Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
console_zero.exe

Overview

General Information

Sample name:console_zero.exe
Analysis ID:1523780
MD5:d51c8934c1bb7984906741bfd1f5c060
SHA1:bef7c3d82fa55a59a64633321ba3302194e7090a
SHA256:ec3199374503cf2890616d2f77fd92e5e3a1d1025b5651fc0e288c38bee9ffd8

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
PE file contains sections with non-standard names
Program does not show much activity (idle)
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w7x64
  • console_zero.exe (PID: 3464 cmdline: "C:\Users\user\Desktop\console_zero.exe" MD5: D51C8934C1BB7984906741BFD1F5C060)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: console_zero.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: console_zero.exeReversingLabs: Detection: 79%
Source: console_zero.exeVirustotal: Detection: 69%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.9% probability
Source: console_zero.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F284614 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_000000013F284614
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F270FF4 FindClose,FindFirstFileExW,GetLastError,0_2_000000013F270FF4
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F271068 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000000013F271068
Source: console_zero.exeString found in binary or memory: http://worldtimeapi.org/api/timezone/Etc/UTC
Source: console_zero.exeString found in binary or memory: http://worldtimeapi.org/api/timezone/Etc/UTCapplication/octet-streamtext/plain;
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F288F540_2_000000013F288F54
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2597B00_2_000000013F2597B0
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2846140_2_000000013F284614
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F27C6440_2_000000013F27C644
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F251E400_2_000000013F251E40
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F28769C0_2_000000013F28769C
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F25AD500_2_000000013F25AD50
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F259D300_2_000000013F259D30
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2684400_2_000000013F268440
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2594800_2_000000013F259480
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2894AC0_2_000000013F2894AC
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F26EB000_2_000000013F26EB00
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2563000_2_000000013F256300
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2633700_2_000000013F263370
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F26A2600_2_000000013F26A260
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F261A300_2_000000013F261A30
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F255A700_2_000000013F255A70
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F279A780_2_000000013F279A78
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2831100_2_000000013F283110
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2861500_2_000000013F286150
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2589A00_2_000000013F2589A0
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F27B7E40_2_000000013F27B7E4
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2590400_2_000000013F259040
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F27A08C0_2_000000013F27A08C
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2710680_2_000000013F271068
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2610700_2_000000013F261070
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2568800_2_000000013F256880
Source: classification engineClassification label: mal60.winEXE@1/0@0/0
Source: console_zero.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\console_zero.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: console_zero.exeReversingLabs: Detection: 79%
Source: console_zero.exeVirustotal: Detection: 69%
Source: C:\Users\user\Desktop\console_zero.exeSection loaded: libcurl.dllJump to behavior
Source: console_zero.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: console_zero.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: console_zero.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: console_zero.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: console_zero.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: console_zero.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: console_zero.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: console_zero.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: console_zero.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: console_zero.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: console_zero.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: console_zero.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: console_zero.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: console_zero.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: console_zero.exeStatic PE information: section name: .fptable
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F25CB34 push rax; retf 0000h0_2_000000013F25CB41
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F284614 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_000000013F284614
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F270FF4 FindClose,FindFirstFileExW,GetLastError,0_2_000000013F270FF4
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F271068 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_000000013F271068
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F27957C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000000013F27957C
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F285880 GetProcessHeap,0_2_000000013F285880
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F2726B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_000000013F2726B0
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F27957C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000000013F27957C
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F272B44 SetUnhandledExceptionFilter,0_2_000000013F272B44
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F272964 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_000000013F272964
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F28A540 cpuid 0_2_000000013F28A540
Source: C:\Users\user\Desktop\console_zero.exeCode function: EnumSystemLocalesW,0_2_000000013F287FA8
Source: C:\Users\user\Desktop\console_zero.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_000000013F2886A4
Source: C:\Users\user\Desktop\console_zero.exeCode function: GetLocaleInfoW,0_2_000000013F288560
Source: C:\Users\user\Desktop\console_zero.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_000000013F287C44
Source: C:\Users\user\Desktop\console_zero.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_000000013F2884AC
Source: C:\Users\user\Desktop\console_zero.exeCode function: GetLocaleInfoW,0_2_000000013F2804C0
Source: C:\Users\user\Desktop\console_zero.exeCode function: GetLocaleInfoW,0_2_000000013F288354
Source: C:\Users\user\Desktop\console_zero.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_000000013F270A5C
Source: C:\Users\user\Desktop\console_zero.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_000000013F288110
Source: C:\Users\user\Desktop\console_zero.exeCode function: EnumSystemLocalesW,0_2_000000013F28014C
Source: C:\Users\user\Desktop\console_zero.exeCode function: EnumSystemLocalesW,0_2_000000013F288078
Source: C:\Users\user\Desktop\console_zero.exeCode function: 0_2_000000013F272BB0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_000000013F272BB0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
DLL Side-Loading		1
DLL Side-Loading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Obfuscated Files or Information		LSASS Memory2
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS22
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
console_zero.exe79%ReversingLabsWin64.Trojan.Lazy
console_zero.exe70%VirustotalBrowse
console_zero.exe100%AviraTR/AVI.Waski.cllrr

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://worldtimeapi.org/api/timezone/Etc/UTCapplication/octet-streamtext/plain;0%VirustotalBrowse
http://worldtimeapi.org/api/timezone/Etc/UTC0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://worldtimeapi.org/api/timezone/Etc/UTCapplication/octet-streamtext/plain;console_zero.exefalseunknown
http://worldtimeapi.org/api/timezone/Etc/UTCconsole_zero.exefalseunknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1523780
Start date and time:2024-10-02 02:21:18 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 1m 48s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:console_zero.exe
Detection:MAL
Classification:mal60.winEXE@1/0@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 90
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Execution Graph export aborted for target console_zero.exe, PID 3464 because there are no executed function

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):6.582215530037684
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:console_zero.exe
File size:482'304 bytes
MD5:d51c8934c1bb7984906741bfd1f5c060
SHA1:bef7c3d82fa55a59a64633321ba3302194e7090a
SHA256:ec3199374503cf2890616d2f77fd92e5e3a1d1025b5651fc0e288c38bee9ffd8
SHA512:8daf56eb418699b8801c4b3a9edd917aa4af104c9e990c5537baa22bd472ee3ee611b992e1cf6d7af7812aa6f61fc6e9203ff6b1d3ed26f5d7025cea7bbb4c33
SSDEEP:6144:/xlVzCCSF+jHHLSUTdtuvchEGaADXkTE6Gph0lhSMXlBXBWn5mzkvoL7QwptVY:8CSyrTNhZRDOE/ph0lhSMXli5m+sZtY
TLSH:3AA4AE5673A445F8E5AB823C886A0E06F773B80507519BCF03A8D6762F636D25E3FB11
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D...D...D...4H......4H..V...4H..B...TM..N...TM..U...TM.......L..F...4H..A...D........L..F....LP.E....L..E...RichD..........

File Icon

Icon Hash:aaf3e3e3918382a0

Static PE Info

General

Entrypoint:0x140022270
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x66DEA5A7 [Mon Sep 9 07:37:11 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:7cbb6a1c7ee262ec666856d12e1cddc8

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FD1748B5BBCh
dec eax
add esp, 28h
jmp 00007FD1748B50FFh
int3
int3
dec eax
sub esp, 28h
dec ebp
mov eax, dword ptr [ecx+38h]
dec eax
mov ecx, edx
dec ecx
mov edx, ecx
call 00007FD1748B5292h
mov eax, 00000001h
dec eax
add esp, 28h
ret
int3
int3
int3
inc eax
push ebx
inc ebp
mov ebx, dword ptr [eax]
dec eax
mov ebx, edx
inc ecx
and ebx, FFFFFFF8h
dec esp
mov ecx, ecx
inc ecx
test byte ptr [eax], 00000004h
dec esp
mov edx, ecx
je 00007FD1748B5295h
inc ecx
mov eax, dword ptr [eax+08h]
dec ebp
arpl word ptr [eax+04h], dx
neg eax
dec esp
add edx, ecx
dec eax
arpl ax, cx
dec esp
and edx, ecx
dec ecx
arpl bx, ax
dec edx
mov edx, dword ptr [eax+edx]
dec eax
mov eax, dword ptr [ebx+10h]
mov ecx, dword ptr [eax+08h]
dec eax
mov eax, dword ptr [ebx+08h]
test byte ptr [ecx+eax+03h], 0000000Fh
je 00007FD1748B528Dh
movzx eax, byte ptr [ecx+eax+03h]
and eax, FFFFFFF0h
dec esp
add ecx, eax
dec esp
xor ecx, edx
dec ecx
mov ecx, ecx
pop ebx
jmp 00007FD1748B4BF6h
int3
dec eax
mov dword ptr [esp+10h], ebx
dec eax
mov dword ptr [esp+18h], esi
push ebp
push edi
inc ecx
push esi
dec eax
mov ebp, esp
dec eax
sub esp, 10h
xor eax, eax
xor ecx, ecx
cpuid
inc esp
mov eax, ecx
inc esp
mov edx, edx
inc ecx
xor edx, 49656E69h
inc ecx
xor eax, 6C65746Eh
inc esp
mov ecx, ebx
inc esp
mov esi, eax
xor ecx, ecx

