Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe
Analysis ID:	1495960
MD5:	0ec08a2bc3b47a8c5842e935131ce4f5
SHA1:	be973c704d95e582d3e630a74643ff959a6d448c
SHA256:	9d25b565f166c9adb610fd56fff3abc551330bb17bad085a61774033cde35d7a
Tags:	exe
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to get notified if a device is plugged in / out

Contains functionality to query locales information (e.g. system language)

Creates a DirectInput object (often for capturing keystrokes)

Detected potential crypto function

Found decision node followed by non-executed suspicious APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe (PID: 7784 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe" MD5: 0EC08A2BC3B47A8C5842E935131CE4F5)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

ReversingLabs: Detection: 52%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Code function: 0_2_00C8E870 BCryptGenRandom,

0_2_00C8E870

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_e1fcba78-b

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 183.61.168.1:443 -> 192.168.2.8:52567 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 183.61.168.1:443 -> 192.168.2.8:52570 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.8:52573 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.8:52576 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.8:52579 version: TLS 1.2

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Code function: 0_2_00EEA220 LoadCursorW,GetModuleHandleW,RegisterClassW,GetDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,ReleaseDC,AdjustWindowRect,GetModuleHandleW,CreateWindowExW,RegisterDeviceNotificationW,GetWindowLongW,AdjustWindowRect,SetWindowPos,ChangeDisplaySettingsW,SetWindowLongW,SetWindowLongW,SetWindowLongW,SetWindowPos,ShowWindow,DestroyIcon,DestroyWindow,GetModuleHandleW,UnregisterClassW,SetWindowLongW,

0_2_00EEA220

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00A427A0 FindFirstFileW,GetLastError,FindClose,		0_2_00A427A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F03A6C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,		0_2_00F03A6C

Source: Joe Sandbox View	IP Address: 172.65.251.78 172.65.251.78
Source: Joe Sandbox View	IP Address: 183.61.168.1 183.61.168.1

Source: Joe Sandbox View

JA3 fingerprint: bd0bf25947d4a37404f0424edf4db9ad

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: gitlab.com

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: https://curl.se/docs/hsts.html
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: https://curl.se/docs/hsts.html#
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266810766.00000000014BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/mauigraphics
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266810766.00000000014A7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266810766.0000000001466000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266810766.0000000001452000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/mauigraphics/uiexplorer/-/raw/main/database.db
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266810766.0000000001452000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/mauigraphics/uiexplorer/-/raw/main/database.db8bE
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266810766.0000000001466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gitlab.com/mauigraphics/uiexplorer/-/raw/main/database.dbBas
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: https://sectigo.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 52567 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52570 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52573
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52567
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52579
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52576
Source: unknown	Network traffic detected: HTTP traffic on port 52579 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52570
Source: unknown	Network traffic detected: HTTP traffic on port 52573 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52576 -> 443

Source: unknown	HTTPS traffic detected: 183.61.168.1:443 -> 192.168.2.8:52567 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 183.61.168.1:443 -> 192.168.2.8:52570 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.8:52573 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.8:52576 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.65.251.78:443 -> 192.168.2.8:52579 version: TLS 1.2

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Binary or memory string: DirectInput8Create

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00C8C280	0_2_00C8C280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC2020	0_2_00AC2020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AA6030	0_2_00AA6030
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC0000	0_2_00AC0000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AA2070	0_2_00AA2070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC7070	0_2_00AC7070
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F2114C	0_2_00F2114C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00B22140	0_2_00B22140
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00A49280	0_2_00A49280
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F452C4	0_2_00F452C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC6290	0_2_00AC6290
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00B222F0	0_2_00B222F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00ABF220	0_2_00ABF220
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC5210	0_2_00AC5210
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC8250	0_2_00AC8250
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F3735F	0_2_00F3735F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00D2B4D0	0_2_00D2B4D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AA34E0	0_2_00AA34E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00A8A4F0	0_2_00A8A4F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00DA84A0	0_2_00DA84A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00EED420	0_2_00EED420
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00EEF5E0	0_2_00EEF5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AAF5B0	0_2_00AAF5B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00DB05F0	0_2_00DB05F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F055BC	0_2_00F055BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00D38550	0_2_00D38550
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC26C0	0_2_00AC26C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F3A669	0_2_00F3A669
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC5670	0_2_00AC5670
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00C8B880	0_2_00C8B880
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00B23800	0_2_00B23800
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F30AF0	0_2_00F30AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC9BE0	0_2_00AC9BE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00A98BF0	0_2_00A98BF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00ABFB10	0_2_00ABFB10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00D2AC30	0_2_00D2AC30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00D2AE40	0_2_00D2AE40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F20E0A	0_2_00F20E0A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00C7FF10	0_2_00C7FF10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00AC8F50	0_2_00AC8F50

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00F497E0 appears 49 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00F229C9 appears 66 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00AB3160 appears 33 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00F18620 appears 54 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00A4D250 appears 33 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00A9F0E0 appears 31 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00AB31A0 appears 110 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00A54E30 appears 33 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00F1836D appears 78 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: String function: 00D3DF80 appears 609 times

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameABSync.exe@ vs SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Binary or memory string: OriginalFilenameABSync.exe@ vs SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal48.winEXE@1/1@1/3

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

File created: C:\Users\user\Desktop\-

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

File created: C:\Users\user\AppData\Local\Temp\TMP1EFC.tmp

Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

ReversingLabs: Detection: 52%

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: id-cmc-addExtensions
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: set-addPolicy
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: iphlpapi.dllif_nametoindexws2_32FreeAddrInfoExWGetAddrInfoExCancelGetAddrInfoExWkernel32LoadLibraryExW\/AddDllDirectoryh1h2h3%10s %512s %u %10s %512s %u "%64[^"]" %u %urt%s %s%s%s %u %s %s%s%s %u "%d%02d%02d %02d:%02d:%02d" %u %d
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: invalid end-of-address value
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: 01sH5FD_initF:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5FD.cvirtual file driver '%s' did not terminate cleanlyH5FD__free_clsH5FDregisternull class pointer is disallowedwrong file driver version #'open' and/or 'close' methods are not defined'get_eoa' and/or 'set_eoa' methods are not defined'get_eof' method is not defined'read' and/or 'write' method is not definedinvalid free-list mappingunable to register file driver IDmemory allocation failed for file driver class structH5FD_registerH5FD_get_classcan't get driver ID & infonot a driver id or file access property listdriver sb_encode request failedH5FD_sb_encodedriver sb_decode request failedH5FD__sb_decodeNCSAfamifamily driver should be usedH5FD_sb_loadNCSAmultmulti driver should be usedunable to decode driver informationH5FD_free_driver_infodriver free request failedH5FDopenzero format address rangeH5FD_openinvalid driver ID in file access property listfile driver has no `open' methodcan't query VFD flagsfile image set, but not supported.open failedunable to query file driverunable to get file serial numberH5FDclosefile pointer cannot be NULLfile class pointer cannot be NULLcan't close driver IDH5FD_closeclose failedH5FDcmpH5FDqueryflags parameter cannot be NULLunable to query feature flagsH5FD__queryH5FDallocinvalid request typezero-size requestnot a data transfer property listunable to allocate file memoryH5FDfreefile deallocation request failedH5FDget_eoafile get eoa request failedH5FDset_eoainvalid end-of-address valuefile set eoa request failedH5FDget_eoffile get eof request faileddriver get type map failedH5FD_get_fs_type_mapH5FDreadresult buffer parameter can't be NULLfile read request failedH5FDwritefile write request failedH5FDflushfile flush request faileddriver flush request failedH5FD_flushH5FDtruncatedriver truncate request failedH5FD_truncateH5FDlockfile lock request faileddriver lock request failedH5FD_lockH5FDunlockfile unlock request faileddriver unlock request failedH5FD_unlockH5FDctlVFD ctl request failedH5FD_ctlVFD ctl request failed (no ctl callback and fail if unknown flag is set)H5FDget_vfd_handlefapl_id parameter is not a file access property listfile handle parameter cannot be NULLcan't get file handle for file driverfile driver has no `get_vfd_handle' methodH5FD_get_vfd_handleH5FDdeleteH5FL_blk_node_tH5FL_fac_gc_node_tH5FL_fac_head_tgarbage collection failed during allocationH5FL__mallocF:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5FL.cmemory allocation failed for chunkH5FL__reg_initgarbage collection failed during freeH5FL_reg_freecan't initialize 'regular' blocksH5FL_reg_mallocH5FL_reg_callocmemory allocation failed for chunk infoH5FL__blk_create_listH5FL__blk_initcan't initialize 'block' listH5FL_blk_mallocH5FL_blk_calloccouldn't create new list nodeH5FL_blk_freememory allocation failed for blockH5FL_blk_reallocH5FL__arr_initH5FL_arr_freecan't initialize 'array' blocksH5FL_arr_mallocH5FL_arr_callocmemory alloca
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: unable to set end-of-address marker for file
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: superblock extension not permitted with version %u of superblockH5F__super_ext_createF:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5Fsuper.csuperblock extension already exists?!?!unable to create superblock extensionunable to open superblock extensionH5F__super_ext_openunable to increment hard link countH5F__super_ext_closeunable to decrement refcount on superblock extensionunable to close superblock extensionH5F__update_super_ext_driver_msgunable to update driver info header messageunable to locate file signatureH5F__super_readfile signature not foundfailed to set base address for file driverunable to get rank for btree internal nodesunable to load superblocksuperblock version for SWMR is less than 3superblock version exceeds high boundunable to pin superblockunable to set superblock versionunable to set byte number in an addressunable to set byte number for object sizeunable to set rank for symbol table leaf nodesunable to set rank for btree internal nodesunable to set userblock sizecan't get skip EOF check valuetruncated file: eof = %llu, sblock->base_addr = %llu, stored_eof = %lluunable to load driver info blockunable to release driver info blockunable to set end-of-address marker for fileinvalid superblock - extension message should not be defined for version < 2unable to open file's superblock extensiondriver info message not presentunable to read SOHM table informationv1 B-tree 'K' info message not presentunable to message flags for free-space manager info messagecan't get clearance for persisting fsm addrunable to get free-space manager info messageFile space info message's version out of boundsunable to set file space strategyunable to set file space page sizeerror in writing fsinfo message to superblock extensionunable to get metadata cache image messagecall to H5AC_load_cache_image_on_next_protect failedunable to close file's superblock extensionerror in writing message to superblock extensionfailed to set paged_aggr status for file driverunable to close superblockunable to unpin driver infounable to expunge driver info blockunable to expunge superblockH5F__super_initsuperblock version out of boundsunable to get userblock sizeuserblock size must be > file object alignmentuserblock size must be an integral multiple of file object alignmentunable to set EOA value for userblockcan't add superblock to cachefile allocation failed for superblockunable to create SOHM tableunable to update v1 B-tree 'K' value header messagecan't set version of fsinfounable to update free-space info header messagecan't add driver info block to cacheH5F_eoa_dirtyunable to mark drvinfo as dirtyunable to mark drvinfo message as dirtyH5F_super_dirtyunable to retrieve superblock extension infoH5F__super_sizeH5F__super_ext_write_msgunable to create file's superblock extensionunable to check object header for message or message existsMessage should not existunable to create the message in object headerMessage should existunable to write the
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: can't re-add section to file free space
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: invalid mapping typeH5MF_init_merge_flagsF:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5MF.ccan't initialize free space infoH5MF__open_fstypeH5MF__create_fstypecan't initialize file free spaceH5MF__start_fstypecan't delete free space managerH5MF__delete_fstypecan't release free space infoH5MF__close_fstypecan't re-add section to file free spaceH5MF__add_secterror locating free space in fileH5MF__find_sectcan't free simple section nodeattempt to notify cache that ring is unsettled failedH5MF_allocerror locating a nodeallocation failed from paged aggregationallocation failed from aggr/vfdUnable to get eoaH5MF__alloc_pagefscan't allocate file spacecan't initialize free space sectioncan't add new page to Page Buffer new page listcan't allocate file space: unrecognized typecan't free section nodeH5MF_alloc_tmpH5MF_xfreeattempting to free temporary file spacecan't check free space intersection w/metadata accumulatorcan't check for absorbing blockcan't add section to file free spacecan't merge section to file free spaceH5MF_try_extenderror extending fileerror extending aggregation blockerror extending block in free space managerH5MF_try_shrinkcan't check if section can shrink containercan't shrink containercan't close free-space managers for 'page' file spaceH5MF_closecan't close free-space managers for 'aggr' file spacecan't close the free space managerH5MF__close_delete_fstypecan't delete the free space managerH5MF_try_closecan't free aggregatorsH5MF__close_aggrfscan't shrink eoacan't close free space managerH5MF__close_pagefscan't check for shrinking eoaH5MF__close_shrink_eoaH5MF_get_freespacecan't query metadata aggregator statscan't query small data aggregator statscan't query free space statscan't query free space metadata statscan't close file free spacecan't open the free space managerH5MF_get_free_sectionscan't get section info for the free space managerH5MF__get_free_sectscan't iterate over sectionsH5MF_settle_raw_data_fsmcan't initialize file free space managercan't get free-space infocan't release free-space headerscan't allocated free-space headercan't allocate free-space section infocan't close file free space managerH5MF_settle_meta_data_fsmcan't vfd allocate sm hdr FSM file spacecan't vfd allocate sm sinfo FSM file spacecan't vfd allocate lg hdr FSM file spacecan't vfd allocate lg sinfo FSM file space
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: can't re-add single section to free space manager
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: can't re-add indirect section to free space manager
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: can't re-add second row section to free space
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	String found in binary or memory: H5HF_free_section_tH5FS__sect_init_clsF:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5HFsection.cH5FS__sect_term_clsH5FS__sect_node_newH5HF__sect_node_freememory allocation failed for single sectionH5HF__sect_single_newH5HF__sect_single_locate_parentcan't get section's parent infoH5HF__sect_single_revivecan't free single section nodeH5HF__sect_single_reducecan't re-add single section to free space managerH5HF__sect_single_full_dblockcan't convert single section into row sectioncan't release direct blockcan't update section infocan't check/convert single sectionH5HF__sect_single_addallocation failed for direct block free list sectionH5HF__sect_single_deserializeH5HF__sect_single_mergeH5HF__sect_single_shrinkH5HF__sect_single_freememory allocation failed for row sectionH5HF__sect_row_createserializing row section not supported yetH5HF__sect_row_from_singleH5HF__sect_row_revivecan't reduce underlying sectionH5HF__sect_row_reducecan't free row section nodecan't re-add indirect section to free space managercan't set row section to be first rowH5HF__sect_row_firstH5HF__sect_row_parent_removedcan't initialize common section classH5HF__sect_row_init_clscan't terminate common section classH5HF__sect_row_term_clscan't serialize row section's underlying indirect sectionH5HF__sect_row_serializecan't deserialize row section's underlying indirect sectionH5HF__sect_row_deserializecan't shrink underlying indirect sectionH5HF__sect_row_mergecan't merge underlying indirect sectionsH5HF__sect_row_shrinkcan't detach section nodeH5HF__sect_row_freeRow:Column:Number of entries:Underlying indirect section:H5HF__sect_indirect_init_clsH5HF__sect_indirect_term_clsmemory allocation failed for indirect sectionH5HF__sect_indirect_newcan't create indirect sectionH5HF__sect_indirect_for_rowallocation failed for row section pointer arraycan't free indirect section nodeH5HF__sect_indirect_init_rowsallocation failed for indirect section pointer arraycreation failed for child row sectioncan't add row section to free spaceunable to retrieve child indirect block's addresscan't initialize indirect sectionH5HF__sect_indirect_addH5HF__sect_indirect_decrcan't decrement ref. count on parent indirect sectionH5HF__sect_indirect_revive_rowH5HF__sect_indirect_revivecan't reduce parent indirect sectionH5HF__sect_indirect_reduce_rowcan't make new 'first row' for indirect sectioncan't make new 'first row' for child indirect sectionH5HF__sect_indirect_reducecan't make new 'first row' for peer indirect sectioncan't decrement section's ref. count H5HF__sect_indirect_firstcan't set child indirect section to be first rowH5HF__sect_indirect_merge_rowcan't free row sectioncan't re-add second row section to free spacecan't create parent for full indirect sectioncan't get block entryH5HF__sect_indirect_build_parentH5HF__sect_indirect_shrinkcan't free child section nodecan't serialize indirect section's parent indirect sectionH5HF__sect_indirect_serializeH5HF__sect_indirect_dese

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Section loaded: schannel.dll	Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Static file information: File size 7528688 > 1048576

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x55ea00
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x114400

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Code function: 0_2_00C7D3A0 GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryExW,GetSystemDirectoryW,GetSystemDirectoryW,LoadLibraryW,

0_2_00C7D3A0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Code function: 0_2_00F1834A push ecx; ret

0_2_00F1835D

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_0-60883

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe TID: 7788

Thread sleep time: -40000s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00A427A0 FindFirstFileW,GetLastError,FindClose,		0_2_00A427A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F03A6C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,		0_2_00F03A6C

Source: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266810766.0000000001442000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Code function: 0_2_00F23F11 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00F23F11

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Code function: 0_2_00C7D3A0 GetModuleHandleW,GetProcAddress,LoadLibraryW,GetProcAddress,LoadLibraryExW,GetSystemDirectoryW,GetSystemDirectoryW,LoadLibraryW,

0_2_00C7D3A0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F1799F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00F1799F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: 0_2_00F23F11 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00F23F11

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: EnumSystemLocalesW,	0_2_00F4405D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: EnumSystemLocalesW,	0_2_00F3C22D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00F44464
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00F44640
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: GetLocaleInfoW,	0_2_00F3C7F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: GetLocaleInfoEx,	0_2_00F168E5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: GetLocaleInfoEx,FormatMessageA,	0_2_00F0083E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00F43CCB
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: EnumSystemLocalesW,	0_2_00F43FC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Code function: EnumSystemLocalesW,	0_2_00F43F77

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Queries volume information: C:\Users\user\Desktop\- VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	Queries volume information: C:\Users\user\Desktop\- VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Code function: 0_2_00F04404 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,

0_2_00F04404

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Code function: 0_2_00F34235 GetTimeZoneInformation,

0_2_00F34235

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Code function: 0_2_00F49C00 QueryPerformanceCounter,Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock,QueryPerformanceCounter,QueryPerformanceFrequency,GetVersion,

0_2_00F49C00

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	1 Input Capture	2 System Time Discovery	Remote Services	1 Input Capture	22 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Virtualization/Sandbox Evasion	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	1 Peripheral Device Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	23 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	53%	ReversingLabs	Win32.Trojan.Smokeloader

Source	Detection	Scanner	Label
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	0%	URL Reputation	safe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	0%	URL Reputation	safe
https://curl.se/docs/alt-svc.html#	0%	Avira URL Cloud	safe
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	0%	Avira URL Cloud	safe
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0	0%	Avira URL Cloud	safe
https://curl.se/docs/hsts.html	0%	Avira URL Cloud	safe
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	0%	Avira URL Cloud	safe
https://curl.se/docs/hsts.html#	0%	Avira URL Cloud	safe
https://gitlab.com/mauigraphics	0%	Avira URL Cloud	safe
https://curl.se/docs/http-cookies.html#	0%	Avira URL Cloud	safe
https://curl.se/docs/http-cookies.html	0%	Avira URL Cloud	safe
https://curl.se/docs/alt-svc.html	0%	Avira URL Cloud	safe
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
k256-all.gslb.ksyuncdn.com	183.61.168.1	true	false		unknown
gitlab.com	172.65.251.78	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://curl.se/docs/hsts.html	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown
https://curl.se/docs/alt-svc.html#	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown
https://sectigo.com/CPS0	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	URL Reputation: safe	unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	URL Reputation: safe	unknown
https://curl.se/docs/http-cookies.html	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown
https://gitlab.com/mauigraphics	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe, 00000000.00000002.3266810766.00000000014BE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://curl.se/docs/hsts.html#	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	URL Reputation: safe	unknown
https://curl.se/docs/http-cookies.html#	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	URL Reputation: safe	unknown
https://curl.se/docs/alt-svc.html	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.65.251.78	gitlab.com	United States		13335	CLOUDFLARENETUS	false
183.61.168.1	k256-all.gslb.ksyuncdn.com	China		134763	CT-DONGGUAN-IDCCHINANETGuangdongprovincenetworkCN	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1495960
Start date and time:	2024-08-20 18:28:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe
Detection:	MAL
Classification:	mal48.winEXE@1/1@1/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 57% Number of executed functions: 36 Number of non-executed functions: 172
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 23.212.89.111
Excluded domains from analysis (whitelisted): dlc-shim.trafficmanager.net, e12671.dscd.akamaiedge.net, ocsp.digicert.com, slscr.update.microsoft.com, download.microsoft.com.edgekey.net, main.dl.ms.akadns.net, download.microsoft.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.65.251.78	build_setup.exe	Get hash	malicious	Vidar	Browse	gitlab.com/greg201/ppi3/-/raw/main/Setup.exe?inline=false
183.61.168.1	http://www.bitdefenderlogin.com/	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.Siggen23.13161.15240.4676.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.Siggen23.13161.15240.4676.exe	Get hash	malicious	Poisonivy	Browse
	SecuriteInfo.com.Trojan.Siggen17.35688.9477.7627.exe	Get hash	malicious	Poisonivy	Browse
	SecuriteInfo.com.Trojan.Siggen23.5328.29386.24001.exe	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.Siggen23.5328.29386.24001.exe	Get hash	malicious	Unknown	Browse
	https://dbrg.wxsckjz.cn/sem/childbd/f17.html?TFT=8&sfrom=206&DTS=1&keyID=0851&bd_vid=11240621751133777397	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
gitlab.com	file.exe	Get hash	malicious	Unknown	Browse	172.65.251.78
	file.exe	Get hash	malicious	Unknown	Browse	172.65.251.78
	Doc1.docm	Get hash	malicious	Python Stealer	Browse	172.65.251.78
	check.bat	Get hash	malicious	Python Stealer	Browse	172.65.251.78
	66b09d7d34310_DefragManager.exe	Get hash	malicious	Unknown	Browse	172.65.251.78
	66b09d7d34310_DefragManager.exe	Get hash	malicious	Unknown	Browse	172.65.251.78
	LisectAVT_2403002A_328.exe	Get hash	malicious	Petite Virus	Browse	172.65.251.78
	LisectAVT_2403002A_328.exe	Get hash	malicious	Petite Virus	Browse	172.65.251.78
	design-kitchen-of-villa-d25.bat	Get hash	malicious	Braodo	Browse	172.65.251.78
k256-all.gslb.ksyuncdn.com	Microsoft_Office_Excel_Worksheet1.xlsx	Get hash	malicious	Unknown	Browse	175.6.254.70
	https://submit--for--review.vercel.app/	Get hash	malicious	Unknown	Browse	183.131.56.5
	https://axisbankbo.online-ap1.com/	Get hash	malicious	Unknown	Browse	118.112.233.1
	ins exec.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	163.177.116.4
	IncestAdaptedV1.exe	Get hash	malicious	RedLine	Browse	113.16.211.7
	http://www.schoolsfirstfcu.org/	Get hash	malicious	HTMLPhisher	Browse	183.61.168.1
	https://therupdatingsresrtiuujh-vercel-app.translate.goog/?b=Z2FicmllbGEuZGFtYWN1c0BiYnJhdW4uY29t&_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp	Get hash	malicious	Unknown	Browse	42.56.77.10
	http://crackdownloadz.com	Get hash	malicious	Unknown	Browse	113.16.211.7
	http://pancakeu.top/	Get hash	malicious	Unknown	Browse	124.225.141.1
	http://help-mettaemask-org.gitbook.io/	Get hash	malicious	Unknown	Browse	125.39.194.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://teamsportalmst365.ubpages.com/teams-2051/	Get hash	malicious	Unknown	Browse	172.64.146.119
	ExeFile (308).exe	Get hash	malicious	Unknown	Browse	162.159.129.233
	SecuriteInfo.com.Win32.MalwareX-gen.13009.27381.exe	Get hash	malicious	XWorm	Browse	104.28.226.134
	SecuriteInfo.com.Win64.Malware-gen.14072.1224.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, MicroClip	Browse	104.21.42.119
	SecuriteInfo.com.Win64.Malware-gen.11552.16589.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	172.67.178.83
	ExeFile (331).exe	Get hash	malicious	Unknown	Browse	172.67.132.113
	Payment Ref_29199_118001.html	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	104.26.0.100
	(No subject) (53).eml	Get hash	malicious	Unknown	Browse	104.18.11.207
	https://esrour.geoffice.cloud/	Get hash	malicious	HTMLPhisher	Browse	104.18.16.168
CT-DONGGUAN-IDCCHINANETGuangdongprovincenetworkCN	KLL.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL_1.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL_1.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	KLL.exe	Get hash	malicious	Unknown	Browse	183.60.146.66
	SecuriteInfo.com.not-a-virus.HEUR.Downloader.Win32.Duba.gen.28830.27730.exe	Get hash	malicious	Unknown	Browse	183.61.243.1
	lets-test.msi	Get hash	malicious	Unknown	Browse	183.60.146.66

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bd0bf25947d4a37404f0424edf4db9ad	file.exe	Get hash	malicious	Unknown	Browse	183.61.168.1 172.65.251.78
	file.exe	Get hash	malicious	Unknown	Browse	183.61.168.1 172.65.251.78
	IDM_ACT.exe	Get hash	malicious	Fredy Stealer	Browse	183.61.168.1 172.65.251.78
	IDM_ACT.exe	Get hash	malicious	Fredy Stealer	Browse	183.61.168.1 172.65.251.78
	gutpOKDunr.exe	Get hash	malicious	Xmrig	Browse	183.61.168.1 172.65.251.78
	idman642build18Full.exe	Get hash	malicious	Fredy Stealer	Browse	183.61.168.1 172.65.251.78
	idman642build18Full.exe	Get hash	malicious	Fredy Stealer	Browse	183.61.168.1 172.65.251.78
	IObit Advanced System Care Pro.exe	Get hash	malicious	Fredy Stealer	Browse	183.61.168.1 172.65.251.78
	IObit Advanced System Care Pro.exe	Get hash	malicious	Fredy Stealer	Browse	183.61.168.1 172.65.251.78

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe
File Type:	Hierarchical Data Format (version 5) data
Category:	dropped
Size (bytes):	2576
Entropy (8bit):	3.2608438684420045
Encrypted:	false
SSDEEP:	24:mQAFCd5cSwmqFg4oRA/BXQ1sm1tPAX+2RPehR8tRrhjF:mQMC3c5WR7ipHRGhq
MD5:	8038BE8EA601C6C68A3F4DE45B401B2B
SHA1:	520BF3007ED8B1C10B1DD6451F7A4A332320B0D3
SHA-256:	A04C4AC856CF34B1B5EA23BC93A6ACFE7C808247ACCFD38E375FE580D810CCA9
SHA-512:	648C4D8286CFBE6FD4EFD38C6481B149D8B814659771D6AF7280FD6418C33275B8C7E9BB4F2A3D09599D40ADBB36A2BC5DAB724D20C6B5F4EAD434C9E54F8053
Malicious:	false
Reputation:	low
Preview:	.HDF................................0.........AOHDR. ...f...f...f...f.."..............................................X.......<........;...........name.....!.......HDF5 MotherNode...................<...........label.....!.......Root Node of HDF5 File........................type.............MT...j..cOHDR.!...f...f...f...f........................................................IEEE_LITTLE_32...........................................................................................................................................................................................................w...OCHK............A...................... format-.............OHDR.!...f...f...f...f!.........!.......!..............................%....!.HDF5 Version 1.14.2........................................................................................................................................................................................................................ .t.OCHK............G......

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.796274002164867
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe
File size:	7'528'688 bytes
MD5:	0ec08a2bc3b47a8c5842e935131ce4f5
SHA1:	be973c704d95e582d3e630a74643ff959a6d448c
SHA256:	9d25b565f166c9adb610fd56fff3abc551330bb17bad085a61774033cde35d7a
SHA512:	fb139abba85d424a61a7e9bab47bde4b2b95b8f55d71b82a7901c62862dec2486a363c785f9f8e805bb113a3e4a66461e31f35581a012cdbbce12f7aad5991a0
SSDEEP:	98304:ckCxMngM6GF8JRDlCtDmqVesyX5qt+ckz/26WV1IZ:SxMW9JECnfck9k1IZ
TLSH:	D6768C79EA4140E2E8C28439106EA776FE3A6E024714C4D3D994F9AD4CB48D77B3EF49
File Content Preview:	MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......W;.Z.Zy..Zy..Zy.X"z..Zy.X"\|..Zy.X"}.2Zy......Zy...z..Zy...}..Zy...\|.sZy...\|..Zy..Zy..Zy...\|..Zy...}..^y...}.%Zy.X"x..Zy..Zx.g[y

File Icon


Icon Hash:	cb81b9b4a6a4382f

Static PE Info

General

Entrypoint:	0x927489
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66BA37AE [Mon Aug 12 16:26:22 2024 UTC]
TLS Callbacks:	0x926e21
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	30af0fe2c05b84c5732b235ff670af9b

Authenticode Signature

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Entrypoint Preview

Instruction
call 00007F1040B65969h
jmp 00007F1040B645BFh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
cmp cl, 00000040h
jnc 00007F1040B64757h
cmp cl, 00000020h
jnc 00007F1040B64748h
shld edx, eax, cl
shl eax, cl
ret
mov edx, eax
xor eax, eax
and cl, 0000001Fh
shl edx, cl
ret
xor eax, eax
xor edx, edx
ret
int3
cmp cl, 00000040h
jnc 00007F1040B64757h
cmp cl, 00000020h
jnc 00007F1040B64748h
shrd eax, edx, cl
shr edx, cl
ret
mov eax, edx
xor edx, edx
and cl, 0000001Fh
shr eax, cl
ret
xor eax, eax
xor edx, edx
ret
push ebp
mov ebp, esp
and dword ptr [00AAA860h], 00000000h
sub esp, 28h
or dword ptr [00A7B618h], 01h
push 0000000Ah
call dword ptr [00960318h]
test eax, eax
je 00007F1040B64A4Bh
push ebx
push esi
push edi
xor eax, eax
lea edi, dword ptr [ebp-28h]
xor ecx, ecx
push ebx
cpuid
mov esi, ebx
pop ebx
nop
mov dword ptr [edi], eax
mov dword ptr [edi+04h], esi
mov dword ptr [edi+08h], ecx
xor ecx, ecx
mov dword ptr [edi+0Ch], edx
mov eax, dword ptr [ebp-28h]
mov edi, dword ptr [ebp-24h]
mov dword ptr [ebp-04h], eax
xor edi, 756E6547h
mov eax, dword ptr [ebp-1Ch]
xor eax, 49656E69h
mov dword ptr [ebp-18h], eax
mov eax, dword ptr [ebp-20h]
xor eax, 6C65746Eh
mov dword ptr [ebp-14h], eax
xor eax, eax
inc eax
push ebx
cpuid
mov esi, ebx
pop ebx
nop

