fb62f761276
Instruction Fuzzy Hash: 21C0127801020A8BE649F775F849D153F5FFAC0300B809B18B10955529EFFC5A8D5A90

Function 05B543C5 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed8bb1905a93dab981b707fe743e549ca385e008375f963c17819ca5d78e9ce4
Instruction ID: ff999e7594b3ef8e9f52e69307a6a62f4f853315bfe91350625215b256f949d9
Opcode Fuzzy Hash: ed8bb1905a93dab981b707fe743e549ca385e008375f963c17819ca5d78e9ce4
Instruction Fuzzy Hash: 8ED0E239A40164DFDB209B30D968ADDB7B2BB48301F0081E4C00AA3280DBB06D84CF28

Function 05B51A7B Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13dd6fb581eee2f753a6a14150ea4372b70c0f7a95fce28137040a81819e5b04
Instruction ID: 713fac5c54f86c8956bf5024d839cc2ea620393dd0e3d9f6145e2158e71f8b1d
Opcode Fuzzy Hash: 13dd6fb581eee2f753a6a14150ea4372b70c0f7a95fce28137040a81819e5b04
Instruction Fuzzy Hash: 45E0B6789002A9CFCB24DF11C89969DB776FB48241F0045EAD80AB3280EBB52E84CF01

Function 05B5613A Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb1db33789ed868bcb272350f222c8b183fc51d417ca14c8e8983743497a7c65
Instruction ID: af080f0d4c11a8b9e468902fc8dbf7860a2956776630938793e51874ec558366
Opcode Fuzzy Hash: bb1db33789ed868bcb272350f222c8b183fc51d417ca14c8e8983743497a7c65
Instruction Fuzzy Hash: 31C08C1048D1918FE30246A018682C16BB2AA02120B0C00C3C8C2A3252C26C600E561A

Function 05B560B1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ee0927db7f160183d64f0efde29f5eadc10aa9dffedae65fbfdb0e527a305ac
Instruction ID: 9f1d7fe455c51cc1d8eccfec0dc034cfedbe560b60bed9f4cf11110471889ecf
Opcode Fuzzy Hash: 9ee0927db7f160183d64f0efde29f5eadc10aa9dffedae65fbfdb0e527a305ac
Instruction Fuzzy Hash: 84D0C938901224CFDB35DF50D8686A9B776FB49311F2000D9D44EA3690CB395EC4CE21

Function 05B5607F Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9fb5bdfb9dc4b0979e931742162a251060422ce6d50e7844f819b3a978af387
Instruction ID: 22754e2a77c63a46c680ac08a5caec769035c2e161f35341b3e203120904114a
Opcode Fuzzy Hash: f9fb5bdfb9dc4b0979e931742162a251060422ce6d50e7844f819b3a978af387
Instruction Fuzzy Hash: BFD09278906228CFDB24CF20D969A99B7B6FF48305F1042E5C54E63A90DB345E81CF5A

Function 059C8181 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2138939232.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_59c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b87be02c1995b07ea75a39de292a18f6723a6a6686055cdbb2ee9212aaf0f583
Instruction ID: a26382068cc272501cf6ea5c93919bfb70996922b3d18a1ab57211e15c367c5d
Opcode Fuzzy Hash: b87be02c1995b07ea75a39de292a18f6723a6a6686055cdbb2ee9212aaf0f583
Instruction Fuzzy Hash: DCC09277C0C280CFDA06C714DCA87607BB6FF86309FCC008A8441C6B52E21CE8148625

Function 05B50C49 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139202347.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b40000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4093fb948a98e41dc7e5630eec59424e777d2b2c591bfafca6a80cf86fabc5f
Instruction ID: 4088515847b9d65e5b82f0724abafbf4968c952d40ffc591674dd6be9fe41368
Opcode Fuzzy Hash: c4093fb948a98e41dc7e5630eec59424e777d2b2c591bfafca6a80cf86fabc5f
Instruction Fuzzy Hash: 9AB09B6094111449E714D761859059A61676B44200F008596C502314849F7455445E15

Non-executed Functions

Function 070ED990 Relevance: 3.9, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

LN^, xrefs: 070EDA34
LN^, xrefs: 070EDA2D
XM, xrefs: 070ED9DF

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: LN^$LN^$XM
API String ID: 0-2500176938
Opcode ID: bfab0a89462ca42c7f94196616a8cc2c5b653bb2b4644d542919c040751ac72f
Instruction ID: ba931ee69faa2881d60419fca0813616b1af8a26372eaae2c5059ed926adcd39
Opcode Fuzzy Hash: bfab0a89462ca42c7f94196616a8cc2c5b653bb2b4644d542919c040751ac72f
Instruction Fuzzy Hash: CC7105B4E14219DFCB04CF99C5819AEFBB6FF89310F14861AD424A7314D330AA42CFA5

Function 070ECE50 Relevance: 2.7, Strings: 2, Instructions: 168COMMON

Download Yara Rule

Strings

YWBQ, xrefs: 070ECFBC
YWBQ, xrefs: 070ECFB5

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: YWBQ$YWBQ
API String ID: 0-1187584866
Opcode ID: fca6c0096de0b6b2a95adf081547105f07061a3b454bec3a858558ee78998b88
Instruction ID: 33e828285dccfbda1aa311c4741ecf99256dce62b92ba5f2dd18ded3d15e775a
Opcode Fuzzy Hash: fca6c0096de0b6b2a95adf081547105f07061a3b454bec3a858558ee78998b88
Instruction Fuzzy Hash: 6371E074E15209DFCB04CFA9D48499EFBF5FF89210F14856AE429AB324D734AA41CF50

Function 070ECE40 Relevance: 2.7, Strings: 2, Instructions: 166COMMON

Download Yara Rule

Strings

YWBQ, xrefs: 070ECFBC
YWBQ, xrefs: 070ECFB5

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: YWBQ$YWBQ
API String ID: 0-1187584866
Opcode ID: 232662e2c37f5bb4cd9a1842a90a6cf5837d5c669e17646a40255f47cd7e60e7
Instruction ID: f3fdb796da7806cfdf3f18dd9cb31ce4bfbd90a9b03b7e581ab8a133562d4c79
Opcode Fuzzy Hash: 232662e2c37f5bb4cd9a1842a90a6cf5837d5c669e17646a40255f47cd7e60e7
Instruction Fuzzy Hash: 1671DE74E15209DFCB04CFA9D58499EFBF1FF89210F14856AE429AB324D734AA45CF60

Function 070ED981 Relevance: 2.7, Strings: 2, Instructions: 159COMMON

Download Yara Rule

Strings

LN^, xrefs: 070EDA34
XM, xrefs: 070ED9DF

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: LN^$XM
API String ID: 0-3263649299
Opcode ID: dfc8be17443c8f4e170c83738ca32692eaaed8ac9daeb2ad0d69b7b80cec3e96
Instruction ID: bb15dba4937de1bc387a73bad3f384ccef881ee87f2ba752cfb26fbc6a4a1720
Opcode Fuzzy Hash: dfc8be17443c8f4e170c83738ca32692eaaed8ac9daeb2ad0d69b7b80cec3e96
Instruction Fuzzy Hash: F56118B4E1425ADFCB04CF99C5819AEFBB6FF89310F19866AD424A7314D3349A42CF91