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x6fcec0x50.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x7a0000x1e8.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x750000x3780.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x7b0000xa88.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x68c100x38.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x68ad00x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x3d0000x370.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x3bae00x3bc00f927eaed0051d501c686059efd33e654False0.5218848064853556data6.47114020800147IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x3d0000x3389e0x33a00825b8dabd07d33f97fba6e87889d970dFalse0.41778431446731235x86 executable6.248023830068445IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x710000x30140x1a0000b08fcba83cb9fa25c812f74331c236False0.20477764423076922DOS executable (block device driver)3.371364536223772IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x750000x37800x38007490daad851bfe5c2e9a5fdb00546a56False0.4774693080357143data5.581403390502305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.fptable0x790000x1000x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x7a0000x1e80x200788bbd8a98670ebe22c495f9f2bdb816False0.54296875data4.772037401703051IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x7b0000xa880xc004a0b947819d1b63dcd2e4ac5be02df42False0.4716796875data5.140861859260945IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_MANIFEST0x7a0600x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143

Imports

DLLImport
KERNEL32.dllCloseHandle, GetSystemDirectoryW, WaitForSingleObject, SetEndOfFile, CreateProcessW, GetModuleFileNameW, WriteConsoleW, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, FormatMessageA, MultiByteToWideChar, LocalFree, GetLocaleInfoEx, QueryPerformanceCounter, QueryPerformanceFrequency, GetStringTypeW, CreateFileW, FindClose, FindFirstFileW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, AreFileApisANSI, GetLastError, GetModuleHandleW, GetProcAddress, GetFileInformationByHandleEx, WideCharToMultiByte, Sleep, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, CompareStringEx, GetSystemTimeAsFileTime, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RaiseException, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetStdHandle, WriteFile, GetFileSizeEx, SetFilePointerEx, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, VirtualProtect, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, HeapReAlloc, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, RtlUnwind
ADVAPI32.dllOpenSCManagerW, OpenServiceW, QueryServiceStatusEx, CloseServiceHandle
libcurl.dllcurl_easy_strerror, curl_easy_init, curl_easy_setopt, curl_easy_getinfo, curl_easy_perform, curl_easy_cleanup

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:20:22:06
Start date:01/10/2024
Path:C:\Users\user\Desktop\console_zero.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\console_zero.exe"
Imagebase:0x13f250000
File size:482'304 bytes
MD5 hash:D51C8934C1BB7984906741BFD1F5C060
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