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x672620	0xf0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6ad000	0x4edf9	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x728600	0x5cf0	.reloc
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6fc000	0x5d750	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x669940	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x669820	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x560000	0x52c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x55e99a	0x55ea00	0bfb24b3b5fbd5bdddd101d67ce63cd2	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x560000	0x11428c	0x114400	1283d3c84d85ee66fc26988305f445d8	False	0.3624381363122172	data	5.793122550130226	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x675000	0x370e0	0x8c00	3386ec2a7d9091e8a7b7aa415f5f6b74	False	0.3648158482142857	data	4.9557492776365715	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x6ad000	0x4edf9	0x4ee00	469fbf290f6fc02d350e3bdbd3e3e209	False	0.07877191461965134	data	4.511549360456958	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x6fc000	0x5d750	0x5d800	1c83775a1546f27a812800199519958b	False	0.4955663018048128	data	6.812696544339957	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x6ad5b0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Chinese	China	0.26705756929637525
RT_ICON	0x6ae458	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Chinese	China	0.30866425992779783
RT_ICON	0x6aed00	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Chinese	China	0.353110599078341
RT_ICON	0x6af3c8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Chinese	China	0.30346820809248554
RT_ICON	0x6af930	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 270336	Chinese	China	0.04025135367044412
RT_ICON	0x6f1958	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	Chinese	China	0.2524896265560166
RT_ICON	0x6f3f00	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	Chinese	China	0.27650093808630394
RT_ICON	0x6f4fa8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	Chinese	China	0.4627049180327869
RT_ICON	0x6f5930	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	Chinese	China	0.5913120567375887
RT_ICON	0x6f5d98	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	Chinese	China	0.14650537634408603
RT_ICON	0x6f6080	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	Chinese	China	0.30405405405405406
RT_ICON	0x6f61a8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Chinese	China	0.3070362473347548
RT_ICON	0x6f7050	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Chinese	China	0.4842057761732852
RT_ICON	0x6f78f8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Chinese	China	0.3670520231213873
RT_ICON	0x6f7e60	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Chinese	China	0.1087136929460581
RT_ICON	0x6fa408	0xca8	Device independent bitmap graphic, 32 x 64 x 24, image size 3072	Chinese	China	0.2598765432098765
RT_ICON	0x6fb0b0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Chinese	China	0.3599290780141844
RT_MENU	0x6fb518	0x4a	data	Chinese	China	0.8648648648648649
RT_MENU	0x6fb564	0x4a	data	Chinese	China	0.8648648648648649
RT_DIALOG	0x6fb5b0	0xee	data	Chinese	China	0.7058823529411765
RT_STRING	0x6fb6a0	0x6c	data	Chinese	China	0.5185185185185185
RT_ACCELERATOR	0x6fb70c	0x10	data	Chinese	China	1.25
RT_GROUP_ICON	0x6fb71c	0x84	data	Chinese	China	0.6590909090909091
RT_GROUP_ICON	0x6fb7a0	0x76	data	Chinese	China	0.6694915254237288
RT_VERSION	0x6fb818	0x464	data	Chinese	China	0.4101423487544484
RT_MANIFEST	0x6fbc7c	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
KERNEL32.dll	QueueUserAPC, SetEvent, GlobalAlloc, CloseHandle, LocalFree, DeleteCriticalSection, WideCharToMultiByte, lstrcpyW, SleepEx, GetTempFileNameW, FormatMessageA, TerminateThread, CreateIoCompletionPort, WriteConsoleW, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, SetEnvironmentVariableW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetTimeFormatW, GetDateFormatW, HeapFree, HeapAlloc, HeapSize, HeapReAlloc, GetLastError, FormatMessageW, Sleep, CreateEventW, PostQueuedCompletionStatus, WaitForSingleObject, FindClose, GetTempPathW, GetEnvironmentVariableW, GetQueuedCompletionStatus, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, WaitForMultipleObjects, CreateWaitableTimerW, lstrlenW, EnterCriticalSection, SetLastError, SetWaitableTimer, FindFirstFileW, CreateDirectoryW, GetModuleFileNameW, GetTimeZoneInformation, DeleteFileW, GetFileAttributesW, CreateFile2, MultiByteToWideChar, IsValidCodePage, GetACP, GetOEMCP, CreateFileA, CreateFileW, GetFileAttributesA, GetFileInformationByHandle, GetFileType, GetFullPathNameW, ReadFile, WriteFile, PeekNamedPipe, GetExitCodeProcess, GetStdHandle, SearchPathA, DuplicateHandle, SetHandleInformation, CreatePipe, GetCurrentProcess, CreateProcessA, OpenProcess, GetProcAddress, LoadLibraryA, InitializeSRWLock, ReleaseSRWLockExclusive, ReleaseSRWLockShared, AcquireSRWLockExclusive, AcquireSRWLockShared, GetCurrentThreadId, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleExW, GetModuleHandleW, InitializeCriticalSection, ReleaseSemaphore, GetExitCodeThread, CreateSemaphoreA, VirtualFree, GetCurrentProcessId, GetSystemTimeAsFileTime, GetSystemTime, SystemTimeToFileTime, GetSystemDirectoryA, FreeLibrary, LoadLibraryW, FindNextFileW, GetConsoleMode, SetConsoleMode, ReadConsoleA, ReadConsoleW, QueryPerformanceCounter, GetTickCount, InitializeCriticalSectionEx, QueryPerformanceFrequency, GetSystemDirectoryW, GetModuleHandleA, MoveFileExW, WaitForSingleObjectEx, GetEnvironmentVariableA, VerSetConditionMask, VerifyVersionInfoW, GetFileSizeEx, SetEndOfFile, SetFilePointer, LoadLibraryExA, ExpandEnvironmentStringsA, LockFileEx, UnlockFileEx, GetProcessTimes, FindFirstFileA, FindNextFileA, RaiseException, GetLocaleInfoEx, GetStringTypeW, GetCurrentDirectoryW, FindFirstFileExW, GetFileAttributesExW, AreFileApisANSI, GetFileInformationByHandleEx, EncodePointer, DecodePointer, LCMapStringEx, TryAcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, CompareStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsDebuggerPresent, GetStartupInfoW, InitializeSListHead, RtlUnwind, LoadLibraryExW, ExitProcess, CreateThread, ExitThread, FreeLibraryAndExitThread, SetConsoleCtrlHandler, SetStdHandle, SetFilePointerEx, GetDriveTypeW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, FlushFileBuffers, GetConsoleOutputCP, GetVersion
USER32.dll	GetSystemMetrics, GetCursorPos, MessageBoxA, ChangeDisplaySettingsW, DestroyIcon, CreateIcon, LoadCursorW, GetWindowThreadProcessId, SetWindowLongW, GetWindowLongW, GetProcessWindowStation, GetUserObjectInformationW, MessageBoxW, EnumDisplaySettingsW, CreateWindowExA, DestroyWindow, ShowWindow, GetDC, ReleaseDC, TrackMouseEvent, TranslateMessage, DispatchMessageW, PeekMessageW, SendMessageW, RegisterDeviceNotificationW, DefWindowProcW, CallWindowProcW, RegisterClassW, UnregisterClassW, CreateWindowExW, FlashWindowEx, SetWindowPos, GetKeyState, MapVirtualKeyW, GetCapture, SetCapture, ReleaseCapture, GetForegroundWindow, SetForegroundWindow, SetWindowTextW, GetClientRect, GetWindowRect, AdjustWindowRect, SetCursor, ScreenToClient, MapWindowPoints, ClipCursor
SHELL32.dll	ShellExecuteW
WS2_32.dll	WSAWaitForMultipleEvents, getpeername, shutdown, socket, setsockopt, listen, connect, closesocket, bind, accept, send, recv, WSASetLastError, getservbyname, getservbyport, gethostbyaddr, inet_ntoa, WSAResetEvent, htons, htonl, WSAGetLastError, gethostbyname, select, ntohs, getsockopt, getsockname, ioctlsocket, WSACleanup, WSAStartup, inet_pton, inet_ntop, WSAEventSelect, WSAIoctl, __WSAFDIsSet, getaddrinfo, freeaddrinfo, gethostname, WSAEnumNetworkEvents, WSACreateEvent, WSACloseEvent, sendto, inet_addr, recvfrom
bcrypt.dll	BCryptGenRandom
SHLWAPI.dll	PathFileExistsW
CRYPT32.dll	CertCloseStore, CertEnumCertificatesInStore, CertFindCertificateInStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertGetCertificateContextProperty, CertOpenSystemStoreW, CryptStringToBinaryW, CertOpenStore, PFXImportCertStore, CryptDecodeObjectEx, CertAddCertificateContextToStore, CertFindExtension, CertGetNameStringW, CryptQueryObject, CertCreateCertificateChainEngine, CertFreeCertificateChainEngine, CertGetCertificateChain, CertFreeCertificateChain
WINMM.dll	timeGetDevCaps, timeBeginPeriod, timeEndPeriod, joyGetPosEx, joyGetDevCapsW
GDI32.dll	ChoosePixelFormat, GetPixelFormat, SetPixelFormat, SwapBuffers, GetDeviceCaps, DescribePixelFormat
ADVAPI32.dll	CryptGenRandom, CryptDestroyHash, CryptSignHashW, CryptEnumProvidersW, CryptGetHashParam, CryptHashData, CryptImportKey, CryptEncrypt, RegCloseKey, RegOpenKeyExW, RegQueryValueExW, CryptDecrypt, CryptExportKey, CryptGetUserKey, CryptGetProvParam, CryptSetHashParam, CryptDestroyKey, CryptAcquireContextW, ReportEventW, RegisterEventSourceW, CryptReleaseContext, CryptCreateHash, DeregisterEventSource
OPENGL32.dll	wglShareLists, wglCreateContext, wglDeleteContext, wglGetProcAddress, wglMakeCurrent

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 20, 2024 18:31:05.240339041 CEST	52567	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:05.240375996 CEST	443	52567	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:05.240468025 CEST	52567	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:05.241585016 CEST	52567	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:05.241595030 CEST	443	52567	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:06.830235958 CEST	443	52567	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:06.830514908 CEST	52567	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:06.832061052 CEST	52567	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:06.832071066 CEST	443	52567	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:06.832222939 CEST	52567	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:06.832266092 CEST	443	52567	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:06.832350016 CEST	52567	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:26.840771914 CEST	52570	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:26.840812922 CEST	443	52570	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:26.840912104 CEST	52570	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:26.841398954 CEST	52570	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:26.841411114 CEST	443	52570	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:28.369535923 CEST	443	52570	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:28.369606018 CEST	52570	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:28.372571945 CEST	52570	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:28.372597933 CEST	443	52570	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:28.372742891 CEST	443	52570	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:28.372792006 CEST	52570	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:28.372914076 CEST	52570	443	192.168.2.8	183.61.168.1
Aug 20, 2024 18:31:28.372936964 CEST	443	52570	183.61.168.1	192.168.2.8
Aug 20, 2024 18:31:48.397428036 CEST	52573	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:31:48.397473097 CEST	443	52573	172.65.251.78	192.168.2.8
Aug 20, 2024 18:31:48.397552013 CEST	52573	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:31:48.398082972 CEST	52573	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:31:48.398097992 CEST	443	52573	172.65.251.78	192.168.2.8
Aug 20, 2024 18:31:48.900367975 CEST	443	52573	172.65.251.78	192.168.2.8
Aug 20, 2024 18:31:48.900438070 CEST	52573	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:31:48.901977062 CEST	52573	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:31:48.901987076 CEST	443	52573	172.65.251.78	192.168.2.8
Aug 20, 2024 18:31:48.902106047 CEST	443	52573	172.65.251.78	192.168.2.8
Aug 20, 2024 18:31:48.902148962 CEST	52573	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:31:48.906451941 CEST	52573	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:31:48.906469107 CEST	443	52573	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:08.918438911 CEST	52576	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:08.918479919 CEST	443	52576	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:08.918560028 CEST	52576	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:08.919065952 CEST	52576	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:08.919089079 CEST	443	52576	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:09.392185926 CEST	443	52576	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:09.392307997 CEST	52576	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:09.393610954 CEST	52576	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:09.393635035 CEST	443	52576	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:09.393717051 CEST	52576	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:09.393791914 CEST	443	52576	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:09.393837929 CEST	52576	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:29.405044079 CEST	52579	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:29.405082941 CEST	443	52579	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:29.405134916 CEST	52579	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:29.405656099 CEST	52579	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:29.405666113 CEST	443	52579	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:29.871552944 CEST	443	52579	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:29.871668100 CEST	52579	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:29.873059988 CEST	52579	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:29.873069048 CEST	443	52579	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:29.873166084 CEST	52579	443	192.168.2.8	172.65.251.78
Aug 20, 2024 18:32:29.873228073 CEST	443	52579	172.65.251.78	192.168.2.8
Aug 20, 2024 18:32:29.873285055 CEST	52579	443	192.168.2.8	172.65.251.78

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 20, 2024 18:29:50.095668077 CEST	53	58132	1.1.1.1	192.168.2.8
Aug 20, 2024 18:31:48.388966084 CEST	52779	53	192.168.2.8	1.1.1.1
Aug 20, 2024 18:31:48.396553040 CEST	53	52779	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 20, 2024 18:31:48.388966084 CEST	192.168.2.8	1.1.1.1	0xc67c	Standard query (0)	gitlab.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	download.microsoft.com-1.download.ks-cdn.com	k256-all.gslb.ksyuncdn.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		183.61.168.1	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		118.112.233.1	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		183.131.56.5	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		113.16.211.7	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		125.39.194.1	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		183.61.243.1	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		42.56.77.10	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		124.225.141.1	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		163.177.116.4	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:05.238713026 CEST	1.1.1.1	192.168.2.8	0xc1f2	No error (0)	k256-all.gslb.ksyuncdn.com		175.6.254.70	A (IP address)	IN (0x0001)	false
Aug 20, 2024 18:31:48.396553040 CEST	1.1.1.1	192.168.2.8	0xc67c	No error (0)	gitlab.com		172.65.251.78	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	12:29:30
Start date:	20/08/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe"
Imagebase:	0x9f0000
File size:	7'528'688 bytes
MD5 hash:	0EC08A2BC3B47A8C5842E935131CE4F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.1%
Total number of Nodes:	1382
Total number of Limit Nodes:	21

Executed Functions

Function 00C7D3A0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 150
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32,?,?,secur32.dll,00CAF34D,secur32.dll,00000004,00000000,00000000,00000002,00000002,00C7D576), ref: 00C7D3AA
GetProcAddress.KERNEL32(00000000,LoadLibraryExW), ref: 00C7D3C2

Strings

LoadLibraryExW, xrefs: 00C7D3BC
kernel32, xrefs: 00C7D3A3
secur32.dll, xrefs: 00C7D3A0
AddDllDirectory, xrefs: 00C7D406

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: AddDllDirectory$LoadLibraryExW$kernel32$secur32.dll
API String ID: 1646373207-1372597434
Opcode ID: 6fc107105040e3d3c2281702bfc1117d55ec21775efbdd2eb166ff0cd79aea6d
Instruction ID: 5d9640a7565b190e27d2c3a49ec1b5ce73ca5e22acf58fde7105e4cb6cf357d3
Opcode Fuzzy Hash: 6fc107105040e3d3c2281702bfc1117d55ec21775efbdd2eb166ff0cd79aea6d
Instruction Fuzzy Hash: F6414A7A30030557DB242B68EC45B7A7365EFC0767F28843EFE1796280EF76E9059261

Function 00C8C280 Relevance: 12.3, APIs: 8, Instructions: 262
networksleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASetLastError.WS2_32(00002726,00000000), ref: 00C8C2EB
WSASetLastError.WS2_32(00002726,?,?,0000000A,00000000), ref: 00C8C464
select.WS2_32(?,?,?,?,00000000), ref: 00C8C4DC
WSAGetLastError.WS2_32(0000000A,00000000), ref: 00C8C4ED
__WSAFDIsSet.WS2_32(?,?), ref: 00C8C529
__WSAFDIsSet.WS2_32(?,?), ref: 00C8C55F
__WSAFDIsSet.WS2_32(?,?), ref: 00C8C57D
Sleep.KERNEL32(FFFFFFFE), ref: 00C8C5D6

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$Sleepselect
String ID:
API String ID: 2806104629-0
Opcode ID: 533ac27fc583f52daf54543fd021b8628bed1bf5e529e8675d18538891682ddb
Instruction ID: 9a9ec5f99a039d39551efdc688afe3cfbc943fb654165696424b7f9142b6253f
Opcode Fuzzy Hash: 533ac27fc583f52daf54543fd021b8628bed1bf5e529e8675d18538891682ddb
Instruction Fuzzy Hash: 4491A4705083018BDB35EF28D8D46AEB2E5EFC8318F55492DE9A9C3190E734DA81D769

Function 00F34235 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00F3BE9C: RtlFreeHeap.NTDLL(00000000,00000000,?,00F42D07,?,00000000,?,?,00F42FA8,?,00000007,?,?,00F4344E,?,?), ref: 00F3BEB2
Part of subcall function 00F3BE9C: GetLastError.KERNEL32(?,?,00F42D07,?,00000000,?,?,00F42FA8,?,00000007,?,?,00F4344E,?,?), ref: 00F3BEBD

GetTimeZoneInformation.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00F343E8,00000000,00000000,00000000), ref: 00F342A7

Strings

Eastern Standard Time, xrefs: 00F34340
Eastern Summer Time, xrefs: 00F34354

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3335090040-239921721
Opcode ID: 34d7375f019d03dddf14c0a03d71ac9408929da8657209922b6a52861d77241e
Instruction ID: 420379956e9c434ac0d6b043e776ebfbe7d505ea17a1d940066abd3d529524e6
Opcode Fuzzy Hash: 34d7375f019d03dddf14c0a03d71ac9408929da8657209922b6a52861d77241e
Instruction Fuzzy Hash: B041D4B1D01225EBCB20FF65DC0699E7B78EF05370F104166F450A71A5EB39AD41EB90

Function 00C7D510 Relevance: 43.9, APIs: 16, Strings: 9, Instructions: 190
libraryloadernetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32(00000202,?), ref: 00C7D538
WSACleanup.WS2_32 ref: 00C7D551
GetModuleHandleW.KERNEL32(kernel32,?,00000000), ref: 00C7D588
GetProcAddress.KERNEL32(00000000,LoadLibraryExW), ref: 00C7D5AC
LoadLibraryW.KERNEL32(iphlpapi.dll), ref: 00C7D5E1
GetProcAddress.KERNEL32(00000000,AddDllDirectory), ref: 00C7D5F8
LoadLibraryExW.KERNELBASE(iphlpapi.dll,00000000,00000800), ref: 00C7D60A
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C7D617
GetSystemDirectoryW.KERNEL32(00000000,?), ref: 00C7D645
LoadLibraryW.KERNEL32(00000000), ref: 00C7D6AE
GetProcAddress.KERNEL32(00000000,if_nametoindex), ref: 00C7D6D1
GetModuleHandleA.KERNEL32(ws2_32), ref: 00C7D6E1
GetProcAddress.KERNEL32(00000000,FreeAddrInfoExW), ref: 00C7D6F3
GetProcAddress.KERNEL32(00000000,GetAddrInfoExCancel), ref: 00C7D700
GetProcAddress.KERNEL32(00000000,GetAddrInfoExW), ref: 00C7D70D
QueryPerformanceFrequency.KERNEL32(0109B8C8), ref: 00C7D74C

Strings

ws2_32, xrefs: 00C7D6DC
iphlpapi.dll, xrefs: 00C7D5B3, 00C7D5CE, 00C7D5DC, 00C7D605, 00C7D67D
LoadLibraryExW, xrefs: 00C7D5A6
FreeAddrInfoExW, xrefs: 00C7D6ED
kernel32, xrefs: 00C7D581
GetAddrInfoExCancel, xrefs: 00C7D6F5
GetAddrInfoExW, xrefs: 00C7D702
AddDllDirectory, xrefs: 00C7D5F2
if_nametoindex, xrefs: 00C7D6CB

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoad$DirectoryHandleModuleSystem$CleanupFrequencyPerformanceQueryStartup
String ID: AddDllDirectory$FreeAddrInfoExW$GetAddrInfoExCancel$GetAddrInfoExW$LoadLibraryExW$if_nametoindex$iphlpapi.dll$kernel32$ws2_32
API String ID: 1328917011-1796637598
Opcode ID: 3c89c7ab0c6edf0ff191fddaa473db5f284deb538af93ef2deb332b6bd104979
Instruction ID: 25a4022bc1ed1fe7476ed4ca6448cad7ae52b8ba06c2b82e1cf85bd837a2af50
Opcode Fuzzy Hash: 3c89c7ab0c6edf0ff191fddaa473db5f284deb538af93ef2deb332b6bd104979
Instruction Fuzzy Hash: 755136746403026BD7306B649C07FBE37A1AF85B44F488429FA4F9A2C0EF75DA06D756

Function 00A40F80 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 251
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 00A40FAD
GetLastError.KERNEL32 ref: 00A40FC6
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 00A4106B
GetLastError.KERNEL32 ref: 00A41085
GetLastError.KERNEL32 ref: 00A4114E
CloseHandle.KERNEL32(00000000), ref: 00A41169
CloseHandle.KERNEL32(00000000), ref: 00A41177
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00A41203
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00A4120A
SetEvent.KERNEL32(?,4B9D888B,00000000,75572EE0,00000000,00F4A89D,000000FF,?,01058CA8), ref: 00A41294
SetEvent.KERNEL32(00000000,?,01058CA8), ref: 00A412AD
SleepEx.KERNEL32(000000FF,00000001,?,01058CA8), ref: 00A412B7

Strings

thread.entry_event, xrefs: 00A41228
thread.exit_event, xrefs: 00A4123B
thread, xrefs: 00A4124E
f, xrefs: 00A411DF

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Event$CloseErrorLast$CreateHandle$ChangeFindNotificationObjectSingleSleepWait
String ID: f$thread$thread.entry_event$thread.exit_event
API String ID: 1148681041-2333788517
Opcode ID: e733953ae8aeec9f8014f20af4d88af47d892be4aa424a0716413996a3b0ae08
Instruction ID: fd4483fa5304ee3e1cecec1cdbe84b04db06813042d28cdc12c1fc81f4ba3f2f
Opcode Fuzzy Hash: e733953ae8aeec9f8014f20af4d88af47d892be4aa424a0716413996a3b0ae08
Instruction Fuzzy Hash: 6F919A786043449FD720CF14D884B6ABBE8EFD9314F10491EE999DB3A0CB75E985CB92

Function 00A42EC0 Relevance: 16.3, APIs: 6, Strings: 3, Instructions: 525
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A47560: std::_Lockit::_Lockit.LIBCPMT ref: 00A4761D
Part of subcall function 00A47560: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A47665
Part of subcall function 00A47560: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00A4769A

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00A432B2
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00A433B8
KiUserCallbackDispatcher.NTDLL(00000000), ref: 00A435A3
GetSystemMetrics.USER32(00000001), ref: 00A435A9
GetCursorPos.USER32(?), ref: 00A435B1
SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A435E0

Strings

Error opening archive: , xrefs: 00A42FD5
Failed to open output file: , xrefs: 00A43217
Error closing archive: , xrefs: 00A434B7

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Ios_base_dtorLocinfo::_std::ios_base::_$CallbackCursorDispatcherEventLocinfo_ctorLocinfo_dtorLockitLockit::_MetricsSystemUser
String ID: Error closing archive: $Error opening archive: $Failed to open output file:
API String ID: 1674897798-419317905
Opcode ID: 2922664eea28589fdb294e48e83fc21a9496ca5d9c357ec8d4702aa99e2115fa
Instruction ID: c507ec98e20471cdf2ee201cfa3d576df51c3e28c3b9f7ad4283c6e810a820c3
Opcode Fuzzy Hash: 2922664eea28589fdb294e48e83fc21a9496ca5d9c357ec8d4702aa99e2115fa
Instruction Fuzzy Hash: 4C120075A001089FDF14DB68CD95BEEB7B5BF85304F1481A9E909A7282EB31AF84CF51

Function 00A42360 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 197
timenetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(?,4B9D888B,00000001,00000000), ref: 00A423AA
CreateWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 00A423D4
GetLastError.KERNEL32 ref: 00A423E5
SetWaitableTimer.KERNELBASE(00000000,?,000493E0,00000000,00000000,00000000), ref: 00A42491
CloseHandle.KERNEL32(?,00010000), ref: 00A42502
LeaveCriticalSection.KERNEL32(?), ref: 00A4251C
WSACleanup.WS2_32 ref: 00A425AB

Strings

timer, xrefs: 00A42545

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSectionTimerWaitable$CleanupCloseCreateEnterErrorHandleLastLeave
String ID: timer
API String ID: 1517105927-1792073242
Opcode ID: 33396aee46eeb6c3a2f5205fe906de4bdce5bcff42bf34ac8acd814e880b0a34
Instruction ID: caca97276c93dfa808231e0d2f02c6923866ac564ab31590dca0de8655b89693
Opcode Fuzzy Hash: 33396aee46eeb6c3a2f5205fe906de4bdce5bcff42bf34ac8acd814e880b0a34
Instruction Fuzzy Hash: 9161BEB5D40718EFDB20CF64D845B9ABBF4FF48710F50422AF855A7790DB34A8408B91

Function 00C6B020 Relevance: 14.0, APIs: 9, Instructions: 547
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3543cf50825bdfd693a6ff901060576657b99bd1be9d456a498be36ac439940
Instruction ID: c4a92d9e2b4b777860e50f7399ce223bcb51d4a835a7e36dffffa36cd6f60771
Opcode Fuzzy Hash: e3543cf50825bdfd693a6ff901060576657b99bd1be9d456a498be36ac439940
Instruction Fuzzy Hash: 992258B06083419FD734DF18C884BAABBE4AF98704F04092DF995D7261D775EE84DBA2

Function 00F25309 Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00F24F92: CreateFileW.KERNELBASE(00000000,00000000,?,00F253B2,?,?,00000000,?,00F253B2,00000000,0000000C), ref: 00F24FAF

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00F2541D
__dosmaperr.LIBCMT ref: 00F25424
GetFileType.KERNELBASE(00000000), ref: 00F25430
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00F2543A
__dosmaperr.LIBCMT ref: 00F25443
CloseHandle.KERNEL32(00000000), ref: 00F25463
CloseHandle.KERNEL32(00000000), ref: 00F255B0
GetLastError.KERNEL32 ref: 00F255E2
__dosmaperr.LIBCMT ref: 00F255E9

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID:
API String ID: 4237864984-0
Opcode ID: 03ff5f4a037a320700b865af3a9de49beca0c606902029aadedab0be9e8996ea
Instruction ID: 2205ed29c3d3fe656affbdf94055dd6d4812f066104aab4c0ff880697f2a7c69
Opcode Fuzzy Hash: 03ff5f4a037a320700b865af3a9de49beca0c606902029aadedab0be9e8996ea
Instruction Fuzzy Hash: B2A18632A145289FCF19EF68FC52BAD3BA1EB06320F140149F811EF291DB799C52EB41

Function 00A47560 Relevance: 10.7, APIs: 7, Instructions: 228
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00F02F66: __EH_prolog3.LIBCMT ref: 00F02F6D
Part of subcall function 00F02F66: std::_Lockit::_Lockit.LIBCPMT ref: 00F02F78
Part of subcall function 00F02F66: std::locale::_Setgloballocale.LIBCPMT ref: 00F02F93
Part of subcall function 00F02F66: std::_Lockit::~_Lockit.LIBCPMT ref: 00F02FE6

std::_Lockit::_Lockit.LIBCPMT ref: 00A4761D
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A47665
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00A4769A
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4772F
std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00A47752
std::_Lockit::_Lockit.LIBCPMT ref: 00A47769
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4778A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_std::locale::_$H_prolog3LocimpLocimp::_Locinfo_ctorLocinfo_dtorNew_Setgloballocale
String ID:
API String ID: 76987034-0
Opcode ID: 5dedabed8faeb1f0b983133fb3e91388edadbe593accec0da0fc0ca50380298e
Instruction ID: e57c08e6a485da5dc70882458aae31c0276ea1c5fdff424a68bf0e18c8f8472b
Opcode Fuzzy Hash: 5dedabed8faeb1f0b983133fb3e91388edadbe593accec0da0fc0ca50380298e
Instruction Fuzzy Hash: 9491BDB0D00745DFEB20DFA9C845B9EBBF4BF58304F14451AE845A7281EBB9EA44CB91

Function 00C6E010 Relevance: 10.6, APIs: 7, Instructions: 74
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(?,00000734,?,00000088,00000000,00C7560A,00000088), ref: 00C6E500
LeaveCriticalSection.KERNEL32(?,?,00000088,00000000,00C7560A,00000088), ref: 00C6E513
CloseHandle.KERNEL32(00000000,?,00000088,00000000,00C7560A,00000088), ref: 00C6E524
GetAddrInfoExCancel.WS2_32(?), ref: 00C6E54D
WaitForSingleObject.KERNEL32(?,000000FF,?,00000088,00000000,00C7560A,00000088), ref: 00C6E557
FindCloseChangeNotification.KERNELBASE(?,?,00000088,00000000,00C7560A,00000088), ref: 00C6E55F
closesocket.WS2_32(?), ref: 00C6E5A0

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CloseCriticalSection$AddrCancelChangeEnterFindHandleInfoLeaveNotificationObjectSingleWaitclosesocket
String ID:
API String ID: 1235024322-0
Opcode ID: 413854a6994f50bee8a1485399cbca567081d675987a84f292ae564e3f40fd4b
Instruction ID: 38e530aaf79d738363bffd12a8b03f5c3381cbe24416cecff845f1d11a98226e
Opcode Fuzzy Hash: 413854a6994f50bee8a1485399cbca567081d675987a84f292ae564e3f40fd4b
Instruction Fuzzy Hash: BE21C4B9500705EFDB20AF60DC88B46BBB8FF04315F144015F91A83261EB31F964EBA2

Function 00F3C3FA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,4B9D888B,?,00F3C509,?,?,00000000), ref: 00F3C4BB

Strings

api-ms-, xrefs: 00F3C451
ext-ms-, xrefs: 00F3C465

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 05c6bf325ea413f1813db0287c6f62c2fb0efcf0d89d0c995a0a3605f06c7b0b
Instruction ID: 3104af5f6d730e6ff4fd0e3400988f2c4e700f438220d8f93515a254c3b77aa9
Opcode Fuzzy Hash: 05c6bf325ea413f1813db0287c6f62c2fb0efcf0d89d0c995a0a3605f06c7b0b
Instruction Fuzzy Hash: C821E736E01324B7C731DB64ECA0ABE3768EB51770F250214EA55BB290DA31ED00E7D0

Function 00A51F20 Relevance: 7.7, APIs: 5, Instructions: 180
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostQueuedCompletionStatus.KERNEL32(?,00000000,00000000,000000FF,4B9D888B,00000000,89C53301), ref: 00A51F8F
EnterCriticalSection.KERNEL32(00000038,?,?,?,?,?,?,?,?,?,?,00000000,00F4BB3D,000000FF), ref: 00A51FA1
EnterCriticalSection.KERNEL32(00000038,4B9D888B,00000000,89C53301,?,?,?,?,?,?,?,?,?,?,00000000,00F4BB3D), ref: 00A51FDD
SetWaitableTimer.KERNELBASE(?,?,000493E0,00000000,00000000,00000000), ref: 00A520F3
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00F4BB3D,000000FF), ref: 00A52108

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$Enter$CompletionLeavePostQueuedStatusTimerWaitable
String ID:
API String ID: 3824066216-0
Opcode ID: b331774eb041fd327f8be58bf7c748c561425699f3b1faf1648348edf8397d0a
Instruction ID: 4131c0954b695cef83eb305130ef43fa85579d88206685e2b5e01a75f0ea8212
Opcode Fuzzy Hash: b331774eb041fd327f8be58bf7c748c561425699f3b1faf1648348edf8397d0a
Instruction Fuzzy Hash: 1C714870901609DFDB14CF59C984BAAFBB4FF09311F04826AE809AB691DB31EC45CF90

Function 00F01F0A Relevance: 7.6, APIs: 5, Instructions: 94
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3.LIBCMT ref: 00F01F11
std::_Lockit::_Lockit.LIBCPMT ref: 00F01F1B
std::_Lockit::~_Lockit.LIBCPMT ref: 00F01FC2
Concurrency::cancel_current_task.LIBCPMT ref: 00F01FCD
__EH_prolog3.LIBCMT ref: 00F01FDA

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
String ID:
API String ID: 845066630-0
Opcode ID: f132ce77ff1179de6b7b29b6da55f4aac7093d9b1f42bc40e326588cb605e8fd
Instruction ID: a909b3ddd117ba7c298bc64845d8cddade35777cf5107f586242457da9556d66
Opcode Fuzzy Hash: f132ce77ff1179de6b7b29b6da55f4aac7093d9b1f42bc40e326588cb605e8fd
Instruction Fuzzy Hash: BB316B30A00616EFDB04EF64C895AACB765FF08721F448419F925AB2D2DF74AE41EF90

Function 00CAF320 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00CAEF20: GetModuleHandleA.KERNEL32(ntdll,RtlVerifyVersionInfo), ref: 00CAEF4E
Part of subcall function 00CAEF20: GetProcAddress.KERNEL32(00000000), ref: 00CAEF55

Part of subcall function 00C7D3A0: GetModuleHandleW.KERNEL32(kernel32,?,?,secur32.dll,00CAF34D,secur32.dll,00000004,00000000,00000000,00000002,00000002,00C7D576), ref: 00C7D3AA

GetProcAddress.KERNELBASE(00000000,InitSecurityInterfaceW), ref: 00CAF35F

Strings

InitSecurityInterfaceW, xrefs: 00CAF359
secur32.dll, xrefs: 00CAF33F, 00CAF347
security.dll, xrefs: 00CAF33A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: InitSecurityInterfaceW$secur32.dll$security.dll
API String ID: 1646373207-1950755585
Opcode ID: df3e5c4168eb82e6f32eab0d2fde38264aa95378a554e122f28432e7f35f6fac
Instruction ID: 145c6f421b641ad7cf1ac2aae3e7605fbf52c291a3357aa947adc2983c801baf
Opcode Fuzzy Hash: df3e5c4168eb82e6f32eab0d2fde38264aa95378a554e122f28432e7f35f6fac
Instruction Fuzzy Hash: 5BF0277030530266EF286AB94C1BB2E31846781704F54417CB54AE71D6EA38CC03AB44

Function 00F33FA3 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 408timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00F343E8,00000000,00000000,00000000), ref: 00F342A7

Strings

Eastern Standard Time, xrefs: 00F34340
Eastern Summer Time, xrefs: 00F34354

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: InformationTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 565725191-239921721
Opcode ID: 047ae1a6817eb72d0bccb1915b35b0cae072b1f0149808f9ddb03592b6a8e01a
Instruction ID: c8f231d6a396a1fc55ee58560fe518dacea232c6c8a8d50193ffb187ffa84a23
Opcode Fuzzy Hash: 047ae1a6817eb72d0bccb1915b35b0cae072b1f0149808f9ddb03592b6a8e01a
Instruction Fuzzy Hash: 58C116B2E00125ABDB25BF64DC02AAE7BB9EF14730F144016F901AB195E739AE41E790

Function 00A40C70 Relevance: 5.1, APIs: 4, Instructions: 119COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,4B9D888B), ref: 00A40CA1
LeaveCriticalSection.KERNEL32(?,?,4B9D888B), ref: 00A40D06
EnterCriticalSection.KERNEL32(?), ref: 00A40D27
LeaveCriticalSection.KERNEL32(?), ref: 00A40D8E

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: b3a4bb7c0163c49bb4b41a5a26bdb19fa88524f3f25bc4802993c28710fa59a6
Instruction ID: 469c2d7924d6bad98ecb28a60132f3c7f3b55e6b1c8f467d060a3be3efae9f61
Opcode Fuzzy Hash: b3a4bb7c0163c49bb4b41a5a26bdb19fa88524f3f25bc4802993c28710fa59a6
Instruction Fuzzy Hash: AA415C79A006059BDB24CFA5C880F6ABBB8FF84710B18451DE916DB740DB31E805DBA1

Function 00F142C3 Relevance: 4.8, APIs: 3, Instructions: 277COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F142CA

Part of subcall function 00F12FA1: __EH_prolog3_GS.LIBCMT ref: 00F12FA8
Part of subcall function 00F12FA1: __Getcoll.LIBCPMT ref: 00F1300C

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

__Getcoll.LIBCPMT ref: 00F14319

Part of subcall function 00F12E05: __EH_prolog3.LIBCMT ref: 00F12E0C
Part of subcall function 00F12E05: std::_Lockit::_Lockit.LIBCPMT ref: 00F12E16
Part of subcall function 00F12E05: std::_Lockit::~_Lockit.LIBCPMT ref: 00F12E87