Function 070EDCA0 Relevance: 2.7, Strings: 2, Instructions: 158COMMON

Download Yara Rule

Strings

d3H^, xrefs: 070EDE5D
d3H^, xrefs: 070EDE4F

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: d3H^$d3H^
API String ID: 0-3221211558
Opcode ID: d7f670ef78cb7f718c28d898510f7b9965471388f272fa6a81f02ee28a0092bb
Instruction ID: ae58815ade796d3c17949bc66af879837cd5258defdd0d0ad6c173be9b8e11d1
Opcode Fuzzy Hash: d7f670ef78cb7f718c28d898510f7b9965471388f272fa6a81f02ee28a0092bb
Instruction Fuzzy Hash: 496116B0E1524A9FCB04CFA9D4815EEFBF6EF89300F148516D425A7354D774AA82CF94

Function 077C6AE8 Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

., xrefs: 077C6DD1

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 7ad5391fdd0c1d7ec5d22781044562bca8cbf71e1b2be9ae00ba34c832f00a42
Instruction ID: 786bff625d1e8c3d4fc8dbef475684e00843db6bfe9ec20418763530002a9146
Opcode Fuzzy Hash: 7ad5391fdd0c1d7ec5d22781044562bca8cbf71e1b2be9ae00ba34c832f00a42
Instruction Fuzzy Hash: C8A1D7B4E15209CFCB04CFA6D5814AEFBB2AF8A350F24D42ED415FB258D73499428F95

Function 070EE228 Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

M, xrefs: 070EE302

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-337847152
Opcode ID: 25d82d75ac8e11f48f504bd5d80d3a0cfdd30c1556bc742f2bbe12c9a05a4c22
Instruction ID: f0d02535fb9d249a40bd52941c12c34cc533bf82eb51de0760cb2d01e3c7129f
Opcode Fuzzy Hash: 25d82d75ac8e11f48f504bd5d80d3a0cfdd30c1556bc742f2bbe12c9a05a4c22
Instruction Fuzzy Hash: 9371E2B5E15209CFDB48CFA9C5808DEFBF6EF89210F24952AD415BB364D3349A418F68

Function 070EE222 Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

M, xrefs: 070EE302

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-337847152
Opcode ID: b9a0f2316a8af0b12697789ea6b5e652f685fa7f51e370ecdede7372c780208b
Instruction ID: 4241de5c33b59f2409feb29d4e5d43e4ce9fb165cbdf1f2cd81a6c63dfa99317
Opcode Fuzzy Hash: b9a0f2316a8af0b12697789ea6b5e652f685fa7f51e370ecdede7372c780208b
Instruction Fuzzy Hash: 2F6112B5E15209CFDB48CFA9C5804DEFBF6EF89210F24952AD415BB368D3349A418F68

Function 070EE012 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

p{sD, xrefs: 070EE07F

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: p{sD
API String ID: 0-1736202125
Opcode ID: df866715a7c23637fbae12165cf5c1e50d7feedf7cc246fecad91baf075d1cdd
Instruction ID: 88f1bb8c428eb0dff0cc31508a4e29bf9cc604baa5dd345a5fafea3a1c78d1b3
Opcode Fuzzy Hash: df866715a7c23637fbae12165cf5c1e50d7feedf7cc246fecad91baf075d1cdd
Instruction Fuzzy Hash: 824118B0D0420ADFDB04CFA9C9815EEFBF6EF89310F24C5AAD515E7254D3359A818B64

Function 070EE020 Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

p{sD, xrefs: 070EE07F

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: p{sD
API String ID: 0-1736202125
Opcode ID: ee938a16f049aa9836af5fada77f55f80295e15496e831b67542a1330dfcc807
Instruction ID: 2799059c925ea31bf2fa5527e097b2728f1c0f4383fd9b95d16026af77841b3a
Opcode Fuzzy Hash: ee938a16f049aa9836af5fada77f55f80295e15496e831b67542a1330dfcc807
Instruction Fuzzy Hash: 634105B0D0420EDFDB44DFAAC5815EEFBF6BF89200F24C56AD515A7210D3349A818F68

Function 07062CBC Relevance: .8, Instructions: 813COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 103c0a9ecd74a202b7df7d94d41acea9867d3531f7e891ff6f2ddf56ff55a1e7
Instruction ID: 83f74e2f2d4acf82a9920c7f6679af8b2c4b9cb0909e2535cb2fac4e742263d3
Opcode Fuzzy Hash: 103c0a9ecd74a202b7df7d94d41acea9867d3531f7e891ff6f2ddf56ff55a1e7
Instruction Fuzzy Hash: 0E42CD70B002158FDB48AB79D86872EBBA7EFC5720F148568E116DB3A5DF34DC0687A1

Function 05B30040 Relevance: .6, Instructions: 619COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139162388.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b30000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d3978d16666c2d821ff8fd6800f8c10cbcbc80ecd9109ca7ebcd11014a7104a
Instruction ID: 148947bcb22c9d0d6ed35613c8345ca883b7f1c95b8f9d5794a7ba415fc8bf65
Opcode Fuzzy Hash: 0d3978d16666c2d821ff8fd6800f8c10cbcbc80ecd9109ca7ebcd11014a7104a
Instruction Fuzzy Hash: 50324030A002588FEB54EFA9D85576EBBF2FF88300F1485A9D409AB385DB34AD45CF95

Function 07067870 Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbd4eb4ed5b33cfca2de83d369eaa9261d4486713cafdd2a327b6a5b60d03b27
Instruction ID: d91dd0de340c151eb34646c11b5c8e609cbfc8b70fb50abdc4e7da097a291284
Opcode Fuzzy Hash: bbd4eb4ed5b33cfca2de83d369eaa9261d4486713cafdd2a327b6a5b60d03b27
Instruction Fuzzy Hash: A6C1B5B0700602CFDB64DF39C4A8BAAB3E6BF85318F149669D416CB3A0DB75E941CB51

Function 077C64D8 Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 722f73e8f84e63eadbcadb5b2b1237f9a6c1f1c457d57b38fb1d1b8a1c425407
Instruction ID: 19514ad3a1d34bd6f491e00f8359055f48efaa49a4576e9a12334e122860d5c0
Opcode Fuzzy Hash: 722f73e8f84e63eadbcadb5b2b1237f9a6c1f1c457d57b38fb1d1b8a1c425407
Instruction Fuzzy Hash: 3AD1A0B4A00605CFDB08DF69C698AA9B7F1BF8D755F2584A8E505EB361DB31AD00CF60