Reset < >

    Non-executed Functions

    Function 000000013F251E40 Relevance: 49.4, APIs: 19, Strings: 9, Instructions: 382COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: curl_easy_init
    • String ID: Content type is not downloadable or response code is not OK$Failed to Initialize cURL$File could not be created.$application/octet-stream$http://worldtimeapi.org/api/timezone/Etc/UTC$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$text/plain; charset=utf-8
    • API String ID: 4195830768-1898817017
    • Opcode ID: dd57a4022b0e9311742e9fdebf0a3ceeeac9a11b63b2b98b5df3df3bf32a7c4f
    • Instruction ID: 0d8ac20c7569a586f1c22cffbf75d9bf8e602909a2d709c9d7374d803d6cb430
    • Opcode Fuzzy Hash: dd57a4022b0e9311742e9fdebf0a3ceeeac9a11b63b2b98b5df3df3bf32a7c4f
    • Instruction Fuzzy Hash: F2027B32B10B84C5EB10CF25D8843EE67A1F785B98F54822ADE4E57B95DF38C686C740
    Function 000000013F271068 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
    • String ID:
    • API String ID: 2398595512-0
    • Opcode ID: 2bc9d3583dc1840a036fe930e648cca45954369427eed4a18bce63d88121464e
    • Instruction ID: 5cdc5bf55f7758d3e9e97a925043760d410478170721143afa93bc747a093b65
    • Opcode Fuzzy Hash: 2bc9d3583dc1840a036fe930e648cca45954369427eed4a18bce63d88121464e
    • Instruction Fuzzy Hash: 85918432B01A41C6F7748B25A8547EB67A0AF857B4F544338E9B947BD5DB38CA4B8700
    Function 000000013F25AD50 Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 416serviceCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Service$CloseHandle$Open_invalid_parameter_noinfo_noreturn$FileManagerModuleNameQueryStatus
    • String ID: =$schtasks /create /tn "{}" /sc ONLOGON /tr "{}" /rl HIGHEST /f$schtasks /delete /tn "{}" /f${}Windows\System32
    • API String ID: 2392986460-3831540211
    • Opcode ID: 13fb999d032a833025d5fc49e28df8970a1a61af87425c409ec4b870bdff5ecd
    • Instruction ID: 157371ab33627b1277486084895f7b60d8849d0dbe62fa6a04c619bf14883258
    • Opcode Fuzzy Hash: 13fb999d032a833025d5fc49e28df8970a1a61af87425c409ec4b870bdff5ecd
    • Instruction Fuzzy Hash: E1125172F14B84C5EB00CB65E4453DEA3A1F7887A4F505229EE9E17B99EF78C686C700
    Function 000000013F2894AC Relevance: 13.8, APIs: 9, Instructions: 282fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
    • String ID:
    • API String ID: 1617910340-0
    • Opcode ID: 630efbede26f152250af90a848c65f569f55ced602f372e5065fa5c318c6b70a
    • Instruction ID: 2077de181636d67fcdb9112129fc1257019a21ad6488862ab495c37099649187
    • Opcode Fuzzy Hash: 630efbede26f152250af90a848c65f569f55ced602f372e5065fa5c318c6b70a
    • Instruction Fuzzy Hash: A5C1A137B20A40C6EB10CF69C4807EE3B71F349BA8F155229EE2A57795DB39C656C700
    Function 000000013F259D30 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 546COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID: directory_entry::status$directory_iterator::directory_iterator
    • API String ID: 0-806180387
    • Opcode ID: 7b5116d2ed23f8a4867835bca9a87029c5db94553d3285495f5fd9f02181c8d2
    • Instruction ID: 92f8878761e2ef723a8778ec63bd40a2797c1a1e385ef6c25e44cc9611128d76
    • Opcode Fuzzy Hash: 7b5116d2ed23f8a4867835bca9a87029c5db94553d3285495f5fd9f02181c8d2
    • Instruction Fuzzy Hash: B832E472F10B80C6EF108F69D4493EEB361F744B98F55522ADE4E17A99DB78CA86C700
    Function 000000013F287C44 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 231COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: NameTranslate$CodeInfoLocalePageValid_invalid_parameter_noinfo
    • String ID: utf8
    • API String ID: 2487361160-905460609
    • Opcode ID: fe0ab0e96cb2fd5045e2b58169b021f9d0eff599dc2eb813454682f6345e0a85
    • Instruction ID: 7d0c059e8dccee427eb0e7cdfeb8ee1f06389226a1b7fb595e3a7d877d1a0a3e
    • Opcode Fuzzy Hash: fe0ab0e96cb2fd5045e2b58169b021f9d0eff599dc2eb813454682f6345e0a85
    • Instruction Fuzzy Hash: 3291CF32B00B91C6EB249B62D8417EB6BA4FB54B84F448139EE4947796DF38CB5BC740
    Function 000000013F272964 Relevance: 10.6, APIs: 7, Instructions: 71COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
    • String ID:
    • API String ID: 3140674995-0
    • Opcode ID: 837b27677250ff5915200207aa7bfb0fa6d6ff37ccf7eb1215cd955d3c16ca33
    • Instruction ID: 6ebb5c65ab29af27e890c1bb8c2f566b371990374fb6b0248cdad0ba917558d5
    • Opcode Fuzzy Hash: 837b27677250ff5915200207aa7bfb0fa6d6ff37ccf7eb1215cd955d3c16ca33
    • Instruction Fuzzy Hash: 71315A72704B81CAEB609F61E8403EE7764F784708F44442EEA4E47B99EF38C649CB10
    Function 000000013F2886A4 Relevance: 9.2, APIs: 6, Instructions: 171COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Locale$InfoValid$CodeDefaultEnumLocalesPageSystemUser
    • String ID:
    • API String ID: 3082464267-0
    • Opcode ID: 0633a90479cd03d43aa28d7b3991ebb887b7431abdbeae792d0efb612deb9a4f
    • Instruction ID: e65f27ba0d1d45374b458222ef3c3a7c4b008d728606703411ebd174d67ebc29
    • Opcode Fuzzy Hash: 0633a90479cd03d43aa28d7b3991ebb887b7431abdbeae792d0efb612deb9a4f
    • Instruction Fuzzy Hash: 3B716932F00654C9FF219B61D9507EA2BB0BB44B88F444139EE19577D6EB38CA4AC351
    Function 000000013F27957C Relevance: 9.1, APIs: 6, Instructions: 86COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: d7e381f20560f4148f6f9e9f610669b5607a3537210e080bb223e241eff996c9
    • Instruction ID: 316564bcbc6917b6d096b913edf1794d937b2010f8556bc72a037b2ad75286e8
    • Opcode Fuzzy Hash: d7e381f20560f4148f6f9e9f610669b5607a3537210e080bb223e241eff996c9
    • Instruction Fuzzy Hash: 7C413D32614B80C6EB60CF25E8543DF77A4F789764F540129EA9D47BA9DF38C65ACB00
    Function 000000013F2884AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID: ACP$OCP
    • API String ID: 2299586839-711371036
    • Opcode ID: 99d27a0e2466fc3880c34f9669d0e5b2bcc0b204af6a7805127f96de78aeb855
    • Instruction ID: a35a3d54ba6b9b445fdeae3692df576035ddf7479b0a63a5e4987656f9564378
    • Opcode Fuzzy Hash: 99d27a0e2466fc3880c34f9669d0e5b2bcc0b204af6a7805127f96de78aeb855
    • Instruction Fuzzy Hash: D3118271A14641D3FB64DB61EA40BEB7BA0FB44784F458039FE4693699DB2CCB46C740
    Function 000000013F284614 Relevance: 7.8, APIs: 5, Instructions: 286COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: FileFindFirst_invalid_parameter_noinfo
    • String ID:
    • API String ID: 2227656907-0
    • Opcode ID: 6fd5ec0f16cea70a7d3dcf1fc6f3ea7a9f6fd9f66004c45fd511cd2571bdbde6
    • Instruction ID: 4bd338f2ea74cf1bc7ccc8b7d34d0803ae4c5f7b499864fc4eaa6021ee19a173
    • Opcode Fuzzy Hash: 6fd5ec0f16cea70a7d3dcf1fc6f3ea7a9f6fd9f66004c45fd511cd2571bdbde6
    • Instruction Fuzzy Hash: 1FB1B332B14690C2EA60DB26E814BEB6B91F745BE4F54523AFE5A07BC5DF38C646C300
    Function 000000013F26A260 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 701COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID: 0$nan
    • API String ID: 0-3707144033
    • Opcode ID: cd8ac4f2b1a95a8b11cff613033a3c2aaa59cfc47e9a335b0b07f37bd3410c20
    • Instruction ID: 2a06c44a6336acbe2d00e75f9433699afba428fb6c6a71c0acc622eb0a249260
    • Opcode Fuzzy Hash: cd8ac4f2b1a95a8b11cff613033a3c2aaa59cfc47e9a335b0b07f37bd3410c20
    • Instruction Fuzzy Hash: 8C62B173B01B84CAEB15CF29D4403EE77B0F794B98F45912AEA4A03B59DB78C592C700
    Function 000000013F272BB0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
    • String ID:
    • API String ID: 2933794660-0
    • Opcode ID: 286bc96caa746436469f344765a0e9c46eb684cc64f232f31bbdec6dee9824c0
    • Instruction ID: cc3ed07f8bc2b2ef62776f832f48b665941cd4fe904679a0e4854e0d7ae30fdd
    • Opcode Fuzzy Hash: 286bc96caa746436469f344765a0e9c46eb684cc64f232f31bbdec6dee9824c0
    • Instruction Fuzzy Hash: B9112E36B10F01CAEB00CF60E8553A937A4F719758F440E39EE6D467A4DB78C2598340
    Function 000000013F270A5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: FormatInfoLocaleMessage
    • String ID: !x-sys-default-locale
    • API String ID: 4235545615-2729719199
    • Opcode ID: 7d8f11b09aaa1dc9d5c697680109915b174e4992bb41f640556399d3d24bba4e
    • Instruction ID: 5a8ef975ea7f2d66a7da71e3a67511009e54401a62ffb025e59733ac7249dc6a
    • Opcode Fuzzy Hash: 7d8f11b09aaa1dc9d5c697680109915b174e4992bb41f640556399d3d24bba4e
    • Instruction Fuzzy Hash: 31019272F14B81C2E7118B22F4507EB6BA1F394785F548029EA890AB95CB3CC60AC700
    Function 000000013F288110 Relevance: 4.7, APIs: 3, Instructions: 165COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: InfoLocale$_invalid_parameter_noinfo
    • String ID:
    • API String ID: 4006003004-0
    • Opcode ID: aa96988dce0cb1f37db135cbc66875db874580115a9dad6673556c166ae63648
    • Instruction ID: 47ca1388fdd0e1e8ad18b883975585f0a3017c669cd0e6c89e956fce3cd6d168
    • Opcode Fuzzy Hash: aa96988dce0cb1f37db135cbc66875db874580115a9dad6673556c166ae63648