Part of subcall function 00F01F0A: __EH_prolog3.LIBCMT ref: 00F01F11
Part of subcall function 00F01F0A: std::_Lockit::_Lockit.LIBCPMT ref: 00F01F1B
Part of subcall function 00F01F0A: std::_Lockit::~_Lockit.LIBCPMT ref: 00F01FC2

numpunct.LIBCPMT ref: 00F14549

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_$Getcoll$H_prolog3_numpunct
String ID:
API String ID: 3873313002-0
Opcode ID: 2c9dcda036ca07b26501d072462b387800b8efc50fe63a3e1ba72c23e0e0378d
Instruction ID: ecef835c55af07132d6041e163bd0e48065f69c5643cf5abf3f3cce908d7fcdf
Opcode Fuzzy Hash: 2c9dcda036ca07b26501d072462b387800b8efc50fe63a3e1ba72c23e0e0378d
Instruction Fuzzy Hash: C391DAB1D00312ABD715ABB49C02BFF7AA5EFC0761F24451DFC95A7281EA349D8077A1

Function 00F1D83B Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(?,?,Function_0052D6DF,00000000,?,?), ref: 00F1D884
GetLastError.KERNEL32(?,00A4113C,00000000,00000000,00A41260,?,00000000,?), ref: 00F1D890
__dosmaperr.LIBCMT ref: 00F1D897

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 9122c18a8ba64b696082d101508c38ee3bacd2d698298d6aad3cb5492d086e1c
Instruction ID: 905424f75ef1135b11aa87d2158349d8a4896d749ff5e692e71597c8959ec2fc
Opcode Fuzzy Hash: 9122c18a8ba64b696082d101508c38ee3bacd2d698298d6aad3cb5492d086e1c
Instruction Fuzzy Hash: 75019E32900219AFDF099FA0EC05AEE3B74EF00365F104058F80196190DB74DE90FB90

Function 00F33B60 Relevance: 4.5, APIs: 3, Instructions: 17fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(00F29372,?,00F29372,?,?,?,00000017,?,?,?,00C8D7B6), ref: 00F33B68
GetLastError.KERNEL32(?,00F29372,?,?,?,00000017,?,?,?,00C8D7B6), ref: 00F33B72
__dosmaperr.LIBCMT ref: 00F33B79

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: DeleteErrorFileLast__dosmaperr
String ID:
API String ID: 1545401867-0
Opcode ID: 5951125c879f100283bfb7205af729c1509d48b08852e020b2a153b583de2868
Instruction ID: c3ac7b2925312e21810c5b52a035ecdd3e4b638aea971c9ea2dbba158c1d99bf
Opcode Fuzzy Hash: 5951125c879f100283bfb7205af729c1509d48b08852e020b2a153b583de2868
Instruction Fuzzy Hash: 81D01232105B4D6BDB106BF5FC0841A7B5C9FC13757100625F53CC90A1DF75D890A552

Function 00A42A70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 157COMMON

Download Yara Rule

APIs

Part of subcall function 00C63FE0: AcquireSRWLockExclusive.KERNEL32(0108CFC8,?,00A42AA7,4B9D888B), ref: 00C63FE6
Part of subcall function 00C63FE0: ReleaseSRWLockExclusive.KERNEL32(0108CFC8), ref: 00C6400A

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00A42CA7

Strings

failed: , xrefs: 00A42BD4

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ExclusiveLock$AcquireIos_base_dtorReleasestd::ios_base::_
String ID: failed:
API String ID: 3195006049-1891594150
Opcode ID: ee6fcb5273cb693fb34c93489656014e39a80d74fdf9dd8e49d61ede30836e43
Instruction ID: caf9cac5210154484d6360f250cb4292c58340a6541fb52c9cfe25df9a40c3ac
Opcode Fuzzy Hash: ee6fcb5273cb693fb34c93489656014e39a80d74fdf9dd8e49d61ede30836e43
Instruction Fuzzy Hash: 32516D74A01208DFDB20DF68DD89FAAB7F4FF44304F1446A9E909AB282D775AD45CB41

Function 00A41DA0 Relevance: 3.5, APIs: 2, Instructions: 454timeCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?), ref: 00A41E41
SetWaitableTimer.KERNELBASE(00000000,?,000493E0,00000001,00000001,00000001,?,?), ref: 00A41F99

Part of subcall function 00A41C40: PostQueuedCompletionStatus.KERNEL32(?,00000001,00000001,00000001,?,?,?,?,?,?,4B9D888B), ref: 00A41C7C
Part of subcall function 00A41C40: GetLastError.KERNEL32(?,?,?,?,?,?,4B9D888B), ref: 00A41C8A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CompletionCriticalEnterErrorLastPostQueuedSectionStatusTimerWaitable
String ID:
API String ID: 2319117587-0
Opcode ID: 11fac4326df2cff21467588da9d757fa7b704860bea106380cf0b5745e2c3678
Instruction ID: 82495ede82a27e9ba165d0edb809957e38e72ef3fc65c0cc2ffc7183a447fae1
Opcode Fuzzy Hash: 11fac4326df2cff21467588da9d757fa7b704860bea106380cf0b5745e2c3678
Instruction Fuzzy Hash: 52022674E002188FDB24CFA8C984BAEBBF5BF99310F64415AE805EB355D774AD85CB90

Function 00F2BF90 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F2B6A6: GetConsoleOutputCP.KERNEL32(4B9D888B,00000000,00000000,00000000), ref: 00F2B709

WriteFile.KERNELBASE(?,00000000,?,00000000,00000000,00000000,00000000,0000000C,?,00000000,01061C88,00000014,00F22CFA,00000000,00000000,00000000), ref: 00F2C115
GetLastError.KERNEL32 ref: 00F2C11F

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: bb742f57c94c56838c9a1a9ba74e52d92374309cd3dc900be85c2627e9581597
Instruction ID: c87ba3373242ff3fe789cf3b092b0e9322c4102a5fa771aaf4af3cc288daece8
Opcode Fuzzy Hash: bb742f57c94c56838c9a1a9ba74e52d92374309cd3dc900be85c2627e9581597
Instruction Fuzzy Hash: E961C272C04129AFDF15CFA8EC85EEEBBB9AF49314F140145E904A7242D736D911EBA1

Function 00F257E7 Relevance: 3.1, APIs: 2, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,00F2569E,00000000,CF830579,01061AC8,0000000C,00F2578A,00F1D422,?), ref: 00F2583D
GetLastError.KERNEL32(?,00F2569E,00000000,CF830579,01061AC8,0000000C,00F2578A,00F1D422,?), ref: 00F25847

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: cbca4b51903c28a86a94aa0e9f5b2ebda0ffc9dafa943e9ee73e1ddfb8eba7d6
Instruction ID: 5f502a6ddfccd7687204829c68d99d1020c03c73c5d80113106a7f750c0a05d6
Opcode Fuzzy Hash: cbca4b51903c28a86a94aa0e9f5b2ebda0ffc9dafa943e9ee73e1ddfb8eba7d6
Instruction Fuzzy Hash: 0F110833A045386BC6256638BC4ABBD7785DB82F34F290119F9588B1C2EEF99C80B251

Function 00F25D73 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,00000000,00000002,00000000,00000000,00000000,00000000,?,00F25F41,00000000,00000000,00000000,00000002,00000000), ref: 00F25DAF
GetLastError.KERNEL32(00000000,?,00F25F41,00000000,00000000,00000000,00000002,00000000,?,00F2C035,00000000,00000000,00000000,00000002,00000000,00000000), ref: 00F25DBC

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: cb572aeb7e4b460e960f14436fe4b9b856b6254a6f22006696ac118c18c18532
Instruction ID: e5239f6954917dbc29f691e966d6729165b7c30211c9c56e2ebd44e2199d7b75
Opcode Fuzzy Hash: cb572aeb7e4b460e960f14436fe4b9b856b6254a6f22006696ac118c18c18532
Instruction Fuzzy Hash: E601F933618A29AFCB058F59EC49D9E3F29EB85730B250108F8119B1E1EA71ED51AB90

Function 00F1D6DF Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(01061808,0000000C), ref: 00F1D6F2
ExitThread.KERNEL32 ref: 00F1D6F9

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 7f79dc27f12e0bddaa3882d70ba99581fa0f4a41334c773f67563bb2b23a7d16
Instruction ID: d5205d04557b784afaf09f88ce7743a762b849043ae500a860876ea75c9aeb0e
Opcode Fuzzy Hash: 7f79dc27f12e0bddaa3882d70ba99581fa0f4a41334c773f67563bb2b23a7d16
Instruction Fuzzy Hash: 75F0AF71900609AFDB00AF70CC1AAAE7B74EF44721F104149F1059B2A2DF385940AB91

Function 00F3BE9C Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,00F42D07,?,00000000,?,?,00F42FA8,?,00000007,?,?,00F4344E,?,?), ref: 00F3BEB2
GetLastError.KERNEL32(?,?,00F42D07,?,00000000,?,?,00F42FA8,?,00000007,?,?,00F4344E,?,?), ref: 00F3BEBD

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 2d894ff71b936c1bb3cdf7ef3fc8380337087e33af51f1c090737a08760834ab
Instruction ID: 36ff52b7789de74818e93b7b7ffe4f1abf7202ead1b536dd0aaafb2e210c160a
Opcode Fuzzy Hash: 2d894ff71b936c1bb3cdf7ef3fc8380337087e33af51f1c090737a08760834ab
Instruction Fuzzy Hash: 89E08C32500728ABCB122FA5BC09BDA7B68AB50766F118024FB0896460DFB89890E790

Function 00A44B60 Relevance: 1.7, APIs: 1, Instructions: 168networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A47D50: WSAStartup.WS2_32(00000202,?), ref: 00A47D91

Part of subcall function 00A41350: CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,000000FF,4B9D888B,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00A4143A
Part of subcall function 00A41350: GetLastError.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,00F4A91E,000000FF), ref: 00A4144B

Part of subcall function 00A51100: EnterCriticalSection.KERNEL32(?,00000000,?,000000FF), ref: 00A5115C
Part of subcall function 00A51100: LeaveCriticalSection.KERNEL32(00000000), ref: 00A511CB

WSACleanup.WS2_32 ref: 00A44D80

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$CleanupCompletionCreateEnterErrorLastLeavePortStartup
String ID:
API String ID: 3583384254-0
Opcode ID: 9701e4a4ef8c1a38bbf070a2f8a9e8fcbd9960f2935fd979a5858ecdd3764948
Instruction ID: 15c333cedf79469a55f87b9a0ef08296dc8a2b837ea615d0bbebfffa58263a30
Opcode Fuzzy Hash: 9701e4a4ef8c1a38bbf070a2f8a9e8fcbd9960f2935fd979a5858ecdd3764948
Instruction Fuzzy Hash: 78715B70D00218DFDF20DFA4C945BEEBBB4BF48714F148299E409B7281EB746A48CBA1

Function 00A41A80 Relevance: 1.6, APIs: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__aligned_free.LIBCMT ref: 00A41BC9

Part of subcall function 00A41C40: PostQueuedCompletionStatus.KERNEL32(?,00000001,00000001,00000001,?,?,?,?,?,?,4B9D888B), ref: 00A41C7C
Part of subcall function 00A41C40: GetLastError.KERNEL32(?,?,?,?,?,?,4B9D888B), ref: 00A41C8A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CompletionErrorLastPostQueuedStatus__aligned_free
String ID:
API String ID: 1123394683-0
Opcode ID: dc45eb1a13d6a524b1eb02a850bb653e592a673bbd149d821ba7d78a700891af
Instruction ID: 24623bfb67cca3ad12f421a060cc7b999ec63bce19610c5aa266f979f4642b70
Opcode Fuzzy Hash: dc45eb1a13d6a524b1eb02a850bb653e592a673bbd149d821ba7d78a700891af
Instruction Fuzzy Hash: AD41BBB5D006499BDF14DFA4C981BEEF7F8FF88314F14422AE815E3240E738A9848B95

Function 00F3F0AF Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00F3F05B

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 736e73aadf1dfaa263ed6a1c8310a8fe06cb1295b40ad886b80452c0dfb19f29
Instruction ID: 3607cec7b3f2caf16f2efc6197d3b1a8eaa4b5686b20c64943ad5f999490e651
Opcode Fuzzy Hash: 736e73aadf1dfaa263ed6a1c8310a8fe06cb1295b40ad886b80452c0dfb19f29
Instruction Fuzzy Hash: A0116A72A0420AAFCF05DF58E941A9B7BF8EF48314F044069F808EB312D635E915DBA4

Function 00F3C4C5 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15f07f8f78fa3f6033252ef441d3a7da6362f4eb47aaa71d9ae4197115a852bc
Instruction ID: c2e6e017fa437439761bf780171ca7951204121633e20f00b204eff31bb34285
Opcode Fuzzy Hash: 15f07f8f78fa3f6033252ef441d3a7da6362f4eb47aaa71d9ae4197115a852bc
Instruction Fuzzy Hash: 5201B5737003199B9B129E6CEC90A673BA6FB84730B284129F955E7159EF36E800A7D4

Function 00F3CB93 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00F24866,?,?,00F24D2A,?,?,00F24CFD,?,00000000,?,?,?,?,00F24866,00F3BA1C), ref: 00F3CBC5

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e232a39d9743a5f6d1bb22d8136c51205f5d7e2d107027cec5c4f15d91d9ea9d
Instruction ID: a27a7e33f246015e97962b83a248dd0f08c267e8bd35f032755780face2e1f4b
Opcode Fuzzy Hash: e232a39d9743a5f6d1bb22d8136c51205f5d7e2d107027cec5c4f15d91d9ea9d
Instruction Fuzzy Hash: 87E06D32940624A6DB326A66AC0BF5AB648AF817B1F154161FC45B6590CB66DC00B3F1

Function 00A3B980 Relevance: 1.5, APIs: 1, Instructions: 27networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,00000002), ref: 00A3B9C3

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 6c5449b5a6270265154ee39aa723f30576f95bd4ddee5202a140100dc84ceb33
Instruction ID: 8444f84ca096ff00f691c51756f82b747f4f3651ea9782f04072f6dfcc2c3bd7
Opcode Fuzzy Hash: 6c5449b5a6270265154ee39aa723f30576f95bd4ddee5202a140100dc84ceb33
Instruction Fuzzy Hash: C1F030706143044BD620E728D86BAA977D8EB49314F40062AEA99C6191EB2599159793

Function 00F0208A Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F02091

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: bb1b772d2c9fe78338b1960e809f95f090ac79d517693f43f6e379b8d382f16b
Instruction ID: 6e601875986e750ee488e21dcb103632d13895a2407434a84e4e0017faa72f83
Opcode Fuzzy Hash: bb1b772d2c9fe78338b1960e809f95f090ac79d517693f43f6e379b8d382f16b
Instruction Fuzzy Hash: 6AE04F35900249ABDF61DF44C949BDE3760FF84360F088004FD202B291C678AF80EB71

Function 00F14262 Relevance: 1.5, APIs: 1, Instructions: 17COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F14269

Part of subcall function 00F168E5: GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00F1428F,00000000,?,00000004,00F12EC3,?,00000004,00F132D6,00000000,00000000), ref: 00F16902

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: H_prolog3InfoLocale
String ID:
API String ID: 3729217073-0
Opcode ID: e4bcc955f9741625e821c4d45e6545f71cea36897d958035992116f90208426c
Instruction ID: c590f4b253e798a9657d63ad238ffcfc396795369f0e5679d76126a7a572e7ca
Opcode Fuzzy Hash: e4bcc955f9741625e821c4d45e6545f71cea36897d958035992116f90208426c
Instruction Fuzzy Hash: 76E0ECB0D00701DFDB60EFB8890569ABAF0FF14710F00892EE5A5D7601EB799681BB51

Function 00F24F92 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00F253B2,?,?,00000000,?,00F253B2,00000000,0000000C), ref: 00F24FAF

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 472bdf57593d773d7fc9fd2e34e01207edbf12ae441762e2166d536cf8cbaea0
Instruction ID: 9af35eb326f08dc17b8b2d46a9a08c458c3c8ce9f691a762e0ffa18d99b6b864
Opcode Fuzzy Hash: 472bdf57593d773d7fc9fd2e34e01207edbf12ae441762e2166d536cf8cbaea0
Instruction Fuzzy Hash: 42D06C3200020DBBDF028F84DD06EDA3BAAFB48715F114040BE1856060C732E821AB91

Non-executed Functions

Function 00AA6030 Relevance: 82.1, Strings: 64, Instructions: 2072COMMON

Download Yara Rule

Strings

Invalid array dimension for ptset solution, xrefs: 00AA6DB4
Descriptor_t, xrefs: 00AA70A2, 00AA7DA3, 00AA80A4
ViscosityModel_t, xrefs: 00AA71EE
IndexRange_t, xrefs: 00AA6488
Dirichet Data defined more than once..., xrefs: 00AA6821
GeometryReference_t, xrefs: 00AA7C68
Incorrect definition of GeometryFormat_t, xrefs: 00AA80FF
Invalid array dimension for Discrete Data '%s', xrefs: 00AA6D8E
Diffusion Model '%s' defined incorrectly, xrefs: 00AA747C
EMElectricFieldModel_t, xrefs: 00AA7588
GeometryFormat_t, xrefs: 00AA7EEE
PointList, xrefs: 00AA668E
ThermalRelaxationModel_t, xrefs: 00AA739D
Incorrect definition of GeometryFile_t, xrefs: 00AA810E
BCData_t, xrefs: 00AA61D6
DiscreteData_t, xrefs: 00AA68C8, 00AA6B74
Unrecognized Governing Equations Type: %s, xrefs: 00AA6F4D
Error reading diffusion model, xrefs: 00AA7010
Wrong data dimension in Discrete Data definition, xrefs: 00AA6D9D
TurbulenceModel_t, xrefs: 00AA7269
EMConductivityModel_t, xrefs: 00AA75DA
FamilyBC_t, xrefs: 00AA7B2B
DimensionalExponents_t, xrefs: 00AA7673
GasModel_t, xrefs: 00AA71C5
GeometryFile_t, xrefs: 00AA7E85
Unrecognized Governing Equations Type '%s' replaced with 'UserDefined', xrefs: 00AA6F38
mismatch in data type for AdditionalExponents for '%s', xrefs: 00AA788C
DataArray_t, xrefs: 00AA6ABB
EquationDimension, xrefs: 00AA7486
calloc failed for %zu values of size %zu, xrefs: 00AA686D, 00AA6885, 00AA6DD1, 00AA7621, 00AA79D6, 00AA82FD
Wrong dimensions in '%s', xrefs: 00AA79AB
ElementList, xrefs: 00AA66C0, 00AA6724
AdditionalExponents_t, xrefs: 00AA77CD
PointRange, xrefs: 00AA64F1
Error reading AdditionalExponents for '%s', xrefs: 00AA7845
Error reading Turbulence Diffusion Model, xrefs: 00AA7313
Neumann Data defined more than once..., xrefs: 00AA6845
"int", xrefs: 00AA73F9
Error reading equation dimension for Flow Equation Set, xrefs: 00AA760B
Datatype %s not supported for Discrete Data, xrefs: 00AA6DA5
NeumannData, xrefs: 00AA630D
FamilyName_t, xrefs: 00AA7A55
EMMagneticFieldModel_t, xrefs: 00AA75B1
cgio_get_name, xrefs: 00AA685E, 00AA6DC2, 00AA82D6
Family_t, xrefs: 00AA81B7
TurbulenceClosure_t, xrefs: 00AA7240
Error reading base, xrefs: 00AA7462
Multiple definition of boundary patch found, xrefs: 00AA6857
BCDataSet_t, xrefs: 00AA6058
GoverningEquations_t, xrefs: 00AA6E25
ThermalConductivityModel_t, xrefs: 00AA7217
Invalid name for IndexRange_t, xrefs: 00AA684C
DirichletData, xrefs: 00AA623D
ElementRange, xrefs: 00AA6529, 00AA6586
ElementList/Range not supported under DiscreteData, xrefs: 00AA6D5E
Wrong Data Type in '%s', xrefs: 00AA779A
Wrong dimensions in AdditionalExponents for '%s', xrefs: 00AA799B
ChemicalKineticsModel_t, xrefs: 00AA73C6
Error reading '%s', xrefs: 00AA772C
realloc failed for DimensionalExponents, xrefs: 00AA78E2
"int[1+...+IndexDimension]", xrefs: 00AA6FA8, 00AA72A7
GeometryEntity_t, xrefs: 00AA7F9D
IndexArray_t, xrefs: 00AA6459
Geometry File Format is limited to 32 characters, xrefs: 00AA80F0

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: "int"$"int[1+...+IndexDimension]"$AdditionalExponents_t$BCDataSet_t$BCData_t$ChemicalKineticsModel_t$DataArray_t$Datatype %s not supported for Discrete Data$Descriptor_t$Diffusion Model '%s' defined incorrectly$DimensionalExponents_t$Dirichet Data defined more than once...$DirichletData$DiscreteData_t$EMConductivityModel_t$EMElectricFieldModel_t$EMMagneticFieldModel_t$ElementList$ElementList/Range not supported under DiscreteData$ElementRange$EquationDimension$Error reading '%s'$Error reading AdditionalExponents for '%s'$Error reading Turbulence Diffusion Model$Error reading base$Error reading diffusion model$Error reading equation dimension for Flow Equation Set$FamilyBC_t$FamilyName_t$Family_t$GasModel_t$Geometry File Format is limited to 32 characters$GeometryEntity_t$GeometryFile_t$GeometryFormat_t$GeometryReference_t$GoverningEquations_t$Incorrect definition of GeometryFile_t$Incorrect definition of GeometryFormat_t$IndexArray_t$IndexRange_t$Invalid array dimension for Discrete Data '%s'$Invalid array dimension for ptset solution$Invalid name for IndexRange_t$Multiple definition of boundary patch found$Neumann Data defined more than once...$NeumannData$PointList$PointRange$ThermalConductivityModel_t$ThermalRelaxationModel_t$TurbulenceClosure_t$TurbulenceModel_t$Unrecognized Governing Equations Type '%s' replaced with 'UserDefined'$Unrecognized Governing Equations Type: %s$ViscosityModel_t$Wrong Data Type in '%s'$Wrong data dimension in Discrete Data definition$Wrong dimensions in '%s'$Wrong dimensions in AdditionalExponents for '%s'$calloc failed for %zu values of size %zu$cgio_get_name$mismatch in data type for AdditionalExponents for '%s'$realloc failed for DimensionalExponents
API String ID: 0-3181939274
Opcode ID: 7a3bcf0cf83324b6931f54db93981d9c7b558a02f854f6a84e1378a39f1b2ad7
Instruction ID: b1d1b81f75c5e11052ab90da1d396eb2ab32df803ffed98716624d4d94c35ded
Opcode Fuzzy Hash: 7a3bcf0cf83324b6931f54db93981d9c7b558a02f854f6a84e1378a39f1b2ad7
Instruction Fuzzy Hash: 68F21671A046059FC721DF24CD81A6B7BF9EF5B308F4805ADF9858B252E732D849CB92

Function 00AA2070 Relevance: 66.4, APIs: 1, Strings: 36, Instructions: 1674COMMON

Download Yara Rule

Strings

Boundary condition patch '%s' not defined, xrefs: 00AA2BFA
cgio_set_name, xrefs: 00AA3341
Incorrect definition of FamilyPointers under %s, xrefs: 00AA2A69
GridLocation_t, xrefs: 00AA33D3
NumberOfFamilies, xrefs: 00AA256F, 00AA2859
ZonePointers, xrefs: 00AA28D2
BaseIterativeData_t, xrefs: 00AA24BA
Wrong array size for Neumann data, xrefs: 00AA32F6
AdditionalFamilyName_t, xrefs: 00AA2C51
Error: Array '%s' incorrectly sized, xrefs: 00AA274E
InwardNormalList incorrectly defined for BC_t '%s', xrefs: 00AA302E
Error in data dimension or type for NumberOfSteps, xrefs: 00AA2AB2
Wrong array size for Dirichlet data, xrefs: 00AA32E4
cgio_get_name, xrefs: 00AA32D2
NumberOfZones, xrefs: 00AA253F, 00AA27F5
IterationValues, xrefs: 00AA250F, 00AA2654, 00AA277D
NumberOfFamilies (DataArray_t) missing under %s, xrefs: 00AA2A8E
InwardNormalList, xrefs: 00AA2DA1
BCData_t, xrefs: 00AA2135
Incorrect data type for %s under %s, xrefs: 00AA2729
Error in data: NumberOfSteps<0!, xrefs: 00AA2397
Incorrect definition of ZonePointers under %s, xrefs: 00AA295F
Error: TimeValues or IterationValues must be defined for '%s', xrefs: 00AA27C7
"int[IndexDimension]", xrefs: 00AA2E0B
NumberofZones (DataArray_t) missing under %s, xrefs: 00AA2A44
TimeValues, xrefs: 00AA24D2, 00AA25B9, 00AA2702
GridLocation, xrefs: 00AA3362, 00AA33D8
Error reading BaseIterativeData_t, xrefs: 00AA2320
DataArray_t, xrefs: 00AA20A4, 00AA2414
calloc failed for %zu values of size %zu, xrefs: 00AA21C6, 00AA2AF0
FamilyPointers, xrefs: 00AA2985
Error reading boco->normal, xrefs: 00AA2F2C
IndexArray_t, xrefs: 00AA2D42
Error: Multiple BaseIterativeData_t found..., xrefs: 00AA2234
InwardNormalIndex incorrectly defined for BC_t '%s', xrefs: 00AA32C8
InwardNormalIndex, xrefs: 00AA2E71

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: "int[IndexDimension]"$AdditionalFamilyName_t$BCData_t$BaseIterativeData_t$Boundary condition patch '%s' not defined$DataArray_t$Error in data dimension or type for NumberOfSteps$Error in data: NumberOfSteps<0!$Error reading BaseIterativeData_t$Error reading boco->normal$Error: TimeValues or IterationValues must be defined for '%s'$Error: Array '%s' incorrectly sized$Error: Multiple BaseIterativeData_t found...$FamilyPointers$GridLocation$GridLocation_t$Incorrect data type for %s under %s$Incorrect definition of FamilyPointers under %s$Incorrect definition of ZonePointers under %s$IndexArray_t$InwardNormalIndex$InwardNormalIndex incorrectly defined for BC_t '%s'$InwardNormalList$InwardNormalList incorrectly defined for BC_t '%s'$IterationValues$NumberOfFamilies$NumberOfFamilies (DataArray_t) missing under %s$NumberOfZones$NumberofZones (DataArray_t) missing under %s$TimeValues$Wrong array size for Dirichlet data$Wrong array size for Neumann data$ZonePointers$calloc failed for %zu values of size %zu$cgio_get_name$cgio_set_name
API String ID: 0-3507702749
Opcode ID: 46e45b6c095421b3981d9c3ed00610dbce96af7072e2167001c0740e6c75c3b9
Instruction ID: 6333e9a721182a3dcc501186eae18ee006e6646a11917e21fa1103007ca2b22c
Opcode Fuzzy Hash: 46e45b6c095421b3981d9c3ed00610dbce96af7072e2167001c0740e6c75c3b9
Instruction Fuzzy Hash: DAC21871A042458FCB21DF28C991BBB77EAFF57304F4405A9E8898F282E732D959C791

Function 00AAF5B0 Relevance: 51.5, APIs: 8, Strings: 21, Instructions: 788COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AAF69E
_strncpy.LIBCMT ref: 00AAF782
_strncpy.LIBCMT ref: 00AAF872
_strncpy.LIBCMT ref: 00AAF94B
_strncpy.LIBCMT ref: 00AAFA75
_strncpy.LIBCMT ref: 00AAFC31
_strncpy.LIBCMT ref: 00AAFD0E
_strncpy.LIBCMT ref: 00AAFDEE

Strings

Unrecognized Time Units Name: %s, xrefs: 00AAF92A
Unrecognized SubstanceAmount Unit '%s' replaced with 'UserDefined', xrefs: 00AAFDB4
Unrecognized Temperature Unit '%s' replaced with 'UserDefined', xrefs: 00AAFA34
Unrecognized Length Units Name: %s, xrefs: 00AAF84A
Unrecognized Angle Units Name: %s, xrefs: 00AAFB3A
Unrecognized LuminousIntensity Unit '%s' replaced with 'UserDefined', xrefs: 00AAFE94
Unrecognized Mass Units Name: %s, xrefs: 00AAF75A
cgio_write_all_data, xrefs: 00AAF687
Unrecognized Temperature Units Name: %s, xrefs: 00AAFA4A
Unrecognized Mass Unit '%s' replaced with 'UserDefined', xrefs: 00AAF744
Celcius, xrefs: 00AAF63A, 00AAF99C
Unrecognized LuminousIntensity Units Name: %s, xrefs: 00AAFEC5
Unrecognized SubstanceAmount Units Name: %s, xrefs: 00AAFDCA
Unrecognized Time Unit '%s' replaced with 'UserDefined', xrefs: 00AAF914
Dimensional Units defined incorrectly., xrefs: 00AAF60F
AdditionalUnits_t, xrefs: 00AAFB87
Unrecognized ElectricCurrent Unit '%s' replaced with 'UserDefined', xrefs: 00AAFCD4
Unrecognized ElectricCurrent Units Name: %s, xrefs: 00AAFCEA
AdditionalUnits for '%s' defined incorrectly., xrefs: 00AAFC0A
Unrecognized Angle Unit '%s' replaced with 'UserDefined', xrefs: 00AAFB24
Unrecognized Length Unit '%s' replaced with 'UserDefined', xrefs: 00AAF834

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: AdditionalUnits for '%s' defined incorrectly.$AdditionalUnits_t$Celcius$Dimensional Units defined incorrectly.$Unrecognized Angle Unit '%s' replaced with 'UserDefined'$Unrecognized Angle Units Name: %s$Unrecognized ElectricCurrent Unit '%s' replaced with 'UserDefined'$Unrecognized ElectricCurrent Units Name: %s$Unrecognized Length Unit '%s' replaced with 'UserDefined'$Unrecognized Length Units Name: %s$Unrecognized LuminousIntensity Unit '%s' replaced with 'UserDefined'$Unrecognized LuminousIntensity Units Name: %s$Unrecognized Mass Unit '%s' replaced with 'UserDefined'$Unrecognized Mass Units Name: %s$Unrecognized SubstanceAmount Unit '%s' replaced with 'UserDefined'$Unrecognized SubstanceAmount Units Name: %s$Unrecognized Temperature Unit '%s' replaced with 'UserDefined'$Unrecognized Temperature Units Name: %s$Unrecognized Time Unit '%s' replaced with 'UserDefined'$Unrecognized Time Units Name: %s$cgio_write_all_data
API String ID: 2961919466-1004584490
Opcode ID: 91746dae2b9f67e9857bcf4e5ca596258ef5d8118d90a81806cd9585cc338e4f
Instruction ID: 15c94055beff8e989fa9a0ebd1f6c8dd9adc4e2467ef3163887426fb8ac1993e
Opcode Fuzzy Hash: 91746dae2b9f67e9857bcf4e5ca596258ef5d8118d90a81806cd9585cc338e4f
Instruction Fuzzy Hash: 25522A725083845EDB29DFB4D889B66BBE9AF13308F180079E485C72E3D776D948C792

Function 00EEA220 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 347registrywindowCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F00), ref: 00EEA29E

Part of subcall function 00EEB660: LoadLibraryW.KERNEL32(Shcore.dll,00000000,00EEA2FC), ref: 00EEB666
Part of subcall function 00EEB660: GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 00EEB678
Part of subcall function 00EEB660: FreeLibrary.KERNEL32(00000000), ref: 00EEB6A7
Part of subcall function 00EEB660: LoadLibraryW.KERNEL32(user32.dll), ref: 00EEB6B2
Part of subcall function 00EEB660: GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 00EEB6C4
Part of subcall function 00EEB660: FreeLibrary.KERNEL32(00000000), ref: 00EEB6EE

GetModuleHandleW.KERNEL32(00000000), ref: 00EEA323
RegisterClassW.USER32(00000000), ref: 00EEA33F
GetDC.USER32(00000000), ref: 00EEA347
GetDeviceCaps.GDI32(00000000,00000008), ref: 00EEA358
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00EEA36B
ReleaseDC.USER32(00000000,00000000), ref: 00EEA38F
AdjustWindowRect.USER32(?,10C20000,00000000), ref: 00EEA402
GetModuleHandleW.KERNEL32(00000000,?,?), ref: 00EEA446
CreateWindowExW.USER32(00000000,?,10C20000,?,00000000,?,?,00000000,00000000,00000000), ref: 00EEA47A
RegisterDeviceNotificationW.USER32(00000000,00000020,00000000), ref: 00EEA4F0
GetWindowLongW.USER32(00000000,000000F0), ref: 00EEA543
AdjustWindowRect.USER32(00000000,00000000), ref: 00EEA54E
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000006), ref: 00EEA570
ChangeDisplaySettingsW.USER32(?,00000004), ref: 00EEA5BD
SetWindowLongW.USER32(00000000,000000F0,86000000), ref: 00EEA5F5
SetWindowLongW.USER32(00000000,000000EC,00040000), ref: 00EEA604
SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,000000FF,00000020), ref: 00EEA61A
ShowWindow.USER32(00000000,00000005), ref: 00EEA628
DestroyIcon.USER32(00000000,4B9D888B,10C20000,00000000,00F4C400,000000FF), ref: 00EEA69D
DestroyWindow.USER32(00000000,4B9D888B,10C20000,00000000,00F4C400,000000FF), ref: 00EEA6D4
GetModuleHandleW.KERNEL32(00000000,4B9D888B,10C20000,00000000,00F4C400,000000FF), ref: 00EEA6E5
UnregisterClassW.USER32(00000000), ref: 00EEA6F2
SetWindowLongW.USER32(00000000,000000FC,00000000), ref: 00EEA703

Strings

, xrefs: 00EEA4C9
Failed to change display mode for fullscreen, xrefs: 00EEA5C7

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Window$LibraryLong$DeviceHandleLoadModule$AddressAdjustCapsClassDestroyFreeProcRectRegister$ChangeCreateCursorDisplayIconNotificationReleaseSettingsShowUnregister
String ID: $Failed to change display mode for fullscreen
API String ID: 770934000-2557850749
Opcode ID: 1d3b7c4ec1f86b2019811511ed66d00ca5096b1b0986d1b23a03c17006ddce0a
Instruction ID: d4f3663858a167d7aa00cc0f9588c20c42e2fa3f72ec75b0df46dfbc2bda623a
Opcode Fuzzy Hash: 1d3b7c4ec1f86b2019811511ed66d00ca5096b1b0986d1b23a03c17006ddce0a
Instruction Fuzzy Hash: 41E16B71A00349AFDB21DF69CC49BDEBBB8FB08304F144169F959A7290DB75AA40CF91