Function 05B30006 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139162388.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b30000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20ec5ac2e05e7477177c8267aeac1e666ad1702978aa80cc0e81d4625a2d2254
Instruction ID: df5592ba298a0e2ec2d4c87764c933aa6b65c9010ad36de7d68b52854b6fad92
Opcode Fuzzy Hash: 20ec5ac2e05e7477177c8267aeac1e666ad1702978aa80cc0e81d4625a2d2254
Instruction Fuzzy Hash: 36C17C31E00258CFCB15DF65C885B9EBBF2FF89310F1485AAD849AB256DB34A985CF50

Function 05B3D580 Relevance: .3, Instructions: 290COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139162388.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5b30000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f78ddc68d2833507caf497e1ab342c1ab3283b5a7dd8ccb9cb38948d463700
Instruction ID: 2ebe7e85cb2c8bba4c1c204b956298c96822d47a4868c90036b86b585c041482
Opcode Fuzzy Hash: 67f78ddc68d2833507caf497e1ab342c1ab3283b5a7dd8ccb9cb38948d463700
Instruction Fuzzy Hash: 5D916270B002559FEB58BBB9842473F3AA7AFC8740F14857CD10AEB399DE789C428795

Function 0706F700 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8223edca23b69d02307c25f74dccec1190e75c855bd9f85c4e279588d910ae7f
Instruction ID: 3a7ddfcfa7a485bba2f1f90884fa072265c7c14e76d9a095fb26a7cc443b0cf6
Opcode Fuzzy Hash: 8223edca23b69d02307c25f74dccec1190e75c855bd9f85c4e279588d910ae7f
Instruction Fuzzy Hash: 05A1B4B17101069FDB54DF39E868A6E7BE6BF85310F154269E906DB3A1EB30EC41CB60

Function 0244C8F4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac3d93eb9eb4f2fa7ae8a58aa0a1f0714f9b5f0b5756602c4ccfd709e5e1a396
Instruction ID: d3114c5b22599774fc03b66b77ddc2c2c44cb0e2978b0c0310d90a1c7d573de3
Opcode Fuzzy Hash: ac3d93eb9eb4f2fa7ae8a58aa0a1f0714f9b5f0b5756602c4ccfd709e5e1a396
Instruction Fuzzy Hash: FBA15A32E01219DFDF05DFA5C8805AEB7B2FF89304B15856BE905AB221DF71E956CB80

Function 077C18A0 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6adf72de7a65d3fb6f8966869d91df5fcbc70ea2c3bb76dd77b1e0d44e3d3d7
Instruction ID: 36610591c211d25982d46acc393a6ec1abb1a2f941c0ce9a968307286318dc4a
Opcode Fuzzy Hash: d6adf72de7a65d3fb6f8966869d91df5fcbc70ea2c3bb76dd77b1e0d44e3d3d7
Instruction Fuzzy Hash: 98A112B4E0025D8FCB04CFA9C5406AEFBF2BB8D340F68D16AC405BB365E73499428B64

Function 077C1890 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ad1c29b31736d3eb61fd3df40b1284573399fc3ffd8cf1a2dba093264bf937b
Instruction ID: b4351c0e288fba56ae354c237232e67c5c03a98442757f9749f43718c375598e
Opcode Fuzzy Hash: 8ad1c29b31736d3eb61fd3df40b1284573399fc3ffd8cf1a2dba093264bf937b
Instruction Fuzzy Hash: 30A124B4E0525D8FDB04CFA9C5406AEBBF2BF8D340F68916AC405BB365D7349942CB64

Function 0244E2E8 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22a18c2127430c328b9f7a8b0dbb386c1979b782527cab46320700a11b9c941f
Instruction ID: 83046ac9de840a6d394ec5fef9989697e67cb010c4fd21966c3d93d9d2ddf46e
Opcode Fuzzy Hash: 22a18c2127430c328b9f7a8b0dbb386c1979b782527cab46320700a11b9c941f
Instruction Fuzzy Hash: CEC1DAB0C02746ABE714CFA5E84C1897BB1FBA5314F554309D2626B2E6EBBC184BCF44

Function 077C6EC8 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d37b3d290400b1f6cd3c5ec2f3eda7abe0c8db379d40e1a28f80853ae778ad59
Instruction ID: 805dd653c3018678cff724db3b6de230079756db2de29b3fc3d72ac57127b063
Opcode Fuzzy Hash: d37b3d290400b1f6cd3c5ec2f3eda7abe0c8db379d40e1a28f80853ae778ad59
Instruction Fuzzy Hash: D1612BB1D1562ACBDB28CF66C8447DDB7B6BFC9340F14D5AEC41DA6214EB305A868F04

Function 077C2C48 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2626a720119963d3d7d233795b18a5c9237cf98263fabf3684ffee449746c80f
Instruction ID: d4830398e414b01689cdb625969977b64de93fb664bb2354e522fb4bdf0cfebe
Opcode Fuzzy Hash: 2626a720119963d3d7d233795b18a5c9237cf98263fabf3684ffee449746c80f
Instruction Fuzzy Hash: 5B712CB0E15219CFDB28CFA9D984A9EFBB2BF89340F10856DD509A7315DB309A81CF51

Function 077C2C38 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed487ffcd34470af0dda8ff46b3b47056a95f1271047115d580cf881b00f803
Instruction ID: 34d6012d93cf20022b2ec7810b57c5c7790d891a021a781ab785b6da9973e3eb
Opcode Fuzzy Hash: 9ed487ffcd34470af0dda8ff46b3b47056a95f1271047115d580cf881b00f803
Instruction Fuzzy Hash: 0C613DB0E15219CFDB28CFA9C984A9EBBB2BF89340F14856DD509A7355DB309A41CF11

Function 0244196C Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2134128982.0000000002440000.00000040.00000800.00020000.00000000.sdmp, Offset: 02440000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2440000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7beb9deb5ed500495fb9defb0009b17dc3f10c6795c63e665eba8fb386725642
Instruction ID: f1bcf4fbce2674aa0d817fa9d7f452cf216a4d6eb4843ba088142610c2095777
Opcode Fuzzy Hash: 7beb9deb5ed500495fb9defb0009b17dc3f10c6795c63e665eba8fb386725642
Instruction Fuzzy Hash: C4410752808E618FF306417658991C4AF60D73B1ADB2883D7D56CD62DAEE0680CBCBD1

Function 077C7132 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a66b02f4d2e1eaca444aef67d94df98b4c7588a767b37e4ff3fcc19347977a35
Instruction ID: 7d9a496d8fefc68c0e81a5490877279346fe7ae11b88c8a39b57811d19918fbc
Opcode Fuzzy Hash: a66b02f4d2e1eaca444aef67d94df98b4c7588a767b37e4ff3fcc19347977a35
Instruction Fuzzy Hash: 6B512DB0E1161ACFDB24CF65C844B9DB7B6FB89340F1096EAD51EA7200E7309AD58F14