    • Instruction Fuzzy Hash: 7C618032A00A81CAEB748F21E6407EE7BA1F784745F448139EF9993695DB3CD656C740
    Function 000000013F2804C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID: GetLocaleInfoEx
    • API String ID: 2299586839-2904428671
    • Opcode ID: 24d526655c40f547c4316247419778c0208fc74f5349094d324c828c3236db7a
    • Instruction ID: 5f7f720db6ae70845fcde17c7f6dcffcaca9e853d6c1bcd68b9e105b12ae299d
    • Opcode Fuzzy Hash: 24d526655c40f547c4316247419778c0208fc74f5349094d324c828c3236db7a
    • Instruction Fuzzy Hash: F8014C31B04B84D5EA10DB16A5407DBABA1BB98BE4F58463AEE28437F5DE38C6478740
    Function 000000013F27A08C Relevance: 1.9, APIs: 1, Instructions: 373COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Info
    • String ID:
    • API String ID: 1807457897-0
    • Opcode ID: 43f1c0c8f628efea130495907b1756b6dff327b46145f74c09d26147fbcea79c
    • Instruction ID: 0bc448ea70cc4a2df21af65845e24ccf36d98c8ea61cda62d8026dc6ec09487b
    • Opcode Fuzzy Hash: 43f1c0c8f628efea130495907b1756b6dff327b46145f74c09d26147fbcea79c
    • Instruction Fuzzy Hash: 12028C72E08BC0C6E755CF3894417EA77A0F758748F159229EB98876A3EF35D29AC700
    Function 000000013F255A70 Relevance: 1.8, Strings: 1, Instructions: 595COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID: gfff
    • API String ID: 0-1553575800
    • Opcode ID: fc37a3d109b293f2bd97218f33c4271ed5ac218b03f010c35407d2c1c91027d4
    • Instruction ID: cdf2290225676d2a6a6084d085dafbd4032200e6dff769454389e15c5630200f
    • Opcode Fuzzy Hash: fc37a3d109b293f2bd97218f33c4271ed5ac218b03f010c35407d2c1c91027d4
    • Instruction Fuzzy Hash: A8222472B14784CBEB548F29E4487ABBAA1F394BC4F544139EE4F83B95D638DA46C700
    Function 000000013F286150 Relevance: 1.8, APIs: 1, Instructions: 337COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 552c495ba4b875da22ce942c2e5d6af1634dca2e21040e3958bb75f66910971d
    • Instruction ID: 822078ece0e0c6d4c8e0d4b2ea1b4bb76bcd8bc40954587a5aecc4e9bbdeecc3
    • Opcode Fuzzy Hash: 552c495ba4b875da22ce942c2e5d6af1634dca2e21040e3958bb75f66910971d
    • Instruction Fuzzy Hash: 67E14E32A04B8486E720DB61E4417EF6BA4F794B88F404639EF9D57B96EF38D646C340
    Function 000000013F259040 Relevance: 1.8, APIs: 1, Instructions: 302COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: 6e4abd47a6b1fddaf1e3a8b2ebcc004f9bc9c6d89e2608a97c835e3aed978aa0
    • Instruction ID: 53addc45e9bfa9c37f9fdb81135a8baa687f354ba031e195b42f6b93ae3a11c3
    • Opcode Fuzzy Hash: 6e4abd47a6b1fddaf1e3a8b2ebcc004f9bc9c6d89e2608a97c835e3aed978aa0
    • Instruction Fuzzy Hash: 2BB13A737206748AEB04CB6AC8553AD7BE1F389745F44822AEEAA97BC1DB3CC541C750
    Function 000000013F2597B0 Relevance: 1.7, APIs: 1, Instructions: 246COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: 0782451af11ad0ed32230529b8d32db0ded36d7f07ee881a30552f08fc253326
    • Instruction ID: 35d0b91d0ecb8b53412d6b47c86975bc46c43e436e9781af42ef4f9f5c27c828
    • Opcode Fuzzy Hash: 0782451af11ad0ed32230529b8d32db0ded36d7f07ee881a30552f08fc253326
    • Instruction Fuzzy Hash: 48B1F923F042D0C9E7018BB680543FEBFB0E74A758F59816ADFA95BA87D624C786C710
    Function 000000013F263370 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID: gfff
    • API String ID: 0-1553575800
    • Opcode ID: 562a7fd5ee0771262a49d192df6b19a279b8eb808c4c6b89c3f796357b1c5ac2
    • Instruction ID: 47db5ebf339e5340fe3f9e458e4c449943d58bdcd4e4013ffaa0fa1a6fd93b48
    • Opcode Fuzzy Hash: 562a7fd5ee0771262a49d192df6b19a279b8eb808c4c6b89c3f796357b1c5ac2
    • Instruction Fuzzy Hash: 93F117727282D0C2F7198E29D504FAE6696F344B50F11913AEE17C77D4E2BACF428352
    Function 000000013F288354 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID:
    • API String ID: 2299586839-0
    • Opcode ID: 3e20c92b08535613c8badbd03aa592248b39c8e52fbb0f57cbf822bfb5a18827
    • Instruction ID: 3c547a0551f7435a62fc2f9d3cf2cefa04c457994cb99c4a548bc44814dd9bc9
    • Opcode Fuzzy Hash: 3e20c92b08535613c8badbd03aa592248b39c8e52fbb0f57cbf822bfb5a18827
    • Instruction Fuzzy Hash: DE319E32A04685C7EB28CB21E5417EB77A1F788784F44813DEF9983696DB3CD6568740
    Function 000000013F287FA8 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
    Download Yara Rule
    APIs
    • EnumSystemLocalesW.KERNEL32(?,?,?,000000013F2887A9,?,00000000,00000092,?,?,00000000,?,000000013F27C803), ref: 000000013F288046
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: EnumLocalesSystem
    • String ID:
    • API String ID: 2099609381-0
    • Opcode ID: e2704072b015f715ba145316c2ba3ea6b37cba8038b95a5567018145add27511
    • Instruction ID: 78d3bd90dc0f44f81f42e939d3b98205418a21173e9d3eea0bbc329d327b9d7f
    • Opcode Fuzzy Hash: e2704072b015f715ba145316c2ba3ea6b37cba8038b95a5567018145add27511
    • Instruction Fuzzy Hash: 5611B177E08A44CAEB158F26D5807EA7BA0F390FE4F48912AEA65433D1DB74C6D2C740
    Function 000000013F288560 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: InfoLocale
    • String ID:
    • API String ID: 2299586839-0
    • Opcode ID: 399f77d14eee8eff0cf4206130af4da5c33d63fb3f04cfcffa89f073498af0cd
    • Instruction ID: f2ddb48d9a0ea49581a75592f7b79d13dd5edc85c9cb7796755ed93566a24342
    • Opcode Fuzzy Hash: 399f77d14eee8eff0cf4206130af4da5c33d63fb3f04cfcffa89f073498af0cd
    • Instruction Fuzzy Hash: 90113833A14664C6E7609F66D1403EF7AA1F384B64F95813AEF25437C4DB38C982C704
    Function 000000013F288078 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
    Download Yara Rule
    APIs
    • EnumSystemLocalesW.KERNEL32(?,?,?,000000013F288764,?,00000000,00000092,?,?,00000000,?,000000013F27C803), ref: 000000013F2880F6
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: EnumLocalesSystem
    • String ID:
    • API String ID: 2099609381-0
    • Opcode ID: 97678d52a516ed53be8084678899a9b75a9c3fe7187e8d808c0f580eeb36f1ac
    • Instruction ID: fe4bea3caf5542ad73f439d0938f52d51e82ebab5dff690b193b8081a3fc27bb
    • Opcode Fuzzy Hash: 97678d52a516ed53be8084678899a9b75a9c3fe7187e8d808c0f580eeb36f1ac
    • Instruction Fuzzy Hash: 8101F772F04280C6EB144F25EA407EB7AE1E740BA4F45C339EA71472D5DB79C686C700
    Function 000000013F28014C Relevance: 1.5, APIs: 1, Instructions: 24COMMON
    Download Yara Rule
    APIs
    • EnumSystemLocalesW.KERNEL32(?,?,00000000,000000013F280484,?,?,?,?,?,?,?,?,00000000,000000013F2875D8), ref: 000000013F280182
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: EnumLocalesSystem
    • String ID:
    • API String ID: 2099609381-0
    • Opcode ID: 124ec58b9f54a1e00cebed934b31ad9eb386cfff265e549c188c4b4a3f6e6a36
    • Instruction ID: 80b9a294fc6e1f804cd545adb3390684e3068aced4725ef73d8a7a3270393b3b
    • Opcode Fuzzy Hash: 124ec58b9f54a1e00cebed934b31ad9eb386cfff265e549c188c4b4a3f6e6a36
    • Instruction Fuzzy Hash: 23F01C32B00B44C2EB00DBA6F49179A73A5FBD8B90F548039E65947366CF3CCAA6C740
    Function 000000013F283110 Relevance: 1.4, APIs: 1, Instructions: 137COMMON
    Download Yara Rule
    APIs
    • GetLastError.KERNEL32 ref: 000000013F2831B5
      • Part of subcall function 000000013F2800C0: HeapAlloc.KERNEL32(?,?,00000000,000000013F27E767), ref: 000000013F280115
      • Part of subcall function 000000013F27FAB0: HeapFree.KERNEL32 ref: 000000013F27FAC6
      • Part of subcall function 000000013F27FAB0: GetLastError.KERNEL32(?,?,00000000,000000013F2869DE,?,?,?,000000013F286D5B,?,?,00000000,000000013F2872D5,?,?,?,000000013F287207), ref: 000000013F27FAD0
      • Part of subcall function 000000013F2898F4: _invalid_parameter_noinfo.LIBCMT ref: 000000013F289927
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
    • String ID:
    • API String ID: 916656526-0
    • Opcode ID: f18bca8abf2b132d9df78b68305b3ea38455e87ee38f5d3079cc42bf46ab965e
    • Instruction ID: ad81f1898f061d992ce53f0315f3c44febe4b063da86156fc7c1dadb1a7ba534
    • Opcode Fuzzy Hash: f18bca8abf2b132d9df78b68305b3ea38455e87ee38f5d3079cc42bf46ab965e
    • Instruction Fuzzy Hash: EE418E31B0164182FA709A676851FEBAB90BB95B80F54453DFE4D47B8AEE38CE068600
    Function 000000013F285880 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: HeapProcess
    • String ID:
    • API String ID: 54951025-0
    • Opcode ID: 390a68d0b1d341a6625c4f3a330ec1af953edc0df16d07a423f814d15f58c1aa
    • Instruction ID: 39ff670f2fbfe17e4d5a30cd0240e1ca67cc96114bea4341fa6aa23a96e58519
    • Opcode Fuzzy Hash: 390a68d0b1d341a6625c4f3a330ec1af953edc0df16d07a423f814d15f58c1aa
    • Instruction Fuzzy Hash: 9DB01270F03B05C2EE082B657C8278922B4BB48700FE4453CC00C41320DF3C46BB8700
    Function 000000013F2589A0 Relevance: .5, Instructions: 487COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 75b9a7fc5a65428ffeabad4d2de9c5084874a60827fdbeb9369debf7a321e3e3
    • Instruction ID: d3c3609e0b7ced87d0a0150db6cb6223c0e242b970dc5fba35debbffd4de198d