Function 00AA34E0 Relevance: 30.9, Strings: 24, Instructions: 900COMMON

Download Yara Rule

Strings

Error: Multiple BCProperty_t found..., xrefs: 00AA3552
File incorrect: multiple definition of AreaType, xrefs: 00AA3C54
Unrecognized Area Type: %s, xrefs: 00AA3D19
Descriptor_t, xrefs: 00AA35D0, 00AA379B, 00AA3AE2
Area_t, xrefs: 00AA3A1B, 00AA3E36
Error: WallFunctionType_t missing under WallFunction_t, xrefs: 00AA38F9
Error: 2 DataArray_t (SurfaceArea & RegionName) required under Area_t, xrefs: 00AA3D82
Error: SurfaceArea and RegionName missing under Area_t, xrefs: 00AA3D6B
Error: Wrong DataArray_t found under Area_t: '%s', xrefs: 00AA4016
Error: Multiple Area_t found..., xrefs: 00AA3A63
Error: Array '%s' incorrectly sized, xrefs: 00AA3FFA
SurfaceArea, xrefs: 00AA3E54, 00AA3F53
WallFunction_t, xrefs: 00AA36DC
AreaType_t, xrefs: 00AA3C10
Error: Multiple WallFunction_t found..., xrefs: 00AA3719
DataArray_t, xrefs: 00AA3D3E
RegionName, xrefs: 00AA3ED6, 00AA3F83
WallFunctionType_t, xrefs: 00AA38CC
Unrecognized Wall Function Type: %s, xrefs: 00AA39D9
BCProperty_t, xrefs: 00AA3509
File incorrect: multiple definition of WallFunctionType, xrefs: 00AA3910
Unrecognized Wall Function Type '%s' replaced with 'UserDefined', xrefs: 00AA39C4
Unrecognized Area Type '%s' replaced with 'UserDefined', xrefs: 00AA3D04
Error: AreaType_t missing under Area_t, xrefs: 00AA3C3D

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: AreaType_t$Area_t$BCProperty_t$DataArray_t$Descriptor_t$Error: 2 DataArray_t (SurfaceArea & RegionName) required under Area_t$Error: AreaType_t missing under Area_t$Error: Array '%s' incorrectly sized$Error: Multiple Area_t found...$Error: Multiple BCProperty_t found...$Error: Multiple WallFunction_t found...$Error: SurfaceArea and RegionName missing under Area_t$Error: WallFunctionType_t missing under WallFunction_t$Error: Wrong DataArray_t found under Area_t: '%s'$File incorrect: multiple definition of AreaType$File incorrect: multiple definition of WallFunctionType$RegionName$SurfaceArea$Unrecognized Area Type '%s' replaced with 'UserDefined'$Unrecognized Area Type: %s$Unrecognized Wall Function Type '%s' replaced with 'UserDefined'$Unrecognized Wall Function Type: %s$WallFunctionType_t$WallFunction_t
API String ID: 0-2505397650
Opcode ID: 4528c17ba7e647f0914f2a568353765c6513411eb9185e85d75f3888e2fd60fb
Instruction ID: e7fa08fb06583d5e6a76458c0d46e096ddf7b63a554a45450c6fb687c8fb1f31
Opcode Fuzzy Hash: 4528c17ba7e647f0914f2a568353765c6513411eb9185e85d75f3888e2fd60fb
Instruction Fuzzy Hash: 3772F476A042008FCB10DF28C991A6BBBF9BF4A344F540569F986CB352F772DA45CB91

Function 00EED420 Relevance: 30.5, APIs: 7, Strings: 10, Instructions: 749registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00F02F66: __EH_prolog3.LIBCMT ref: 00F02F6D
Part of subcall function 00F02F66: std::_Lockit::_Lockit.LIBCPMT ref: 00F02F78
Part of subcall function 00F02F66: std::locale::_Setgloballocale.LIBCPMT ref: 00F02F93
Part of subcall function 00F02F66: std::_Lockit::~_Lockit.LIBCPMT ref: 00F02FE6

RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,?,CurrentJoystickSettings,00000017,?,?,?,?,?,?,?,?,Unknown Joystick), ref: 00EED83F
RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020019,?,?,?,?,?,?,?,?,?,Unknown Joystick,?,00000004), ref: 00EED87B

Part of subcall function 00A4C810: std::ios_base::_Addstd.LIBCPMT ref: 00A4C8BA

RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,OEMName,00000007,?,00000000,Joystick,00000008,?,00000000), ref: 00EEDC0D
RegCloseKey.ADVAPI32(?,?,?,?,?,?), ref: 00EEDC1B
RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00020019,?,?,00000200,?,?,?,?,System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM,0000004F), ref: 00EEDE4B
RegQueryValueExW.ADVAPI32(?,OEMName,00000000,00000000,?,00000200,?,?,?,?,System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM,0000004F,?,?,?,?), ref: 00EEDEA7
RegCloseKey.ADVAPI32(?,?,?,?,?,System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM,0000004F,?,?,?,?,?), ref: 00EEDEB5

Part of subcall function 00EECBC0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00EECC6A

Strings

Unable to query registry key for joystick at index , xrefs: 00EEDC4A
System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM, xrefs: 00EEDCA7
Unknown Joystick, xrefs: 00EED4A3
Unable to query name for joystick at index , xrefs: 00EEDEE0
Joystick, xrefs: 00EEDA77
CurrentJoystickSettings, xrefs: 00EED7F7
Unable to open registry key for joystick at index , xrefs: 00EEDE76
Unable to open registry for joystick at index , xrefs: 00EED8A3
OEMName, xrefs: 00EEDBC6, 00EEDE9C
System\CurrentControlSet\Control\MediaResources\Joystick, xrefs: 00EED504

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Open$CloseLockitQueryValuestd::_std::ios_base::_$AddstdH_prolog3Ios_base_dtorLockit::_Lockit::~_Setgloballocalestd::locale::_
String ID: CurrentJoystickSettings$Joystick$OEMName$System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\OEM$System\CurrentControlSet\Control\MediaResources\Joystick$Unable to open registry for joystick at index $Unable to open registry key for joystick at index $Unable to query name for joystick at index $Unable to query registry key for joystick at index $Unknown Joystick
API String ID: 184324034-2344436154
Opcode ID: 1566c6a36f068b40d0d122e760a53e95156bcc14bfc4c93eb482c522eaaaddb5
Instruction ID: c205a8637e6a7905f33806337be394baaf057c8d13d081824a32417f597ceb75
Opcode Fuzzy Hash: 1566c6a36f068b40d0d122e760a53e95156bcc14bfc4c93eb482c522eaaaddb5
Instruction Fuzzy Hash: DD6247B1A0066C9FCB24DB64DC85BEEB7B5AF49305F1042E9E409A7251EB71AF84CF50

Function 00F03A6C Relevance: 15.2, APIs: 10, Instructions: 200fileCOMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32(000000FF,00000000,?), ref: 00F03B04
GetLastError.KERNEL32 ref: 00F03B0E
FindFirstFileW.KERNEL32(000000FF,?), ref: 00F03B25
GetLastError.KERNEL32 ref: 00F03B30
FindClose.KERNEL32(00000000), ref: 00F03B3C
___std_fs_open_handle@16.LIBCPMT ref: 00F03BF5

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileFindLast$AttributesCloseFirst___std_fs_open_handle@16
String ID:
API String ID: 2340820627-0
Opcode ID: 91a8da05714bb98f84abfeae0a47587dee32544d55f3a264caf74ad257ef985b
Instruction ID: cd483d4efd641820a162aacf18c9ddcb926ab1379523ff4708016f48dd057296
Opcode Fuzzy Hash: 91a8da05714bb98f84abfeae0a47587dee32544d55f3a264caf74ad257ef985b
Instruction Fuzzy Hash: 39716C75A007199FDB24CF28DC89BA9B7BCAF05320F144255E955E33D0DB34AA44EB91

Function 00AC6290 Relevance: 14.3, APIs: 9, Instructions: 798COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AC64A3
_strncpy.LIBCMT ref: 00AC64B7
_strncpy.LIBCMT ref: 00AC64C7
_strncpy.LIBCMT ref: 00AC64DE
_strncpy.LIBCMT ref: 00AC64F1
_strncpy.LIBCMT ref: 00AC6508
_strncpy.LIBCMT ref: 00AC6538
_strncpy.LIBCMT ref: 00AC6B75
_strncpy.LIBCMT ref: 00AC6C3F

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID:
API String ID: 2961919466-0
Opcode ID: fe3341688abdb055caff83724708993854a3e2caae83b12c1d7659cad86918ff
Instruction ID: 0cfaf4eb86917454e7c51f28046068230214131380ed78ad12b7a0933a08012c
Opcode Fuzzy Hash: fe3341688abdb055caff83724708993854a3e2caae83b12c1d7659cad86918ff
Instruction Fuzzy Hash: BA521571A046428BD720DF38D984FAAB7E9FF85324F1A427ED5AA8B5D6D330D806C741

Function 00AC8F50 Relevance: 14.0, APIs: 9, Instructions: 469COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AC907D
_strncpy.LIBCMT ref: 00AC908A
_strncpy.LIBCMT ref: 00AC909A
_strncpy.LIBCMT ref: 00AC90AA
_strncpy.LIBCMT ref: 00AC90BD
_strncpy.LIBCMT ref: 00AC90D0

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID:
API String ID: 2961919466-0
Opcode ID: 939d6ef248eed67cb18c534732d3eb45fde25c0b5600cc604f653f14a5536aff
Instruction ID: 2174b152ab82862fc83dca68264bfb3ee9bb394c7f031ee186504176fadf1d3c
Opcode Fuzzy Hash: 939d6ef248eed67cb18c534732d3eb45fde25c0b5600cc604f653f14a5536aff
Instruction Fuzzy Hash: 990269312046825AE73D97348C14F7BB7E9AF49304F164B2EE6EAC65C3D635E180DB61

Function 00AC7070 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 499COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AC7248
_strncpy.LIBCMT ref: 00AC725E
_strncpy.LIBCMT ref: 00AC726E
_strncpy.LIBCMT ref: 00AC727E
_strncpy.LIBCMT ref: 00AC73BA

Strings

TaiL, xrefs: 00AC7207, 00AC7639
NoDe, xrefs: 00AC71EA, 00AC7621

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: NoDe$TaiL
API String ID: 2961919466-3816938716
Opcode ID: ffb1767cb5aae23c596e027df6c8ca5f6c6ff2ec731f4a1dfc692389a3171400
Instruction ID: b126cb756a27808ab2b165ad71f3b829e7d77d9d7ea210602493e9d48f46f2bb
Opcode Fuzzy Hash: ffb1767cb5aae23c596e027df6c8ca5f6c6ff2ec731f4a1dfc692389a3171400
Instruction Fuzzy Hash: 610205715087058BD720DF28C884FAEB7E9FF89324F55066EE5A98B285D730D846CF92

Function 00AC9BE0 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 471COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AC9C92
_strncpy.LIBCMT ref: 00AC9CA2
_strncpy.LIBCMT ref: 00AC9CB2
_strncpy.LIBCMT ref: 00AC9EFF
_strncpy.LIBCMT ref: 00ACA1D5

Strings

TaiL, xrefs: 00AC9C74
NoDe, xrefs: 00AC9C50

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: NoDe$TaiL
API String ID: 2961919466-3816938716
Opcode ID: a569708ebbb9b01ea0d8b01b71fe54901553f78ef160cd6cff5af89a2526ecb7
Instruction ID: 75e28a9fb586ec3ce7481c0ba86dfb57028acd12ba7fa7aaad6dd927e4991986
Opcode Fuzzy Hash: a569708ebbb9b01ea0d8b01b71fe54901553f78ef160cd6cff5af89a2526ecb7
Instruction Fuzzy Hash: 17027D316083855BC72DC6358C00BBBBBE95F99304F1B866DE9DAC6397D53184C0D7A2

Function 00AC26C0 Relevance: 11.6, Strings: 9, Instructions: 365COMMON

Download Yara Rule

Strings

NATIVE, xrefs: 00AC27B6
IEEE_LITTLE_64, xrefs: 00AC2780
IEEE_BIG_64, xrefs: 00AC2766
LEGACY, xrefs: 00AC27C8
L, xrefs: 00AC26F2
CRAY, xrefs: 00AC279B
IEEE_LITTLE_32, xrefs: 00AC2749
IEEE_BIG_32, xrefs: 00AC2730
L, xrefs: 00AC27F3

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: CRAY$IEEE_BIG_32$IEEE_BIG_64$IEEE_LITTLE_32$IEEE_LITTLE_64$L$L$LEGACY$NATIVE
API String ID: 0-865626884
Opcode ID: dc7d17a116fd97b121d592ed292906db5fcc44c4ce886b3ee0c305977d871b91
Instruction ID: 34731ea3db0d21fbedb9cb37fe328337c633a3a3f50a81063a01e3ccf8ff7889
Opcode Fuzzy Hash: dc7d17a116fd97b121d592ed292906db5fcc44c4ce886b3ee0c305977d871b91
Instruction Fuzzy Hash: 91E1F7B050C2C14DDF328B354450BB67FA11F67368FAA46DDD4DA4A243CA26CD87C79A

Function 00DB05F0 Relevance: 11.6, Strings: 9, Instructions: 312COMMON

Download Yara Rule

Strings

can't give ownership of VOL object, xrefs: 00DB0799
unable to get container info, xrefs: 00DB092F
unable to close owned VOL object, xrefs: 00DB065A
invalid VOL object, xrefs: 00DB07E3, 00DB086A
H5T__ref_set_loc, xrefs: 00DB0A72
F:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5Tref.c, xrefs: 00DB0A77
can't get encode size, xrefs: 00DB099E
invalid location, xrefs: 00DB074B
invalid reference datatype location, xrefs: 00DB0A44

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: F:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5Tref.c$H5T__ref_set_loc$can't get encode size$can't give ownership of VOL object$invalid VOL object$invalid location$invalid reference datatype location$unable to close owned VOL object$unable to get container info
API String ID: 0-1021936998
Opcode ID: 09cf4329d46fe3c7b17c283f6e4ce470ecc8c086dbfe4f746b0a5ef7b395d5cd
Instruction ID: 22ad8feb8a2035be5d2dc0a9bca647f668327fed481ac5b87d2f1e02c5991a41
Opcode Fuzzy Hash: 09cf4329d46fe3c7b17c283f6e4ce470ecc8c086dbfe4f746b0a5ef7b395d5cd
Instruction Fuzzy Hash: 11C16A71600300DFEB25CF58D951BAABBE1FB58308F45065DF1868BAA1E3BBE450DB91

Function 00F452C4 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00F454DB

Strings

1#SNAN, xrefs: 00F453D0
1#INF, xrefs: 00F453FA
1#IND, xrefs: 00F453C9
1#QNAN, xrefs: 00F453D7

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: aed16b4010dde7fc5bbc61b11668200da04f85c075b821f813d67504cae609de
Instruction ID: 70d84105e1c888409ba660ba29f66052ef252a9af4a12396070735ebb21aa2ff
Opcode Fuzzy Hash: aed16b4010dde7fc5bbc61b11668200da04f85c075b821f813d67504cae609de
Instruction Fuzzy Hash: E8D24D72E086288FDF64DE28CD407E9BBB5EB45314F1441EAD80DE7241EB78AE859F41

Function 00C8B880 Relevance: 10.2, Strings: 8, Instructions: 222COMMON

Download Yara Rule

Strings

%4lldP, xrefs: 00C8BAB4
%2lld.%0lldM, xrefs: 00C8B98A
%4lldT, xrefs: 00C8BAA7
%5lld, xrefs: 00C8B8A0
%4lldM, xrefs: 00C8B9BC
%4lldG, xrefs: 00C8BA8D
%2lld.%0lldG, xrefs: 00C8BA5D
%4lldk, xrefs: 00C8B8D2

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %2lld.%0lldG$%2lld.%0lldM$%4lldG$%4lldM$%4lldP$%4lldT$%4lldk$%5lld
API String ID: 0-3476178709
Opcode ID: f9455534e1f28f4376ada8fb01fbdc96effbedd6259e5ffde8ada593c45431d6
Instruction ID: c8393517d959b7512002fb5a383e56d4c9b6b5e601093789c8e0290884338c53
Opcode Fuzzy Hash: f9455534e1f28f4376ada8fb01fbdc96effbedd6259e5ffde8ada593c45431d6
Instruction Fuzzy Hash: 745127727143052BE70CE96EDC82BAF71C9E788718F88053CF946D7392E6A9DC01539A

Function 00F44464 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,2000000B,00F44776,00000002,00000000,?,?,?,00F44776,?,00000000), ref: 00F444FD
GetLocaleInfoW.KERNEL32(00000000,20001004,00F44776,00000002,00000000,?,?,?,00F44776,?,00000000), ref: 00F44526
GetACP.KERNEL32(?,?,00F44776,?,00000000), ref: 00F4453B

Strings

OCP, xrefs: 00F444B8
ACP, xrefs: 00F44482

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: b7a67aa652141c33142f843b9dc8989ba5c3a4abeb60ca2dcdac65e1a9b84960
Instruction ID: a1f64a4bc858b4f456b77dcbbe8ffd3b041d6bbaa52da88fc280cfbe7dbbd562
Opcode Fuzzy Hash: b7a67aa652141c33142f843b9dc8989ba5c3a4abeb60ca2dcdac65e1a9b84960
Instruction Fuzzy Hash: E3218622E00105A7DF34DF54C905B977BA6AB54B71B6A8024ED0AFB115EB32FE40F760

Function 00F44640 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F3B962: GetLastError.KERNEL32(?,?,00F1D704,01061808,0000000C), ref: 00F3B966
Part of subcall function 00F3B962: SetLastError.KERNEL32(00000000), ref: 00F3BA08

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00F44748
IsValidCodePage.KERNEL32(00000000), ref: 00F44786
IsValidLocale.KERNEL32(?,00000001), ref: 00F44799
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00F447E1
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00F447FC

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: a0f41a0e2958a975e0cf90e1c89f8a0a8ace669287f4a3e022077f0156e5a0e1
Instruction ID: f0f39c0365a44586361a83fb60e2185547561e6725bcb3e479f8a9d8e4c84972
Opcode Fuzzy Hash: a0f41a0e2958a975e0cf90e1c89f8a0a8ace669287f4a3e022077f0156e5a0e1
Instruction Fuzzy Hash: 0C516F71E0020AABEF10EFA5CC45BBA7BB8BF05711F144069EE10FB151EB74A944EB61

Function 00F49C00 Relevance: 7.6, APIs: 5, Instructions: 103COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,0109B3A4,?,?,?,00F4D048,000000FF), ref: 00F49C82
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00F49C8B
QueryPerformanceCounter.KERNEL32(?,?,?,00F4D048,000000FF), ref: 00F49C96

Part of subcall function 00F16F2D: AcquireSRWLockExclusive.KERNEL32(0109A834,?,?,?,00A3BA47,0109B40C,4B9D888B,?,?,?,00F4B5F9,000000FF), ref: 00F16F38
Part of subcall function 00F16F2D: ReleaseSRWLockExclusive.KERNEL32(0109A834,?,?,?,00A3BA47,0109B40C,4B9D888B,?,?,?,00F4B5F9,000000FF), ref: 00F16F72

QueryPerformanceFrequency.KERNEL32(?,?,00F4D048,000000FF), ref: 00F49CF2
GetVersion.KERNEL32(?,?,00F4D048,000000FF), ref: 00F49D43

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: PerformanceQuery$CounterExclusiveLock$AcquireConcurrency::details::_FrequencyLock::_ReaderReleaseScoped_lockScoped_lock::~_VersionWriter
String ID:
API String ID: 1477908031-0
Opcode ID: 3cb789da085f95449dbc23b681b7fed8cfffa7b6183ff6ca8372191717cee74c
Instruction ID: dec1af39a880a194c7ef4685fe778c47799df77dcee5f4f5dcd703408e369991
Opcode Fuzzy Hash: 3cb789da085f95449dbc23b681b7fed8cfffa7b6183ff6ca8372191717cee74c
Instruction Fuzzy Hash: 1141D371E04309EBCB10EB64FC96E9A7BA4BB00720F50C219ED9993280DB796844EB51

Function 00F43CCB Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F3B962: GetLastError.KERNEL32(?,?,00F1D704,01061808,0000000C), ref: 00F3B966
Part of subcall function 00F3B962: SetLastError.KERNEL32(00000000), ref: 00F3BA08

GetACP.KERNEL32(?,?,?,?,?,?,00F39308,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 00F43D8A
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00F39308,?,?,?,00000055,?,-00000050,?,?), ref: 00F43DC1
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00F43F24

Strings

utf8, xrefs: 00F43E93

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 10167d5d61fa5fa726c3ca018a6212f7d81fbb06970b9446aaa80ebef0173765
Instruction ID: d9299cd59506ddbff6622b538576278f183a002c419fb7aaa1ed51486a22bbc1
Opcode Fuzzy Hash: 10167d5d61fa5fa726c3ca018a6212f7d81fbb06970b9446aaa80ebef0173765
Instruction Fuzzy Hash: AD71F871E0120AAAD725AB75CC42FAB7BA8EF44720F144029FE15DB181FB74EE44A761

Function 00EEF5E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON

Download Yara Rule

APIs

joyGetPosEx.WINMM(00000000,00000034), ref: 00EEF656

Strings

4, xrefs: 00EEF640

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: bfd51bd89b39a573b21d86aea9c57cbcea44bdf8af9c86ff25989fbb01356a1f
Instruction ID: e6fbba1ff8e30370f4da22941bcbad95286795e91c123f956d7229c33c110bef
Opcode Fuzzy Hash: bfd51bd89b39a573b21d86aea9c57cbcea44bdf8af9c86ff25989fbb01356a1f
Instruction Fuzzy Hash: 8BB1B231824B4D4BC357CA3AD450619F3A6AFEE344B28C71AF456B6156FB35B0E1EB40

Function 00A427A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 194fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00A4287F
GetLastError.KERNEL32 ref: 00A428A1
FindClose.KERNEL32(00000000,?), ref: 00A429C6

Strings

FindFirstFile failed (, xrefs: 00A42890

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseErrorFileFirstLast
String ID: FindFirstFile failed (
API String ID: 4020440971-2332070052
Opcode ID: 799415170a0fcebbc05feaa421970bde60bad6edcc8e8d4063f132c5532cf413
Instruction ID: 9607c69e5124956c52120852963f82da00ddff17ad4ab79d0967c51eba9f0622
Opcode Fuzzy Hash: 799415170a0fcebbc05feaa421970bde60bad6edcc8e8d4063f132c5532cf413
Instruction Fuzzy Hash: 3C711335E002198BCB18DF28CC59BEEB7B5FF84314F104399F419A7691EB74AA80CB91

Function 00D2AE40 Relevance: 6.8, Strings: 5, Instructions: 523COMMON

Download Yara Rule

Strings

invalid type, xrefs: 00D2B432
memory allocation failed, xrefs: 00D2AE8E
F:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5Iint.c, xrefs: 00D2AEC1, 00D2B465, 00D2B4B1
H5I__register, xrefs: 00D2AEBC, 00D2B460, 00D2B4AC
invalid type number, xrefs: 00D2B47E

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: F:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5Iint.c$H5I__register$invalid type$invalid type number$memory allocation failed
API String ID: 0-1615948166
Opcode ID: 445eb1109550606a47aba1b1d62c301f7ed7b392a3f3f40c127b5dfaec70574c
Instruction ID: c45bfe02ae45a9d6cb884957cf3cddac8d0c02c002894b7dd4963409b23649c0
Opcode Fuzzy Hash: 445eb1109550606a47aba1b1d62c301f7ed7b392a3f3f40c127b5dfaec70574c
Instruction Fuzzy Hash: 7A228DB1600211CFCB18CF18D984A6ABBF1FF58318F15866EE8998B356D775E911CF90

Function 00F30AF0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5aee1f60f192b7b8733b0f39f754dbf60dfaa0a5da74c457f4cc44d458fce50
Instruction ID: 284c4d7b6479b072b11beca3de8401cfce9f6bdd84f42e317835bedd781b402f
Opcode Fuzzy Hash: e5aee1f60f192b7b8733b0f39f754dbf60dfaa0a5da74c457f4cc44d458fce50
Instruction Fuzzy Hash: 83021B71E012199BDF14CFA9D8906AEFBF1FF48324F24866AE519E7340DB31A941DB90

Function 00AC8250 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 471COMMON

Download Yara Rule

Strings

DaTa, xrefs: 00AC8328
dEnD, xrefs: 00AC87DE

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: DaTa$dEnD
API String ID: 0-295670464
Opcode ID: 6d8afe2ddbea830ff0ec8274de9bd35858760150cea813c2d6c9391fa8ea1da3
Instruction ID: a61c3b497b6ffc021a0b74e22a3decc497734ad3b20f9c2a1a21747bbca74e1d
Opcode Fuzzy Hash: 6d8afe2ddbea830ff0ec8274de9bd35858760150cea813c2d6c9391fa8ea1da3
Instruction Fuzzy Hash: 6D028AB1A083409FC725DF28C881F6BB7E5FBC9364F154A2DF5A587294DB79D8408B82

Function 00AC5670 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 375COMMON

Download Yara Rule

Strings

DaTa, xrefs: 00AC5765
dEnD, xrefs: 00AC57B5

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: DaTa$dEnD
API String ID: 0-295670464
Opcode ID: 1bafdf41f1bed6b27b7a348f3280c5dd8a811b272b14017d9a8f98011ecb801c
Instruction ID: 2e42e361c0cfe075966b9cca597fcaafc93346dec97faafe13b28d86d93dec4b
Opcode Fuzzy Hash: 1bafdf41f1bed6b27b7a348f3280c5dd8a811b272b14017d9a8f98011ecb801c
Instruction Fuzzy Hash: 80E166B1A087419FC724DF29C881B6BBBE5FFC8314F550A2DF59987251E631E980CB92

Function 00A8A4F0 Relevance: 5.4, Strings: 4, Instructions: 417COMMON

Download Yara Rule

Strings

(null), xrefs: 00A8A765, 00A8A76D
(null), xrefs: 00A8A77B, 00A8A79F, 00A8A7A0, 00A8A7E4, 00A8A800
Out of memory, xrefs: 00A8A507, 00A8A7C0
l, xrefs: 00A8A758

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (null)$(null)$Out of memory$l
API String ID: 0-2892190418
Opcode ID: ed8b28016b39dd7be96246eff76ec9a7b0724c7d09cf9c69b5cff597f3400069
Instruction ID: 8df44d5d790469eda25d575a29c185bed49f58ef8919234e18d6923500fddc0e
Opcode Fuzzy Hash: ed8b28016b39dd7be96246eff76ec9a7b0724c7d09cf9c69b5cff597f3400069
Instruction Fuzzy Hash: 57D1C271A083014FE708EF2DDD8176ABAE1ABD9304F08457EF885D7356E674DE098B52

Function 00F0083E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,?,00000002,4B9D888B,?,00A3CA63,?,4B9D888B), ref: 00F00852
FormatMessageA.KERNEL32(00001300,00000000,00000000,?,4B9D888B,00000000,00000000,?,?,00A3CA63,?,4B9D888B), ref: 00F00879

Strings

!x-sys-default-locale, xrefs: 00F0084D

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: 72444d79d3202083a3bad140b71944da805a782332f3995432ecdf9bad1bbd17
Instruction ID: 1c96849ece9fda0e3a90f92583c742d9faacb1a095161f991618242d7514d762
Opcode Fuzzy Hash: 72444d79d3202083a3bad140b71944da805a782332f3995432ecdf9bad1bbd17
Instruction Fuzzy Hash: 3AF037B6511109FFEB149B95CC0AEAE76ACEB09751F108015BA05D6040E9B09E00B7B0

Function 00F23F11 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00F24009
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00F24013
UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00F24020

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 43bec836bd97dc28b7090c0e442ad62649a19ce8ed62b923477a805e09999ec8
Instruction ID: 24c48bf193a4915ffde79b06eac324099f3a7bde5100befc9d216e17d66df5e2
Opcode Fuzzy Hash: 43bec836bd97dc28b7090c0e442ad62649a19ce8ed62b923477a805e09999ec8
Instruction Fuzzy Hash: B731B27490122D9BCB21DF24DD897CCBBB8BF08750F5041EAE50CA6250EB749F859F44

Function 00ABF220 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 479COMMON

Download Yara Rule

APIs

Part of subcall function 00AC7070: _strncpy.LIBCMT ref: 00AC7248
Part of subcall function 00AC7070: _strncpy.LIBCMT ref: 00AC725E
Part of subcall function 00AC7070: _strncpy.LIBCMT ref: 00AC726E
Part of subcall function 00AC7070: _strncpy.LIBCMT ref: 00AC727E

_strncpy.LIBCMT ref: 00ABF3A1

Strings

unused entry in sub-node-table , xrefs: 00ABF39B

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: unused entry in sub-node-table
API String ID: 2961919466-1056416979
Opcode ID: 6efcba33ed34f713772882c6319c5a35d151af9bb6428bc9caca3f4af40ad81e
Instruction ID: ffca561fed6b1dea3d7d17b82d74531dc0ea5d429ae131d9cadea1d5bc25ee64
Opcode Fuzzy Hash: 6efcba33ed34f713772882c6319c5a35d151af9bb6428bc9caca3f4af40ad81e
Instruction Fuzzy Hash: 8B12A1B19043458FD731DF28DC40BAEB3E9FB95324F140B2DE8A597292E734A944CB92

Function 00D2B4D0 Relevance: 4.0, Strings: 3, Instructions: 213COMMON

Download Yara Rule

Strings

can't remove ID node from hash table, xrefs: 00D2B5F4
F:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5Iint.c, xrefs: 00D2B627
H5I__remove_common, xrefs: 00D2B622

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: F:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5Iint.c$H5I__remove_common$can't remove ID node from hash table
API String ID: 0-586489002
Opcode ID: 8bb532dabefbca128202f4be576aa8f2010d58ca992be96e70d8d872e37cc6b0
Instruction ID: 49106033898b9098f2b60460db1b3d1b5f884010f8362d3ccaf507598b14b783
Opcode Fuzzy Hash: 8bb532dabefbca128202f4be576aa8f2010d58ca992be96e70d8d872e37cc6b0
Instruction Fuzzy Hash: 978114717042218FCF28CF29D980A25BBF0FF94319B09826DE8958B746D375E955CFA0

Function 00F04404 Relevance: 3.0, APIs: 2, Instructions: 27timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00F00932,?,00000000,00000000,?,00F008F1,?,?,?,?,00F1677B,?), ref: 00F0443C
GetSystemTimeAsFileTime.KERNEL32(?,4B9D888B,?,?,00F4A210,000000FF,?,00F00932,?,00000000,00000000,?,00F008F1,?,?), ref: 00F04440

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Time$FileSystem$Precise
String ID:
API String ID: 743729956-0
Opcode ID: 2de945a94d56cb8d926ecd3d899c978de238d1b32c66eca8e91b8b1aa57c8ff4
Instruction ID: 3b61f00593f735160f9c196b6e9b9679d4976e2427b351542fb5363b849434b4
Opcode Fuzzy Hash: 2de945a94d56cb8d926ecd3d899c978de238d1b32c66eca8e91b8b1aa57c8ff4
Instruction Fuzzy Hash: 4CF0E577A44658EFC711CF44EC04B59BBA8FB48B20F00022AED02D3794DB79A900ABC1

Function 00A49280 Relevance: 2.9, Strings: 2, Instructions: 425COMMON

Download Yara Rule

Strings

%, xrefs: 00A496A1
+, xrefs: 00A496B0

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %$+
API String ID: 0-2626897407
Opcode ID: 14c9dfdb7dc8c44e3fe998f873b63e5fa94b0326b9d06f0dade022008313ac53
Instruction ID: 6f9fa0cc16135e83bdd8c206e3d6cdac2293ad582f28190d7e1be15030ee1f54
Opcode Fuzzy Hash: 14c9dfdb7dc8c44e3fe998f873b63e5fa94b0326b9d06f0dade022008313ac53
Instruction Fuzzy Hash: 7AF11376D00218AFCB19DF68DC81AEFBBB5FF89310F144229F815AB291D734A915CB91

Function 00AC0000 Relevance: 2.9, Strings: 2, Instructions: 403COMMON

Download Yara Rule

Strings

OLD, xrefs: 00AC02FC
READ_ONLY, xrefs: 00AC02E8

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: OLD$READ_ONLY
API String ID: 0-2262891398
Opcode ID: 9fa21dfefe9a27b3ac1b61bea347f4f1e043d40270e9a483d1741eaecbbff2f5
Instruction ID: c6dd3edc77bdd341b33fc2c7665d7d10f8601777fd4c68f90063c52859104c1c
Opcode Fuzzy Hash: 9fa21dfefe9a27b3ac1b61bea347f4f1e043d40270e9a483d1741eaecbbff2f5
Instruction Fuzzy Hash: EAF1DF75908749CBC730DF28D880FABB7E5FF86354F054A2DE9998B241EB319844CB92

Function 00AC5210 Relevance: 2.8, Strings: 2, Instructions: 347COMMON

Download Yara Rule

Strings

z, xrefs: 00AC542C
NoDe, xrefs: 00AC5545

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: NoDe$z
API String ID: 0-2225116422
Opcode ID: ea1fd56414c6d40a3e57cc6e5a8943c5667b3b7d9573ffdd15bedac7437a28d8
Instruction ID: c660c4a4ed99d2765c69f888326db84b541ec285a638266534960084f7bfa88a
Opcode Fuzzy Hash: ea1fd56414c6d40a3e57cc6e5a8943c5667b3b7d9573ffdd15bedac7437a28d8
Instruction Fuzzy Hash: 5CD17DB5A047409FC714CF29C880B6AFBE1BF99310F58865EF8998B391D735E984CB52