Function 077C7104 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 376ef3f51682db4c423eb6a38bcb4203245dba52a150c14dec46e50199e97441
Instruction ID: f0791ad517c2b7da3996816b64c0d16cfb5a78d5c2ec56fdf7257f49196a51bb
Opcode Fuzzy Hash: 376ef3f51682db4c423eb6a38bcb4203245dba52a150c14dec46e50199e97441
Instruction Fuzzy Hash: 47512BB0E1462ACFDB24CF65C840BDDB7B6FB89340F1496EAC50AA2604E7309AD58F04

Function 077C70D3 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0aed4dcfa11fb578ef92117c514a30ca11c3f1e773fbfc1f674deeafa64151fc
Instruction ID: 88c3615572e58fd16635f700e449aebbc1e7a72652cb3830feb3f615b35b62ec
Opcode Fuzzy Hash: 0aed4dcfa11fb578ef92117c514a30ca11c3f1e773fbfc1f674deeafa64151fc
Instruction Fuzzy Hash: D7510BB4D1166ACFDB24CF65C84479DB7B2FB89340F1096EAD50AA6600EB309AD58F04

Function 070EE4C0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 291ade37adc99fe7bb8fbe34daed40e3ae9de0b76307e5451e2c0ce68d7ccdd6
Instruction ID: 0f32f061e43819a0faf594950b0a086a2ff5811d3bb232a336357709af339a22
Opcode Fuzzy Hash: 291ade37adc99fe7bb8fbe34daed40e3ae9de0b76307e5451e2c0ce68d7ccdd6
Instruction Fuzzy Hash: 045107B1E1560ADFDB08CFA5C5815AEFBF6BF89300F24D62AC415B7214E7309A418FA5

Function 070EE4BA Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 811defe63cc96fb76eded423e4620cd42b9d3b82e76953f39682ecd3aa4221a3
Instruction ID: b64f06b015a1a11fe1829baf793601e7f50b0f05f676f5faeaef2fef1548bfeb
Opcode Fuzzy Hash: 811defe63cc96fb76eded423e4620cd42b9d3b82e76953f39682ecd3aa4221a3
Instruction Fuzzy Hash: 674107B1E1560ADFDB04CFA5C5815AEFBF6EF89300F24D66AC415AB214E7309A418BA1

Function 077C3240 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a99a0ef747fa56a5bd9387aaa839959870632de0e6c605e43e6b2ca982efe96
Instruction ID: f7f18063f4edc9f8c159019bcef892cc0aba8ecc8e2fba315618d2a7bb68aaa9
Opcode Fuzzy Hash: 3a99a0ef747fa56a5bd9387aaa839959870632de0e6c605e43e6b2ca982efe96
Instruction Fuzzy Hash: 70416DB1E15629CFDB18CF6AD9446DEBBB2BF89310F14C06ED408AB265DB305A41CF51

Function 077C3270 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af410579cdcdd0a95da0b54f30847dd0ea88e475d1abd5d981ca355577c46d2
Instruction ID: 3567f0707e377b99dadb2bbf012a5431ff2fa5e4da3d51561189f14dbdb11c53
Opcode Fuzzy Hash: 4af410579cdcdd0a95da0b54f30847dd0ea88e475d1abd5d981ca355577c46d2
Instruction Fuzzy Hash: E4410BB0E15629CBDB18CF5AD940AAEFBF2BF89310F14C0AED509A7314DB305A458F51

Function 077CBD40 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb8c800a66f01c4b648dab77bb222543b3f991a4f22fa8557e85b945bde25e93
Instruction ID: 7043bf566ff2f4c09459ffc9b2b5629b5d934cf364d1f97463afea63b6c0d514
Opcode Fuzzy Hash: bb8c800a66f01c4b648dab77bb222543b3f991a4f22fa8557e85b945bde25e93
Instruction Fuzzy Hash: 1E3122F0D15218CBDB14CFA4D84ABEDBAF4EF0A381F14442DE405B32A4C7B85A55CB68

Function 077C0FE0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7004bb01e509af0d67c6f1f68c5b258b0a2961877e3cba247088618957213d0
Instruction ID: db9707834c179fb7de6d0cad343c45ea76d0cf11b2fa6716e0561bee8783236a
Opcode Fuzzy Hash: d7004bb01e509af0d67c6f1f68c5b258b0a2961877e3cba247088618957213d0
Instruction Fuzzy Hash: 491117B1E112198BEB48CFAAD9406AEFBF7EBC8310F14C03AD508A7215DB305A558F91

Function 070EE6CE Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139590879.00000000070E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_70e0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b408198d72813f0d62d32815d0952d172d5bde2e9e6555ab57ec452bcdc20dc8
Instruction ID: 04f82088609db9d0aee316ad10011b34d39f0d82c31454236a3aa5a5cce92002
Opcode Fuzzy Hash: b408198d72813f0d62d32815d0952d172d5bde2e9e6555ab57ec452bcdc20dc8
Instruction Fuzzy Hash: 9511E2B1E016188BEB48CF6BD90069EF7F7AFC8200F04C17AC418B6214DB3415458F51

Function 077C0FDD Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2139854244.00000000077C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_77c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2cae95707876f2cebe10ada8ba8d18cc52f524465bd5108748b4ec8e2537823
Instruction ID: d2d3d60b265c0f62e1282c8199c963fb43877a6828a3aa8379cd84f0ef37b8d3
Opcode Fuzzy Hash: a2cae95707876f2cebe10ada8ba8d18cc52f524465bd5108748b4ec8e2537823
Instruction Fuzzy Hash: F7112BB1E116199BEB48CF6BD94069EFAF7AFC8310F14C03AD408A7215DB705A458F51

Function 07064D28 Relevance: 5.1, Strings: 4, Instructions: 135COMMON

Download Yara Rule

Strings

@, xrefs: 07064D49
B, xrefs: 07064DFB
B, xrefs: 07064D4E
@, xrefs: 07064DF6

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: @$@$B$B
API String ID: 0-685577651
Opcode ID: 8d4575bdf91fdcfcc2bb70fcb68965f40b2a976a0d546607f407124c12602648
Instruction ID: f1481e89758ad14beae6c295cf6a40ea1067d5c9ed1cd8f9c3375db25921dce2
Opcode Fuzzy Hash: 8d4575bdf91fdcfcc2bb70fcb68965f40b2a976a0d546607f407124c12602648
Instruction Fuzzy Hash: E841F2B1F006468FCB54DB7CD8A856EBBF6FF89210B144226E21AC76A1DB30DD01C791