    • Opcode Fuzzy Hash: 75b9a7fc5a65428ffeabad4d2de9c5084874a60827fdbeb9369debf7a321e3e3
    • Instruction Fuzzy Hash: EFE1EA1165527456EA19413271E2BFB7BC293D2347F86901BF9C382EC6D57EC18A7B30
    Function 000000013F261070 Relevance: .4, Instructions: 447COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c959aa7bc5309b22d7a9f8cfc1af57fbf0b4ab6159ae245fcb86f181efdd71d6
    • Instruction ID: bb2c8bb30cc7c33107b12b140ca774c9ca347c9f7245c8bd13a8267a5dbd1400
    • Opcode Fuzzy Hash: c959aa7bc5309b22d7a9f8cfc1af57fbf0b4ab6159ae245fcb86f181efdd71d6
    • Instruction Fuzzy Hash: 04F15876B14784C6DB148F29E5507ABBA94F394FD4F444039DE8A83BE5D6BCE642C700
    Function 000000013F256880 Relevance: .4, Instructions: 442COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ab7b0da5788911bd31a41997a9977b1678dfd3866a48666f3a9560e8cfd0dc32
    • Instruction ID: cef757a173809282ea7a19a94d5cdbc09e1edf2f93ddb9b41d17f25b218b1092
    • Opcode Fuzzy Hash: ab7b0da5788911bd31a41997a9977b1678dfd3866a48666f3a9560e8cfd0dc32
    • Instruction Fuzzy Hash: 46D15FB1F05659C7DE188A5AE455BEABA94F394BC4F449039EE0F97BA0D634DA07C300
    Function 000000013F256300 Relevance: .4, Instructions: 428COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 38fdadba4de49c7501578a6f9b6aec28262097089be6736b0b16b70404e13fe5
    • Instruction ID: 8b798510bd7bc549c3c29512680c0b342b92f2f6ff46cc165b7cc5f58f98904f
    • Opcode Fuzzy Hash: 38fdadba4de49c7501578a6f9b6aec28262097089be6736b0b16b70404e13fe5
    • Instruction Fuzzy Hash: 87D15972F00555C7EB28CA1EA555BAAEE96E3D8780F00613DDE0B87BE0E775D986C700
    Function 000000013F268440 Relevance: .4, Instructions: 361COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b90250ed533e458ef856c43e7d9996f6f98ebfcac44663dccd830dbb1d9d24aa
    • Instruction ID: 27e0f6d1ddd492aecb1e80daa4c77c31226a6c67d6107f126bfc72460a16d1d5
    • Opcode Fuzzy Hash: b90250ed533e458ef856c43e7d9996f6f98ebfcac44663dccd830dbb1d9d24aa
    • Instruction Fuzzy Hash: 26C1E273B2469887EB56CF16DA447AAB762F7D4BE0F45C124EE5607B88DB78C902C700
    Function 000000013F27C644 Relevance: .3, Instructions: 310COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: NameTranslate$CodePageValid_invalid_parameter_noinfo
    • String ID:
    • API String ID: 4003095782-0
    • Opcode ID: c3f95cdf0eee31820903008d431d619e05042ac88f3c0fcd7ae91637df553182
    • Instruction ID: 2b804623e06968490fc04f318a89511ce5d82e8edcb6964eba576833a0f76646
    • Opcode Fuzzy Hash: c3f95cdf0eee31820903008d431d619e05042ac88f3c0fcd7ae91637df553182
    • Instruction Fuzzy Hash: B9C1A376B40680C5FB64DF7298507EF67A4F794B88F50403AEE899B696DF38C64AC700
    Function 000000013F28769C Relevance: .3, Instructions: 268COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 0aaea846a8e325605c6e1b1394cc69dfa69a41d92bf84b73f682ee1367cabe11
    • Instruction ID: 902fe2b56a0400a1f7e7acaaa7fca2c60cca3f4d74fef13fb0afb072ef1c072d
    • Opcode Fuzzy Hash: 0aaea846a8e325605c6e1b1394cc69dfa69a41d92bf84b73f682ee1367cabe11
    • Instruction Fuzzy Hash: F3B1E232A10A95C6EB64DF31D5117EB3BA1F794B88F044239EE19976C9DB38C792C780
    Function 000000013F26EB00 Relevance: .3, Instructions: 258COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d713841a35b1580748437e3c84d67d0e83897862b4f5fcc1c21a4d5745b25ced
    • Instruction ID: 6399171e457ed007af9ee21c490afcba05c142ddf16d3d5dc2f5314c7e0fe169
    • Opcode Fuzzy Hash: d713841a35b1580748437e3c84d67d0e83897862b4f5fcc1c21a4d5745b25ced
    • Instruction Fuzzy Hash: CFA1F372E01E41C6FB648A55C4197EA3795E715BF0F55423ADE2A077C1D7ECCB868308
    Function 000000013F259480 Relevance: .2, Instructions: 229COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9ce61dc6b41ded0ad075f99729c9381b1a9ac9c4249f032a3cea90fc33065c1d
    • Instruction ID: 27ca1df51a7e88b589ce8f40f7ac89a577ca972d58382c994cd0ce06b6deece1
    • Opcode Fuzzy Hash: 9ce61dc6b41ded0ad075f99729c9381b1a9ac9c4249f032a3cea90fc33065c1d
    • Instruction Fuzzy Hash: FD81D8B33241E04FD3298F2D985056D7FE0E389B86B485259FADA8F781C12CDA16DB64
    Function 000000013F279A78 Relevance: .2, Instructions: 207COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 9f3e634c8c7f89eecf561a3a8938c03e84e0908097a5b4dfbbc5e15c1acffb38
    • Instruction ID: 854807df6a93d13614b9424f99dc28f5074169b553560b4cfa69247bfb5023c5
    • Opcode Fuzzy Hash: 9f3e634c8c7f89eecf561a3a8938c03e84e0908097a5b4dfbbc5e15c1acffb38
    • Instruction Fuzzy Hash: D4818172A01B50C6EB64CF2AD4953EE37A4F744B98F54462AEE2E87796DF34C246C340
    Function 000000013F261A30 Relevance: .2, Instructions: 187COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ab7d6116e6da8dd7959bd8df116415f3ae7350ebfeb90ea6dd617fb39f4368e2
    • Instruction ID: 3275fd6ece21e9d7d6bd100e5e66d30dda2be2103e0a9f3643e8158f4bbfbe28
    • Opcode Fuzzy Hash: ab7d6116e6da8dd7959bd8df116415f3ae7350ebfeb90ea6dd617fb39f4368e2
    • Instruction Fuzzy Hash: 0361D632B15BC882DB20CB19E0453EEA361F359BE4F549225DBDD47B98EB78E281C340
    Function 000000013F288F54 Relevance: .2, Instructions: 183COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: 5f735e51ba42c29a435b6fee0ca97a49f18cc693ee91a70bf6975cf5ba86ede4
    • Instruction ID: 661982fb1e4d50eeb50a128aa96de2d3d40f0b96d81342439e7357df77c5a95a
    • Opcode Fuzzy Hash: 5f735e51ba42c29a435b6fee0ca97a49f18cc693ee91a70bf6975cf5ba86ede4
    • Instruction Fuzzy Hash: 0D61E432F18290C6FB658A2A94447FF7ED1E791B70F14023DFA1587BD5D67ACA068700
    Function 000000013F27B7E4 Relevance: .1, Instructions: 125COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ErrorFreeHeapLast
    • String ID:
    • API String ID: 485612231-0
    • Opcode ID: fac02a2c5cb47d9d9dd7b6dadc031103f8166eb98f862e298c6d3c546dcd87ff
    • Instruction ID: cc32455a9f30510b7c8b5f8624c92f7e62fd16d5d2577f2179034247b7aadaca
    • Opcode Fuzzy Hash: fac02a2c5cb47d9d9dd7b6dadc031103f8166eb98f862e298c6d3c546dcd87ff
    • Instruction Fuzzy Hash: E541A072710A54C2EF48CF6AD96579AA3A1F348FD0F49903AEE0D87B58DB3CC5468700
    Function 000000013F28A540 Relevance: .0, Instructions: 50COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1146db2df359694baeb00ba2bc24764e8b596995d09e4eecd70859f605a99997
    • Instruction ID: f079e4c99e43ff54aba67d04bb3964e326c27ccdcd1435af3c379529c19df385
    • Opcode Fuzzy Hash: 1146db2df359694baeb00ba2bc24764e8b596995d09e4eecd70859f605a99997
    • Instruction Fuzzy Hash: 7311BEB1F15555CAFB598F38E45179B7AE0E34A380F40493DD485C6694CB3DC6E28F00
    Function 000000013F272B44 Relevance: .0, Instructions: 2COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d1ddd57a1529f605333667a0d66168b08401982e4518d6fc08ea68ba6447c4bf
    • Instruction ID: a24eaeb738d1fd932a1cbf7bc55cb05b59426eaa0ae233c1017910a112f64888
    • Opcode Fuzzy Hash: d1ddd57a1529f605333667a0d66168b08401982e4518d6fc08ea68ba6447c4bf
    • Instruction Fuzzy Hash: 3AA00232904C11E4F7089F01F9643926B34E750310F911039D009460A19B3CC75FC710
    Function 000000013F268A80 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 215COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Xinvalid_argumentstd::_
    • String ID: Format specifier requires numeric argument.$Format specifier requires numeric or pointer argument.$Invalid format string.$Missing precision specifier.$Number is too big$Precision not allowed for this argument type.
    • API String ID: 909987262-255851600
    • Opcode ID: 32a14e39db8e5995dd0065d765a8fa20b9532719671b8b1109d6b3f2d1d5ba1e
    • Instruction ID: a9bd3a5ce344b280c6272bda4e260ff9852c789b27bc4e6e0b6f2bbd25d5226e
    • Opcode Fuzzy Hash: 32a14e39db8e5995dd0065d765a8fa20b9532719671b8b1109d6b3f2d1d5ba1e
    • Instruction Fuzzy Hash: B6811472E05284C6EF649B19D2603EA77A1EB64790F88803ADF4A077D5D7A8CBD3C350
    Function 000000013F25BAC0 Relevance: 18.2, APIs: 12, Instructions: 161COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: 873ca3086255e30a054778122c901f90d2adbc70ca755e6d09687d0248e01a5d
    • Instruction ID: 5f67e02aa764a9344f7d3b78d372fa32bfb907768726d1f9feac23de4e372d17
    • Opcode Fuzzy Hash: 873ca3086255e30a054778122c901f90d2adbc70ca755e6d09687d0248e01a5d
    • Instruction Fuzzy Hash: 6F613E32A01A40C4EE21DB15E5593DBB7A0F758BA4F58063AEA5E477A9DF38CA47C340
    Function 000000013F26C1A0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 423COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskFacet_RegisterXinvalid_argument
    • String ID: integral cannot be stored in wchar_t
    • API String ID: 3363080787-1689078516
    • Opcode ID: b049319e7dd6e063ac996b1f08196f71430581847dc78c0fe6edb4b47b156fc4
    • Instruction ID: f750137ff01c661b538ca277eeadf9e1871528af6f289682de4a19559f1f06e1
    • Opcode Fuzzy Hash: b049319e7dd6e063ac996b1f08196f71430581847dc78c0fe6edb4b47b156fc4