Function 00ABFB10 Relevance: 2.8, Strings: 2, Instructions: 343COMMON

Download Yara Rule

Strings

N, xrefs: 00ABFB4B
N, xrefs: 00ABFB56

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: N$N
API String ID: 0-3855217897
Opcode ID: d12702dfbacaf672daf59d1a9f22e1e72a8668be82a13368f414ac8053332a4f
Instruction ID: 9f22e817e92696624832c585982d6a09b661a992432c1779aff6af3240ab2021
Opcode Fuzzy Hash: d12702dfbacaf672daf59d1a9f22e1e72a8668be82a13368f414ac8053332a4f
Instruction Fuzzy Hash: FFC1373200D7C2AEDB124B29AC605FBFFE4AF53311F0C8AAEE5E842553C216E948D751

Function 00F3A669 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F3A664,?,?,00000008,?,?,00F494AC,00000000), ref: 00F3A896

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 947fa0dc79936529b41c7cf645b5ff4e1081fb5905baede3b1010f25781772d1
Instruction ID: b65231ccce9457e8a55c57c71ce47731a1fe194684a7ffe3e647d2ca90306ce3
Opcode Fuzzy Hash: 947fa0dc79936529b41c7cf645b5ff4e1081fb5905baede3b1010f25781772d1
Instruction Fuzzy Hash: A8B15C329106089FD719CF29C48AB657BE0FF45374F298658E8DACF2A1C335D992DB41

Function 00F2114C Relevance: 1.6, Strings: 1, Instructions: 333COMMON

Download Yara Rule

Strings

0, xrefs: 00F212BC

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 2c4d04e59b986817fb19a9b227ba6ce7e95d91734231c7e69e4397977fc55e3b
Instruction ID: 5901cf01a2ba0b53eab887e1355c143c0e2c04bc782da02a7d446d4575777b1a
Opcode Fuzzy Hash: 2c4d04e59b986817fb19a9b227ba6ce7e95d91734231c7e69e4397977fc55e3b
Instruction Fuzzy Hash: A2C11130D0062ACFCB24CF68E9946BABBB5FF26320F24461DE456D7691C331AD45EB58

Function 00F20E0A Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

0, xrefs: 00F20F8E

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9c6624d93cffc5d1089b1718c3f8ecb05427f4963a48b69184c52aa0b3cf7ae3
Instruction ID: 2681874f06cb21d3d04ef6719d6035c3aa409b5e4a3a93103024af3ab33a77a8
Opcode Fuzzy Hash: 9c6624d93cffc5d1089b1718c3f8ecb05427f4963a48b69184c52aa0b3cf7ae3
Instruction Fuzzy Hash: C7B13832D00A2ACBCB34CF68E9556BEBBB5FF10320F140A1DD55297692CB359D81EB45

Function 00F43FC2 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F3B962: GetLastError.KERNEL32(?,?,00F1D704,01061808,0000000C), ref: 00F3B966
Part of subcall function 00F3B962: SetLastError.KERNEL32(00000000), ref: 00F3BA08

EnumSystemLocalesW.KERNEL32(00F440E8,00000001,00000000,?,-00000050,?,00F4471C,00000000,?,?,?,00000055,?), ref: 00F44034

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: b20117a3b62d61e24de11c180a2ac79102a90952742a8bffe1b00bd6fe9084ce
Instruction ID: d3d02a49ac8222f3b72ecf0950a67ecbcb618f114b43283487b731c78b91d4f0
Opcode Fuzzy Hash: b20117a3b62d61e24de11c180a2ac79102a90952742a8bffe1b00bd6fe9084ce
Instruction Fuzzy Hash: 821129376007059FDB289F38C89167ABBA1FF84329B15442DEE8757A40E775B912D740

Function 00C8E870 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

BCryptGenRandom.BCRYPT(00000000,?), ref: 00C8E8C0

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CryptRandom
String ID:
API String ID: 2662593985-0
Opcode ID: a6f52197bdb55f16f578250d3819fdfe6320cff64cc7f4869b762a64486e4c5c
Instruction ID: 5946897d53f36818fb203b364b2f5e9f36c4a5c5f587a40c40f78fd8da1b1912
Opcode Fuzzy Hash: a6f52197bdb55f16f578250d3819fdfe6320cff64cc7f4869b762a64486e4c5c
Instruction Fuzzy Hash: 4D11487290C3428AD310EE29D841B2FBBD8EB92328F040A6AF590D71C2D335D9058B66

Function 00F4405D Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F3B962: GetLastError.KERNEL32(?,?,00F1D704,01061808,0000000C), ref: 00F3B966
Part of subcall function 00F3B962: SetLastError.KERNEL32(00000000), ref: 00F3BA08

EnumSystemLocalesW.KERNEL32(00F4433B,00000001,00000000,?,-00000050,?,00F446E4,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00F440A7

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: d91de4ff25654fb1595772b16f86988c3460df1942f4025539ef61369b0c82d0
Instruction ID: 45a4cc33eb1a49a39bf7d821055ee05a0de15582001e662fcbb01c40a11192e9
Opcode Fuzzy Hash: d91de4ff25654fb1595772b16f86988c3460df1942f4025539ef61369b0c82d0
Instruction Fuzzy Hash: 92F0CD366003085FDB246F799C81B7ABF91EF81768F05842DFE469BA90D6B5AC02E650

Function 00F168E5 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00F1428F,00000000,?,00000004,00F12EC3,?,00000004,00F132D6,00000000,00000000), ref: 00F16902

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 990f425dce17b9f6b3723ff904ca50f6fb6ae67544e6f1ba70c2279f898f9c05
Instruction ID: 1e8b0f718eb5cd565c6db03584f29bf687e0d597e72160ef3d2e49b0bd93f0f9
Opcode Fuzzy Hash: 990f425dce17b9f6b3723ff904ca50f6fb6ae67544e6f1ba70c2279f898f9c05
Instruction Fuzzy Hash: 7DE06D23A50204A7E7259B789E1EFBA7AA8AB0175DFA0414DB502E90D1DAB4DE40B261

Function 00F3C22D Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F356F9: EnterCriticalSection.KERNEL32(?,?,00F3B63A,?,01061ED8,00000008,00F3B7FE,?,?,?), ref: 00F35708

EnumSystemLocalesW.KERNEL32(00F3C220,00000001,01061F98,0000000C,00F3C695,00000000), ref: 00F3C265

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: f86208aaee2a2ad3932ba5df716bb8f1ecc04a209a7744c9daa21b566667dd17
Instruction ID: 078820f96e330792ebc946d5e1eeb7b40646b688c45228aa966dc294d0e7482f
Opcode Fuzzy Hash: f86208aaee2a2ad3932ba5df716bb8f1ecc04a209a7744c9daa21b566667dd17
Instruction Fuzzy Hash: ECF04972A40208DFD710EF99E802B9D7BB0FB44721F00805AF410EB291CB798901AF81

Function 00F43F77 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00F3B962: GetLastError.KERNEL32(?,?,00F1D704,01061808,0000000C), ref: 00F3B966
Part of subcall function 00F3B962: SetLastError.KERNEL32(00000000), ref: 00F3BA08

EnumSystemLocalesW.KERNEL32(00F43ED0,00000001,00000000,?,?,00F4473E,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 00F43FAE

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: d81cb4375f44a88959c15bd5772c4e8cc5ccb31325ab8e9f7bb7eae939827c86
Instruction ID: 0b94387d6811d0d8836d1da631d74f8774464b32ce6f3982a026aba26b47851c
Opcode Fuzzy Hash: d81cb4375f44a88959c15bd5772c4e8cc5ccb31325ab8e9f7bb7eae939827c86
Instruction Fuzzy Hash: AAF0E536B0020957CB18AF35D85576ABFA4EFC1730F0A4059FF058B290C6759947E790

Function 00F3C7F0 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00F39E7E,?,20001004,00000000,00000002,?,?,00F39470), ref: 00F3C824

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 6bc3559e3ecd5555087e2eb4ce57f0665877b4c3295697cd75897545bd7973c4
Instruction ID: 58c744b2c90adef250cd0c1d394ea24129e267aedfcd911877f93d99f534d3df
Opcode Fuzzy Hash: 6bc3559e3ecd5555087e2eb4ce57f0665877b4c3295697cd75897545bd7973c4
Instruction Fuzzy Hash: 5AE04F3650021DBBCF126F61DC04ADE3E25EF48B71F048020FD0675121CB368A21BBD1

Function 00F3735F Relevance: .7, Instructions: 668COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9c9e7bf376d2dbe0b21c2c8d3338df0141636141952312a5ddadc874e2981ed1
Instruction ID: fab1667f471bbd3e2ad4f292b8adb4209dd3c9f069a0c5c936c37ffd8b018671
Opcode Fuzzy Hash: 9c9e7bf376d2dbe0b21c2c8d3338df0141636141952312a5ddadc874e2981ed1
Instruction Fuzzy Hash: 7932B2B4E0020ADFCF28DF58C995ABEBBB5EF45324F244168DC45A7315D631AE06EB90

Function 00C7FF10 Relevance: .6, Instructions: 611COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b5e10305c67d9e33230fcbafe2ed9a379dddd00ebb4613dac35adeed22a7259
Instruction ID: 53b6f084bf1d320c5f08b6e197d276b349c0d553391ab9df2b9a6b373dc16f0a
Opcode Fuzzy Hash: 6b5e10305c67d9e33230fcbafe2ed9a379dddd00ebb4613dac35adeed22a7259
Instruction Fuzzy Hash: 0F2202B1A083458FC350DF19C48036AFBE1FBC8358F68492EE99687351E775D949CB8A

Function 00A98BF0 Relevance: .5, Instructions: 515COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52fb7e2595926e14ccfd40f52c4b73cbb833517fc4104ec1505eacca6a05b046
Instruction ID: f780142562d4dde23a47e7e892e37ff183468c5dcee06a6800148e1ae17c1466
Opcode Fuzzy Hash: 52fb7e2595926e14ccfd40f52c4b73cbb833517fc4104ec1505eacca6a05b046
Instruction Fuzzy Hash: 2902B3316086099BCB20EF3CD941A9FB7E8BF8A318F40472DF999CA151E735C5558B93

Function 00B23800 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 987a239ceb5b582a6dca94bf9e72823c89fc229396f0c1fd99137dca79955cf0
Instruction ID: 01f66ef6ac5c160bc7168f3b4f3880a2c77c2156d415dce51a444a5078475707
Opcode Fuzzy Hash: 987a239ceb5b582a6dca94bf9e72823c89fc229396f0c1fd99137dca79955cf0
Instruction Fuzzy Hash: 75E1E772D002289BCB14CF68D8816EEF7F5FF59710F15826AE859F7251E734AA81CB90

Function 00D38550 Relevance: .4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7cdc536471f01ac8c28615562f54bccf8de30b47a01a614ba78c20a92836884
Instruction ID: 3e33be0fa3da16acfb26683566271f623ed4dea25f32ad1c61ebeb308b1e1e8c
Opcode Fuzzy Hash: c7cdc536471f01ac8c28615562f54bccf8de30b47a01a614ba78c20a92836884
Instruction Fuzzy Hash: C3D116797007068FCB24CE19D5C0926F7E2FF96714B6886A8E885CB611DF21EC45EBB1

Function 00DA84A0 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5922ad7a20964b1822a7b647df89bb1f866ee0e4123ed91b9c09c7b9455eeb98
Instruction ID: 5da3f0693a9aa1b346c74b3262dac0cc279118cb75baa9e136c40765852b47df
Opcode Fuzzy Hash: 5922ad7a20964b1822a7b647df89bb1f866ee0e4123ed91b9c09c7b9455eeb98
Instruction Fuzzy Hash: 47C1D275A082418FC710CF2CC580966BBE5FF8A314B6E4699EC958B363DB31EC45DBA1

Function 00B222F0 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3923fddbe5c80f79578c56e506e29c6b6236dce3283b69681776bfecf274e60
Instruction ID: d6db28f8ec11c01e62559a2f3e203536f5520714732c144c7a938d682ef380cc
Opcode Fuzzy Hash: b3923fddbe5c80f79578c56e506e29c6b6236dce3283b69681776bfecf274e60
Instruction Fuzzy Hash: FC618B72A0021A9FCB14DF68D981AAEB7F6FB88310F114269E919D7740EB30ED11CBD0

Function 00D2AC30 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b60b2f2a7ac96f0239d790b1cdb4515e85dba86424b3bb7ee98bb996d33a8f92
Instruction ID: a567d0883876b3dd44fb088f03867d22da61d0f55f08e5cdb12902083e47390b
Opcode Fuzzy Hash: b60b2f2a7ac96f0239d790b1cdb4515e85dba86424b3bb7ee98bb996d33a8f92
Instruction Fuzzy Hash: AE51F9727043214FCB28DD3CED5412AB7E1EBA4315F49872DE891C7689E634F909CBA1

Function 00AC2020 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25fd8b6c77569dd28c237e3b51c2665c1a87ba9e519ea7ab43873b6b356e1944
Instruction ID: dd1c6e21451854976e58e978c4e8afd2d482b8130a263fbed8e6628ccd5a7d5a
Opcode Fuzzy Hash: 25fd8b6c77569dd28c237e3b51c2665c1a87ba9e519ea7ab43873b6b356e1944
Instruction Fuzzy Hash: DC512936A142924BC71E963C4850735EFE15B9A224F1F87BECDAA9B397C1219DC1D3E0

Function 00B22140 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6422f332e29a210efc33b0f1ebea14489e2bbc2f37ffd7de16ddc9e1bc60de09
Instruction ID: f57921f64afc526b0a926376068ba9493d2582272cb4a59e2433b00a29031f0f
Opcode Fuzzy Hash: 6422f332e29a210efc33b0f1ebea14489e2bbc2f37ffd7de16ddc9e1bc60de09
Instruction Fuzzy Hash: 8B518E72B0021ADFCB18CF68D9816AEBBF1FB88310F114629E915D7740DB35AD15CB90

Function 00EE5000 Relevance: 35.3, APIs: 5, Strings: 15, Instructions: 281COMMON

Download Yara Rule

APIs

Part of subcall function 00EE5980: Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE59F2

Part of subcall function 00EE8130: wglGetProcAddress.OPENGL32(?,00EE55F0,glGetError,0109783C,4B9D888B,?,?), ref: 00EE8134
Part of subcall function 00EE8130: GetModuleHandleA.KERNEL32(OpenGL32.dll), ref: 00EE8160

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE506F

Part of subcall function 00EE8130: GetProcAddress.KERNEL32(?,?), ref: 00EE8175

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE50A2
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE50D7
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE510A
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE513D

Strings

OpenGL ES-CL , xrefs: 00EE51C2
glGetIntegerv, xrefs: 00EE504C
glGetStringi, xrefs: 00EE529F
Unable to parse OpenGL version string: ", xrefs: 00EE5221
Could not load necessary function to initialize OpenGL context, xrefs: 00EE5397
Unable to retrieve OpenGL version string, defaulting to 1.1, xrefs: 00EE523F
GL_ARB_compatibility, xrefs: 00EE52D8
OpenGL ES-CM , xrefs: 00EE51DA
OpenGL ES , xrefs: 00EE51F0
glGetString, xrefs: 00EE50B4
glIsEnabled, xrefs: 00EE511C
glEnable, xrefs: 00EE50E9
", defaulting to 1.1, xrefs: 00EE521B
Warning: Failed to enable GL_FRAMEBUFFER_SRGB, xrefs: 00EE5363
glGetError, xrefs: 00EE5081

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::details::_Lock::_ReaderScoped_lockScoped_lock::~_Writer$AddressProc$HandleModule
String ID: ", defaulting to 1.1$Could not load necessary function to initialize OpenGL context$GL_ARB_compatibility$OpenGL ES $OpenGL ES-CL $OpenGL ES-CM $Unable to parse OpenGL version string: "$Unable to retrieve OpenGL version string, defaulting to 1.1$Warning: Failed to enable GL_FRAMEBUFFER_SRGB$glEnable$glGetError$glGetIntegerv$glGetString$glGetStringi$glIsEnabled
API String ID: 2086293221-2205547372
Opcode ID: d9be30fc64fb1afb05c4b98f35ef03341337417f65cd6074ca1ae23c40531fb8
Instruction ID: 707ccbfc26c3b9b8c9fdaf9c69978286dc2cf90e450d2774820f993de2a79fd8
Opcode Fuzzy Hash: d9be30fc64fb1afb05c4b98f35ef03341337417f65cd6074ca1ae23c40531fb8
Instruction Fuzzy Hash: 5EA1C2B2A00649EBDF10EFA1DC46BEEBBB4BF14358F100529E95176181E7B46A04CBA1

Function 00EE3D00 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 299COMMON

Download Yara Rule

APIs

Part of subcall function 00EE8130: wglGetProcAddress.OPENGL32(?,00EE55F0,glGetError,0109783C,4B9D888B,?,?), ref: 00EE8134
Part of subcall function 00EE8130: GetModuleHandleA.KERNEL32(OpenGL32.dll), ref: 00EE8160

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE3D55

Strings

; debug = , xrefs: 00EE3F44, 00EE403F
; core = , xrefs: 00EE3F4D, 00EE4048
; depth bits = , xrefs: 00EE3EB0, 00EE3FAB
; sRGB = , xrefs: 00EE3F39, 00EE4034
; AA level = , xrefs: 00EE3EA1, 00EE3F9B
Warning: Detected "Microsoft Corporation GDI Generic" OpenGL implementation, xrefs: 00EE3E09
Could not load glGetString function, xrefs: 00EE3D5E
Warning: The created OpenGL context does not fully meet the settings that were requested, xrefs: 00EE3E85
; stencil bits = , xrefs: 00EE3EA9, 00EE3FA3
Requested: version = , xrefs: 00EE3EC0
GDI Generic, xrefs: 00EE3DD9
glGetString, xrefs: 00EE3D35
Microsoft Corporation, xrefs: 00EE3DAB
Created: version = , xrefs: 00EE3FBB
The current OpenGL implementation is not hardware-accelerated, xrefs: 00EE3E1F

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: AddressConcurrency::details::_HandleLock::_ModuleProcReaderScoped_lockScoped_lock::~_Writer
String ID: ; AA level = $ ; core = $ ; debug = $ ; depth bits = $ ; sRGB = $ ; stencil bits = $Could not load glGetString function$Created: version = $GDI Generic$Microsoft Corporation$Requested: version = $The current OpenGL implementation is not hardware-accelerated$Warning: Detected "Microsoft Corporation GDI Generic" OpenGL implementation$Warning: The created OpenGL context does not fully meet the settings that were requested$glGetString
API String ID: 1279344393-544003593
Opcode ID: cdc60c776ddbd6cbfd7b7664a95b0555287ab5e3031999d1013f8a0507edd56f
Instruction ID: fdf5d3d7e30f3c8195c8c9457122fa9489cb7c5b752cde1c0c4bf28b68e84bba
Opcode Fuzzy Hash: cdc60c776ddbd6cbfd7b7664a95b0555287ab5e3031999d1013f8a0507edd56f
Instruction Fuzzy Hash: C2914BB9F042446BCF14BF719DA7E6A7B559F81304B04086CF841BB243EB76EA14C7A1

Function 00CD9C10 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 299COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00CD9E8E
_strncpy.LIBCMT ref: 00CD9EA4

Strings

F:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5L.c, xrefs: 00CD9C85, 00CD9DE1, 00CD9E64, 00CD9F33, 00CD9FD7, 00CDA081
can't set API context, xrefs: 00CD9C52
can't set access property list info, xrefs: 00CD9D6C
unable to create external link, xrefs: 00CD9FA4
@, xrefs: 00CD9F72
no link name specified, xrefs: 00CD9FEE
no file name specified, xrefs: 00CDA04E
H5Lcreate_external, xrefs: 00CD9C80, 00CD9DDC, 00CD9E5F, 00CD9F2E, 00CD9FD2, 00CDA07C
invalid object identifier, xrefs: 00CD9F00
can't normalize object name, xrefs: 00CD9DAE
no object name specified, xrefs: 00CDA01E
library initialization failed, xrefs: 00CD9C36
unable to allocate udata buffer, xrefs: 00CD9E31

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: @$F:\vcpkg-2024.05.24\buildtrees\hdf5\src\df5-1_14_2-1052155090.clean\src\H5L.c$H5Lcreate_external$can't normalize object name$can't set API context$can't set access property list info$invalid object identifier$library initialization failed$no file name specified$no link name specified$no object name specified$unable to allocate udata buffer$unable to create external link
API String ID: 2961919466-2794412212
Opcode ID: e7ceeabea64ee99a86a13b945d1d561f371c97e05f3a6f22aa9f5e9768283320
Instruction ID: 11a8eb7ff55f1aa94bb963ab72b6f641c98d1941a811a9c2fcf6da2dfbd76599
Opcode Fuzzy Hash: e7ceeabea64ee99a86a13b945d1d561f371c97e05f3a6f22aa9f5e9768283320
Instruction Fuzzy Hash: 19B1C336604344AFDF325F909D41F6A7BE6EB48708F040509F78552AB5D7BBA110EB52

Function 00C8BAE0 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 337COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BB33
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BBCB
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BBEE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BC01
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BC3F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BC9D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BCC6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BCD9
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BE1B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BE2A
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8BE4E

Strings

%% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed, xrefs: 00C8BB71
** Resuming transfer from byte position %lld, xrefs: 00C8BB5E
%3lld %s %3lld %s %3lld %s %s %s %s %s %s %s, xrefs: 00C8BF31

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: %3lld %s %3lld %s %3lld %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$** Resuming transfer from byte position %lld
API String ID: 885266447-1872798829
Opcode ID: 23d4b949cc8d720033cd037673aae0e226ec9df14b62eceb94f56bee74bb36d7
Instruction ID: 62179d5cbd81538212cdd7621f9ff90be62e57c42b8cd7b455a0306732499de8
Opcode Fuzzy Hash: 23d4b949cc8d720033cd037673aae0e226ec9df14b62eceb94f56bee74bb36d7
Instruction Fuzzy Hash: 24D15D75608745AFD320EA65CC41FABB7EAFFC8308F00491DF9A992261DB32AD109B55

Function 00A41740 Relevance: 21.3, APIs: 14, Instructions: 276synchronizationthreadinjectionCOMMON

Download Yara Rule

APIs

SetWaitableTimer.KERNEL32(?,?,00000001,00000000,00000000,00000000,4B9D888B), ref: 00A4179D
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00A417D3
CloseHandle.KERNEL32(?), ref: 00A417DC
TerminateThread.KERNEL32(?,00000000), ref: 00A417F8
QueueUserAPC.KERNEL32(00A40E70,?,00000000), ref: 00A41805
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A41810
CloseHandle.KERNEL32(?), ref: 00A41820
GetQueuedCompletionStatus.KERNEL32(?,00000000,?,?,?), ref: 00A4193C
WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00A419FD
CloseHandle.KERNEL32(?), ref: 00A41A0C
TerminateThread.KERNEL32(?,00000000), ref: 00A41A28
QueueUserAPC.KERNEL32(00A40E70,?,00000000), ref: 00A41A35
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A41A40
CloseHandle.KERNEL32(?), ref: 00A41A50

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandleWait$MultipleObjectObjectsQueueSingleTerminateThreadUser$CompletionQueuedStatusTimerWaitable
String ID:
API String ID: 3087107450-0
Opcode ID: e88f64723c0235413716e4b970861179e5be87debf9f389541ce66897bd51b6a
Instruction ID: 9d8af82760e462c34fb15b637a8642c75326b7d1fb6340476e81d0f8653bebc6
Opcode Fuzzy Hash: e88f64723c0235413716e4b970861179e5be87debf9f389541ce66897bd51b6a
Instruction Fuzzy Hash: 3AB15C75A0070AAFDB15CFA4C845BAEBBF5FF88710F144219E919A7690D770AD81CBD0

Function 00EEE0D0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 201libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(dinput8.dll,00EE9CA3,010978F0,00000484,00000008,00EE9B30,00EE9BC0), ref: 00EEE0D5
GetProcAddress.KERNEL32(00000000,DirectInput8Create), ref: 00EEE0EF
GetModuleHandleW.KERNEL32(00000000,00000800,010462B4,01099E48,00000000), ref: 00EEE10E
FreeLibrary.KERNEL32 ref: 00EEE12D
FreeLibrary.KERNEL32 ref: 00EEE169

Strings

DirectInput8Create, xrefs: 00EEE0E9
DirectInput not available, falling back to Windows joystick API, xrefs: 00EEE183
dinput8.dll, xrefs: 00EEE0D0
Failed to initialize DirectInput: , xrefs: 00EEE134
Failed to enumerate DirectInput devices: , xrefs: 00EEFAC4
4, xrefs: 00EEFB54

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Library$Free$AddressHandleLoadModuleProc
String ID: 4$DirectInput not available, falling back to Windows joystick API$DirectInput8Create$Failed to enumerate DirectInput devices: $Failed to initialize DirectInput: $dinput8.dll
API String ID: 2557599219-3451776162
Opcode ID: 3b79d28bf2b953872cdec07264acb22644aba77581bf2f0ddc1065f074e57a93
Instruction ID: 46daf115d488aa95876a5396d85d37e4a8e1f12d524104529afb1476a0b25b6d
Opcode Fuzzy Hash: 3b79d28bf2b953872cdec07264acb22644aba77581bf2f0ddc1065f074e57a93
Instruction Fuzzy Hash: 34613AB2B003049BDB249F25ECA6B5A77A5BB89304F45043CF885EB345EBB9EC40C791

Function 00A99790 Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 451COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00A99840
_strrchr.LIBCMT ref: 00A99851
___from_strstr_to_strchr.LIBCMT ref: 00A99952
_strncpy.LIBCMT ref: 00A99989
___from_strstr_to_strchr.LIBCMT ref: 00A99A22
_strncpy.LIBCMT ref: 00A99A59
___from_strstr_to_strchr.LIBCMT ref: 00A99AFF
_strncpy.LIBCMT ref: 00A99B3A

Strings

ADF_LINK_PATH, xrefs: 00A9992E
CGNS_LINK_PATH, xrefs: 00A999FF
HDF5_LINK_PATH, xrefs: 00A99927, 00A99933

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ___from_strstr_to_strchr_strncpy$_strrchr
String ID: ADF_LINK_PATH$CGNS_LINK_PATH$HDF5_LINK_PATH
API String ID: 2378022753-7411010
Opcode ID: 6598f668612f72f05db7d80b547de5aff6a7662affa8c76a39412f111753f2f5
Instruction ID: 4cdfc97d0e59f1944b5d3551462b88be2375b104da98630f1079954cb91ca199
Opcode Fuzzy Hash: 6598f668612f72f05db7d80b547de5aff6a7662affa8c76a39412f111753f2f5
Instruction Fuzzy Hash: 09E12935B08352ABDF318F2C984077BB7E5AF95354F08026CDCD45B256E72AAD0AC792

Function 00EE89D0 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 447COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00EE8AA5
GetLastError.KERNEL32 ref: 00EE8D57
GetLastError.KERNEL32 ref: 00EE8F5C
GetLastError.KERNEL32 ref: 00EE8EB8

Part of subcall function 00EE7EB0: FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,?,00000100,00000000,4B9D888B,00000000,00000000), ref: 00EE7F06
Part of subcall function 00EE7EB0: LocalFree.KERNEL32(?,?), ref: 00EE7F25

GetLastError.KERNEL32 ref: 00EE8E18

Part of subcall function 00F02F66: __EH_prolog3.LIBCMT ref: 00F02F6D
Part of subcall function 00F02F66: std::_Lockit::_Lockit.LIBCPMT ref: 00F02F78
Part of subcall function 00F02F66: std::locale::_Setgloballocale.LIBCPMT ref: 00F02F93
Part of subcall function 00F02F66: std::_Lockit::~_Lockit.LIBCPMT ref: 00F02FE6

ChoosePixelFormat.GDI32(00000001,00010028,4B9D888B,00000001,00000000), ref: 00EE907F

Strings

Failed to retrieve pixel format information: , xrefs: 00EE8F8D
Failed to retrieve pixel format sRGB capability information: , xrefs: 00EE8EE9
Failed to enumerate pixel formats: , xrefs: 00EE8AD6
Failed to retrieve pixel format multisampling information: , xrefs: 00EE8D88
Failed to retrieve pixel format pbuffer information: , xrefs: 00EE8E48

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$FormatLockitstd::_$ChooseFreeH_prolog3LocalLockit::_Lockit::~_MessagePixelSetgloballocalestd::locale::_
String ID: Failed to enumerate pixel formats: $Failed to retrieve pixel format information: $Failed to retrieve pixel format multisampling information: $Failed to retrieve pixel format pbuffer information: $Failed to retrieve pixel format sRGB capability information:
API String ID: 4134588070-4035475359
Opcode ID: 1ebb38838ce54efbd554c3e0e81581980ec1cc59110c67badf20df05b4710cc7
Instruction ID: 7d4ace856178eec3333d2eb2ed85f42b6cda83536e8b80b71f3a168991040f7e
Opcode Fuzzy Hash: 1ebb38838ce54efbd554c3e0e81581980ec1cc59110c67badf20df05b4710cc7
Instruction Fuzzy Hash: F3028D71D00258DBEB24EF61DD45BAEB7F8BF14304F0481A9E489A6291DF749A84CFA1

Function 00EE9680 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 410COMMON

Download Yara Rule

APIs

GetPixelFormat.GDI32(?,4B9D888B,00000001,00000000,?,?,?,?,00EE4F83,00F4DB0D,000000FF), ref: 00EE96B5
GetLastError.KERNEL32(?,?,?,?,00EE4F83,00F4DB0D,000000FF), ref: 00EE98B6
GetLastError.KERNEL32(?,?,?,?,00EE4F83,00F4DB0D,000000FF), ref: 00EE96DC

Part of subcall function 00EE7EB0: FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,?,00000100,00000000,4B9D888B,00000000,00000000), ref: 00EE7F06
Part of subcall function 00EE7EB0: LocalFree.KERNEL32(?,?), ref: 00EE7F25

DescribePixelFormat.GDI32(?,00000000,00000028,?,?,?,?,?,00EE4F83,00F4DB0D,000000FF), ref: 00EE97BC
GetLastError.KERNEL32(?,?,?,?,00EE4F83,00F4DB0D,000000FF), ref: 00EE97E5

Part of subcall function 00F02F66: __EH_prolog3.LIBCMT ref: 00F02F6D
Part of subcall function 00F02F66: std::_Lockit::_Lockit.LIBCPMT ref: 00F02F78
Part of subcall function 00F02F66: std::locale::_Setgloballocale.LIBCPMT ref: 00F02F93
Part of subcall function 00F02F66: std::_Lockit::~_Lockit.LIBCPMT ref: 00F02FE6

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00EE4F83,00F4DB0D,000000FF), ref: 00EE999B
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00EE4F83,00F4DB0D,000000FF), ref: 00EE9A77

Strings

Failed to retrieve pixel format information: , xrefs: 00EE980D, 00EE98D9
Failed to retrieve pixel format sRGB capability information: , xrefs: 00EE9A9A
Failed to get selected pixel format: , xrefs: 00EE9704
Failed to retrieve pixel format multisampling information: , xrefs: 00EE99BE

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$Format$LockitPixelstd::_$DescribeFreeH_prolog3LocalLockit::_Lockit::~_MessageSetgloballocalestd::locale::_
String ID: Failed to get selected pixel format: $Failed to retrieve pixel format information: $Failed to retrieve pixel format multisampling information: $Failed to retrieve pixel format sRGB capability information:
API String ID: 2163429632-1213126278
Opcode ID: 9d11bbe5250ddb2e29d05fcdb9eb4d83621a1712272818b16dc00bc778561041
Instruction ID: 97c1ac9e93741992cd04bc23ec416ee95334dfa8ef00dae76809ffbc54a0ac91
Opcode Fuzzy Hash: 9d11bbe5250ddb2e29d05fcdb9eb4d83621a1712272818b16dc00bc778561041
Instruction Fuzzy Hash: 4BE1D5B19002489FDB14EFA1DD49BEE7BE8EF04304F10452DF815E7292EB79AA44DB61

Function 00EE90A0 Relevance: 19.5, APIs: 5, Strings: 6, Instructions: 281COMMON

Download Yara Rule

APIs

Part of subcall function 00EE89D0: GetLastError.KERNEL32 ref: 00EE8AA5

GetLastError.KERNEL32(?,?,4B9D888B,00000001,00000000), ref: 00EE9101

Part of subcall function 00EE7EB0: FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,?,00000100,00000000,4B9D888B,00000000,00000000), ref: 00EE7F06
Part of subcall function 00EE7EB0: LocalFree.KERNEL32(?,?), ref: 00EE7F25

DescribePixelFormat.GDI32(?,00000000,00000028,00000000,?,4B9D888B,00000001), ref: 00EE91CD
SetPixelFormat.GDI32(?,00000000,00010028,?,4B9D888B,00000001), ref: 00EE91DB
GetLastError.KERNEL32(?,?,4B9D888B,00000001), ref: 00EE9204

Part of subcall function 00F02F66: __EH_prolog3.LIBCMT ref: 00F02F6D
Part of subcall function 00F02F66: std::_Lockit::_Lockit.LIBCPMT ref: 00F02F78
Part of subcall function 00F02F66: std::locale::_Setgloballocale.LIBCPMT ref: 00F02F93
Part of subcall function 00F02F66: std::_Lockit::~_Lockit.LIBCPMT ref: 00F02FE6

GetLastError.KERNEL32(?,?,4B9D888B,00000000), ref: 00EE9345

Strings

Failed to set pixel format for device context: , xrefs: 00EE922C
%o, xrefs: 00EE90A0
Setting vertical sync failed: , xrefs: 00EE936D
Failed to find a suitable pixel format for device context: , xrefs: 00EE9129
Cannot create OpenGL context, xrefs: 00EE915A, 00EE925D
Setting vertical sync not supported, xrefs: 00EE93D4