Function 07064D19 Relevance: 5.1, Strings: 4, Instructions: 81COMMON

Download Yara Rule

Strings

@, xrefs: 07064D49
B, xrefs: 07064DFB
B, xrefs: 07064D4E
@, xrefs: 07064DF6

Memory Dump Source

Source File: 00000000.00000002.2139489318.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7060000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID: @$@$B$B
API String ID: 0-685577651
Opcode ID: 6ccb5061d1dccf54edf2505f898fc3233532f9e7078cfc4bfc17e2fa73af4b22
Instruction ID: e1abf79791b01cac79c5916229e17357ad45d9522bad2a5c1b46a127a865462c
Opcode Fuzzy Hash: 6ccb5061d1dccf54edf2505f898fc3233532f9e7078cfc4bfc17e2fa73af4b22
Instruction Fuzzy Hash: 0B21D1B5E006468FCBA4CF6DC8D89AEBBF4EF89210B154266F216C7261D730DE40CB81

Analysis Process: LisectAVT_2403002A_19.exePID: 2708, Parent PID: 3924COMMON

Execution Graph

Execution Coverage:	19.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	122
Total number of Limit Nodes:	10

Executed Functions

Function 016C64F0 Relevance: 2.5, APIs: 1, Instructions: 993libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 016C70F9

Memory Dump Source

Source File: 00000003.00000002.4556592679.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_16c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9aef6c6f73c9a2ba14c795db307c7455cda03d1b5c7c538e14ff3fed892da2a8
Instruction ID: d62a0dfa0f48e9c5eb0489a0a803548385d89f68e2cc5da77c326399ebf9db51
Opcode Fuzzy Hash: 9aef6c6f73c9a2ba14c795db307c7455cda03d1b5c7c538e14ff3fed892da2a8
Instruction Fuzzy Hash: 26825834A00209CFDB24DF68C888AADBBB2FB89715F54896EE406DB355DB35DC81CB51

Function 0184A32D Relevance: 6.2, APIs: 4, Instructions: 163
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0184A42E
GetCurrentThread.KERNEL32 ref: 0184A46B
GetCurrentProcess.KERNEL32 ref: 0184A4A8
GetCurrentThreadId.KERNEL32 ref: 0184A501

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 4b569e5cbcbb63a819e18100a6f6a994d0108c81178dac74c52b03d8e272970b
Instruction ID: e0a3d98c8ff6ff2cb2e7a773692f8003a2bb25babecee65b26e3b6a21704bf59
Opcode Fuzzy Hash: 4b569e5cbcbb63a819e18100a6f6a994d0108c81178dac74c52b03d8e272970b
Instruction Fuzzy Hash: 1C61CCB08013498FEB19CFA9D9487DEBFF0FF89314F24805AD409AB261DB785944CB66

Function 0184A3A0 Relevance: 6.1, APIs: 4, Instructions: 136
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0184A42E
GetCurrentThread.KERNEL32 ref: 0184A46B
GetCurrentProcess.KERNEL32 ref: 0184A4A8
GetCurrentThreadId.KERNEL32 ref: 0184A501

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: c8e45ecad01cadf3768c2fd3371f1e332f81123493b0f6f62e7953ccafcddce5
Instruction ID: 0a28740627a6ae4e43e99487e5cf381b5b7c0dc442cacf23042d9fc44e5150a9
Opcode Fuzzy Hash: c8e45ecad01cadf3768c2fd3371f1e332f81123493b0f6f62e7953ccafcddce5
Instruction Fuzzy Hash: 5F518AB09013498FEB18DFA9D548B9EBFF0EF88314F248459D409A7250DB745944CF62

Function 0184A3B0 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0184A42E
GetCurrentThread.KERNEL32 ref: 0184A46B
GetCurrentProcess.KERNEL32 ref: 0184A4A8
GetCurrentThreadId.KERNEL32 ref: 0184A501

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 7ae8e4104966b9509713e0ba09af3e87847b30048d3342b8c2fa110f3714b7b1
Instruction ID: c5f8d458b168396cd8dfdd4f228deced203d8f492ef8eede80164c96772987d0
Opcode Fuzzy Hash: 7ae8e4104966b9509713e0ba09af3e87847b30048d3342b8c2fa110f3714b7b1
Instruction Fuzzy Hash: BF5168B09013498FEB18DFAAD648B9EBBF1EF88314F208419D509A7250DB745944CF65

Function 066672A0 Relevance: 5.5, APIs: 3, Instructions: 955libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0666732A
LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk$DispatcherExceptionUser
String ID:
API String ID: 48014773-0
Opcode ID: 9d623777db54e40c5f2fc2b65dc62224aa8f71d3d06d7da543c2bb44c2f2d77b
Instruction ID: a5c808b0a016adabd5c7687960e96bd6f02897fde61a87a817263ee4a0ee8758
Opcode Fuzzy Hash: 9d623777db54e40c5f2fc2b65dc62224aa8f71d3d06d7da543c2bb44c2f2d77b
Instruction Fuzzy Hash: 74A2F674A15229CFCB64DF74D8486ADBBB6BF48305F5080EAE50AA3359DB309E81CF51

Function 066672C1 Relevance: 5.1, APIs: 3, Instructions: 631libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0666732A
LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk$DispatcherExceptionUser
String ID:
API String ID: 48014773-0
Opcode ID: 68b09eb6726f5b1248c70f6ea3c4ac68f0609f777cdeccfb0b13b03fcf4b9af4
Instruction ID: 2378e5a9b72ac30a8bbd606f29773ce415ead1cf9ddeab0a6d91153724284d97
Opcode Fuzzy Hash: 68b09eb6726f5b1248c70f6ea3c4ac68f0609f777cdeccfb0b13b03fcf4b9af4
Instruction Fuzzy Hash: 4052F674A15219CFCB649F74D8886ADBBB6BF88305F5080EAE50AA3344DB309E85CF51

Function 06667306 Relevance: 5.1, APIs: 3, Instructions: 624libraryCOMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 0666732A
LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk$DispatcherExceptionUser
String ID:
API String ID: 48014773-0
Opcode ID: 5ad929befea4856fb75ac29ed496ac41e885eb22009aac347459aae0014d4c86
Instruction ID: 48352c9312ec2c47090a100afef79398b4d0feed9c277aa8ef7ec5bffcfba86b
Opcode Fuzzy Hash: 5ad929befea4856fb75ac29ed496ac41e885eb22009aac347459aae0014d4c86
Instruction Fuzzy Hash: FF52F674A15219CFCB649F74D8886ADBBB6BF48305F5080EAE50AA3344DB309E85CF51

Function 06667361 Relevance: 3.6, APIs: 2, Instructions: 613libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b65420c94fe5bc00a32312197d9be85509584331c7dc61f0a01acb75ca2e29c9
Instruction ID: 583252adaa7c1f24e717f2dd0a237e0d810d5f02732f20b2d7c34f3f9d01f770
Opcode Fuzzy Hash: b65420c94fe5bc00a32312197d9be85509584331c7dc61f0a01acb75ca2e29c9
Instruction Fuzzy Hash: E352F674A15219CFCB64DF70D8886ADBBB6BF88305F5080EAE50AA3355DB309E85CF51