    • Instruction Fuzzy Hash: 8D02F432A54B80C5FB10DB69E4403EE77A0F7847A9F54423AEE9D17B99DB78C686C700
    Function 000000013F26B930 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 54COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID:
    • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big$Precision not allowed for this argument type.
    • API String ID: 0-435359029
    • Opcode ID: 24748325d123ea71dbef79ac5d8259b7331d8fedd8164ff7725e22ea9add8d9a
    • Instruction ID: 7e99edc5306884e4d985dd6cd09941c33e34d88e9a10e7b5013b9afaee12e34b
    • Opcode Fuzzy Hash: 24748325d123ea71dbef79ac5d8259b7331d8fedd8164ff7725e22ea9add8d9a
    • Instruction Fuzzy Hash: C8019231A0064CDAE604DB14D4A53EAB3B1EBA1740FA0003ADB5F476A6DB25CF97C300
    Function 000000013F257910 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 332COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_exception_destroy__std_fs_code_page
    • String ID: ", "$: "
    • API String ID: 2261858363-747220369
    • Opcode ID: d38f2d20e1b9a494cc3889ab51dd5c9b61e5a11f37af55df2ce3c96c06c79ff3
    • Instruction ID: 2690e468d8c171fef8a9b8096c3a3757c381446bf8644e26158054f092ad8225
    • Opcode Fuzzy Hash: d38f2d20e1b9a494cc3889ab51dd5c9b61e5a11f37af55df2ce3c96c06c79ff3
    • Instruction Fuzzy Hash: 19D19EB2B01B84C5EB04DF69D0983EE6366F744BC8F50452ADA4E07B9ADF75CA96C340
    Function 000000013F25A530 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 222processCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: CreateProcess
    • String ID: !$cmd.exe /c {}$start "" "{}"${}Windows\System32\backup_f64.exe
    • API String ID: 963392458-2847470475
    • Opcode ID: 832a9318f1970899f5e5fca4012bf49d863f92bcc7cf61dda9983d69c5333d4a
    • Instruction ID: 0c65e8a7c344448964420f725c4e8606697f935e4c402ac069f417299e2bfbb7
    • Opcode Fuzzy Hash: 832a9318f1970899f5e5fca4012bf49d863f92bcc7cf61dda9983d69c5333d4a
    • Instruction Fuzzy Hash: 36B15E33A14B81C6EB008F64E8413DEB7B4F799754F505229EB8D17A69DF78C685CB40
    Function 000000013F269D70 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Xinvalid_argumentstd::_
    • String ID: Can not switch from automatic to manual indexing$Can not switch from manual to automatic indexing$Invalid format string.$Number is too big
    • API String ID: 909987262-180087107
    • Opcode ID: 5176987a52f1c27d3b28612c64f441898979022ed9cad376766de42344afae5a
    • Instruction ID: 976c62c21b58dc0d752b112693eaacd980c88910d682ec4c8bdf204e45a42acc
    • Opcode Fuzzy Hash: 5176987a52f1c27d3b28612c64f441898979022ed9cad376766de42344afae5a
    • Instruction Fuzzy Hash: 0F51C532E00545C6EB249B19D0903FFB3A0FB51BA5F94413AEB59466D9EFA8CB87C740
    Function 000000013F271B68 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 21libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: AddressProc$HandleModule
    • String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
    • API String ID: 667068680-1247241052
    • Opcode ID: e12364ed546e4492bee5490da63ccffccaeac0ce0302eb4d82184a4ade8ceb63
    • Instruction ID: a5da9b795d2e00f90b3e107f2444c780bdc7d6e3b00fa3d6f6f5b3dbd8b67a24
    • Opcode Fuzzy Hash: e12364ed546e4492bee5490da63ccffccaeac0ce0302eb4d82184a4ade8ceb63
    • Instruction Fuzzy Hash: AAF07475E11B06D1EF049B91B8657D227A5BB48B51F841439D85946360EE78C25AC340
    Function 000000013F274CD0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 849930591-393685449
    • Opcode ID: e1ddfb8dc66dfe9084c1dece381139e513799cf0dcedf20eb996ded49054b333
    • Instruction ID: 2d84aa6f62f9c7f235a2bc1f46ad695bf319038e8652beb1da7b525d24bce684
    • Opcode Fuzzy Hash: e1ddfb8dc66dfe9084c1dece381139e513799cf0dcedf20eb996ded49054b333
    • Instruction Fuzzy Hash: 04D1B072A04B80CAEB20DF65D4417DEB7A0F749798F10412EEE8957B9BCB34D69AC701
    Function 000000013F26E840 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 177COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: std::_$Lockit$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockit::_Lockit::~_
    • String ID: bad locale name$false$true
    • API String ID: 3230409043-1062449267
    • Opcode ID: 528311310bfef3988dee22de1146fa40fd091a7e2f6e79b95c95a3dcb479b7cf
    • Instruction ID: 647905536deeac72bec1bfb731b858e451cc7c22369c98017846739448e4543e
    • Opcode Fuzzy Hash: 528311310bfef3988dee22de1146fa40fd091a7e2f6e79b95c95a3dcb479b7cf
    • Instruction Fuzzy Hash: E1816D32A15B40C9FB00DF70E4903DE7BB0FB88754F141129EE8927AAADB78C696C744
    Function 000000013F2775FC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88libraryloaderCOMMON
    Download Yara Rule
    APIs
    • LoadLibraryExW.KERNEL32(?,?,?,000000013F277803,?,?,00000000,000000013F27430A,?,?,?,000000013F273F45), ref: 000000013F277681
    • GetLastError.KERNEL32(?,?,?,000000013F277803,?,?,00000000,000000013F27430A,?,?,?,000000013F273F45), ref: 000000013F27768F
    • LoadLibraryExW.KERNEL32(?,?,?,000000013F277803,?,?,00000000,000000013F27430A,?,?,?,000000013F273F45), ref: 000000013F2776B9
    • FreeLibrary.KERNEL32(?,?,?,000000013F277803,?,?,00000000,000000013F27430A,?,?,?,000000013F273F45), ref: 000000013F277727
    • GetProcAddress.KERNEL32(?,?,?,000000013F277803,?,?,00000000,000000013F27430A,?,?,?,000000013F273F45), ref: 000000013F277733
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Library$Load$AddressErrorFreeLastProc
    • String ID: api-ms-$http://worldtimeapi.org/api/timezone/Etc/UTC
    • API String ID: 2559590344-3498514660
    • Opcode ID: 5d99794e15c5064f25ca03d4fcae458f4a97a829e661c14031debb718320974d
    • Instruction ID: 672c7fe6782ff4d55a0e442ce46e0202fa3b5fa60e39b054c2c5f61a6d000690
    • Opcode Fuzzy Hash: 5d99794e15c5064f25ca03d4fcae458f4a97a829e661c14031debb718320974d
    • Instruction Fuzzy Hash: 5B31B432B12B40D5FE25DB06A8017DB6794B744BA4F59053DED1D4B39AEF38C74A8300
    Function 000000013F27D924 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 490COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: f$p$p
    • API String ID: 3215553584-1995029353
    • Opcode ID: 63ec02cd1a391bce5ded98a613d9fe22dd2c50970bbd42dc628111fdd58b25f5
    • Instruction ID: e662c47b3f3a5568d1d1282805fa3d78c866bf90a1efdf40fabbd0a154f62ffd
    • Opcode Fuzzy Hash: 63ec02cd1a391bce5ded98a613d9fe22dd2c50970bbd42dc628111fdd58b25f5
    • Instruction Fuzzy Hash: CC12E272E04281C6FB246E15E0547EBB6A2F380754FD8413EE68647AC6D73DDA8ACB11
    Function 000000013F2818E4 Relevance: 10.8, APIs: 7, Instructions: 293COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID:
    • API String ID: 3215553584-0
    • Opcode ID: f3cb8c03f7e95ae51a398fef0e69530a41085ab52e15d11604e47edeb75b375c
    • Instruction ID: a46c7c861c678fea4d1803d07df519803b3ffe187de54d02e4f46906eaab7739
    • Opcode Fuzzy Hash: f3cb8c03f7e95ae51a398fef0e69530a41085ab52e15d11604e47edeb75b375c
    • Instruction Fuzzy Hash: 3CC1E032A04785C1EB619B5594403EF7FA4F780B90F6A1139FA4A077E2EB79CA4B8741
    Function 000000013F25E890 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 147COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: std::_$Lockit$GetcollLocinfo::_Locinfo_ctorLockit::_Lockit::~__invalid_parameter_noinfo_noreturn
    • String ID: bad locale name
    • API String ID: 3908275632-1405518554
    • Opcode ID: b9c999f54c0948ea69a1817217bead35a8b5c0c3bec631cb6a3419c327afeeba
    • Instruction ID: 923887aa1b951d06bfb1d3cb79581eb3aa6c9dc42db1592ff157b7bff02ea54f
    • Opcode Fuzzy Hash: b9c999f54c0948ea69a1817217bead35a8b5c0c3bec631cb6a3419c327afeeba
    • Instruction Fuzzy Hash: 5B516C32B02B40CAFB14DFB1E4543EE7365EB44748F144539AE4E67A9ADF38C6568348
    Function 000000013F2551F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
    • String ID: bad locale name
    • API String ID: 1386471777-1405518554
    • Opcode ID: b0ded78ae646783da08f90e092d1d2ff88ab90246ccc7ebf4c4158200793bb70
    • Instruction ID: ffe484e40442ec5ac3b3e70e26f549a09f2e26cbb42c84285f23e36807619325
    • Opcode Fuzzy Hash: b0ded78ae646783da08f90e092d1d2ff88ab90246ccc7ebf4c4158200793bb70
    • Instruction Fuzzy Hash: 15514832F16B40CAFB14DFB0E4513EE7374EB94748F0855299F4E26A96DB38C65A9340
    Function 000000013F269BE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 121COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Xinvalid_argumentstd::_
    • String ID: Invalid fill (too long).$Invalid format string.$invalid fill character '{'
    • API String ID: 909987262-2189586557
    • Opcode ID: 4ba7326e1fb939fa4a41cd0dcef36f38f9396bb7504a5203e9ca7ba399262025
    • Instruction ID: 38920622f5051109f8c67bcef6d79995bd7930cff33520a87330457470afe335
    • Opcode Fuzzy Hash: 4ba7326e1fb939fa4a41cd0dcef36f38f9396bb7504a5203e9ca7ba399262025