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$Format$LockitPixelstd::_$DescribeFreeH_prolog3LocalLockit::_Lockit::~_MessageSetgloballocalestd::locale::_
String ID: %o$Cannot create OpenGL context$Failed to find a suitable pixel format for device context: $Failed to set pixel format for device context: $Setting vertical sync failed: $Setting vertical sync not supported
API String ID: 2163429632-1488007771
Opcode ID: e074064e3383ea342c510a9d7df6ed53611360aa8113a1b1a1c2153d931ff492
Instruction ID: 540df0ff4e9a61fd53caf4707025ae2999c1f7e12f21c0c3c8564298a90a6616
Opcode Fuzzy Hash: e074064e3383ea342c510a9d7df6ed53611360aa8113a1b1a1c2153d931ff492
Instruction Fuzzy Hash: 76A1B6B1E00248AFDF14EFA1DD5ABAE7BF8EF44304F04042DF505A7292EA75A944DB61

Function 00CAEF20 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 172libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll,RtlVerifyVersionInfo), ref: 00CAEF4E
GetProcAddress.KERNEL32(00000000), ref: 00CAEF55
VerSetConditionMask.KERNEL32(00000000,00000000,00000002,?), ref: 00CAF021
VerSetConditionMask.KERNEL32(00000000,?,00000001,?), ref: 00CAF02B
VerSetConditionMask.KERNEL32(00000000,?,00000010,?,?,00000020,?,?,00000001,?), ref: 00CAF048
VerSetConditionMask.KERNEL32(00000000,?,00000008,00000001,?,00000010,?,?,00000020,?,?,00000001,?), ref: 00CAF054
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 00CAF07C
VerifyVersionInfoW.KERNEL32(?,00000004,00000000), ref: 00CAF109

Strings

RtlVerifyVersionInfo, xrefs: 00CAEF44
ntdll, xrefs: 00CAEF49
DMw, xrefs: 00CAEF5B, 00CAF05B, 00CAF0D4

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersion$AddressHandleModuleProc
String ID: DMw$RtlVerifyVersionInfo$ntdll
API String ID: 574519269-945717450
Opcode ID: c94be22665028c731257e146d3beaa6e7904a7a08d1488367c6b12c08ac96d92
Instruction ID: 21d94947193e9138773d4db2022c53907a62f0a11006670ab77ad61e88344c35
Opcode Fuzzy Hash: c94be22665028c731257e146d3beaa6e7904a7a08d1488367c6b12c08ac96d92
Instruction Fuzzy Hash: 72512A71648341AFD7309BA4DC45BAF7BD8AFCA304F04482EF6C8972D1CA759941DB52

Function 00EEB660 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Shcore.dll,00000000,00EEA2FC), ref: 00EEB666
GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 00EEB678
FreeLibrary.KERNEL32(00000000), ref: 00EEB6A7
LoadLibraryW.KERNEL32(user32.dll), ref: 00EEB6B2
GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 00EEB6C4
FreeLibrary.KERNEL32(00000000), ref: 00EEB6EE

Strings

Shcore.dll, xrefs: 00EEB661
SetProcessDpiAwareness, xrefs: 00EEB672
SetProcessDPIAware, xrefs: 00EEB6BE
user32.dll, xrefs: 00EEB6AD
Failed to set process DPI awareness, xrefs: 00EEB68D, 00EEB6D4

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: Failed to set process DPI awareness$SetProcessDPIAware$SetProcessDpiAwareness$Shcore.dll$user32.dll
API String ID: 145871493-3323015136
Opcode ID: af4b500afc5b916aa13e77d4597c9a5a1db2ac84e86552508e62a5a0955b5ebe
Instruction ID: 81c116b1f84fbe2d212459f8309dc3f25b08612380d626e60e7d00579b02fa8e
Opcode Fuzzy Hash: af4b500afc5b916aa13e77d4597c9a5a1db2ac84e86552508e62a5a0955b5ebe
Instruction Fuzzy Hash: 3BF0C870A4572767C9113BB36C5EE5F39084E42B45B081524FD45F5022EF69CA0091AE

Function 00EE7BF0 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 177COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,4B9D888B,00000000,?), ref: 00EE7CC7

Part of subcall function 00EE7EB0: FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,?,00000100,00000000,4B9D888B,00000000,00000000), ref: 00EE7F06
Part of subcall function 00EE7EB0: LocalFree.KERNEL32(?,?), ref: 00EE7F25

GetLastError.KERNEL32(?,?,4B9D888B,00000000,?), ref: 00EE7D6C

Part of subcall function 00F02F66: __EH_prolog3.LIBCMT ref: 00F02F6D
Part of subcall function 00F02F66: std::_Lockit::_Lockit.LIBCPMT ref: 00F02F78
Part of subcall function 00F02F66: std::locale::_Setgloballocale.LIBCPMT ref: 00F02F93
Part of subcall function 00F02F66: std::_Lockit::~_Lockit.LIBCPMT ref: 00F02FE6

GetModuleHandleW.KERNEL32(00000000,00000000,4B9D888B,00000000,?), ref: 00EE7DE8
CreateWindowExA.USER32(00000000,STATIC,01058936,88000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00EE7E0E
ShowWindow.USER32(00000000,00000000), ref: 00EE7E1A
GetDC.USER32(?), ref: 00EE7E23

Part of subcall function 00EE89D0: GetLastError.KERNEL32 ref: 00EE8AA5

Strings

%o, xrefs: 00EE7E29, 00EE7C54
Failed to create pixel buffer: , xrefs: 00EE7D96
Failed to retrieve pixel buffer device context: , xrefs: 00EE7CF1
STATIC, xrefs: 00EE7E07

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$LockitWindowstd::_$CreateFormatFreeH_prolog3HandleLocalLockit::_Lockit::~_MessageModuleSetgloballocaleShowstd::locale::_
String ID: %o$Failed to create pixel buffer: $Failed to retrieve pixel buffer device context: $STATIC
API String ID: 4225381585-2666015027
Opcode ID: d82525b5bd8a8d2d97198a15c3ddb9310f7db8ef4541f90c3cd2d56155619c8d
Instruction ID: a3dbddfcb75e62c91e30a6f206bf42d1d8010291c6745e3bf1c7bc8f13c196cd
Opcode Fuzzy Hash: d82525b5bd8a8d2d97198a15c3ddb9310f7db8ef4541f90c3cd2d56155619c8d
Instruction Fuzzy Hash: 4C61B3B1900348EFDB20EFA1DD45BAE7BB8BF04300F10052DF946A7681EB75AA44DB61

Function 00A415D0 Relevance: 15.1, APIs: 10, Instructions: 124synchronizationthreadinjectionCOMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF), ref: 00A4162D
CloseHandle.KERNEL32(?), ref: 00A41636
TerminateThread.KERNEL32(?,00000000), ref: 00A41652
QueueUserAPC.KERNEL32(00A40E70,?,00000000), ref: 00A4165F
WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A4166A
CloseHandle.KERNEL32(?), ref: 00A4167A
DeleteCriticalSection.KERNEL32(?), ref: 00A416E1
CloseHandle.KERNEL32(?), ref: 00A416EF
CloseHandle.KERNEL32(00000000), ref: 00A416FB
CloseHandle.KERNEL32(?), ref: 00A41710

Part of subcall function 00A41C40: PostQueuedCompletionStatus.KERNEL32(?,00000001,00000001,00000001,?,?,?,?,?,?,4B9D888B), ref: 00A41C7C
Part of subcall function 00A41C40: GetLastError.KERNEL32(?,?,?,?,?,?,4B9D888B), ref: 00A41C8A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandle$Wait$CompletionCriticalDeleteErrorLastMultipleObjectObjectsPostQueueQueuedSectionSingleStatusTerminateThreadUser
String ID:
API String ID: 3440998551-0
Opcode ID: a278883f5132afcc029a5bef7dd975d085598323316d1191ef0b26dccd13c987
Instruction ID: c2ab1669c7650e59152c30d0eab93d49a2f375b96625f55c575ff2aa932939e6
Opcode Fuzzy Hash: a278883f5132afcc029a5bef7dd975d085598323316d1191ef0b26dccd13c987
Instruction Fuzzy Hash: 05419775A0070AABDB20DF64CC41B6BFBB8FF84710F10062CE95997680EB35E840DBA0

Function 00EE5580 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 243COMMON

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE5600
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE5632
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE5664
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE56C3

Strings

glGetIntegerv, xrefs: 00EE5612
glGetStringi, xrefs: 00EE56A2
glGetString, xrefs: 00EE5644
glGetError, xrefs: 00EE55DF

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::details::_Lock::_ReaderScoped_lockScoped_lock::~_Writer
String ID: glGetError$glGetIntegerv$glGetString$glGetStringi
API String ID: 3530792890-188455454
Opcode ID: 2445dd685c1c366643b442890511f4189d91cb4e9680d7c4f1683d5a37edb959
Instruction ID: 6b65b9a80c0ce3a4c7133e545c986c65e6614db01467c7cb4425a53ac08baa74
Opcode Fuzzy Hash: 2445dd685c1c366643b442890511f4189d91cb4e9680d7c4f1683d5a37edb959
Instruction Fuzzy Hash: 9C911572D006499BDF14DFA4DC55BEEBBB0FF05318F245229E8417B281EB745A81CBA0

Function 00A502A0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 229COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A50349
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A50398
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00A504DC
std::_Lockit::~_Lockit.LIBCPMT ref: 00A50574
Concurrency::cancel_current_task.LIBCPMT ref: 00A505A6

Strings

false, xrefs: 00A50436
bad locale name, xrefs: 00A5059C
true, xrefs: 00A5044C

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Locinfo::_Lockit$Concurrency::cancel_current_taskLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
String ID: bad locale name$false$true
API String ID: 3204333896-1062449267
Opcode ID: 2b902af3e392153bdb682d2216eb06119777ef66884c45a990bf26ab371a03da
Instruction ID: f73ef5280aa4843aacb21929a165860e83ec88bd0809a72ac7ec85b5d4af32e0
Opcode Fuzzy Hash: 2b902af3e392153bdb682d2216eb06119777ef66884c45a990bf26ab371a03da
Instruction Fuzzy Hash: 9A9164B1D00348DBEB10DFA4CD45BDEB7B8BF14304F148169E845AB241FB799A48DBA1

Function 00F0BA87 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00F0BA8E
_Maklocstr.LIBCPMT ref: 00F0BAF7
_Maklocstr.LIBCPMT ref: 00F0BB09
_Maklocchr.LIBCPMT ref: 00F0BB21
_Maklocchr.LIBCPMT ref: 00F0BB31
_Getvals.LIBCPMT ref: 00F0BB53

Part of subcall function 00F053D6: _Maklocchr.LIBCPMT ref: 00F05405
Part of subcall function 00F053D6: _Maklocchr.LIBCPMT ref: 00F0541B

Strings

false, xrefs: 00F0BAF2
true, xrefs: 00F0BB04

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
String ID: false$true
API String ID: 3549167292-2658103896
Opcode ID: 6884912a08837e0d3172b1dae24df68e1804cd60600935400fd6257c878e2892
Instruction ID: b1436917c84329a32743953931c669a71a45e7fef20a5c3a380dc77321ecbb9b
Opcode Fuzzy Hash: 6884912a08837e0d3172b1dae24df68e1804cd60600935400fd6257c878e2892
Instruction Fuzzy Hash: A9217171D00214AADF14EFA5DC45ADF7BB8EF04710F04801AB915AF282DBB48544EFA1

Function 00AC4C70 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 338COMMON

Download Yara Rule

Strings

B, xrefs: 00AC503D
OLD, xrefs: 00AC4EAF
NEW, xrefs: 00AC4EDF
READ_ONLY, xrefs: 00AC4E08
SCRATCH, xrefs: 00AC4CB1, 00AC4F0C, 00AC4FC4
UNKNOWN, xrefs: 00AC4F3B

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: B$NEW$OLD$READ_ONLY$SCRATCH$UNKNOWN
API String ID: 0-802150377
Opcode ID: fd56bcb82dc7d82da0629f1ac4e3a3604447f69a816a099d055bae4edf55c66b
Instruction ID: 8ce03a9ad9dd531172fb66c73a1ed056110e5b10e7d5262bf91d0ad55b1b667a
Opcode Fuzzy Hash: fd56bcb82dc7d82da0629f1ac4e3a3604447f69a816a099d055bae4edf55c66b
Instruction Fuzzy Hash: 2DD1F874A043008FDB20DF28E891F6A77E1BF58718F05456DF8858B396EB7AD814DB92

Function 00A3D9B0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A3DA39
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A3DA8E
__Getctype.LIBCPMT ref: 00A3DAA7
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00A3DAF1
std::_Lockit::~_Lockit.LIBCPMT ref: 00A3DB8F
__Getctype.LIBCPMT ref: 00A3DBCD

Strings

bad locale name, xrefs: 00A3DBAD

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$GetctypeLocinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 888940092-1405518554
Opcode ID: 30d2d60a9fdd13abe0552837a684516ada54536cf74a27f1410e62be4ed65fc7
Instruction ID: e2b95f81dab35771b5687504fecefb3e6d1f537c52fa8b17dc0850c6346503f1
Opcode Fuzzy Hash: 30d2d60a9fdd13abe0552837a684516ada54536cf74a27f1410e62be4ed65fc7
Instruction Fuzzy Hash: 7E6192B1C04758CBEB20DF64DD41B9AF7B8BF14314F148269E849A7242EB35EA44DB51

Function 00A3D620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A3D6A3
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A3D6EF
__Getctype.LIBCPMT ref: 00A3D708
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00A3D724
std::_Lockit::~_Lockit.LIBCPMT ref: 00A3D7B9
__Getctype.LIBCPMT ref: 00A3D7FD

Strings

bad locale name, xrefs: 00A3D7D7

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$GetctypeLocinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 888940092-1405518554
Opcode ID: 667611eba59b7d77a14c4ac7bcd4a87dc7ccc14ed0a46fd7b6ed559a83574deb
Instruction ID: 82b069c9930bec1c1636802fa4e89fb3591ddcd6b573aa24fa1558a6da69295c
Opcode Fuzzy Hash: 667611eba59b7d77a14c4ac7bcd4a87dc7ccc14ed0a46fd7b6ed559a83574deb
Instruction Fuzzy Hash: F95191B1D00258DBEF10DFA4EC4579EBBB8AF14314F144169EC45AB381EB39EA04D7A2

Function 00AC3B70 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f432bad1a6148b8284ce700591c1df4c46b5fc3b72c60a03088a45bd613a904
Instruction ID: 81a3e94c5f2b37c6eebcd1b62040ce1d6836530d1bdfb0bd8e037df503c96a73
Opcode Fuzzy Hash: 3f432bad1a6148b8284ce700591c1df4c46b5fc3b72c60a03088a45bd613a904
Instruction Fuzzy Hash: E3B19BB5A05B05DFD724CF28E980B65BBF0FB48310F00851DE98897369D77BAA58CB91

Function 00EE3750 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 452COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00EE388D
Concurrency::cancel_current_task.LIBCPMT ref: 00EE3892
Concurrency::cancel_current_task.LIBCPMT ref: 00EE3897

Strings

false, xrefs: 00EE3819
true, xrefs: 00EE3843
ios_base::badbit set, xrefs: 00EE37DE, 00EE37F6, 00EE38BE, 00EE3991

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: false$ios_base::badbit set$true
API String ID: 118556049-1679644946
Opcode ID: 5f77333f7e29c81ba3d097b53af89c6f7ad0d9dc1fb21422b142c8fb59f35b39
Instruction ID: 2471d32238c0e03d32b3f123fe18b28d97181ed6f5074fd9187b62fd0f6a4ccb
Opcode Fuzzy Hash: 5f77333f7e29c81ba3d097b53af89c6f7ad0d9dc1fb21422b142c8fb59f35b39
Instruction Fuzzy Hash: E7F1BE75900289AFDB24CFA5C888BEEBBB5FF48304F144169E845AB341D735EE45CBA1

Function 00F3CDA2 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00F3CE28

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7ebec3b9d4e3e45345601afc590811118241b2810f2bdc30abf7bab6a40d0ef5
Instruction ID: ec105aff84274ab26754d90175cddfe5c5db3b56a11dbcb5a76351ab56de634a
Opcode Fuzzy Hash: 7ebec3b9d4e3e45345601afc590811118241b2810f2bdc30abf7bab6a40d0ef5
Instruction Fuzzy Hash: A6B15472E04355AFDB25CF28CC81BAEBBA5EF55730F144156E804AB282D374D942E7E0

Function 00F18BB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00F18BE7
___except_validate_context_record.LIBVCRUNTIME ref: 00F18BEF
_ValidateLocalCookies.LIBCMT ref: 00F18C78
__IsNonwritableInCurrentImage.LIBCMT ref: 00F18CA3
_ValidateLocalCookies.LIBCMT ref: 00F18CF8

Strings

csm, xrefs: 00F18C8D

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: b40ba639ddc445d0ed60b3d1bf7ee374aae0a702d4d9af542288a90d122370e7
Instruction ID: 0d07cc7e3cf98681ddcec30e787f2338d83eea09dc3bad116130e77432dacac7
Opcode Fuzzy Hash: b40ba639ddc445d0ed60b3d1bf7ee374aae0a702d4d9af542288a90d122370e7
Instruction Fuzzy Hash: 6241C574E012089BCF10DF69C980ADEBBB5AF45364F148155E8189B352DB36DA86DBE0

Function 00C6E350 Relevance: 10.6, APIs: 7, Instructions: 92synchronizationCOMMON

Download Yara Rule

APIs

GetAddrInfoExCancel.WS2_32(?), ref: 00C6E369
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00C6E37E
CloseHandle.KERNEL32(?), ref: 00C6E386
EnterCriticalSection.KERNEL32(?,00000734,?,00000088,00000000,00C7560A,00000088), ref: 00C6E500
LeaveCriticalSection.KERNEL32(?,?,00000088,00000000,00C7560A,00000088), ref: 00C6E513
CloseHandle.KERNEL32(00000000,?,00000088,00000000,00C7560A,00000088), ref: 00C6E524
closesocket.WS2_32(?), ref: 00C6E5A0

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CloseCriticalHandleSection$AddrCancelEnterInfoLeaveObjectSingleWaitclosesocket
String ID:
API String ID: 621017667-0
Opcode ID: f1e6249664d01124285df1b993ab9a59ba52760a0bd088ef5b56a64d26170799
Instruction ID: ae1f7e0eef716a25e56119a06f71ac42743e6cb0f1fafd1207bac7e4088a7d79
Opcode Fuzzy Hash: f1e6249664d01124285df1b993ab9a59ba52760a0bd088ef5b56a64d26170799
Instruction Fuzzy Hash: C931E4B9500701EFEB20AF68DC48746BBA8FF04315F144426F81687361EB31F950DBA2

Function 00F2B31B Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f9c33e32d7f159a3e55b97967b17a59e45d64d7a385fda8bdb285eba44902d0
Instruction ID: 2e06d5a774cbb6c72528fc1ef5f6339431702f08f3604a2227d45c53167c1cb8
Opcode Fuzzy Hash: 9f9c33e32d7f159a3e55b97967b17a59e45d64d7a385fda8bdb285eba44902d0
Instruction Fuzzy Hash: 12B11371E08229AFDB11DF98F891BAE7BB0FF45320F184198FD549B286C7749941EB60

Function 00A46EB0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A46F6C
std::_Lockit::_Lockit.LIBCPMT ref: 00A46F90
std::_Lockit::~_Lockit.LIBCPMT ref: 00A46FB1
std::_Facet_Register.LIBCPMT ref: 00A4703F
std::_Lockit::~_Lockit.LIBCPMT ref: 00A47057

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 70347e09d0bbed04b94dd695bacda017132aaffc08bdf9555e403db0b6efe071
Instruction ID: 6888730c8d077bfe1504356a91d3e8b65720436c59c7c420a33931191a62852c
Opcode Fuzzy Hash: 70347e09d0bbed04b94dd695bacda017132aaffc08bdf9555e403db0b6efe071
Instruction Fuzzy Hash: 0B917874A01218DFCB14CF68D584AAEBBF4FF88714F14805AE845AB391DB36AD05DF90

Function 00F164D8 Relevance: 9.2, APIs: 6, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00F16521
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00F1658C
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F165A9
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00F165E8
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F16647
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00F1666A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 623f64a006c40e666f8a301b1e7a161f847571e3511291fe1bf32cb2b7a7aa76
Instruction ID: e6a61172a655e0210cb27d64ae2e27ae516b42551a2e2ffd7ef014a13e01eacc
Opcode Fuzzy Hash: 623f64a006c40e666f8a301b1e7a161f847571e3511291fe1bf32cb2b7a7aa76
Instruction Fuzzy Hash: 7451BF7290021AABEF209F64DC45FEB7BB9EF44760F154129F904EA150EB35DD90EBA0

Function 00A4DCD0 Relevance: 9.1, APIs: 6, Instructions: 133COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00A3C24E
std::_Lockit::_Lockit.LIBCPMT ref: 00A4DD06
std::_Lockit::_Lockit.LIBCPMT ref: 00A4DD29
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4DD49
std::_Facet_Register.LIBCPMT ref: 00A4DDBB
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4DDD3
Concurrency::cancel_current_task.LIBCPMT ref: 00A4DDF6

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register___std_exception_copy
String ID:
API String ID: 3769306679-0
Opcode ID: 6baf841ae7f0bb9c9dcc98ba5c3463bdded9742e6fe0db27a7f90e6522f0dad3
Instruction ID: 3a91b07c58bb35678bee191210bb9154c517041d49a342ade0078cfe4df61b98
Opcode Fuzzy Hash: 6baf841ae7f0bb9c9dcc98ba5c3463bdded9742e6fe0db27a7f90e6522f0dad3
Instruction Fuzzy Hash: C441F575D012199FCF24DF54E851BAEB7B4FB84720F14426AF805A7382EB39AD44DB90

Function 00A4CAE0 Relevance: 9.1, APIs: 6, Instructions: 127COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A4CB16
std::_Lockit::_Lockit.LIBCPMT ref: 00A4CB39
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4CB59
std::_Facet_Register.LIBCPMT ref: 00A4CBCB
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4CBE3
Concurrency::cancel_current_task.LIBCPMT ref: 00A4CC06

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 9a1a4301e4eb2382e0aa172e5dd909a0a0f26a9eb642524d2c2ee964ece95917
Instruction ID: 8bfbd5b438de20043fb740400d735ccd701928c88d971747f49e00c80c0218b8
Opcode Fuzzy Hash: 9a1a4301e4eb2382e0aa172e5dd909a0a0f26a9eb642524d2c2ee964ece95917
Instruction Fuzzy Hash: 6841A175A012199FCB64CF94E891BAEB7B4FB84730F148219E84DA7381D735AD01CB90

Function 00A4C8E0 Relevance: 9.1, APIs: 6, Instructions: 120COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A4C927
std::_Lockit::_Lockit.LIBCPMT ref: 00A4C949
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4C969
std::_Facet_Register.LIBCPMT ref: 00A4C9D8
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4C9F4
Concurrency::cancel_current_task.LIBCPMT ref: 00A4CA3A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: d7ca8137a00539b1e71810cb5e7c407eed0e8c71b90cbefafd9535041852f508
Instruction ID: 53585a1b01c4d83de5713de95b32533a6eec57bd3aa779c6492733b8f6ba402c
Opcode Fuzzy Hash: d7ca8137a00539b1e71810cb5e7c407eed0e8c71b90cbefafd9535041852f508
Instruction Fuzzy Hash: C341C375A01219DFCB60DF94D485BAEBBB4FF58720F14815AE849A7392DB35AD00CBA0

Function 00A4DBA0 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A4DBD6
std::_Lockit::_Lockit.LIBCPMT ref: 00A4DBF9
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4DC19
std::_Facet_Register.LIBCPMT ref: 00A4DC8B
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4DCA3
Concurrency::cancel_current_task.LIBCPMT ref: 00A4DCC6

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 4c7a53a2f9c1293267b60775af4dd3f04202112ccc71a936e9a45c0c84563b41
Instruction ID: d242512cc2eb95005e02a83140863a7658ec9bbd5749ac6545c081f3228fe707
Opcode Fuzzy Hash: 4c7a53a2f9c1293267b60775af4dd3f04202112ccc71a936e9a45c0c84563b41
Instruction Fuzzy Hash: DE419F75E0021ACFCB25DFA4D985BAEBBB4FB44720F14825AE84567381DB79AD00DBD0

Function 00A4EBC0 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A4EBF6
std::_Lockit::_Lockit.LIBCPMT ref: 00A4EC19
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4EC39
std::_Facet_Register.LIBCPMT ref: 00A4ECAB
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4ECC3
Concurrency::cancel_current_task.LIBCPMT ref: 00A4ECE6

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 88708e1c9102e6984d557e8f4d68225d369af7e085a821877055d116dc50fe84
Instruction ID: 92807bdf07c29f795a00e4c50d94614a82b9fad70c494bbe43cbed38f4405805
Opcode Fuzzy Hash: 88708e1c9102e6984d557e8f4d68225d369af7e085a821877055d116dc50fe84
Instruction Fuzzy Hash: 03418B75D0021ACFDB24DF54D985AAEB7B4FB44720F14825EE84567385DB39A900CBD1

Function 00A4CE30 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A4CE66
std::_Lockit::_Lockit.LIBCPMT ref: 00A4CE89
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4CEA9
std::_Facet_Register.LIBCPMT ref: 00A4CF1B
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4CF33
Concurrency::cancel_current_task.LIBCPMT ref: 00A4CF56

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 361187ab05becc7801a79c29dfc4ef07344d0f82700b194ae0ce953f8543126d
Instruction ID: 70af6380673d5ce2a21905534ef992b023bbea47e4714c97533fd3b7ac329552
Opcode Fuzzy Hash: 361187ab05becc7801a79c29dfc4ef07344d0f82700b194ae0ce953f8543126d
Instruction Fuzzy Hash: FB41CC75E0121ADFDB65CF94D941BAEBBB4FB84720F14821AE84977381DB38AD00CB90

Function 00A4EFB0 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A4EFE6
std::_Lockit::_Lockit.LIBCPMT ref: 00A4F009
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4F029
std::_Facet_Register.LIBCPMT ref: 00A4F09B
std::_Lockit::~_Lockit.LIBCPMT ref: 00A4F0B3
Concurrency::cancel_current_task.LIBCPMT ref: 00A4F0D6

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 2ca8bd4f47f74fa9c5d972242586141b1cd75d5eb1133268a5435fc6f2c06659
Instruction ID: 7b141a4a3c0d418fada2e005cd92aa03889f555188cf52f77ebd658e08c1633c
Opcode Fuzzy Hash: 2ca8bd4f47f74fa9c5d972242586141b1cd75d5eb1133268a5435fc6f2c06659
Instruction Fuzzy Hash: 8D419176900219CFCB21DF94D941BAEB7B4FBC4720F14826AE84567382EB79AD00CBD1

Function 00EE2E30 Relevance: 9.1, APIs: 6, Instructions: 98COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00EE2E5D
std::_Lockit::_Lockit.LIBCPMT ref: 00EE2E80
std::_Lockit::~_Lockit.LIBCPMT ref: 00EE2EA0
std::_Facet_Register.LIBCPMT ref: 00EE2F15
std::_Lockit::~_Lockit.LIBCPMT ref: 00EE2F2D
Concurrency::cancel_current_task.LIBCPMT ref: 00EE2F46

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 242c53e12ae4bb7450162ecf795d8226fcaf45e46dc9ea7c707f1d130b75654b
Instruction ID: 01317dd0587eef792a05a033c55558c741090ee750a7c2d0d9f092cff1887e9c
Opcode Fuzzy Hash: 242c53e12ae4bb7450162ecf795d8226fcaf45e46dc9ea7c707f1d130b75654b
Instruction Fuzzy Hash: CB31DE72A0026ADFCB21CF54D880BAEBBB8FF04324F14425AE955B7391DB35AD40DB91

Function 00AB54E0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 318COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00AB583E
_strncpy.LIBCMT ref: 00AB58D8

Strings

K, xrefs: 00AB5692
L, xrefs: 00AB5688
%s, xrefs: 00AB5541, 00AB5591, 00AB5606, 00AB5669, 00AB56C9, 00AB5746, 00AB57D1

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ___from_strstr_to_strchr_strncpy
String ID: %s$K$L
API String ID: 19282097-452073694
Opcode ID: 939b23f20b985f62b4b308503ce6d44bd2221f3eeaedcab12cc812f382ce1849
Instruction ID: 438d45a3abf76c46f50a064d269b01d3cc2d1baca5519a76aa980d9c78a1cf98
Opcode Fuzzy Hash: 939b23f20b985f62b4b308503ce6d44bd2221f3eeaedcab12cc812f382ce1849
Instruction Fuzzy Hash: 08B1E371904640AFE730EBB4DC41FFBB7ACAF94315F440A2DF49986193EA35950497A3

Function 00A3F190 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 310windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000,4B9D888B), ref: 00A3F1FD
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 00A3F26E
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,?,?,00000000,00000000), ref: 00A3F3DD
LocalFree.KERNEL32(00000000,-00000001,00000000), ref: 00A3F51E

Strings

Unknown error (%d), xrefs: 00A3F208, 00A3F287, 00A3F3F6

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$FormatFreeLocalMessage
String ID: Unknown error (%d)
API String ID: 1902725900-1458610041
Opcode ID: e2c4295220d619cdeee410f61bfa53538f6b15e383a7685b8f4d7b3b26302a1c
Instruction ID: 92ce0f40209d5ec57848520ce33d7b4919fd128349237eeb6d665d458c22b82c
Opcode Fuzzy Hash: e2c4295220d619cdeee410f61bfa53538f6b15e383a7685b8f4d7b3b26302a1c
Instruction Fuzzy Hash: 3EB1A070D103099FDB24DF64CC55BAEB7B5FF45304F24826EF429AB282EB74A9848B51

Function 00F1B683 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00F1B67A,00F18F8E,00F00506,4B9D888B,?,?,?,00000000,00F4E0B5,000000FF,?,00A4095A,00000000), ref: 00F1B691
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F1B69F
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F1B6B8
SetLastError.KERNEL32(00000000,?,00F1B67A,00F18F8E,00F00506,4B9D888B,?,?,?,00000000,00F4E0B5,000000FF,?,00A4095A,00000000), ref: 00F1B70A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 01faf64e713c55fabed75bbdbcb03ec88cb3806e6a8be377747bab57030124a8
Instruction ID: 4aa61426d6bc8567f540da3504b718e7f14ac06666e0a7865d1cf97ad2501b11
Opcode Fuzzy Hash: 01faf64e713c55fabed75bbdbcb03ec88cb3806e6a8be377747bab57030124a8
Instruction Fuzzy Hash: F50120726097259ED6342A75BCC59E63794EB26775320423EF110C20F0EF5F4C80B2D0

Function 00F082D8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F082DF
std::_Lockit::_Lockit.LIBCPMT ref: 00F082E9

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

moneypunct.LIBCPMT ref: 00F08323
std::_Facet_Register.LIBCPMT ref: 00F0833A
std::_Lockit::~_Lockit.LIBCPMT ref: 00F0835A
Concurrency::cancel_current_task.LIBCPMT ref: 00F08367

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: e62817e86bec0bbf873007bbefb950230b9a7ef9eb7c7ad7e201c2c9e4455d34
Instruction ID: 59c298103765dc45fa0fe777dc3d8a3635db2028163ca296774aee71daea2e04
Opcode Fuzzy Hash: e62817e86bec0bbf873007bbefb950230b9a7ef9eb7c7ad7e201c2c9e4455d34
Instruction Fuzzy Hash: 110161329001199BCB05AB64DD166AEB771BF84B60F284509F4556B2C1DF789E02BB91

Function 00F08243 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F0824A
std::_Lockit::_Lockit.LIBCPMT ref: 00F08254

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

moneypunct.LIBCPMT ref: 00F0828E
std::_Facet_Register.LIBCPMT ref: 00F082A5
std::_Lockit::~_Lockit.LIBCPMT ref: 00F082C5
Concurrency::cancel_current_task.LIBCPMT ref: 00F082D2

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 7e6a5a1c6f1ca8d6ddc15bc10fa78f3cab7c77228e1a4eb41d48d00fac3b5713
Instruction ID: 48d8bf7234f54a539672ab62ca80d1acd6f1d479cdf0e434f66db04cfcda3dc0
Opcode Fuzzy Hash: 7e6a5a1c6f1ca8d6ddc15bc10fa78f3cab7c77228e1a4eb41d48d00fac3b5713
Instruction Fuzzy Hash: 6D01C431A00519CBCB05EB64CD166BEB771BF84760F244009F4516B3C2DF789E02BB90

Function 00F0836D Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F08374
std::_Lockit::_Lockit.LIBCPMT ref: 00F0837E

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

moneypunct.LIBCPMT ref: 00F083B8
std::_Facet_Register.LIBCPMT ref: 00F083CF
std::_Lockit::~_Lockit.LIBCPMT ref: 00F083EF
Concurrency::cancel_current_task.LIBCPMT ref: 00F083FC

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: c304498131de7408bfdff86f4ba7427836941338af2075eec3657e342260e31a
Instruction ID: b4fa9559d12f34f06f3ddd56e1335c93db556cee479136306af12985ec077f19
Opcode Fuzzy Hash: c304498131de7408bfdff86f4ba7427836941338af2075eec3657e342260e31a
Instruction Fuzzy Hash: F4018432900219CBCB05EB64DE567AEB7B5BF84760F240009F8516B3D2DF789A02BB91

Function 00F08402 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F08409
std::_Lockit::_Lockit.LIBCPMT ref: 00F08413

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

moneypunct.LIBCPMT ref: 00F0844D
std::_Facet_Register.LIBCPMT ref: 00F08464
std::_Lockit::~_Lockit.LIBCPMT ref: 00F08484
Concurrency::cancel_current_task.LIBCPMT ref: 00F08491

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 8c6367c37c9d9ca2a58edc2b5ca2b9ba511e64e5a93b4edc970351e30c3d7364
Instruction ID: bc9b5b1a2ee29a8cc781b42c84e53091140da41f7357cb80f2b9188966e46e9d
Opcode Fuzzy Hash: 8c6367c37c9d9ca2a58edc2b5ca2b9ba511e64e5a93b4edc970351e30c3d7364
Instruction Fuzzy Hash: 9101C435D0021ACBCB05EB64CD566AEB771BF44760F284009F4516B3C1DF789A02BB91