Function 066673A6 Relevance: 3.6, APIs: 2, Instructions: 606libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b6ed3bb4c0492443eb2f8e611ed9445839b7a0e36ac84f604daa0038bea3c96f
Instruction ID: 6f7adf5226484f7eefed1504a537a0fba7f5fac371347d3f757988b3c51926ba
Opcode Fuzzy Hash: b6ed3bb4c0492443eb2f8e611ed9445839b7a0e36ac84f604daa0038bea3c96f
Instruction Fuzzy Hash: 1652F674A15219CFCB649F70D8886ADBBB6BF88305F5080EAE50AA3345DB309E85CF51

Function 066673EB Relevance: 3.6, APIs: 2, Instructions: 599libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d1d3d79f72739812f581a5eef33289ba98b1eada59d9be0a94d58f93230d5460
Instruction ID: 22f1a7162c275d3cc84116ab74f7487afc0f4dcb85c1e4566b94fb079b321ccc
Opcode Fuzzy Hash: d1d3d79f72739812f581a5eef33289ba98b1eada59d9be0a94d58f93230d5460
Instruction Fuzzy Hash: B252F674A15219CFCB649F70D8886ADBBB6FF88305F5080EAE50AA3355DB309E85CF51

Function 06667430 Relevance: 3.6, APIs: 2, Instructions: 592libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f878c65be953c36d9756767fe9e12dd0a857964287bccbf24fbd06e859f3ea26
Instruction ID: d8806ce3363dff8e75295af1d32a77ee3144072bbe09bf749a7403ccfc49dd4a
Opcode Fuzzy Hash: f878c65be953c36d9756767fe9e12dd0a857964287bccbf24fbd06e859f3ea26
Instruction Fuzzy Hash: F952F674A15219CFCB649F70D8886ADBBB6BF88305F5080EAE50AA3355CB349E85CF51

Function 06667475 Relevance: 3.6, APIs: 2, Instructions: 583libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b808670e8a14ffda3bf3814209784f5d444c935d68ba9facc003a323808ddd81
Instruction ID: 362c470e215751dcbe512e193f21d3296144c842c113e8005238f3cfed160388
Opcode Fuzzy Hash: b808670e8a14ffda3bf3814209784f5d444c935d68ba9facc003a323808ddd81
Instruction Fuzzy Hash: 1352F674A15219CFCB649F70D8886ADBBB6FF88305F5080EAE50AA3355CB349E85CF51

Function 066674B1 Relevance: 3.6, APIs: 2, Instructions: 578libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 46625fc2973b7ba117d7242bcedb3e602cf0cba6805fa9e8d3a0652cd93e3c0b
Instruction ID: df9f95d3fb0d9db288fa3d3adc5565d2f4e89b7a39d89c33078b2045b74bb274
Opcode Fuzzy Hash: 46625fc2973b7ba117d7242bcedb3e602cf0cba6805fa9e8d3a0652cd93e3c0b
Instruction Fuzzy Hash: 2442F674A15219CFCB649F70D8886ADBBB6BF88305F5080EAE50AA3355CB349E85CF51

Function 066674F6 Relevance: 3.6, APIs: 2, Instructions: 571libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 01fa9b7fe2a9a0dcdae31eedbdecfee5cc8dab22c86aece9ef81ec4467822a7d
Instruction ID: fec4d99bb80b01a9090aa175db2e7a916d71b817038a5c99b4c0bb12f424a750
Opcode Fuzzy Hash: 01fa9b7fe2a9a0dcdae31eedbdecfee5cc8dab22c86aece9ef81ec4467822a7d
Instruction Fuzzy Hash: B642F674A15219CFCB649F70D8886ADBBB6FF88305F5080EAE50AA3355CB349E85CF51

Function 0666753B Relevance: 3.6, APIs: 2, Instructions: 564libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 564c9c4af496ba60d1bfc186cb0684625ca253d162f34a2dcb7c9fda3752e7d8
Instruction ID: 13490b2b7890fee0979d6a59cac802d97d74cc101fde4a4680e9a66674ed8f68
Opcode Fuzzy Hash: 564c9c4af496ba60d1bfc186cb0684625ca253d162f34a2dcb7c9fda3752e7d8
Instruction Fuzzy Hash: CD42F674A15219CFCB649F70D8886ADBBB6FF88305F5080EAE50AA3355CB349E85CF51

Function 06667580 Relevance: 3.6, APIs: 2, Instructions: 557libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 784e5132d72483e7f0bd6dd80fb0a92c7fe175145359b32b4f312c528464f4ef
Instruction ID: 99db79f42676dbce2587abd59605e08528c37fb46cf8cdf8681f4768c8390549
Opcode Fuzzy Hash: 784e5132d72483e7f0bd6dd80fb0a92c7fe175145359b32b4f312c528464f4ef
Instruction Fuzzy Hash: C642F774A15219CFCB649F70D8886ADBBB6FF88305F5080EAE50AA3355CB349E85CF51

Function 066675C5 Relevance: 3.6, APIs: 2, Instructions: 550libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c8f5402b5be7f53df8bfa1c32028d64bb5bfe09118683b129fd02a8e5e69e97e
Instruction ID: b066eb555ea079eacc00a5ae87f1d4c476abc1397683085ee088cc63baf08c94
Opcode Fuzzy Hash: c8f5402b5be7f53df8bfa1c32028d64bb5bfe09118683b129fd02a8e5e69e97e
Instruction Fuzzy Hash: F3420774A15219CFCB64DF70D8886ADBBB6FF88305F5080AAE50AA3355CB349E85CF51

Function 0666760A Relevance: 3.5, APIs: 2, Instructions: 543libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 06667665
LdrInitializeThunk.NTDLL ref: 06667743

Memory Dump Source

Source File: 00000003.00000002.4564167295.0000000006660000.00000040.00000800.00020000.00000000.sdmp, Offset: 06660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6660000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 75be970cf53f807794f810c3b08011ce6a827c2006ec7ea53d8be3067c7c70dd
Instruction ID: 4d22d11e4891ebf293cf08421f5804bf1c3dd3871cdd2de3c39373c14ed95790
Opcode Fuzzy Hash: 75be970cf53f807794f810c3b08011ce6a827c2006ec7ea53d8be3067c7c70dd
Instruction Fuzzy Hash: CD420774A15219CFCB64DF70D8886ADBBB6FF88305F5080AAE50AA3355CB349E85CF50

Function 01910040 Relevance: 1.7, APIs: 1, Instructions: 180
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01910081

Memory Dump Source

Source File: 00000003.00000002.4557411718.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1910000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ba90b59a77a73ce599dcdbb6912bd7986b55d7b6af685210ed7ee41cc8a595e1
Instruction ID: 4aaab873c76b84deef4002e4bfbc10ed0d5cfe1722b299faac0f6b96908758a0
Opcode Fuzzy Hash: ba90b59a77a73ce599dcdbb6912bd7986b55d7b6af685210ed7ee41cc8a595e1
Instruction Fuzzy Hash: 99616130A0020ADBDB54EBB9D8587AEBBB6AF85301F14882CE416E7259DF759885CB40