    • Instruction Fuzzy Hash: 5741D532F015C4C6EA24AB4AD4543EBF6E1E755BD4F58803ADB4907799DDA8CB43C300
    Function 000000013F28A1B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
    • String ID: CONOUT$
    • API String ID: 3230265001-3130406586
    • Opcode ID: 6970d58645bde5e588182146ae2c4e8f31368ad0b479b200d8cc1c567dc49a83
    • Instruction ID: 8f323253201c29f211e6af3a8ee1e17f21f5b2be213faa9baf4cb870eafada89
    • Opcode Fuzzy Hash: 6970d58645bde5e588182146ae2c4e8f31368ad0b479b200d8cc1c567dc49a83
    • Instruction Fuzzy Hash: 0D118232B10B40C6E7509B56E85479A6BA0F788FF4F544238FE5D87798CF78CA5A8740
    Function 000000013F2717AC Relevance: 9.2, APIs: 6, Instructions: 206COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ByteCharMultiStringWide
    • String ID:
    • API String ID: 2829165498-0
    • Opcode ID: 664b9071be0824f7e6d6c59822a97437346481eb553e14b66b2db997ccb091df
    • Instruction ID: da5202d50db0ecc48a58a371cfc30df3dab426da7d8586f80c38c97379c30185
    • Opcode Fuzzy Hash: 664b9071be0824f7e6d6c59822a97437346481eb553e14b66b2db997ccb091df
    • Instruction Fuzzy Hash: E1819272A01740C6EB248F25E54039BB7E5FB44BE8F14463AEA5947BDADB38C64AC700
    Function 000000013F2544A0 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: 4827edb2d4ab9dd2bfd09f86a4c1d66a88dbf977f7c44f6f2a2ee07fd434cbfe
    • Instruction ID: 6143a3ac5361419401ea71d5e998af4c85d99bace3ffc6170dcb0bb6054c456a
    • Opcode Fuzzy Hash: 4827edb2d4ab9dd2bfd09f86a4c1d66a88dbf977f7c44f6f2a2ee07fd434cbfe
    • Instruction Fuzzy Hash: 01415C32A05B40C1EE54DF16E4647DBB7A0F794B94F58113AEA8E037A9DF38C646C700
    Function 000000013F254630 Relevance: 9.1, APIs: 6, Instructions: 90COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
    • String ID:
    • API String ID: 2081738530-0
    • Opcode ID: 822f393ba3c883b5098b6abdab846d40226ece0095f80abf811d6d6cedff07ae
    • Instruction ID: ab20c58b79e33e880b01e874b364e9494d266681635ad519b59ade0448007f0c
    • Opcode Fuzzy Hash: 822f393ba3c883b5098b6abdab846d40226ece0095f80abf811d6d6cedff07ae
    • Instruction Fuzzy Hash: 46317232A04A40D5EE24DF16E4647DBB7A0F788BA4F58063ADA5E073A9DF38C647C701
    Function 000000013F2751A0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
    • String ID: csm$csm$csm
    • API String ID: 3523768491-393685449
    • Opcode ID: cd56ad560696d93c671c4dd45ee9653cedced0264f20484504f2587b70d34c94
    • Instruction ID: 7e16efba987d68496ea7d68384c54730e1f755432ffb3c87a03f68411f7ec686
    • Opcode Fuzzy Hash: cd56ad560696d93c671c4dd45ee9653cedced0264f20484504f2587b70d34c94
    • Instruction Fuzzy Hash: CBE19E73904780CAEB20DF79D4817EFBBA0F745748F144229EA99476A7DB34D68ACB00
    Function 000000013F27E720 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ErrorLast$Value$FreeHeap
    • String ID:
    • API String ID: 365477584-0
    • Opcode ID: 07558aee835ece1a34975b9eb94cfbb64e323944bc0a7bd958dd93bd6ebf0fe0
    • Instruction ID: 29f6ad7cde6be2627283156d6ea7264f7c0d38c4a849639bc223f684b75febd2
    • Opcode Fuzzy Hash: 07558aee835ece1a34975b9eb94cfbb64e323944bc0a7bd958dd93bd6ebf0fe0
    • Instruction Fuzzy Hash: 29115E35E04740C2FB54A771A8127EF1552AB84790F94453CF8264B3D7DF2CCA079351
    Function 000000013F251920 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
    • String ID: bad locale name
    • API String ID: 2967684691-1405518554
    • Opcode ID: a6da55f39fdf9bc8200ec3328757093b282cd1cb44e889046ffb737060507772
    • Instruction ID: 412bd2883f104962b800ddcaeea9c5e82bbc01bbfe05aee6cfc525defda0540a
    • Opcode Fuzzy Hash: a6da55f39fdf9bc8200ec3328757093b282cd1cb44e889046ffb737060507772
    • Instruction Fuzzy Hash: 2F413A32B46B40D9FB15DFB0E4A03EE73A4EB44748F14442D9E4A26A9ADF34C65BD344
    Function 000000013F27B0B4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: AddressFreeHandleLibraryModuleProc
    • String ID: CorExitProcess$mscoree.dll
    • API String ID: 4061214504-1276376045
    • Opcode ID: f8282f04aca3285f9bb085a0b1f70cad040bd64468f2a9c82e894fe22f5fa75f
    • Instruction ID: 1e26b408f4d673f7c030f2d48f4abc342c75c29afffe8921d19b678484bd0a41
    • Opcode Fuzzy Hash: f8282f04aca3285f9bb085a0b1f70cad040bd64468f2a9c82e894fe22f5fa75f
    • Instruction Fuzzy Hash: 28F03035B10700C1FF148B24A4553DB5760EB85764F94173DEA69452E9CF2CC64EC700
    Function 000000013F2745A0 Relevance: 7.8, APIs: 5, Instructions: 290COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: AdjustPointer
    • String ID:
    • API String ID: 1740715915-0
    • Opcode ID: 2060214476c71385d63839240c4b4b88543568a3e308bba50d176e6695ccdf8a
    • Instruction ID: 4be184a4f84e71dfe6ea838beb650f176d4aba9e0aad2404327376d1b96c9f94
    • Opcode Fuzzy Hash: 2060214476c71385d63839240c4b4b88543568a3e308bba50d176e6695ccdf8a
    • Instruction Fuzzy Hash: 32B1A332E06694C1EA65DF15D480BEBA794EB44B84F19843EDEC90B797DB34CA4B8342
    Function 000000013F26CE80 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 333COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
    • String ID: integral cannot be stored in wchar_t
    • API String ID: 4097890229-1689078516
    • Opcode ID: dce88b7c72b7f5a1a594f115e7471b349970c0d2793b9361031ff1936b99bd60
    • Instruction ID: 14f6b4d97af1e7c93c65bd6c000777afecb5a7287a1c110d8b14443fd028553d
    • Opcode Fuzzy Hash: dce88b7c72b7f5a1a594f115e7471b349970c0d2793b9361031ff1936b99bd60
    • Instruction Fuzzy Hash: 31E1D732A147C4C9FB10CB69D4403EE77A1F7457A8F90422AEE9917B99DBB8C687C700
    Function 000000013F26D580 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
    • String ID: integral cannot be stored in wchar_t
    • API String ID: 4097890229-1689078516
    • Opcode ID: 74d2101f97b131ede4e91b03268699478af81ac9703e728d9f0172cdcf59ecd6
    • Instruction ID: fe748407b9887603674d9f369fca5335d5f7d457f4e24ac5cde71478a31a8666
    • Opcode Fuzzy Hash: 74d2101f97b131ede4e91b03268699478af81ac9703e728d9f0172cdcf59ecd6
    • Instruction Fuzzy Hash: 0DE1F732E14BC8C9FB10CB68D4443EE77A0F7457A8F944229EA8D27B99DB74C686C701
    Function 000000013F26C9E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 327COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
    • String ID: integral cannot be stored in wchar_t
    • API String ID: 4097890229-1689078516
    • Opcode ID: 5e6d6dee60a44172dd1db21664a662d8f192ecf5fc1fc368641eca1c471ca01c
    • Instruction ID: 7bc3c22d01e752c879f46ba48c18d7a3f3e9252a75829b6d6f951acd01409307
    • Opcode Fuzzy Hash: 5e6d6dee60a44172dd1db21664a662d8f192ecf5fc1fc368641eca1c471ca01c
    • Instruction Fuzzy Hash: E5E10532B54B94C9FB10DF68D4403EE77A0F7497A9F50422AEA8D17B99DBB4C686C700
    Function 000000013F282AEC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo
    • String ID: UTF-16LEUNICODE$UTF-8$ccs
    • API String ID: 3215553584-1196891531
    • Opcode ID: f23b04d321df594d09105cc0f9c58b79644e81c486cead33048d8de944207ccf
    • Instruction ID: 80fb6b48fa7b43e0370f0562920f11e6f771b0c67557a23910f32c099722de42
    • Opcode Fuzzy Hash: f23b04d321df594d09105cc0f9c58b79644e81c486cead33048d8de944207ccf
    • Instruction Fuzzy Hash: 17819B72E06600C9FBA58F69C6603FB3EE0E311B88F56842DFA02676D5D729CB439751
    Function 000000013F275914 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: CallEncodePointerTranslator
    • String ID: MOC$RCC
    • API String ID: 3544855599-2084237596
    • Opcode ID: 02385c35ed37a7afd6119e9f359ed8373f321944e335c68f100b23edbbbcfec3
    • Instruction ID: e45e31b60a2a7fb7e61c203410bbec2f2ec01fd26dc2924cb70050519b0a001c
    • Opcode Fuzzy Hash: 02385c35ed37a7afd6119e9f359ed8373f321944e335c68f100b23edbbbcfec3
    • Instruction Fuzzy Hash: A3916173A04780CAE750CF65E8917DEBBB0F745788F14412EEA895775ADB38C29ACB00
    Function 000000013F257660 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 177COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
    • String ID: Unknown exception
    • API String ID: 1944019136-410509341
    • Opcode ID: ce59a1ec738c63e7db7458c05d64f0155d5748ecd0d54a8eb9ee99c7994dc9d0
    • Instruction ID: af5d035d5278b41443ea77d6a7916738d6330f699d309ff735290074fc3b7527
    • Opcode Fuzzy Hash: ce59a1ec738c63e7db7458c05d64f0155d5748ecd0d54a8eb9ee99c7994dc9d0
    • Instruction Fuzzy Hash: BB71A672A14B84C1EB109F28E4443DEA361FB957A8F105329EBAD077D9EB38C6D5C340
    Function 000000013F269F70 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 174COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID: false$true
    • API String ID: 3668304517-2658103896
    • Opcode ID: 694dcca63b190f6343553cd37fd8df6593e728db971a2221d26522668202f802
    • Instruction ID: ba40ac1af066eda64828eb83c07dfcd656633ef43fea9a1a519f064274a2350a
    • Opcode Fuzzy Hash: 694dcca63b190f6343553cd37fd8df6593e728db971a2221d26522668202f802
    • Instruction Fuzzy Hash: B9618C73B01B84D9FB11CBA9D4403EE63B1A744BA8F514229DE5D27BA9EF74C64AC340
    Function 000000013F273FA4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
    • String ID: csm
    • API String ID: 2395640692-1018135373
    • Opcode ID: 9f3e5764382b79e353fd421cc82759ff9ac55eef6c948d2523af1f36cfde52ab
    • Instruction ID: 6092fdb3ac96f33cef8b045e075090053860954966345328276e3211f1241f8b
    • Opcode Fuzzy Hash: 9f3e5764382b79e353fd421cc82759ff9ac55eef6c948d2523af1f36cfde52ab
    • Instruction Fuzzy Hash: FF513632B11600CBEB58DF15E444FAE33A5F354B98F018138EE964378ADB39DA4AC700
    Function 000000013F275E94 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
    • String ID: csm$csm
    • API String ID: 3896166516-3733052814
    • Opcode ID: 8300681d447484c55afc0c9b4aab3fb69eb02d0ce2a01e45c5db7b42942607c5
    • Instruction ID: 95b33b4b306d2f92a4ed3ee3a87dc591ab2327566dac72f9289fac3615ab5397
    • Opcode Fuzzy Hash: 8300681d447484c55afc0c9b4aab3fb69eb02d0ce2a01e45c5db7b42942607c5
    • Instruction Fuzzy Hash: AA519032A00780CAEB748F16D1443DABBA0F755B94F14413EEA9847BD7CB39D66ACB05
    Function 000000013F2756A4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: CallEncodePointerTranslator
    • String ID: MOC$RCC
    • API String ID: 3544855599-2084237596
    • Opcode ID: 8dc3d2f9a0114dfca2d6aae47b2d0d95139c22f7e1c80bbae6c6ad6783a7caca
    • Instruction ID: 7710a110bf12d10c6dc3d9e716f3965b999d2204b0e111a3172967c5f730a985
    • Opcode Fuzzy Hash: 8dc3d2f9a0114dfca2d6aae47b2d0d95139c22f7e1c80bbae6c6ad6783a7caca
    • Instruction Fuzzy Hash: 31618032904BC4C6EB709F15E4417DBF7A0F785B94F044629EB9907B9ADB78D29ACB00
    Function 000000013F251C30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
    • String ID: ios_base::failbit set
    • API String ID: 1944019136-3924258884
    • Opcode ID: 267aadf9ea922dd08215621f2d3e60c92009136e91fed0d03e426f1ef0bada73
    • Instruction ID: 7f48128cd80a294198f37f781ea957f14f6c3572e8f05f4bb02c1282e2a35527
    • Opcode Fuzzy Hash: 267aadf9ea922dd08215621f2d3e60c92009136e91fed0d03e426f1ef0bada73
    • Instruction Fuzzy Hash: 7C41D972E15B84C1EA009B65E4413EFA361FB997E4F505335EAAD027DAEF68C2D6C300
    Function 000000013F254A90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
    • String ID: bad locale name
    • API String ID: 2775327233-1405518554
    • Opcode ID: cd05f2a7c543086a16a04ca4c8d356bbee0eb6c28ae52a2d8ebe57bb0f358c9d
    • Instruction ID: 572174d566295478c343ff21a1ddbc9dd665c31a6a9003596577ea1369aa7586
    • Opcode Fuzzy Hash: cd05f2a7c543086a16a04ca4c8d356bbee0eb6c28ae52a2d8ebe57bb0f358c9d
    • Instruction Fuzzy Hash: 12413C32B02A40D9FB14DFB1D4A47EEA3A4EB44748F14443D9E4E27A9ADF34C6279354
    Function 000000013F27ED98 Relevance: 6.3, APIs: 4, Instructions: 304fileCOMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: FileWrite$ConsoleErrorLastOutput
    • String ID:
    • API String ID: 2718003287-0
    • Opcode ID: 0f6042e5e789fb370f71db1655546664f855c730a51ffb46ac018626f24bb210
    • Instruction ID: a9c320c6b04c6b522ea7008175dda634d2f19e44914c5eae7de5e1ebb924b90e
    • Opcode Fuzzy Hash: 0f6042e5e789fb370f71db1655546664f855c730a51ffb46ac018626f24bb210
    • Instruction Fuzzy Hash: A7D17C32B14A84CAE711CFA5D4407DE3BA1F354B98F54422ADE6DA7B9ADB34C60BC340
    Function 000000013F268070 Relevance: 6.3, APIs: 4, Instructions: 253COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn
    • String ID:
    • API String ID: 3668304517-0
    • Opcode ID: 0292ec1c1ff3d60aa74eb86374bbc9e045e17cdb911b2f5266e537e520d33f53
    • Instruction ID: f53c50fd2f3223ff1715f5c3c7db29e562fbb194d6f7621bbdf66e77c697f3b6
    • Opcode Fuzzy Hash: 0292ec1c1ff3d60aa74eb86374bbc9e045e17cdb911b2f5266e537e520d33f53
    • Instruction Fuzzy Hash: EFB16F72F11A80DAEB008F75D1453EE2361EB44BACF408625DE6C17AD9DBB8D696C340
    Function 000000013F27F77C Relevance: 6.2, APIs: 4, Instructions: 229COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ConsoleMode
    • String ID:
    • API String ID: 4145635619-0
    • Opcode ID: 8493ca78351d3ed7e2d2067c89e88b4f25eb8326d298875c4fbe3e4e58d039ec
    • Instruction ID: 0692abfdec03f27d63e268c80ce8c6e133ef3f9455c34c6e8b2d0ff4833a6b45
    • Opcode Fuzzy Hash: 8493ca78351d3ed7e2d2067c89e88b4f25eb8326d298875c4fbe3e4e58d039ec
    • Instruction Fuzzy Hash: D391E332E18690D9FB50DF6598907EE3BA0F348B98F44412EDE5A6778ADB34C64BC340
    Function 000000013F25E3B0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
    • String ID:
    • API String ID: 3936042273-0
    • Opcode ID: da9b75c83f40ab262d468212b1b0bb907ec4e1716d3f519eea26733e3cadfe5f
    • Instruction ID: 7f39e67e237ed228970be12ff2be49090c0b1331ef3fccd2290089aced62ee3f
    • Opcode Fuzzy Hash: da9b75c83f40ab262d468212b1b0bb907ec4e1716d3f519eea26733e3cadfe5f
    • Instruction Fuzzy Hash: 8D61C5B2B11A84C1EE14DB25D0183AEA395E748FE4F944639DA6E47BD5EF3CC692C304
    Function 000000013F270EE8 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
    Download Yara Rule
    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ByteCharErrorLastMultiWide
    • String ID:
    • API String ID: 203985260-0
    • Opcode ID: 043f9b7fb8f7c3915f83d08e0068270a15a5d8e9797dd36c1f21bb4c89f1c36c
    • Instruction ID: 5e464954abd0ad81e52f1c24d1b1a96e1c34d1b5a28f67722492327c6f26dbf6
    • Opcode Fuzzy Hash: 043f9b7fb8f7c3915f83d08e0068270a15a5d8e9797dd36c1f21bb4c89f1c36c
    • Instruction Fuzzy Hash: 34215E72A28B84C7E310CF11E44435FBAB4F798F84F640129EB8997B65DF39C90A8B00
    Function 000000013F2760CC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: __except_validate_context_record
    • String ID: csm$csm
    • API String ID: 1467352782-3733052814
    • Opcode ID: bba6a27287a92ff7749437c2310d5d134965aef2b3aa1a7ad507666b63e07a9e
    • Instruction ID: 5810906f5d1c3e578ba0ce45122b8fbe59030fcfdaa311f13cdfccbffbad505b
    • Opcode Fuzzy Hash: bba6a27287a92ff7749437c2310d5d134965aef2b3aa1a7ad507666b63e07a9e
    • Instruction Fuzzy Hash: A5719272905690CADB608F26D4547EFBFA1F345F89F188129DE9847B8BCB38C65AC740
    Function 000000013F276764 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: CreateFrameInfo__except_validate_context_record
    • String ID: csm
    • API String ID: 2558813199-1018135373
    • Opcode ID: 15df110cf7c45fef28665d72651514a228bae1b9e1fe06199d701ce5f17960b6
    • Instruction ID: 16d33656e568e39bbf3407611915579cf4ee48fcbb4c65cb5d09bde0fc17801c
    • Opcode Fuzzy Hash: 15df110cf7c45fef28665d72651514a228bae1b9e1fe06199d701ce5f17960b6
    • Instruction Fuzzy Hash: 5B516D77615B84C6EA20EF66E04079F7BF4F388B90F145129EB8907B66CB38D566CB00
    Function 000000013F27F450 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
    Download Yara Rule
    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ErrorFileLastWrite
    • String ID: U
    • API String ID: 442123175-4171548499
    • Opcode ID: 460a6f4c2857a0d39d759f3cf83dbc9c3561374e4bedd634155e9f49c4dea797
    • Instruction ID: 0915c043ad2841e84c755889a40281a4e0fc7ed4e24e250895735c7fd033e0fe
    • Opcode Fuzzy Hash: 460a6f4c2857a0d39d759f3cf83dbc9c3561374e4bedd634155e9f49c4dea797
    • Instruction Fuzzy Hash: 7241F932A19A80C6E720CF65E4447DBB7A0F388784F84013AEE4D87799DB78C606C750
    Function 000000013F273E94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
    Download Yara Rule
    APIs
    • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,000000013F26FEAE), ref: 000000013F273EE4
    • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,000000013F26FEAE), ref: 000000013F273F25
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.354775928.000000013F251000.00000020.00000001.01000000.00000003.sdmp, Offset: 000000013F250000, based on PE: true
    • Associated: 00000000.00000002.354773531.000000013F250000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354780961.000000013F28D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354783597.000000013F28E000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354788429.000000013F2C1000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354790950.000000013F2C5000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.354793621.000000013F2CA000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_13f250000_console_zero.jbxd
    Similarity
    • API ID: ExceptionFileHeaderRaise
    • String ID: csm
    • API String ID: 2573137834-1018135373
    • Opcode ID: a1aba33af3c99a122b6cdf969f71f0d5370a365bee90e89a1f01241779339eba
    • Instruction ID: 7602d5212ce307fd0ff593bf8ce52851bfd2659d016543dbca16a47725ddb2a5
    • Opcode Fuzzy Hash: a1aba33af3c99a122b6cdf969f71f0d5370a365bee90e89a1f01241779339eba
    • Instruction Fuzzy Hash: CC112B32614B8182EB618F15E44079ABBE5FB88B94F584234EA8C47B59DF3CCA568B00