Function 00F08656 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F0865D
std::_Lockit::_Lockit.LIBCPMT ref: 00F08667

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

numpunct.LIBCPMT ref: 00F086A1
std::_Facet_Register.LIBCPMT ref: 00F086B8
std::_Lockit::~_Lockit.LIBCPMT ref: 00F086D8
Concurrency::cancel_current_task.LIBCPMT ref: 00F086E5

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
String ID:
API String ID: 3064348918-0
Opcode ID: 3423e4bee7046f7619806282fe429e315ce9ecb466c7d0751539115912f3c50d
Instruction ID: 90d9b52eab7d93a9113787848470e29d6024bbad4064241977a954f69157d914
Opcode Fuzzy Hash: 3423e4bee7046f7619806282fe429e315ce9ecb466c7d0751539115912f3c50d
Instruction Fuzzy Hash: C2016132900215CBCB05AB64DD1A6AEB7B5BF84760F254009F8526B3C1DF799D02BB91

Function 00F12A87 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F12A8E
std::_Lockit::_Lockit.LIBCPMT ref: 00F12A98

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

messages.LIBCPMT ref: 00F12AD2
std::_Facet_Register.LIBCPMT ref: 00F12AE9
std::_Lockit::~_Lockit.LIBCPMT ref: 00F12B09
Concurrency::cancel_current_task.LIBCPMT ref: 00F12B16

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: 7b6df1b303552d6365fdfdfc339ac9124238ab6313beca476d198e27ad7ff1f3
Instruction ID: 6db276d8b27e3e280b3cad10eecde6e87be07e728e8437c68bf56668f02df594
Opcode Fuzzy Hash: 7b6df1b303552d6365fdfdfc339ac9124238ab6313beca476d198e27ad7ff1f3
Instruction Fuzzy Hash: F001C032A002198FCB15EBA4DD566AEB7B1BF84720F240009F4116B3C1DF389A41AB90

Function 00F12CDB Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F12CE2
std::_Lockit::_Lockit.LIBCPMT ref: 00F12CEC

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

moneypunct.LIBCPMT ref: 00F12D26
std::_Facet_Register.LIBCPMT ref: 00F12D3D
std::_Lockit::~_Lockit.LIBCPMT ref: 00F12D5D
Concurrency::cancel_current_task.LIBCPMT ref: 00F12D6A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: 717863e7048280160c6d47aab8d2611a1c57fe1d71e8f0fe84d3bede6c9e93ee
Instruction ID: 23bf9acfabd73c4d481debb8c80db252e77c9ae62930aa74b55c5dfca44dcf20
Opcode Fuzzy Hash: 717863e7048280160c6d47aab8d2611a1c57fe1d71e8f0fe84d3bede6c9e93ee
Instruction Fuzzy Hash: 86018032D0021A9BCB15EBA4DD167AEB775BF94720F240009F8116B3D2DF789A42AB91

Function 00F12C46 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F12C4D
std::_Lockit::_Lockit.LIBCPMT ref: 00F12C57

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

moneypunct.LIBCPMT ref: 00F12C91
std::_Facet_Register.LIBCPMT ref: 00F12CA8
std::_Lockit::~_Lockit.LIBCPMT ref: 00F12CC8
Concurrency::cancel_current_task.LIBCPMT ref: 00F12CD5

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
String ID:
API String ID: 3376033448-0
Opcode ID: b1d724470e7a400e19fe9c8a2b4fc57622cedd75f66a106f87c1a54a160d20a0
Instruction ID: 4c0593ca39a854a5ff21bb57e1b9e478c657d11c6e59ccba3d22f021b0302478
Opcode Fuzzy Hash: b1d724470e7a400e19fe9c8a2b4fc57622cedd75f66a106f87c1a54a160d20a0
Instruction Fuzzy Hash: BA01C4329001198BCB05EBA4DD166AEB7B1BF44770F244009F5117B3C2DF389A41ABD0

Function 00F07EC5 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F07ECC
std::_Lockit::_Lockit.LIBCPMT ref: 00F07ED6

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

messages.LIBCPMT ref: 00F07F10
std::_Facet_Register.LIBCPMT ref: 00F07F27
std::_Lockit::~_Lockit.LIBCPMT ref: 00F07F47
Concurrency::cancel_current_task.LIBCPMT ref: 00F07F54

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: 307929b72d5cf5a0993b4c9522286c2b9dfe8064b7443ded3f0c02798459cac9
Instruction ID: 075692130fbf928e3fab8fc5b0d94241fd4b083b5dbf412e12cff21d5996b18c
Opcode Fuzzy Hash: 307929b72d5cf5a0993b4c9522286c2b9dfe8064b7443ded3f0c02798459cac9
Instruction Fuzzy Hash: 8A01AD32D0021A9BCB05EB64DD566BEBB71BF84721F240049F4116B3C2DF78AE01BB80

Function 00F07E30 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F07E37
ctype.LIBCPMT ref: 00F07E7B
std::_Facet_Register.LIBCPMT ref: 00F07E92
std::_Lockit::~_Lockit.LIBCPMT ref: 00F07EB2
Concurrency::cancel_current_task.LIBCPMT ref: 00F07EBF
std::_Lockit::_Lockit.LIBCPMT ref: 00F07E41

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
String ID:
API String ID: 2958136301-0
Opcode ID: 42841ab74a80085bff2c86d5965828567078bd05a832b34d440224acb78b16c8
Instruction ID: bc1a417e824dfe04890ba49f7e86fb8bd875a861b6418d21dc54128f6da1f712
Opcode Fuzzy Hash: 42841ab74a80085bff2c86d5965828567078bd05a832b34d440224acb78b16c8
Instruction Fuzzy Hash: DC018E31D00215DBCB15AB64CD156AEB771BF84720F244149F4106B3C2DF78AE02AB90

Function 00F07F5A Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F07F61
std::_Lockit::_Lockit.LIBCPMT ref: 00F07F6B

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

messages.LIBCPMT ref: 00F07FA5
std::_Facet_Register.LIBCPMT ref: 00F07FBC
std::_Lockit::~_Lockit.LIBCPMT ref: 00F07FDC
Concurrency::cancel_current_task.LIBCPMT ref: 00F07FE9

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
String ID:
API String ID: 958335874-0
Opcode ID: 91a8cb64f3676e391f5c8bfe5116982f317e644be6f915a913a5dcc4e8cdaa85
Instruction ID: b99b0d225096853a1e44af6244a638cffd211092ec64db1d5393a46197ae756b
Opcode Fuzzy Hash: 91a8cb64f3676e391f5c8bfe5116982f317e644be6f915a913a5dcc4e8cdaa85
Instruction Fuzzy Hash: CA016132D042169BCB15EBA4DD166AEB772BF84721F250049F4116B2C1DF78AD05BB91

Function 00A84900 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 281COMMON

Download Yara Rule

Strings

UTF-16BE, xrefs: 00A84A61, 00A84B07
UTF-16LE, xrefs: 00A84A99, 00A84B41
UTF-8, xrefs: 00A84A22, 00A84ACF

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: UTF-16BE$UTF-16LE$UTF-8
API String ID: 0-575634745
Opcode ID: 15a5d78bb3989cb6e188e20f8584f4c6e4275f4f4ac6fade26445dd53dde29b6
Instruction ID: 3825ce611b04c2ff249545cd9c52d0348188ec08c9fd116c8889ed827f840fc1
Opcode Fuzzy Hash: 15a5d78bb3989cb6e188e20f8584f4c6e4275f4f4ac6fade26445dd53dde29b6
Instruction Fuzzy Hash: 649126716482874ADB257F7098A53B7BF96AF2A384F584465ED86CF242E627CC088350

Function 00C8BF70 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 197COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8C050
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C8C13D

Strings

%3lldd %02lldh, xrefs: 00C8C149
%2lld:%02lld:%02lld, xrefs: 00C8C09B
%7lldd, xrefs: 00C8C166

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: %2lld:%02lld:%02lld$%3lldd %02lldh$%7lldd
API String ID: 885266447-1743532675
Opcode ID: 6d4df4c6a269ddd3b62f47b5141156e76c410b570e5f963014edbc3327ad43e0
Instruction ID: a9f7ba0b8d51a321445ff6287076aca55ffa4957979de47dd21c925e24dedb9d
Opcode Fuzzy Hash: 6d4df4c6a269ddd3b62f47b5141156e76c410b570e5f963014edbc3327ad43e0
Instruction Fuzzy Hash: B1517676B043045BE308AA2DCC81B6EB6D6E7C8754F494A3DF958D3392E6BADD048391

Function 00A3D0A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A3D10F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A3D15B
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00A3D1A5
std::_Lockit::~_Lockit.LIBCPMT ref: 00A3D23A

Strings

bad locale name, xrefs: 00A3D255

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Locinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 1143662833-1405518554
Opcode ID: 13ae98fa2facdd39de5db8590dc1cb350b993220aebf8dab29196731d0a93690
Instruction ID: 1637eb61aa7fec19e57591eb06b81eb0d460a2962ce0a1ac7ba389980ebe5aee
Opcode Fuzzy Hash: 13ae98fa2facdd39de5db8590dc1cb350b993220aebf8dab29196731d0a93690
Instruction Fuzzy Hash: 605150B1D00358DFEF20DFA5D945B9EBBB8AF14304F148159E849AB341EB39EA08DB51

Function 00A505C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A50632
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A5067E
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00A5069D
std::_Lockit::~_Lockit.LIBCPMT ref: 00A50732

Strings

bad locale name, xrefs: 00A5074E

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Locinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 1143662833-1405518554
Opcode ID: 1ff6f8c5cd14d2dd74b420c71bc4809c4ffd124ed9ef54f9b68243b9a81926cf
Instruction ID: 5600d0bd7f3d0b75436ae0d1ec7c704fba64aeffbbf6e763f49f8b02896c2843
Opcode Fuzzy Hash: 1ff6f8c5cd14d2dd74b420c71bc4809c4ffd124ed9ef54f9b68243b9a81926cf
Instruction Fuzzy Hash: 11413CB1D012599BEF10DFA4DD45BDEBBB8BF14314F144069EC04A7281EB79EA08DBA1

Function 00A50760 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A507D2
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A5081E
std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00A5083D
std::_Lockit::~_Lockit.LIBCPMT ref: 00A508D2

Strings

bad locale name, xrefs: 00A508EE

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Locinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 1143662833-1405518554
Opcode ID: e4bd9550fa0488be1f6a9509d1af4e91eba7b637b7fec590a2fbb627bd141d1b
Instruction ID: 7f12f01a86cebf395750aaac14cacf9f3995cb633bad1216dbe7a100ae0cd1f8
Opcode Fuzzy Hash: e4bd9550fa0488be1f6a9509d1af4e91eba7b637b7fec590a2fbb627bd141d1b
Instruction Fuzzy Hash: 8B4149B1D00258DBEF10DFA4D945B9EBBB8BF14314F144069EC04A7381EB79EA08DBA1

Function 00EE35D0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00EE3740
Concurrency::cancel_current_task.LIBCPMT ref: 00EE3745
Concurrency::cancel_current_task.LIBCPMT ref: 00EE374A

Strings

false, xrefs: 00EE36D2
true, xrefs: 00EE36F7

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: false$true
API String ID: 118556049-2658103896
Opcode ID: 9e8569dc3bdc90dc82aad79a933338727b2d6a183a30d60c00665dfa4c8f6af8
Instruction ID: 5df843dafa7aacef3daa257b691795c366dcf092dccf32a14a6633281934819a
Opcode Fuzzy Hash: 9e8569dc3bdc90dc82aad79a933338727b2d6a183a30d60c00665dfa4c8f6af8
Instruction Fuzzy Hash: E441E2F0901349ABDB20DF76C841BABBBF4EF04704F14842EE855AB341DB7A9A05CB91

Function 00AC4050 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 90COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AC406D
_strncpy.LIBCMT ref: 00AC4080

Strings

, xrefs: 00AC40E0
TaiL, xrefs: 00AC407A
NoDe, xrefs: 00AC4067

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: $NoDe$TaiL
API String ID: 2961919466-1915909405
Opcode ID: 3d41fc39b2aebd510fee1a65078e38e5b764490cf7ff9e6158574e195ee2b2c5
Instruction ID: 59bf83366238e58795a3edd867a43993d625899d9a1b52e00567bc05785678ca
Opcode Fuzzy Hash: 3d41fc39b2aebd510fee1a65078e38e5b764490cf7ff9e6158574e195ee2b2c5
Instruction Fuzzy Hash: 545149B4901B418FE3A1CF38C550B93B7E0BF19304F009A1EE9EE97651E7B5B4888B51

Function 00F0B932 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F0B939
_Getvals.LIBCPMT ref: 00F0B996
_Mpunct.LIBCPMT ref: 00F0B9D1
_Mpunct.LIBCPMT ref: 00F0B9EB

Strings

$+xv, xrefs: 00F0B9F6

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Mpunct$GetvalsH_prolog3
String ID: $+xv
API String ID: 2204710431-1686923651
Opcode ID: 69ab84dec7405f7d4801c4811a9e515e1d04f02a8fef692101e05373216944c3
Instruction ID: dd51e1d4e1a88c56a73e434bf870115e790836221236c9f4db9464d65584d0b5
Opcode Fuzzy Hash: 69ab84dec7405f7d4801c4811a9e515e1d04f02a8fef692101e05373216944c3
Instruction Fuzzy Hash: 2421B4B1904B56AEDB25DF748880B6BBFF8BB0C700F04051AE599C7A82D774E645EBD0

Function 00F1CBB3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,4B9D888B,?,?,00000000,00F4A180,000000FF,?,00F1CB8F,00000002,?,00F1CB63,00F247DB), ref: 00F1CBE8
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F1CBFA
FreeLibrary.KERNEL32(00000000,?,?,00000000,00F4A180,000000FF,?,00F1CB8F,00000002,?,00F1CB63,00F247DB), ref: 00F1CC1C

Strings

mscoree.dll, xrefs: 00F1CBE1
CorExitProcess, xrefs: 00F1CBF2

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: d29465882bde8ad32d42f3a2d92872ad3817066d4b9b63c908211ad799050d02
Instruction ID: 732dd6d6c9990756c6a1fdd91bf1546aecc57d7020cbfc695d548d256f548e2a
Opcode Fuzzy Hash: d29465882bde8ad32d42f3a2d92872ad3817066d4b9b63c908211ad799050d02
Instruction Fuzzy Hash: 2C01AD72A44759EFDB118F90DC09BEEBBB8FB04B21F040629F811A26A0DB749D40DBD0

Function 00EE2CC0 Relevance: 7.6, APIs: 5, Instructions: 117COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00EE2CF1
std::_Lockit::_Lockit.LIBCPMT ref: 00EE2D0F
std::_Lockit::~_Lockit.LIBCPMT ref: 00EE2D2F
std::_Facet_Register.LIBCPMT ref: 00EE2DF6
std::_Lockit::~_Lockit.LIBCPMT ref: 00EE2E0E

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID:
API String ID: 459529453-0
Opcode ID: 8719647515050f406c4c964ef48d17ea9dfdc6ad7ef7baaaa88a5c7aedce3df8
Instruction ID: 8990e8a112b708456f82d01b6bf52277aba548f60aec2b6501e3ca0ac6496ab2
Opcode Fuzzy Hash: 8719647515050f406c4c964ef48d17ea9dfdc6ad7ef7baaaa88a5c7aedce3df8
Instruction Fuzzy Hash: ED41CD71A002599BDB21CF59D890BAABBB8FB00754F14825EEA46BB345DB34ED41CBD0

Function 00F166F1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00F16705
AcquireSRWLockExclusive.KERNEL32(?), ref: 00F16724
AcquireSRWLockExclusive.KERNEL32(?), ref: 00F16752
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00F167AD
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00F167C4

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: AcquireExclusiveLock$CurrentThread
String ID:
API String ID: 66001078-0
Opcode ID: ffe46ed077af4f844ff54b2342b2533f907264124d268d2f3fc954453abffdef
Instruction ID: 1593ece82fc9111b9cb920cf1cb96497b1d0994859d6ff37fc995237cd7a16af
Opcode Fuzzy Hash: ffe46ed077af4f844ff54b2342b2533f907264124d268d2f3fc954453abffdef
Instruction Fuzzy Hash: 22417C7590060ADFCB20DF64C594AEAB7F4FF08329B20492AE456C7580DB34F9D5EB60

Function 00F088AA Relevance: 7.6, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F088B1
std::_Lockit::_Lockit.LIBCPMT ref: 00F088BB

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F0890C
std::_Lockit::~_Lockit.LIBCPMT ref: 00F0892C
Concurrency::cancel_current_task.LIBCPMT ref: 00F08939

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: e25ac15fcacb684fb81e30f12e82c177d0b7ef2a5ec35e0abc4fd4df04fb7905
Instruction ID: 8a5ddcf051944b56908a686e10b3a288e70a466a75a6b0cd96cde31ed3d57936
Opcode Fuzzy Hash: e25ac15fcacb684fb81e30f12e82c177d0b7ef2a5ec35e0abc4fd4df04fb7905
Instruction Fuzzy Hash: C621F232A00215AFDB14EBA8DD05BBEB7B5FF84B60F140019F540AB2D1CF749D01AB92

Function 00F01DC9 Relevance: 7.6, APIs: 5, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F01DD0
std::_Lockit::_Lockit.LIBCPMT ref: 00F01DDA

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F01E2B
std::_Lockit::~_Lockit.LIBCPMT ref: 00F01E4B
Concurrency::cancel_current_task.LIBCPMT ref: 00F01E58

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: cb13189e283674b3945cae8a353084eb6cb89a15b5aa5503ca6cc6c675b4654d
Instruction ID: 225ae99471d079fc8585fb44d0766931a1bba8d1b47eddb7b71159ca95ae6610
Opcode Fuzzy Hash: cb13189e283674b3945cae8a353084eb6cb89a15b5aa5503ca6cc6c675b4654d
Instruction Fuzzy Hash: 4911EB32A002199BCB15ABA8DD45BAE7BA5BF54721F24400DF814BB3C1DF78AD41BB90

Function 00F05344 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

_Maklocstr.LIBCPMT ref: 00F05364
_Maklocstr.LIBCPMT ref: 00F05381
_Maklocstr.LIBCPMT ref: 00F0539E
_Maklocchr.LIBCPMT ref: 00F053B0
_Maklocchr.LIBCPMT ref: 00F053C3

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Maklocstr$Maklocchr
String ID:
API String ID: 2020259771-0
Opcode ID: d6896e2088a31ed03754bfd91f1a5065b3930016cb26f07c52cb52398489bcab
Instruction ID: 3a7f64d8799c228e2169e9a0bcf327c3db00ef6f4ca71a91d8f9f8365efac6a1
Opcode Fuzzy Hash: d6896e2088a31ed03754bfd91f1a5065b3930016cb26f07c52cb52398489bcab
Instruction Fuzzy Hash: 9D1160B1900A44BBE7209BA5CC41B27B7ECAB04A54F084519F5958B680D2A4FD50ABA8

Function 00F08084 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F0808B
std::_Lockit::_Lockit.LIBCPMT ref: 00F08095

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F080E6
std::_Lockit::~_Lockit.LIBCPMT ref: 00F08106
Concurrency::cancel_current_task.LIBCPMT ref: 00F08113

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 150cd05c44ed812e2efd8e4f0bfbaa6024b6a16285c2a18806fb3468fccda384
Instruction ID: 257ab64639882a24afdf435f1239a79c4d6c88273f1f3204ad4581442ecdfbf2
Opcode Fuzzy Hash: 150cd05c44ed812e2efd8e4f0bfbaa6024b6a16285c2a18806fb3468fccda384
Instruction Fuzzy Hash: 9D01C032D002198BCB15EB64DD166AEBBB1BF84760F240009F4517B3D2DF789A06BB80

Function 00F081AE Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F081B5
std::_Lockit::_Lockit.LIBCPMT ref: 00F081BF

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F08210
std::_Lockit::~_Lockit.LIBCPMT ref: 00F08230
Concurrency::cancel_current_task.LIBCPMT ref: 00F0823D

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 8ee2cab825a18e7ba7fdfc68c9ede72aca481618e5ff56d19309e5f62a3e9c76
Instruction ID: 1f86fb78f5e7a32671ace773e2eebe277a2c34c214a900c9847e42c25719ec10
Opcode Fuzzy Hash: 8ee2cab825a18e7ba7fdfc68c9ede72aca481618e5ff56d19309e5f62a3e9c76
Instruction Fuzzy Hash: CA018072E0021A9BCB05EB64DD166AEB771BF84760F244409F4516B3D2DF789A02BB91

Function 00F08119 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F08120
std::_Lockit::_Lockit.LIBCPMT ref: 00F0812A

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F0817B
std::_Lockit::~_Lockit.LIBCPMT ref: 00F0819B
Concurrency::cancel_current_task.LIBCPMT ref: 00F081A8

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: f4f61928963019ebd5323479e38361f07bc2bb5a4db1c353d29e644fac9f39a5
Instruction ID: 6ec809550eac526027878e45b150524d9a8f5d6bb3883cd0f27469251ae63fb4
Opcode Fuzzy Hash: f4f61928963019ebd5323479e38361f07bc2bb5a4db1c353d29e644fac9f39a5
Instruction Fuzzy Hash: 4601D23290021ACBCB05EB64DD566AEB771BF84760F240009F8517B3C2DF789E02BB80

Function 00F08497 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F0849E
std::_Lockit::_Lockit.LIBCPMT ref: 00F084A8

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F084F9
std::_Lockit::~_Lockit.LIBCPMT ref: 00F08519
Concurrency::cancel_current_task.LIBCPMT ref: 00F08526

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 92c0234fe42ddb619e083578c4e3ec24a848ecd8a87389f90be95b0f8fe61933
Instruction ID: 513f38e96f32c6d9316e4d98f206c4b2705760f09d23510382d482d3047794d4
Opcode Fuzzy Hash: 92c0234fe42ddb619e083578c4e3ec24a848ecd8a87389f90be95b0f8fe61933
Instruction Fuzzy Hash: 5D01A1319001198BCB15EB64DD166BEBBB1BF54760F280109F4517B2C2DF789A02BB90

Function 00F085C1 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F085C8
std::_Lockit::_Lockit.LIBCPMT ref: 00F085D2

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F08623
std::_Lockit::~_Lockit.LIBCPMT ref: 00F08643
Concurrency::cancel_current_task.LIBCPMT ref: 00F08650

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 89e5354c82e78f94d243bc3cbacc220e2faded776d98ea76762e58cf86841b88
Instruction ID: deb2e18cca5c379decc19cdcb04dbae55ff1b379a5de8e94e1eaeccf03cd1bf0
Opcode Fuzzy Hash: 89e5354c82e78f94d243bc3cbacc220e2faded776d98ea76762e58cf86841b88
Instruction Fuzzy Hash: EB01C03290021ACBCB05EF64CD566AEB7B5BF84760F250009F8516B3C2DF799E42BB81

Function 00F0852C Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F08533
std::_Lockit::_Lockit.LIBCPMT ref: 00F0853D

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F0858E
std::_Lockit::~_Lockit.LIBCPMT ref: 00F085AE
Concurrency::cancel_current_task.LIBCPMT ref: 00F085BB

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 9b7eadfcfef917d45a1c98810459cfeb6bf9ac8fa6591f8c169a4429b27bc1b3
Instruction ID: d5e4ab13e69847f7f14d286f86cc58d3f672f9d08eea632404b45f3ca0416b29
Opcode Fuzzy Hash: 9b7eadfcfef917d45a1c98810459cfeb6bf9ac8fa6591f8c169a4429b27bc1b3
Instruction Fuzzy Hash: 8D016D329002198BCB15EB64DD566BEB7B1BF84770F284409F451AB3D2DF789A02BB91

Function 00F086EB Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F086F2
std::_Lockit::_Lockit.LIBCPMT ref: 00F086FC

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F0874D
std::_Lockit::~_Lockit.LIBCPMT ref: 00F0876D
Concurrency::cancel_current_task.LIBCPMT ref: 00F0877A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: cb97a1917678fb05cdf0cd17c9e1d80b299da8a3ab65afb79eaff9a7be4625f1
Instruction ID: a3e2a66206be76c01645a21041e6709b68446905d5de1d7ff059812873228872
Opcode Fuzzy Hash: cb97a1917678fb05cdf0cd17c9e1d80b299da8a3ab65afb79eaff9a7be4625f1
Instruction Fuzzy Hash: 7A01C032900219CBCB15EB64DD566AEBBB1BF94760F240009F4517B3D2DF789E02BB80

Function 00F08780 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F08787
std::_Lockit::_Lockit.LIBCPMT ref: 00F08791

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F087E2
std::_Lockit::~_Lockit.LIBCPMT ref: 00F08802
Concurrency::cancel_current_task.LIBCPMT ref: 00F0880F

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 068fc5f11b68ab2482d9ef3f41f38528f9613fa9e12d7919db6e6957d19f9617
Instruction ID: 67d9fddf5a472965ebcfbb62fbf3a2420f1b237e93dd57bc8c14664337a0878f
Opcode Fuzzy Hash: 068fc5f11b68ab2482d9ef3f41f38528f9613fa9e12d7919db6e6957d19f9617
Instruction Fuzzy Hash: 6A018032A0021A9BCB15EB64DD566AEB7B1BF84760F244009F4516B3C2DF789A42FB91

Function 00F08815 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F0881C
std::_Lockit::_Lockit.LIBCPMT ref: 00F08826

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F08877
std::_Lockit::~_Lockit.LIBCPMT ref: 00F08897
Concurrency::cancel_current_task.LIBCPMT ref: 00F088A4

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 52e90d0ce7f26b5920c457ea1e247286e2bfea7f2affa996e1ec4ea403b6b0b8
Instruction ID: 59270f469aebe24ab30ea3c7c128b5b8bd4dacf8b4db6410e9c0806b97979fc1
Opcode Fuzzy Hash: 52e90d0ce7f26b5920c457ea1e247286e2bfea7f2affa996e1ec4ea403b6b0b8
Instruction Fuzzy Hash: 1A018432D00219CBCF05EB64DD166AEB7B1BF84760F684009F8556B3D2DF789A02BB91

Function 00F129F2 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F129F9
std::_Lockit::_Lockit.LIBCPMT ref: 00F12A03

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F12A54
std::_Lockit::~_Lockit.LIBCPMT ref: 00F12A74
Concurrency::cancel_current_task.LIBCPMT ref: 00F12A81

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 4726ca337ee4e7c9456c9535e52b88cc5181d957a2d29016168bc4a604e351d9
Instruction ID: ad677db392273bfba392ebec80241c8cb484d1ed4fd0dc025ca447583855e6d7
Opcode Fuzzy Hash: 4726ca337ee4e7c9456c9535e52b88cc5181d957a2d29016168bc4a604e351d9
Instruction Fuzzy Hash: 1001C036A0011A8BCB15EBA4CD566AEB7B1BF84720F240009F8116B3C1DF399E42AB80

Function 00F12BB1 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F12BB8
std::_Lockit::_Lockit.LIBCPMT ref: 00F12BC2

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F12C13
std::_Lockit::~_Lockit.LIBCPMT ref: 00F12C33
Concurrency::cancel_current_task.LIBCPMT ref: 00F12C40

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: f5e9535d43b00bc51d6b0f8d472be22f97f461f9db42afdf073d955501f462bd
Instruction ID: f51de9f31e26ce8d308649ed2338cc689e4c36edcd770b374b571ccff93a4a61
Opcode Fuzzy Hash: f5e9535d43b00bc51d6b0f8d472be22f97f461f9db42afdf073d955501f462bd
Instruction Fuzzy Hash: 4101C032900219CBCB09EBA4DD56AEEB771BF84720F240409F4116B3C2DF389A42AB90

Function 00F12B1C Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F12B23
std::_Lockit::_Lockit.LIBCPMT ref: 00F12B2D

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F12B7E
std::_Lockit::~_Lockit.LIBCPMT ref: 00F12B9E
Concurrency::cancel_current_task.LIBCPMT ref: 00F12BAB

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 33e8b574f6adb4cf4829bc583544b47f14c2b2f79eb11f42318e5cdd9f6253b5
Instruction ID: cb906cf51937dd522a674f069314552c8c6f0e80d5fc3b6786f5322fbd6e77b7
Opcode Fuzzy Hash: 33e8b574f6adb4cf4829bc583544b47f14c2b2f79eb11f42318e5cdd9f6253b5
Instruction Fuzzy Hash: 8101C03290021A9BCB05EBA4DD566AEB771BF84B20F240409F4116B3C1DF389A41AB80

Function 00F07C71 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F07C78
std::_Lockit::_Lockit.LIBCPMT ref: 00F07C82

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F07CD3
std::_Lockit::~_Lockit.LIBCPMT ref: 00F07CF3
Concurrency::cancel_current_task.LIBCPMT ref: 00F07D00

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: cf25d1465215f5996af19fb9990a1c8b0ee47c427731204c731dca189a866dff
Instruction ID: 02c4619da81217fb172bf99a8d436e3c3626abee1ef01e2c162cd38f9b4080d6
Opcode Fuzzy Hash: cf25d1465215f5996af19fb9990a1c8b0ee47c427731204c731dca189a866dff
Instruction Fuzzy Hash: 2201A131E00215DBDB05AB64DD156AEB771BF84720F244009F4116B3C2DF78A901BB91

Function 00F07D9B Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F07DA2
std::_Lockit::_Lockit.LIBCPMT ref: 00F07DAC

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F07DFD
std::_Lockit::~_Lockit.LIBCPMT ref: 00F07E1D
Concurrency::cancel_current_task.LIBCPMT ref: 00F07E2A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 23f6ebd5cf7fe9931db11e8200540f4b69acf8989eb28bbde3c7ac93cfd8d39f
Instruction ID: d7b9032c6a22fd1f816528b88147df142e656c76cdab7219b53205b9e5dc34bd
Opcode Fuzzy Hash: 23f6ebd5cf7fe9931db11e8200540f4b69acf8989eb28bbde3c7ac93cfd8d39f
Instruction Fuzzy Hash: B0016D32E0521A9BCB05BB64DD166BEB771BF84720F244449F4116B2D2DF789E02BB91

Function 00F12D70 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F12D77
std::_Lockit::_Lockit.LIBCPMT ref: 00F12D81

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F12DD2
std::_Lockit::~_Lockit.LIBCPMT ref: 00F12DF2
Concurrency::cancel_current_task.LIBCPMT ref: 00F12DFF

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: 95407fe8638e5787e65b9fbbf54d2cf8278bea13618e9f267fb3df73c0cb0b40
Instruction ID: 832f34dc3fec61ac47623d61231379d3d9e832091bc762384cbd8cb95095c97c
Opcode Fuzzy Hash: 95407fe8638e5787e65b9fbbf54d2cf8278bea13618e9f267fb3df73c0cb0b40
Instruction Fuzzy Hash: BA0180329002199FCB05EBA4DD166EEB771BF84720F284149F4116B3C2DF789A41BB91

Function 00F07D06 Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F07D0D
std::_Lockit::_Lockit.LIBCPMT ref: 00F07D17

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F07D68
std::_Lockit::~_Lockit.LIBCPMT ref: 00F07D88
Concurrency::cancel_current_task.LIBCPMT ref: 00F07D95

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: dab6e7e788dfbdd54504250b4932036885815a0b09e1b674ff976a5841b22de9
Instruction ID: 75e0386bedcc7cff4e74d2e89b0bfa1f98a9d7b0c93cb7bb7221ac56b5fc267d
Opcode Fuzzy Hash: dab6e7e788dfbdd54504250b4932036885815a0b09e1b674ff976a5841b22de9
Instruction Fuzzy Hash: A601A131D002159BCB05AB74DD566BEB771BF84720F244009F8116B3C1DF789901BB80

Function 00F12E05 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F12E0C
std::_Lockit::_Lockit.LIBCPMT ref: 00F12E16

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F12E67
std::_Lockit::~_Lockit.LIBCPMT ref: 00F12E87
Concurrency::cancel_current_task.LIBCPMT ref: 00F12E94

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: e4218c8fb65c767db406ae93f690aa5e596895faef04b47b7d746e8128e39d2d
Instruction ID: fcc36ae6b30848e6d43f9810c78d4b89b1a7b776d405738a46dc7d296fa4b1d4
Opcode Fuzzy Hash: e4218c8fb65c767db406ae93f690aa5e596895faef04b47b7d746e8128e39d2d
Instruction Fuzzy Hash: B7018431900116CBCB09EBA4DD166AEB775FF44760F240509F4516B3D2DF789E41AB91

Function 00F07FEF Relevance: 7.5, APIs: 5, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F07FF6
std::_Lockit::_Lockit.LIBCPMT ref: 00F08000

Part of subcall function 00A3CE20: std::_Lockit::_Lockit.LIBCPMT ref: 00A3CE3D
Part of subcall function 00A3CE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00A3CE59

std::_Facet_Register.LIBCPMT ref: 00F08051
std::_Lockit::~_Lockit.LIBCPMT ref: 00F08071
Concurrency::cancel_current_task.LIBCPMT ref: 00F0807E

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
String ID:
API String ID: 55977855-0
Opcode ID: e9f1814bea8063e5eca095c89440e204a6996a2a77cf9ecbf637361d0ba68c70
Instruction ID: 966d871ea6f7b995a016630e57fb6a3d299d378d7ecbf30d656bb449e8652ddd
Opcode Fuzzy Hash: e9f1814bea8063e5eca095c89440e204a6996a2a77cf9ecbf637361d0ba68c70
Instruction Fuzzy Hash: 9F01C032D002198BCB15EBA4DD566AEB7B5BF847A0F240009F4516B3D2DF789E06BB80

Function 00F36C64 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 370COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 00F36DDE
__freea.LIBCMT ref: 00F36DFA

Strings

am/pm, xrefs: 00F36E5C
a/p, xrefs: 00F36EC0

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: __freea
String ID: a/p$am/pm
API String ID: 240046367-3206640213
Opcode ID: ecedbb4f937ceed27a6fc1d4af373602c68f6a63e676414be02dc7c2c57336e5
Instruction ID: a571324b475ad25793745b75d81b748b1eab36656ebf592f85578ae003da3cd9
Opcode Fuzzy Hash: ecedbb4f937ceed27a6fc1d4af373602c68f6a63e676414be02dc7c2c57336e5
Instruction Fuzzy Hash: D0C1C1B5E08316EADB38AF68C854BBA77B0FF09330F148159E905EB250D3359D41EBA5

Function 00AB6A80 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 273COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00AB6DA0

Strings

K, xrefs: 00AB6C42
L, xrefs: 00AB6C28
%s, xrefs: 00AB6AE1, 00AB6B31, 00AB6BA6, 00AB6C09, 00AB6CAE, 00AB6D39

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ___from_strstr_to_strchr
String ID: %s$K$L
API String ID: 601868998-452073694
Opcode ID: 7db14a6f12facaf1b69f76b0e56174246a5530e4de3db691c3c286f58ebe9295
Instruction ID: c93d98da52243a4166749e5cd9ec3e4e56be732d3957690ae766cc005b453b0e
Opcode Fuzzy Hash: 7db14a6f12facaf1b69f76b0e56174246a5530e4de3db691c3c286f58ebe9295
Instruction Fuzzy Hash: E291D2B1904600ABEB30EB64DD46FFBB7ECAF84314F040A2DF599C6193E635951987A2

Function 00AC6D60 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 235COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AC6EE9
_strncpy.LIBCMT ref: 00AC6EF9

Strings

Fcte, xrefs: 00AC6EAE, 00AC6FCA
fCbt, xrefs: 00AC6E94, 00AC6FB8

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: Fcte$fCbt
API String ID: 2961919466-227020072
Opcode ID: 81b8c3e6d824b5ddbc2caace0216054f8746aa29b79259d2e300b7fc8d5c8343
Instruction ID: 74e3af730df924247b910660fdf9305824a71d37eb32d0d0e03914e385ebe850
Opcode Fuzzy Hash: 81b8c3e6d824b5ddbc2caace0216054f8746aa29b79259d2e300b7fc8d5c8343
Instruction Fuzzy Hash: 9E81D6B2908705ABD720EF64DC41FABB3ECBB54314F41072EF5A686181EB75E584CB92

Function 00EEFBA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 189COMMON

Download Yara Rule

Strings

, xrefs: 00EEFC14
Failed to get DirectInput device data: , xrefs: 00EEFC79

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $Failed to get DirectInput device data:
API String ID: 0-619344365
Opcode ID: 57eed3d5b684ee4e867076a95eb5a3c934f80162faad903739c12da6cb36fe88
Instruction ID: 278766a16a94ddbd3558d32a114f8a457b3d0e29243d683889b71a00708a80c6
Opcode Fuzzy Hash: 57eed3d5b684ee4e867076a95eb5a3c934f80162faad903739c12da6cb36fe88
Instruction Fuzzy Hash: 9F81E67181438ACBD712CF25C4807A9B3A4FF99304F28D77AEC896A157E77569C5CB10

Function 00C7DEE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 187COMMON

Download Yara Rule

APIs

inet_pton.WS2_32(00000017,?,?), ref: 00C7DFA2
inet_pton.WS2_32(00000017,00000738,?), ref: 00C7DFD6

Strings

%s %s%s%s %u %s %s%s%s %u "%d%02d%02d %02d:%02d:%02d" %u %d, xrefs: 00C7E0A0
# Your alt-svc cache. https://curl.se/docs/alt-svc.html# This file was generated by libcurl! Edit at your own risk., xrefs: 00C7DF56

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: inet_pton
String ID: # Your alt-svc cache. https://curl.se/docs/alt-svc.html# This file was generated by libcurl! Edit at your own risk.$%s %s%s%s %u %s %s%s%s %u "%d%02d%02d %02d:%02d:%02d" %u %d
API String ID: 1350483568-1497203839
Opcode ID: f4429946d50af186cc0785744f0f9d79ace546e9fca6db51380b6f803c267f4f
Instruction ID: 840abe1ae5265fb0c8fec34ca88aa8c0f0ed64e6f53b6f54b27918538058fdc7
Opcode Fuzzy Hash: f4429946d50af186cc0785744f0f9d79ace546e9fca6db51380b6f803c267f4f
Instruction Fuzzy Hash: 635193B26043009BDB119B55DD4192BB7EAFF88304F48882DF99AC3251EB72ED54EB53

Function 00AC98E0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 178COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AC997D

Strings

Fcte, xrefs: 00AC995F
fCbt, xrefs: 00AC993E

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: Fcte$fCbt
API String ID: 2961919466-227020072
Opcode ID: ae158fa230749ee796a5139f9a058beead3b22fa7d3d40f743e89fef8caa92cf
Instruction ID: dbee71f234ab9b42c9dc3fe0f2f5fbb63ce1c1b528afdab1913f5e2c9a08e13c
Opcode Fuzzy Hash: ae158fa230749ee796a5139f9a058beead3b22fa7d3d40f743e89fef8caa92cf
Instruction Fuzzy Hash: F451C3B26002046BD710AB54DC82FBBB3ECBB84724F41072EF696D61C1EB75D64587A6

Function 00A50E40 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 176COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00A51010

Strings

false, xrefs: 00A50F45
true, xrefs: 00A50F5B
ios_base::badbit set, xrefs: 00A50F0E

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: false$ios_base::badbit set$true
API String ID: 118556049-1679644946
Opcode ID: edcc0a71e21e8dc248336deb176f3672c583428af2613f3e4efc636bdaa257cb
Instruction ID: 755f6ea4430e2d139364bee9d123c3db4af3623130d597af7b618617c1168f3c
Opcode Fuzzy Hash: edcc0a71e21e8dc248336deb176f3672c583428af2613f3e4efc636bdaa257cb
Instruction Fuzzy Hash: 805194B1D003489BDB10DFA4DC41BEEB7B8FF49300F14865AE845AB241E779AA48DB91

Function 00A41350 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 169COMMON

Download Yara Rule

APIs

CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,000000FF,4B9D888B,?,00000000,?,?,?,?,?,?,?,?,?), ref: 00A4143A
GetLastError.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,00F4A91E,000000FF), ref: 00A4144B
CloseHandle.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00F4A91E,000000FF), ref: 00A41545

Strings

iocp, xrefs: 00A41580

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CloseCompletionCreateErrorHandleLastPort
String ID: iocp
API String ID: 2293630721-976528080
Opcode ID: 56127b4731af8db3bb2f7d187991daca0f216fe4331073effadef0a57b1e405f
Instruction ID: c855f4c4e3a30605c1fff841576488ae8ac9a27769c5790c0e472c1f537b9424
Opcode Fuzzy Hash: 56127b4731af8db3bb2f7d187991daca0f216fe4331073effadef0a57b1e405f
Instruction Fuzzy Hash: B761DEB48007449FD720CF59C94579ABBF4FF84324F20461EE896AB790E7B9A944CB91

Function 00AB4D50 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 127COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AB4E1B

Strings

ADF: Unrecognized error number %d., xrefs: 00AB4E90
%s, xrefs: 00AB4D7F
ADF %d: %s, xrefs: 00AB4E4A

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: %s$ADF %d: %s$ADF: Unrecognized error number %d.
API String ID: 2961919466-2172227557
Opcode ID: eb7e54ebde64853e15a7e9d8d7ff12ab54eefe8eabb3665d07790f1e0adb5fa3
Instruction ID: 005870c2257fe050033271c95a0b4fb2b0b6ce548875b17100eccefe0d335196
Opcode Fuzzy Hash: eb7e54ebde64853e15a7e9d8d7ff12ab54eefe8eabb3665d07790f1e0adb5fa3
Instruction Fuzzy Hash: 95415BB6B043405ACF11AB28DC425FF779D6FE9704F49051EE48587243EB2AD94987D3

Function 00F1418C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F14193
_Mpunct.LIBCPMT ref: 00F1422B
_Mpunct.LIBCPMT ref: 00F14245

Strings

$+xv, xrefs: 00F14250

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Mpunct$H_prolog3
String ID: $+xv
API String ID: 4281374311-1686923651
Opcode ID: 7a19aec0452be828d55cb21158ea551fff8cc1abb0d8eeb03b0d0457fbbb9494
Instruction ID: fcbd30cc806593f70bb838d3ae71cac29831242df45eb351ad0e451812bf0afc
Opcode Fuzzy Hash: 7a19aec0452be828d55cb21158ea551fff8cc1abb0d8eeb03b0d0457fbbb9494
Instruction Fuzzy Hash: 0221A0B1804B956EDB25DF7488407ABBFF8BB08710F04051AF4A9C7A41D774E685DB90

Function 00F0B85C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F0B863

Part of subcall function 00F05344: _Maklocstr.LIBCPMT ref: 00F05364
Part of subcall function 00F05344: _Maklocstr.LIBCPMT ref: 00F05381
Part of subcall function 00F05344: _Maklocstr.LIBCPMT ref: 00F0539E
Part of subcall function 00F05344: _Maklocchr.LIBCPMT ref: 00F053B0
Part of subcall function 00F05344: _Maklocchr.LIBCPMT ref: 00F053C3

_Mpunct.LIBCPMT ref: 00F0B8FB
_Mpunct.LIBCPMT ref: 00F0B915

Strings

$+xv, xrefs: 00F0B920

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Maklocstr$MaklocchrMpunct$H_prolog3
String ID: $+xv
API String ID: 2939335142-1686923651
Opcode ID: 74275ee943318dd9a92b6f8b46bbb8277d51c80fa13638107d0c0b0eb7bbe10e
Instruction ID: 4fa8c94c2da1a62d386758084f02cdb7c15073e3bb04706e91a767a1b1deea61
Opcode Fuzzy Hash: 74275ee943318dd9a92b6f8b46bbb8277d51c80fa13638107d0c0b0eb7bbe10e
Instruction Fuzzy Hash: 4C21B1B1804B556EDB25DF74884076BBFF8BB08700F04451AE499C7A81D774E646EBD0

Function 00F05438 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMONLIBRARYCODE

Download Yara Rule

APIs

_Maklocstr.LIBCPMT ref: 00F05474
_Maklocstr.LIBCPMT ref: 00F0548D

Part of subcall function 00F055BC: Concurrency::cancel_current_task.LIBCPMT ref: 00F0565E
Part of subcall function 00F055BC: __EH_prolog3_GS.LIBCMT ref: 00F0566E

_Maklocstr.LIBCPMT ref: 00F0549C

Strings

:AM:am:PM:pm, xrefs: 00F05494

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Maklocstr$Concurrency::cancel_current_taskH_prolog3_
String ID: :AM:am:PM:pm
API String ID: 3638369660-1966799564
Opcode ID: bc66e322f373bbd7ae55c3675d98ab2a620eb0630ca411ca5e5a36900e68e811
Instruction ID: a4fc727180329489bd4c00d2d3accce6f427cb804aebbc0c399b60486b7a9264
Opcode Fuzzy Hash: bc66e322f373bbd7ae55c3675d98ab2a620eb0630ca411ca5e5a36900e68e811
Instruction Fuzzy Hash: F601AC72D002047BDB10EFA59C85C9F77BDEB85714F04441DF405A7281DB745D05EA94

Function 00AC3F70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AC3F8D
_strncpy.LIBCMT ref: 00AC3F9D

Strings

Fcte, xrefs: 00AC3F97
fCbt, xrefs: 00AC3F87

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: Fcte$fCbt
API String ID: 2961919466-227020072
Opcode ID: 4a2679ea47d0db715e5048bdba47accc71137e6eaec141c5a1d560bc4a7e7d99
Instruction ID: 701d955eb13518d15072b283c10278b5272307d2a648585ad27e6fda109664e3
Opcode Fuzzy Hash: 4a2679ea47d0db715e5048bdba47accc71137e6eaec141c5a1d560bc4a7e7d99
Instruction Fuzzy Hash: 331136B0401B509FE3319F16D968787BBF4BB04799F508A0CE1C61BA94C3FAA1888FC5

Function 00F1C762 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00F1C713,?,?,00000000,?,?,?,00F1C83D,00000002,FlsGetValue,0104D9EC,FlsGetValue), ref: 00F1C76F
GetLastError.KERNEL32(?,00F1C713,?,?,00000000,?,?,?,00F1C83D,00000002,FlsGetValue,0104D9EC,FlsGetValue,?,?,00F1B6A4), ref: 00F1C779
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00F1C7A1

Strings

api-ms-, xrefs: 00F1C786

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 826467816189b647ae9d907c37ec0ded82a904ee468c17d92c26020ef77ac42f
Instruction ID: 625f4dd7e9e896d0ec9965c0aaa03a8dce295c59bd5f1eb8bb6d0cf794da34ec
Opcode Fuzzy Hash: 826467816189b647ae9d907c37ec0ded82a904ee468c17d92c26020ef77ac42f
Instruction Fuzzy Hash: DDE0B8746C0308BBEB501B61EC46F993B559B15B61F144430FA4CE94E1DBA1D990F9C5

Function 00EE8130 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25libraryloaderCOMMON

Download Yara Rule

APIs

wglGetProcAddress.OPENGL32(?,00EE55F0,glGetError,0109783C,4B9D888B,?,?), ref: 00EE8134
GetModuleHandleA.KERNEL32(OpenGL32.dll), ref: 00EE8160
GetProcAddress.KERNEL32(?,?), ref: 00EE8175

Strings

OpenGL32.dll, xrefs: 00EE815B

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: OpenGL32.dll
API String ID: 667068680-535613738
Opcode ID: a0f4219bcf55e2b8cda5c78866bb9e76be96ae8414fb368fa32ea40de355ecae
Instruction ID: eb2d7aebf973ee24a8f48239b1a2444f9c9f7b6a3c9242dccf6cb55f910ed6b3
Opcode Fuzzy Hash: a0f4219bcf55e2b8cda5c78866bb9e76be96ae8414fb368fa32ea40de355ecae
Instruction Fuzzy Hash: CFE048311417895B8F314B769E9C51A3795FF417197185D2AF099D51B0DF32C887EB02

Function 00F2B6A6 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(4B9D888B,00000000,00000000,00000000), ref: 00F2B709

Part of subcall function 00F3EC61: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00F3EB44,?,00000000,-00000008), ref: 00F3ECC2

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00F2B95B
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00F2B9A1
GetLastError.KERNEL32 ref: 00F2BA44

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 4ed0c7fc95fe2b757ceda3da3fcab848402514f5c7964f6480ab4b30febda4d7
Instruction ID: f367fe7f1f93d72573d43c81596cc2ef12a1bb2371aae49aec60c578ec149d19
Opcode Fuzzy Hash: 4ed0c7fc95fe2b757ceda3da3fcab848402514f5c7964f6480ab4b30febda4d7
Instruction Fuzzy Hash: 7DD18A75D042589FCB14CFA8E880AEDBBB5FF48310F28452AE965EB351E734A941DF50

Function 00F31B6F Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff2445969cf2c94b773e1202cb1d49a30940b66fe723a5c4f745bb114acd92df
Instruction ID: 2aa123b82e515a9585beb294d72ed821cd9d333b78da5671d9457ed650b38a7f
Opcode Fuzzy Hash: ff2445969cf2c94b773e1202cb1d49a30940b66fe723a5c4f745bb114acd92df
Instruction Fuzzy Hash: 0B41F772A44714AFD725AF78DC42BAAFBB8FBC8720F10452AF415DB381E275E9409790

Function 00A4AF00 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 00F008A9: QueryPerformanceFrequency.KERNEL32(?,?,?,?,00A4AF11,?,?,?,?,00A42D9F), ref: 00F008C7

Part of subcall function 00F00892: QueryPerformanceCounter.KERNEL32(?,?,?,?,00A4AF20,?,?,?,?,00A42D9F), ref: 00F0089B

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A4AF62
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A4AF97
__alldvrm.LIBCMT ref: 00A4AFB9
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A4AFDB

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$PerformanceQuery$CounterFrequency__alldvrm
String ID:
API String ID: 2057067329-0
Opcode ID: 00ac59269870cc48a7091bd0448751df4f8e20382f23ef134ff57866674d65f6
Instruction ID: 750348c4b64d060de3e1ed2180ba911fabd74ddd00beed20d277e9e86a09eeb2
Opcode Fuzzy Hash: 00ac59269870cc48a7091bd0448751df4f8e20382f23ef134ff57866674d65f6
Instruction Fuzzy Hash: 8531A4B1F053147ED720AAA94C45FAFBAFCEBC5760F2085A9B50DE7202D5755C0196A0

Function 00EE5980 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

Part of subcall function 00F49AC0: TlsGetValue.KERNEL32(?,00EE59B1,4B9D888B,?,?,00000000,?,00F4D515,000000FF,?,00EE5031,00000001,4B9D888B,?,?), ref: 00F49E22

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE59F2
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE5A11

Part of subcall function 00F49AD0: TlsSetValue.KERNEL32(?,00000001,00EE5A5E,00000000,?,00000000,?,00F4D515,000000FF,?,00EE5031,00000001,4B9D888B,?), ref: 00F49E36

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00EE5A63

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::details::_Lock::_ReaderScoped_lockScoped_lock::~_Writer$Value
String ID:
API String ID: 686491728-0
Opcode ID: 5bc7f787550042bf3a70f06745e73f57a0c571a2d1ffc7d3038552cb0a10ef15
Instruction ID: 2994194a5a183601e806ae51f431e226e034be735bee66414fc6408d3962aaf8
Opcode Fuzzy Hash: 5bc7f787550042bf3a70f06745e73f57a0c571a2d1ffc7d3038552cb0a10ef15
Instruction Fuzzy Hash: B531E5336486489BCB14DF44E862BEBF7A4EB54714F00426FEC155B381DB766900DA90

Function 00C6DB60 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?), ref: 00C6DB73
__alldvrm.LIBCMT ref: 00C6DB8D
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C6DBB4
GetTickCount.KERNEL32 ref: 00C6DBD1

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CountCounterPerformanceQueryTickUnothrow_t@std@@@__alldvrm__ehfuncinfo$??2@
String ID:
API String ID: 1296068966-0
Opcode ID: 1ff380bba4430d04d3eaa4eadd8153d48ce793e2f48c15ab512bfeb4e4c8cdfb
Instruction ID: 57eea32e7bca465e6232d5d96c0c69bce9f1197f06b151b6bcfdba0126e303e0
Opcode Fuzzy Hash: 1ff380bba4430d04d3eaa4eadd8153d48ce793e2f48c15ab512bfeb4e4c8cdfb
Instruction Fuzzy Hash: 9E11C2B1508306AFC744EF68FC49A66FFE8FB8C300F408929F588C6211E6359948DB61

Function 00F0399E Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,00000400,4B9D888B,00000000,00000000,00000000,00000000,00000000,?,?,?,00A4CFFC,00000000,?,00000000,00000000), ref: 00F039BB
GetLastError.KERNEL32(?,00A4CFFC,00000000,?,00000000,00000000,00000000,4B9D888B,?,?), ref: 00F039C7
WideCharToMultiByte.KERNEL32(?,00000000,4B9D888B,00000000,00000000,00000000,00000000,00000000,?,00A4CFFC,00000000,?,00000000,00000000,00000000,4B9D888B), ref: 00F039ED
GetLastError.KERNEL32(?,00A4CFFC,00000000,?,00000000,00000000,00000000,4B9D888B,?,?), ref: 00F039F9

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 5017a4d83004e7370ba654b51614e416257f41373dd5fd503041e5a77c4fe6df
Instruction ID: 5961b065106dee57ab1a8c8f05a677a4820d72341c622a03a14bf6307d8e899e
Opcode Fuzzy Hash: 5017a4d83004e7370ba654b51614e416257f41373dd5fd503041e5a77c4fe6df
Instruction Fuzzy Hash: 57013136B0055ABBCF220F91DC08D9F3F6AEBD97A1B108015FF0595260CA31C922FBA1

Function 00F02F66 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00F02F6D
std::_Lockit::_Lockit.LIBCPMT ref: 00F02F78
std::_Lockit::~_Lockit.LIBCPMT ref: 00F02FE6

Part of subcall function 00F030F9: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00F03111

std::locale::_Setgloballocale.LIBCPMT ref: 00F02F93

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
String ID:
API String ID: 677527491-0
Opcode ID: b62d6efdc19f861910f99dfe6b6d98ebb6ad07d9e49c6f01af916f80172daff1
Instruction ID: 9f87e8099f7decab0e3236fea1dee89c36219c8170e7661dad48715ccd0f232a
Opcode Fuzzy Hash: b62d6efdc19f861910f99dfe6b6d98ebb6ad07d9e49c6f01af916f80172daff1
Instruction Fuzzy Hash: 55019A75A001129BDB06AB20DD5967E7BA1BF84780F18800AE85157382CF786A42EBD1

Function 00F46F1F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00F3FED2,00000000,00000001,0000000C,00000000,?,00F2BA98,00000000,00000000,00000000), ref: 00F46F36
GetLastError.KERNEL32(?,00F3FED2,00000000,00000001,0000000C,00000000,?,00F2BA98,00000000,00000000,00000000,00000000,00000000,?,00F2C072,?), ref: 00F46F42

Part of subcall function 00F46F08: CloseHandle.KERNEL32(FFFFFFFE,00F46F52,?,00F3FED2,00000000,00000001,0000000C,00000000,?,00F2BA98,00000000,00000000,00000000,00000000,00000000), ref: 00F46F18

___initconout.LIBCMT ref: 00F46F52

Part of subcall function 00F46ECA: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00F46EF9,00F3FEBF,00000000,?,00F2BA98,00000000,00000000,00000000,00000000), ref: 00F46EDD

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00F3FED2,00000000,00000001,0000000C,00000000,?,00F2BA98,00000000,00000000,00000000,00000000), ref: 00F46F67

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 9d393b4a6c69b91e8a515fd1568afe9fcfa75628d3ad7fffd9d4e417255ffd14
Instruction ID: fbdbd1da251e836934def3e2e30ee9e24929bcd04ef06db812d1b90a3d38e7a1
Opcode Fuzzy Hash: 9d393b4a6c69b91e8a515fd1568afe9fcfa75628d3ad7fffd9d4e417255ffd14
Instruction Fuzzy Hash: 55F03036401658BBCF221F95EC04A8A3F26FB0A7B1F004010FE98C5130DA328820BB96

Function 00F49DC0 Relevance: 6.0, APIs: 4, Instructions: 15sleepCOMMON

Download Yara Rule

APIs

timeGetDevCaps.WINMM(00000008,00000008,?,?), ref: 00F49DCA
timeBeginPeriod.WINMM ref: 00F49DD3

Part of subcall function 00F49600: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F4960C

Sleep.KERNEL32(00000000), ref: 00F49DE3
timeEndPeriod.WINMM ref: 00F49DEC

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: time$Period$BeginCapsSleepUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 1739556815-0
Opcode ID: b60954401aae115b183bbc24596295d64f6f6372ac7e99432288f92ef188077b
Instruction ID: f259c9fa1ef8f16389985b49ea57215e5c25dbfb277f3d2458d3abc81031dfae
Opcode Fuzzy Hash: b60954401aae115b183bbc24596295d64f6f6372ac7e99432288f92ef188077b
Instruction Fuzzy Hash: 1BD06731408308EFCA04BFA0ED4D91ABB68FF44707F404824FB8681071EF355518EB56

Function 00AB81B0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 442COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB8469
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AB86FC

Strings

%s, xrefs: 00AB820F, 00AB8292, 00AB82F9, 00AB8376, 00AB83D6, 00AB84EC, 00AB8553, 00AB85B5, 00AB86C2

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: %s
API String ID: 885266447-620797490
Opcode ID: f2b03f6728ddc7b110479da52784dba5114691f0fc8183f1bc4916eaf23f67d3
Instruction ID: 41486f705095f93f9d96c0dafb4aa0dfc34924d4bac71e87428cbda94826eb53
Opcode Fuzzy Hash: f2b03f6728ddc7b110479da52784dba5114691f0fc8183f1bc4916eaf23f67d3
Instruction Fuzzy Hash: 14F1C2B1904345AFE720EF68DC46FABB7ECEB48314F100A29F55882193EB35D954C7A2

Function 00A3E560 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 404COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 00A3E9CE

Strings

: ", xrefs: 00A3E6E0, 00A3E6FA
", ", xrefs: 00A3E79A, 00A3E7B3

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: ", "$: "
API String ID: 4194217158-747220369
Opcode ID: 7e64b6af63286781fd9ad395c01e2f316064301213a55b455e75a8b843b14324
Instruction ID: 09617a41a09f1dc7f57ead5bd634e1aa5cf1184306e69c09f087dde18ffb5899
Opcode Fuzzy Hash: 7e64b6af63286781fd9ad395c01e2f316064301213a55b455e75a8b843b14324
Instruction Fuzzy Hash: CAE1BEB0A00205AFDB28DF68CC85BAEBBB5FF84304F14462DF81597781E775A991CB91

Function 00AC1B30 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_strncpy.LIBCMT ref: 00AC1CC5
_strncpy.LIBCMT ref: 00AC1D0E

Strings

unused entry in sub-node-table , xrefs: 00AC1CEC

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: _strncpy
String ID: unused entry in sub-node-table
API String ID: 2961919466-1056416979
Opcode ID: db38c775a8c962d701f96ba179a6e3bd4028e0bf9363638f354a33be91f64590
Instruction ID: 37dae29e49a867efae1e75f098c12122958329aa3be95ab247592627fdf244ad
Opcode Fuzzy Hash: db38c775a8c962d701f96ba179a6e3bd4028e0bf9363638f354a33be91f64590
Instruction Fuzzy Hash: 24A1B2B16047058FD730DF14D880BAAB3E5FF86324F45871DE4A58B292D735E985CB92

Function 00EE7EB0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 180windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,?,00000100,00000000,4B9D888B,00000000,00000000), ref: 00EE7F06
LocalFree.KERNEL32(?,?), ref: 00EE7F25

Strings

Error , xrefs: 00EE804F

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: FormatFreeLocalMessage
String ID: Error
API String ID: 1427518018-3382662757
Opcode ID: 73581a8e3a53fd6aecaa42970c661fa8774282da4235c946055a5aed90940b71
Instruction ID: 017f91ad1d4e4ec7807caff2c01db0ae2d15a9c2729dc82016a0b1d988a2256c
Opcode Fuzzy Hash: 73581a8e3a53fd6aecaa42970c661fa8774282da4235c946055a5aed90940b71
Instruction Fuzzy Hash: DF718C74A0024C9FDB14DF64CD89BDE7BB4BF45304F1081A9F949AB281EB75AA88CF51

Function 00EEFE90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

__libm_sse2_sin_precise.LIBCMT ref: 00EEFFEA
__libm_sse2_cos_precise.LIBCMT ref: 00EF0009

Strings

Failed to get DirectInput device state: , xrefs: 00EEFF3B

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: __libm_sse2_cos_precise__libm_sse2_sin_precise
String ID: Failed to get DirectInput device state:
API String ID: 1628221351-1445617456
Opcode ID: e39f9b3afdb6befa0d5b384faf10a24ba32ca5603309dde653a4c1796ed03e98
Instruction ID: 25d5a93fd30b940afb8c9ca2b39377439e7a75cb4e61da5ae11c3cb1578c2596
Opcode Fuzzy Hash: e39f9b3afdb6befa0d5b384faf10a24ba32ca5603309dde653a4c1796ed03e98
Instruction Fuzzy Hash: B0512B756043488FC325CF35D8807AA73E5EF8A304F249B29E445F7252EB35AC85CB41

Function 00A41C40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

PostQueuedCompletionStatus.KERNEL32(?,00000001,00000001,00000001,?,?,?,?,?,?,4B9D888B), ref: 00A41C7C
GetLastError.KERNEL32(?,?,?,?,?,?,4B9D888B), ref: 00A41C8A

Strings

pqcs, xrefs: 00A41D29

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CompletionErrorLastPostQueuedStatus
String ID: pqcs
API String ID: 1506555858-2559862021
Opcode ID: 2d514029df144f71eace003c3f9e1cb5cb5c91e0dc4145fb4f945ef6de61ac06
Instruction ID: 14aa52e95fe434c1df58f85908c033d8255bafd77dd7560418dd4c5394110060
Opcode Fuzzy Hash: 2d514029df144f71eace003c3f9e1cb5cb5c91e0dc4145fb4f945ef6de61ac06
Instruction Fuzzy Hash: 8B31CEB9A012148FD724DF19D885BAA77E8EF86714F10466EEC89CB210D734EC81CBD1

Function 00A47D50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,?), ref: 00A47D91

Part of subcall function 00A40A90: DeleteCriticalSection.KERNEL32(?,?,?,4B9D888B), ref: 00A40AE1

Strings

H, xrefs: 00A47E10
winsock, xrefs: 00A47E41

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalDeleteSectionStartup
String ID: H$winsock
API String ID: 1950702907-1895343069
Opcode ID: 995357616368b7978b36dfce6802c967c91a554f661b5cca398a78adbedf722c
Instruction ID: befd48803b7a07e0908b69fe805059ac26ca998da25a145ccb47896e5298994f
Opcode Fuzzy Hash: 995357616368b7978b36dfce6802c967c91a554f661b5cca398a78adbedf722c
Instruction Fuzzy Hash: 4E21ACB4A093908FD720CB08D885AAAB7E8EBD6324F40851FE898CA250D734DD05CBC2

Function 00EEDF90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(000011FF,00000000,?,00000000,?,00000000,00000000,4B9D888B,00000007), ref: 00EEDFD3
LocalFree.KERNEL32(?,?), ref: 00EEE031

Strings

error., xrefs: 00EEE003

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: FormatFreeLocalMessage
String ID: error.
API String ID: 1427518018-697007700
Opcode ID: 56c4db8eb0e97bfc62b21f8ed526501f88a28769079d054bc7e0369410391b26
Instruction ID: 4c4b59d3f48db96c9d4efda3e705f377a2e627199fc6e448759e0d705c18df64
Opcode Fuzzy Hash: 56c4db8eb0e97bfc62b21f8ed526501f88a28769079d054bc7e0369410391b26
Instruction Fuzzy Hash: A8317271A00749EFDB20DFA4D845BEABBB4FF08704F00861DE856A7391EBB5A944CB50

Function 00A3CC90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00A3CCBB
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00A3CD0A

Strings

bad locale name, xrefs: 00A3CD26

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: 100419010186f2db93fea6ef60bc04d7f64238ca612b753dc199b477d65f0102
Instruction ID: 001d4fc209ab880e05b02bf3e1ab0ab1f66ed93edb45929d5f555d8c9964786a
Opcode Fuzzy Hash: 100419010186f2db93fea6ef60bc04d7f64238ca612b753dc199b477d65f0102
Instruction Fuzzy Hash: 0E119E71504B449FD320CF69C80574BBBE8FF19710F008A1EE889C7B81E779A604CB95

Function 00A8A470 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 00A8A48F
__aullrem.LIBCMT ref: 00A8A4A7

Strings

0123, xrefs: 00A8A4B4

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: 0123
API String ID: 3839614884-2791742845
Opcode ID: d58f493e2d85c9bfa7102fd79b8964e8f625334a03523025ee852b2ceaa5b5d5
Instruction ID: afc2ba6c7129f5ceaef7b9cd9e655edf1a62d3870c773a196e981cd9011b82ae
Opcode Fuzzy Hash: d58f493e2d85c9bfa7102fd79b8964e8f625334a03523025ee852b2ceaa5b5d5
Instruction Fuzzy Hash: B3F0EC722053103EFA10BA56AC85F7FBBACDFD1BA5F14045EF64862053C2A06C5567B7

Function 00C8C970 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,000000FF,00000000,00000000,?,00000017,?,00000000,00C8D63D,?,00FE192C,?,?,?), ref: 00C8C990
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 00C8C9BA
MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,000000FF,00000000,00000000,?,00000017,?,00000000,00C8D63D,?,00FE192C,?,?,?), ref: 00C8C9E1
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?), ref: 00C8CA0C

Memory Dump Source

Source File: 00000000.00000002.3266169193.00000000009F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 009F0000, based on PE: true

Associated: 00000000.00000002.3266147406.00000000009F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000F50000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266549084.0000000000FF8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266640455.0000000001065000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266657427.0000000001068000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266674391.000000000106C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000108D000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266688949.000000000109A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3266727382.000000000109D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9f0000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 05bad6bd5373a7c01a54f30f3ebe55dab47b0e9637a598820e0b6319b8500cd8
Instruction ID: 45ed1f515a29ab48010c8f27948f2eaee20618cbfa796e84b75410458b1bf3d9
Opcode Fuzzy Hash: 05bad6bd5373a7c01a54f30f3ebe55dab47b0e9637a598820e0b6319b8500cd8
Instruction Fuzzy Hash: B1217B7290233672D331F2A65C81F6B74489F81FA4F050329BD34662C1EE78DA0062F6

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Desktop\-

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.12431.9721.exe

Function 00C7D3A0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 150
libraryloaderCOMMON

Function 00C8C280 Relevance: 12.3, APIs: 8, Instructions: 262
networksleepCOMMON

Function 00C7D510 Relevance: 43.9, APIs: 16, Strings: 9, Instructions: 190
libraryloadernetworkCOMMON

Function 00A40F80 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 251
synchronizationCOMMON

Function 00A42EC0 Relevance: 16.3, APIs: 6, Strings: 3, Instructions: 525
COMMON

Function 00A42360 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 197
timenetworkCOMMON

Function 00C6B020 Relevance: 14.0, APIs: 9, Instructions: 547
COMMON

Function 00F25309 Relevance: 13.8, APIs: 9, Instructions: 273
COMMONLIBRARYCODE

Function 00A47560 Relevance: 10.7, APIs: 7, Instructions: 228
COMMON

Function 00C6E010 Relevance: 10.6, APIs: 7, Instructions: 74
synchronizationCOMMON

Function 00F3C3FA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Function 00A51F20 Relevance: 7.7, APIs: 5, Instructions: 180
timeCOMMON

Function 00F01F0A Relevance: 7.6, APIs: 5, Instructions: 94
COMMONLIBRARYCODE

Function 00CAF320 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35
libraryloaderCOMMON