Function 01918D40 Relevance: 1.7, APIs: 1, Instructions: 152
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000003.00000002.4557411718.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1910000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a12af3e00d72b3ea137b6511dee2763f4568b6238f38a42fcc37f45377c29041
Instruction ID: 3bc763f6b78427627f98ddd34f8d4af14996ac31304dd80609ab5d2c9bd8bc2c
Opcode Fuzzy Hash: a12af3e00d72b3ea137b6511dee2763f4568b6238f38a42fcc37f45377c29041
Instruction Fuzzy Hash: 61516572D083898FD715CFA9C80029EBFF4EF8A310F1845ABD448E7251DB389885CB91

Function 016C7098 Relevance: 1.6, APIs: 1, Instructions: 138
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 016C70F9

Memory Dump Source

Source File: 00000003.00000002.4556592679.00000000016C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_16c0000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 331f1036cd58e00acab87b2e6fafcfa58b43cba2b7e70296bf3ef2f9623dcba1
Instruction ID: 34968bb460a8a6a5970610d0da994d164951344d520fdb4618d42f17ced601f0
Opcode Fuzzy Hash: 331f1036cd58e00acab87b2e6fafcfa58b43cba2b7e70296bf3ef2f9623dcba1
Instruction Fuzzy Hash: 8E419171B002069BDB14EFB4D854AAEBBB6FF88601F14856DE412EB355EF70E804CB60

Function 018466ED Relevance: 1.6, APIs: 1, Instructions: 119
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0184680A

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 0e402dae96811c980040b11ec661811f58e0bb4f399e4c8a1e45c7f40f60789c
Instruction ID: e1e725b0d9bbd512f7c18d8c7e8f1b84848689fd0c503f0838d21bbdaf3e84c1
Opcode Fuzzy Hash: 0e402dae96811c980040b11ec661811f58e0bb4f399e4c8a1e45c7f40f60789c
Instruction Fuzzy Hash: 9B51C2B1D103499FEB14CF9AC884ADEBFB5FF49310F24812AE419AB210DB74A945CF90

Function 018466F8 Relevance: 1.6, APIs: 1, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0184680A

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: bea3f4e92c68ae484fbb236580dcde86fdc7dc7946712851091d9afe259160b6
Instruction ID: 162d1a3049fd3722d63aeb2941aa83d1cd1b1eb19659d1e006725c15f589efc3
Opcode Fuzzy Hash: bea3f4e92c68ae484fbb236580dcde86fdc7dc7946712851091d9afe259160b6
Instruction Fuzzy Hash: 2C41A1B1D003099FEB14CF9AC984ADEBFB5BF49310F24812AE419AB210DB75A945CF90

Function 0175F978 Relevance: 1.6, APIs: 1, Instructions: 112
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,00000000,?,00000001,?), ref: 0175FA84

Memory Dump Source

Source File: 00000003.00000002.4556708848.0000000001750000.00000040.00000800.00020000.00000000.sdmp, Offset: 01750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1750000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 698a63e3ea980c9c34de76f1038b68dfd53d92c08b7baf0eeebc121fd1f90574
Instruction ID: d1762674cf7118ad8778593db98fe1aa1363b96dfe5602c5aa368e1a6383705d
Opcode Fuzzy Hash: 698a63e3ea980c9c34de76f1038b68dfd53d92c08b7baf0eeebc121fd1f90574
Instruction Fuzzy Hash: 014146B19043898FDB10CFA9C544A8EFFF2AF49300F28C16AE908AB351C7B59945CB91

Function 0184A164 Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 0184B579

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: f02a427bf87b086b459e3c78ec6a4b0f630cd6756e4d22fa06d9a0328ab02966
Instruction ID: 801d9b7ddc38b45bdb0c4d74ca5a0192dafe2ece3bb4542b463d8b016527e7c6
Opcode Fuzzy Hash: f02a427bf87b086b459e3c78ec6a4b0f630cd6756e4d22fa06d9a0328ab02966
Instruction Fuzzy Hash: C14104B4900309CFDB14CF99C488AAAFBF5FF88314F258459E519AB321DB74E941CBA0

Function 0175FC2C Relevance: 1.6, APIs: 1, Instructions: 90registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,00000000,?), ref: 0175FCF1

Memory Dump Source

Source File: 00000003.00000002.4556708848.0000000001750000.00000040.00000800.00020000.00000000.sdmp, Offset: 01750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1750000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: fedc6d117ce550c5dab2f6cb0438f95efec9ea9376c5e8f2820c5235853cbf24
Instruction ID: b63bd1056bdd665c142b791188ed5f021d8ed6b3bfbea4814ac476d8651afc39
Opcode Fuzzy Hash: fedc6d117ce550c5dab2f6cb0438f95efec9ea9376c5e8f2820c5235853cbf24
Instruction Fuzzy Hash: CD4114B1D002599FDB20CFAAC494A8EFFF5BF48710F14806AE818AB344D7B49945CF90

Function 01753B14 Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,00000000,?), ref: 0175FCF1

Memory Dump Source

Source File: 00000003.00000002.4556708848.0000000001750000.00000040.00000800.00020000.00000000.sdmp, Offset: 01750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1750000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e6eea81f4d484117cf5c08a1b79eaf914b04586c709a836e469fc44a6552aa9b
Instruction ID: 1a2d7c00f186938d8053f2b6ea43ad32288a88e39a524b9d8ca4a1853b5d3ce2
Opcode Fuzzy Hash: e6eea81f4d484117cf5c08a1b79eaf914b04586c709a836e469fc44a6552aa9b
Instruction Fuzzy Hash: 8C31F1B1D012599BCB20CF9AC894A8EFFF5BF48710F14802AE919AB350D7B49945CFA0

Function 01753B41 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,00000000,?,00000001,?), ref: 0175FA84

Memory Dump Source

Source File: 00000003.00000002.4556708848.0000000001750000.00000040.00000800.00020000.00000000.sdmp, Offset: 01750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1750000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: b4991160d95f6345797d27528d8f3bb756a64b1f56d68bbffd27b9e04d043f74
Instruction ID: 90e75a544e185fda46c2120b86131be8da2acb244b929bbe03f9929452db6546
Opcode Fuzzy Hash: b4991160d95f6345797d27528d8f3bb756a64b1f56d68bbffd27b9e04d043f74
Instruction Fuzzy Hash: D7310DB0C00249CFDB10CF99C584A8EFFF5BB49300F28816AE909AB351C7B5A984CB95

Function 01753B08 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,00000000,?,00000001,?), ref: 0175FA84

Memory Dump Source

Source File: 00000003.00000002.4556708848.0000000001750000.00000040.00000800.00020000.00000000.sdmp, Offset: 01750000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1750000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 3602dbf76932f817219865a7b76ea443ee33be7b176ff3550db022cd4ccaf9ca
Instruction ID: 8c2a1f28ba7e77508112ee351f2ebc797a92b32191761a45e797a0f20caa6cc2
Opcode Fuzzy Hash: 3602dbf76932f817219865a7b76ea443ee33be7b176ff3550db022cd4ccaf9ca
Instruction Fuzzy Hash: 32310FB0D00249CFDB10CF99C584A8EFFF5BB49300F24816AE908AB341C7B5A984CB95

Function 0184A5F0 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0184A67F

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 81154703f76296dbc911373217e1b7d599472d07b2a40c155ecc4939e3d87f84
Instruction ID: e5098a5be1dceb72b0a412a3f0fbde55a4a81704391a91434a5c6764b7cb6677
Opcode Fuzzy Hash: 81154703f76296dbc911373217e1b7d599472d07b2a40c155ecc4939e3d87f84
Instruction Fuzzy Hash: 473129B690021C9FDB10CF9AD584AEEBFF5EB48320F14801AE955E7250D7749915CFA0

Function 01910006 Relevance: 1.6, APIs: 1, Instructions: 77libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01910081

Memory Dump Source

Source File: 00000003.00000002.4557411718.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1910000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f053d374513d5993ccac162a43109089f7eacd8646495e9fc2c154f4003060fd
Instruction ID: 2f429fe9c3dd78c416f2c6235d65b5377bdd02398b1dd5a127a1cdfbfa68734b
Opcode Fuzzy Hash: f053d374513d5993ccac162a43109089f7eacd8646495e9fc2c154f4003060fd
Instruction Fuzzy Hash: 2031E230909399DFDB16CF74C85469CBFB1FF06301F1985AEE040AB2A6C73A9885CB41

Function 0184A5F8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0184A67F

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: dfdb28281cf257c480d17909c29381bd4132835a810c5be8f3aba2d33632f029
Instruction ID: 9f400e680eeccfe553538fd454a6f7411be875d23a278883386b7c89b2852a7e
Opcode Fuzzy Hash: dfdb28281cf257c480d17909c29381bd4132835a810c5be8f3aba2d33632f029
Instruction Fuzzy Hash: 7C21E4B59002099FDB10CF9AD984ADEBFF8FB48320F14841AE918A7310D778A954CFA4

Function 01918E28 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 01918E8F

Memory Dump Source

Source File: 00000003.00000002.4557411718.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1910000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 585c34cc77f8c05edea0ab7575843917133e0e1de61d903855d046e3ae8ae93f
Instruction ID: d65aabf7d35f718b73a8f0f2c75edb2bd87eac2f1a16fd719ec9f2400473c24f
Opcode Fuzzy Hash: 585c34cc77f8c05edea0ab7575843917133e0e1de61d903855d046e3ae8ae93f
Instruction Fuzzy Hash: 4C1112B1C0065A9FDB10DF9AC444B9EFBF4AF48720F10852AE918A7240D7B8A954CFA1

Function 018436BC Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 018456B6

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 68a4849260b9aa8f8b26de8d2d29aed38d156f298d08bf5a6f5463d4c0a50dda
Instruction ID: 6e2682f71686b898843177228b73e676f1639be578ab1ee8d1a6320bf3cb84af
Opcode Fuzzy Hash: 68a4849260b9aa8f8b26de8d2d29aed38d156f298d08bf5a6f5463d4c0a50dda
Instruction Fuzzy Hash: DC11F0B58007498FDB10DF9AD444B9EFBF4AB88324F10841AD519B7210D779A645CFA5

Function 01845649 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 018456B6

Memory Dump Source

Source File: 00000003.00000002.4557152695.0000000001840000.00000040.00000800.00020000.00000000.sdmp, Offset: 01840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1840000_LisectAVT_2403002A_19.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 54c030469d8c474ec7ae6aee35687f9c60ff6e32c3417ebd5e1ad72fe147b203
Instruction ID: 87b848999e8282c73583240dedf2a7949581c5db9a59e2d7e41a6dabc7e62af3
Opcode Fuzzy Hash: 54c030469d8c474ec7ae6aee35687f9c60ff6e32c3417ebd5e1ad72fe147b203
Instruction Fuzzy Hash: E11120B58003498FDB10CF9AD444B8EBBF4AF89324F14845AC518A7210C778A545CFA0

Function 0145D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4555956479.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_145d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9c756fae2737d76dc2f8728de1388be151e6d8dadfdbca1abe6d50a71b4762d
Instruction ID: 013099d687a611495127bce5cf274a11f65170fdf3ff45bb36d84ed1f13ea015
Opcode Fuzzy Hash: d9c756fae2737d76dc2f8728de1388be151e6d8dadfdbca1abe6d50a71b4762d
Instruction Fuzzy Hash: CD21FFB5A04200EFDB55DF54D980B26BBA1EF84B18F20C56EDD0A4B367C37AD407CA61

Function 0145D005 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.4555956479.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_145d000_LisectAVT_2403002A_19.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fbb2030f5fa4ff83c00c9efe3b5548374fa57f8b7dca0b328f8d3aad0c9abe5
Instruction ID: d77e4c8fadef3cbb55321f8c18aae4c26aa4a89509f0d9925f380fdb846f8c80
Opcode Fuzzy Hash: 1fbb2030f5fa4ff83c00c9efe3b5548374fa57f8b7dca0b328f8d3aad0c9abe5
Instruction Fuzzy Hash: 642183B55083849FDB02CF64D994716BF71EF46614F28C5DAD8498F2A7C33AD806CB62

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report LisectAVT_2403002A_19.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\LisectAVT_2403002A_19.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

UDP Packets

DNS Queries

DNS Answers

Statistics

Windows Analysis Report
LisectAVT_2403002A_19.exe

Function 077C45A8 Relevance: 3.1, APIs: 2, Instructions: 100
memoryinjectionCOMMON

Function 070E2E88 Relevance: 3.1, Strings: 2, Instructions: 564
COMMON

Function 05B40CAC Relevance: 2.6, Strings: 2, Instructions: 86
COMMON

Function 077C482D Relevance: 1.7, APIs: 1, Instructions: 247
processCOMMON

Function 077C4838 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 0244D989 Relevance: 1.7, APIs: 1, Instructions: 203
COMMON

Function 0244FB84 Relevance: 1.6, APIs: 1, Instructions: 117
COMMON

Function 0244CC7C Relevance: 1.6, APIs: 1, Instructions: 116
COMMON

Function 077C45B0 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 077C4698 Relevance: 1.6, APIs: 1, Instructions: 67
COMMON

Function 077C4411 Relevance: 1.6, APIs: 1, Instructions: 67
threadCOMMON

Function 02447C3A Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 077C46A0 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Function 077C4418 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Function 02447C40 Relevance: 1.6, APIs: 1, Instructions: 62
COMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre