Edit tour

Windows Analysis Report
Nexus-Executor.exe

Overview

General Information

Sample name:	Nexus-Executor.exe
Analysis ID:	1570764
MD5:	1d5119509128d468dd629fff653a096a
SHA1:	0715e35d06c94694373a199ac21f66535180a9b0
SHA256:	9f1f4b08d76117c87c2002659333897e28dd90bad5fd1179ae4f16cb01b3f63c
Tags:	exeuser-aachum
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

PE file contains section with special chars

Tries to harvest and steal browser information (history, passwords, etc)

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the clipboard data

Detected potential crypto function

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

Nexus-Executor.exe (PID: 7348 cmdline: "C:\Users\user\Desktop\Nexus-Executor.exe" MD5: 1D5119509128D468DD629FFF653A096A)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Nexus-Executor.exe PID: 7348	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Nexus-Executor.exe.1fdf992f1d0.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T02:19:47.038980+0100	2803274	2	Potentially Bad Traffic	192.168.2.4	49730	104.26.9.59	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Nexus-Executor.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: Nexus-Executor.exe	ReversingLabs: Detection: 39%
Source: Nexus-Executor.exe	Virustotal: Detection: 28%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: Nexus-Executor.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_000001FDF98A7750 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,

0_2_000001FDF98A7750

Source: unknown

HTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: Nexus-Executor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: Nexus-Executor.exe, Nexus-Executor.exe, 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: Nexus-Executor.exe, 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_000001FDF980F46A Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,type_info::_name_internal_method,

0_2_000001FDF980F46A

Source: Joe Sandbox View

IP Address: 104.26.9.59 104.26.9.59

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49730 -> 104.26.9.59:443

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: global traffic

DNS traffic detected: DNS query: api.myip.com

Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://https/:://websocketpp.processorGeneric
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Nexus-Executor.exe, Nexus-Executor.exe, 00000000.00000003.1724100450.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1726953792.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1726802121.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1795873465.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1734763937.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1755127204.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1728854272.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1703230610.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1707260626.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1725973398.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1889207696.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1732642943.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1750873503.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1703230610.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1733058061.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1935694968.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1883272286.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1732642943.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3505941709.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1727890985.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: Nexus-Executor.exe, 00000000.00000003.1724100450.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1726802121.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1795873465.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1889207696.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1703230610.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1935694968.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1732642943.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1707260626.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3505941709.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/&
Source: Nexus-Executor.exe, 00000000.00000003.1726953792.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1734763937.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1755127204.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1728854272.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1703230610.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1707260626.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1725973398.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1732642943.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1750873503.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1733058061.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1883272286.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3505941709.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1727890985.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724100450.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1736981495.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1750576938.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1795873465.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1935694968.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724886554.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1737976085.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1719576033.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/LL_OnlyV
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/Russia
Source: Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700896253.000001FDF9F0D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700716282.000001FDF9F09000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=169633223841
Source: Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700896253.000001FDF9F0D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700716282.000001FDF9F09000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOY
Source: Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Nexus-Executor.exe, Nexus-Executor.exe, 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage
Source: Nexus-Executor.exe, 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold
Source: Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700896253.000001FDF9F0D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700716282.000001FDF9F09000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm
Source: Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506389320.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mic
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA079000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1704054287.000001FDFA045000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FB2000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506389320.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EF9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E77000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: Nexus-Executor.exe, 00000000.00000003.1704054287.000001FDFA054000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1805839490.000001FDFA020000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FB2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016My
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA079000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1704054287.000001FDFA045000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EE1000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: Nexus-Executor.exe, 00000000.00000003.1704054287.000001FDFA054000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1805839490.000001FDFA020000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17R
Source: Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EE1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17er_id)gment_id)
Source: Nexus-Executor.exe, 00000000.00000003.1700896253.000001FDF9F0D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700716282.000001FDF9F09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a781128
Source: Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700896253.000001FDF9F0D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700716282.000001FDF9F09000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a121
Source: Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_00007FF628631C20 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,

0_2_00007FF628631C20

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_00007FF628631D70 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,

0_2_00007FF628631D70

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_00007FF628631C20 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,

0_2_00007FF628631C20

Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628660330 GetClientRect,QueryPerformanceCounter,GetForegroundWindow,ClientToScreen,SetCursorPos,GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00007FF628660330
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628660D02 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00007FF628660D02

System Summary

PE file contains section with special chars

Source: Nexus-Executor.exe	Static PE information: section name: "hR
Source: Nexus-Executor.exe	Static PE information: section name: b)b

Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628663B90 PostQuitMessage,GetWindowRect,SetWindowPos,NtdllDefWindowProc_A,		0_2_00007FF628663B90
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62866D248 NtdllDefWindowProc_A,		0_2_00007FF62866D248

Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62865EA60	0_2_00007FF62865EA60
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628660330	0_2_00007FF628660330
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628664320	0_2_00007FF628664320
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62865F2F0	0_2_00007FF62865F2F0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62865FCE0	0_2_00007FF62865FCE0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628625A30	0_2_00007FF628625A30
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62862FA00	0_2_00007FF62862FA00
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628652A00	0_2_00007FF628652A00
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF6286459E0	0_2_00007FF6286459E0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62863B1E0	0_2_00007FF62863B1E0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62864F9E0	0_2_00007FF62864F9E0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62862E1C0	0_2_00007FF62862E1C0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62865BA80	0_2_00007FF62865BA80
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62863C270	0_2_00007FF62863C270
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62862C250	0_2_00007FF62862C250
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62862F250	0_2_00007FF62862F250
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62865C310	0_2_00007FF62865C310
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62861FBB0	0_2_00007FF62861FBB0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628617390	0_2_00007FF628617390
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62865A370	0_2_00007FF62865A370
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62863DB50	0_2_00007FF62863DB50
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62865CB40	0_2_00007FF62865CB40
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628646BC0	0_2_00007FF628646BC0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628616CB0	0_2_00007FF628616CB0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628636C90	0_2_00007FF628636C90
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62864D530	0_2_00007FF62864D530
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62863BD10	0_2_00007FF62863BD10
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628660D02	0_2_00007FF628660D02
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF6286354F0	0_2_00007FF6286354F0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628647CE0	0_2_00007FF628647CE0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62865E5B0	0_2_00007FF62865E5B0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628615D90	0_2_00007FF628615D90
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62863AD40	0_2_00007FF62863AD40
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62862D620	0_2_00007FF62862D620
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628624620	0_2_00007FF628624620
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628619E10	0_2_00007FF628619E10
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF6286425F0	0_2_00007FF6286425F0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628650DE0	0_2_00007FF628650DE0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62864CDD0	0_2_00007FF62864CDD0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF6286396B0	0_2_00007FF6286396B0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628619730	0_2_00007FF628619730
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628637EF0	0_2_00007FF628637EF0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF6286246F0	0_2_00007FF6286246F0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628626EC0	0_2_00007FF628626EC0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62861DFB0	0_2_00007FF62861DFB0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF6286497F0	0_2_00007FF6286497F0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF62863BFC0	0_2_00007FF62863BFC0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_00007FF628656090	0_2_00007FF628656090
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_000001FDF9833841	0_2_000001FDF9833841
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_000001FDF97FBA30	0_2_000001FDF97FBA30
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: 0_2_000001FDF98D2720	0_2_000001FDF98D2720

Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: String function: 00007FF62866D440 appears 867 times
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: String function: 00007FF628631F40 appears 40 times
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: String function: 00007FF6286285B0 appears 36 times

Source: Nexus-Executor.exe	Static PE information: Resource name: None type: DOS executable (COM)
Source: Nexus-Executor.exe	Static PE information: Resource name: None type: COM executable for DOS

Source: Nexus-Executor.exe

Static PE information: Section: bbbb ZLIB complexity 0.999211485373886

Source: classification engine

Classification label: mal84.spyw.evad.winEXE@1/1@1/1

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_000001FDF97E6FE0 std::_Fac_node::_Fac_node,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,

0_2_000001FDF97E6FE0

Source: C:\Users\user\Desktop\Nexus-Executor.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\50SHUV6X.htm

Jump to behavior

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Nexus-Executor.exe, 00000000.00000003.1831599938.000001FDF9788000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1755229819.000001FDF9788000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1750986817.000001FDF9788000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729060042.000001FDF978D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3505375145.000001FDF9792000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1828855367.000001FDF978D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1759216638.000001FDF9788000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1704421996.000001FDF9783000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1708263889.000001FDF9784000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1879904212.000001FDF978D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE content_annotations(visit_id INTEGER PRIMARY KEY,visibility_score NUMERIC,floc_protected_score NUMERIC,categories VARCHAR,page_topics_model_version INTEGER,annotation_flags INTEGER NOT NULL,entities VARCHAR,related_searches VARCHAR,search_normalized_url VARCHAR,search_terms LONGVARCHAR,alternative_title VARCHAR,page_language VARCHAR,password_state INTEGER DEFAULT 0 NOT NULL,has_url_keyed_image BOOLEAN NOT NULL);
Source: Nexus-Executor.exe, 00000000.00000003.1883272286.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1887845002.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1725973398.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1935694968.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1733435821.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1718979377.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1750873503.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1889207696.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1737976085.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1732642943.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE autofill_profiles ( guid VARCHAR PRIMARY KEY, company_name VARCHAR, street_address VARCHAR, dependent_locality VARCHAR, city VARCHAR, state VARCHAR, zipcode VARCHAR, sorting_code VARCHAR, country_code VARCHAR, date_modified INTEGER NOT NULL DEFAULT 0, origin VARCHAR DEFAULT '', language_code VARCHAR, use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0, validity_bitfield UNSIGNED NOT NULL DEFAULT 0, is_client_validity_states_updated BOOL NOT NULL DEFAULT FALSE, label VARCHAR, disallow_settings_visible_updates INTEGER NOT NULL DEFAULT 0);
Source: Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E73000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: Nexus-Executor.exe	ReversingLabs: Detection: 39%
Source: Nexus-Executor.exe	Virustotal: Detection: 28%

Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: xinput1_4.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Nexus-Executor.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: Nexus-Executor.exe

Static file information: File size 1393194 > 1048576

Source: Nexus-Executor.exe

Static PE information: Raw size of bbbb is bigger than: 0x100000 < 0x142a00

Source: Nexus-Executor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: Nexus-Executor.exe, Nexus-Executor.exe, 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: Nexus-Executor.exe, 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Unpacked PE file: 0.2.Nexus-Executor.exe.7ff628610000.1.unpack "hR:EW;bbbb:EW;Unknown_Section2:W; vs "hR:ER;bbbb:ER;Unknown_Section2:W;

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_00007FF62865F7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,

0_2_00007FF62865F7A0

Source: initial sample

Static PE information: section where entry point is pointing to: bbbb

Source: Nexus-Executor.exe	Static PE information: section name: "hR
Source: Nexus-Executor.exe	Static PE information: section name: bbbb
Source: Nexus-Executor.exe	Static PE information: section name: b)b

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_000001FDF9824970 push es; ret

0_2_000001FDF982497F

Source: Nexus-Executor.exe

Static PE information: section name: bbbb entropy: 7.999837452913593

Source: C:\Users\user\Desktop\Nexus-Executor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate			Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\Desktop\Nexus-Executor.exe	Window / User API: threadDelayed 5534			Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Window / User API: foregroundWindowGot 1645			Jump to behavior

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Nexus-Executor.exe

0_2_000001FDF980F46A

Source: Nexus-Executor.exe, Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsdvboxserviceu
Source: Nexus-Executor.exe, Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtrayx64dbgh
Source: Nexus-Executor.exe, 00000000.00000003.1883272286.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1887845002.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1725973398.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1935694968.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1733435821.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1718979377.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1750873503.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1889207696.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1737976085.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1732642943.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW.
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser
Source: Nexus-Executor.exe, 00000000.00000003.1883272286.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1887845002.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1725973398.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1935694968.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1733435821.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1718979377.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1750873503.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1889207696.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1737976085.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1732642943.000001FDF9CDB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: wiresharkvmwareuseri
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: uuuYqeMuuqMuup_vuuuuuuuuuuuuuuuuuuuvuuuuuuuueuuuuuuWwSuu~L
Source: Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-gaVGAuthServicevmwaretrayv

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_00007FF62866C0F8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF62866C0F8

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_00007FF62865F7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,

0_2_00007FF62865F7A0

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_00007FF62866C0F8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF62866C0F8

Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,		0_2_00007FF62865F7A0
Source: C:\Users\user\Desktop\Nexus-Executor.exe	Code function: GetKeyboardLayout,GetLocaleInfoA,		0_2_00007FF62866105B

Source: C:\Users\user\Desktop\Nexus-Executor.exe

Code function: 0_2_00007FF62866C388 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF62866C388

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Nexus-Executor.exe	String found in binary or memory: \Electrum-LTC\wallets
Source: Nexus-Executor.exe	String found in binary or memory: ElectronCash
Source: Nexus-Executor.exe	String found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: Nexus-Executor.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: Nexus-Executor.exe	String found in binary or memory: \Ethereum\keystore
Source: Nexus-Executor.exe	String found in binary or memory: Exodus Web
Source: Nexus-Executor.exe	String found in binary or memory: \Ethereum\keystore
Source: Nexus-Executor.exe	String found in binary or memory: \Coinomi\Coinomi\wallets
Source: Nexus-Executor.exe	String found in binary or memory: \Ethereum\keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\Nexus-Executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Source: Yara match	File source: 0.2.Nexus-Executor.exe.1fdf992f1d0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Nexus-Executor.exe PID: 7348, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Input Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	1 Input Capture	1 Query Registry	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	2 Process Discovery	Distributed Component Object Model	3 Clipboard Data	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	12 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Nexus-Executor.exe	39%	ReversingLabs	Win32.Ransomware.Generic
Nexus-Executor.exe	28%	Virustotal		Browse
Nexus-Executor.exe	100%	Avira	HEUR/AGEN.1314582
Nexus-Executor.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://https://https/:://websocketpp.processorGeneric	0%	Avira URL Cloud	safe
https://support.mic	0%	Avira URL Cloud	safe
https://contile-images.services.mozilla.com/obgoOY	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.myip.com	104.26.9.59	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.myip.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://https://https/:://websocketpp.processorGeneric	Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm	Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700896253.000001FDF9F0D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700716282.000001FDF9F09000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016My	Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FB2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=169633223841	Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700896253.000001FDF9F0D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700716282.000001FDF9F09000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17er_id)gment_id)	Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EE1000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA079000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1704054287.000001FDFA045000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FB2000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506389320.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EF9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E77000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/Russia	Nexus-Executor.exe, 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold	Nexus-Executor.exe, 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA079000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1704054287.000001FDFA045000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EE1000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EF9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mic	Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506389320.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F58000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a781128	Nexus-Executor.exe, 00000000.00000003.1700896253.000001FDF9F0D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700716282.000001FDF9F09000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/&	Nexus-Executor.exe, 00000000.00000003.1724100450.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1726802121.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1795873465.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1889207696.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1703230610.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1935694968.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1732642943.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1707260626.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3505941709.000001FDF9CB6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/LL_OnlyV	Nexus-Executor.exe, 00000000.00000003.1726953792.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1734763937.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1755127204.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1728854272.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1703230610.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1707260626.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1725973398.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1732642943.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1750873503.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1733058061.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1883272286.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3505941709.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1727890985.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724100450.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1736981495.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1750576938.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1795873465.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1935694968.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724886554.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1737976085.000001FDF9C97000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1719576033.000001FDF9C91000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage	Nexus-Executor.exe, Nexus-Executor.exe, 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	Nexus-Executor.exe, 00000000.00000003.1704054287.000001FDFA054000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1805839490.000001FDFA020000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	Nexus-Executor.exe, 00000000.00000003.1704054287.000001FDFA054000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1805839490.000001FDFA020000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOY	Nexus-Executor.exe, 00000000.00000003.1708548117.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700896253.000001FDF9F0D000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1700716282.000001FDF9F09000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9F0E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	Nexus-Executor.exe, 00000000.00000003.1699638557.000001FDFA09E000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1729105035.000001FDF9FA9000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000003.1724297610.000001FDF9FCC000.00000004.00000020.00020000.00000000.sdmp, Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9E83000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	Nexus-Executor.exe, 00000000.00000003.1699907900.000001FDF9F11000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17R	Nexus-Executor.exe, 00000000.00000002.3506018558.000001FDF9EE1000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.9.59	api.myip.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570764
Start date and time:	2024-12-08 02:18:55 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Nexus-Executor.exe
Detection:	MAL
Classification:	mal84.spyw.evad.winEXE@1/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 84% Number of executed functions: 28 Number of non-executed functions: 151
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.26.9.59	WaveExecutor.exe	Get hash	malicious	Unknown	Browse
	Fortexternal.exe	Get hash	malicious	Unknown	Browse
	Fortexternal.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc	Browse
	ZoomInstaller.exe	Get hash	malicious	Unknown	Browse
	ZoomInstaller.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer	Browse
	eSLlhErJ0q.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.myip.com	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	Amadey, Cryptbot	Browse	172.67.75.163
	file.exe	Get hash	malicious	Amadey, XWorm	Browse	172.67.75.163
	file.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	file.exe	Get hash	malicious	LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc	Browse	104.26.9.59
	file.exe	Get hash	malicious	Ailurophile Stealer	Browse	104.26.8.59

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Xeno Executor.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	Delta.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.36.51
	'Set-up.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.185.163
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.24.90
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.185.163
	meerkat.mips.elf	Get hash	malicious	Mirai	Browse	8.44.96.113

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Xeno Executor.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.9.59
	file.exe	Get hash	malicious	Amadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, Vidar	Browse	104.26.9.59
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.9.59
	malware.exe	Get hash	malicious	Targeted Ransomware, TrojanRansom	Browse	104.26.9.59
	INQUIRY REQUEST AND PRICES_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.9.59
	Bank Swift and SOA PRN00720031415453_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.9.59
	RFQ Order list #2667747.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.9.59
	Payment Details Ref#577767.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.9.59

Process:	C:\Users\user\Desktop\Nexus-Executor.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.3585198384225
Encrypted:	false
SSDEEP:	3:YMb1gXMlJ9eMfQxaNmGGL4:YMeX6uxaNmRL4
MD5:	E86153F34E01C5AED461F812D7472D86
SHA1:	CB4491FAC004B18059BA1BDDFE2CD5696CD94F87
SHA-256:	D174A4EFD5E9EAC12E0161D4C4A1D5C26122C4C5EA6A1BE49D7A277B535CB2DF
SHA-512:	CA8A07D9515808AC4331D1790F75C2A05672E299366DE0A0EE55698F8679B366428DFB18E8390FF034B58E3D0D05165F4C9EE8F7481B7509B51A18A84DF5F51B
Malicious:	false
Reputation:	low
Preview:	{"ip":"8.46.123.228","country":"United States","cc":"US"}

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.942923120547586
TrID:	Win64 Executable GUI (202006/5) 93.51% Win64 Executable (generic) (12005/4) 5.56% DOS Executable Generic (2002/1) 0.93% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Nexus-Executor.exe
File size:	1'393'194 bytes
MD5:	1d5119509128d468dd629fff653a096a
SHA1:	0715e35d06c94694373a199ac21f66535180a9b0
SHA256:	9f1f4b08d76117c87c2002659333897e28dd90bad5fd1179ae4f16cb01b3f63c
SHA512:	945c1e903b1aa399cd7818513700777b523cc3d01221306a483515b5d08e6b56f1249367c3b493b63c6e0106b4f926a5f8a6b8673b269e1a49189ea313b5cb47
SSDEEP:	24576:YZ9Piz+Jlb6Bl3W3ILsBPEUEEl5ulQYbg/leHYuYQAOKlHk:YX6yr6L3KIYCaY5gOYyak
TLSH:	2255122FB7806BA6D435C073CB9BC359B33192909136CF2B1A828D5F65A905A7717F2C
File Content Preview:	MZ......................@.0.72.UPX!._0x0020b79..........................!..L.!This program cannot be run in DOS mode....$........z...............c.......................................c................................t.............Rich...................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x1406a3ca0
Entrypoint Section:	bbbb
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67533378 [Fri Dec 6 17:25:12 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	bd2500bb87e3a94d2777b94c3c55a684

Entrypoint Preview

Instruction
push ebx
push esi
push edi
push ebp
dec eax
lea esi, dword ptr [FFEBE355h]
dec eax
lea edi, dword ptr [esi-00561000h]
push edi
mov eax, 006A1D9Dh
push eax
dec eax
mov ecx, esp
dec eax
mov edx, edi
dec eax
mov edi, esi
mov esi, 00141C93h
push ebp
dec eax
mov ebp, esp
inc esp
mov ecx, dword ptr [ecx]
dec ecx
mov eax, edx
dec eax
mov edx, esi
dec eax
lea esi, dword ptr [edi+02h]
push esi
mov al, byte ptr [edi]
dec edx
mov cl, al
and al, 07h
shr cl, 00000003h
dec eax
mov ebx, FFFFFD00h
dec eax
shl ebx, cl
mov cl, al
dec eax
lea ebx, dword ptr [esp+ebx*2-00000E78h]
dec eax
and ebx, FFFFFFC0h
push 00000000h
dec eax
cmp esp, ebx
jne 00007F302CC8041Bh
push ebx
dec eax
lea edi, dword ptr [ebx+08h]
mov cl, byte ptr [esi-01h]
dec edx
mov byte ptr [edi+02h], al
mov al, cl
shr cl, 00000004h
mov byte ptr [edi+01h], cl
and al, 0Fh
mov byte ptr [edi], al
dec eax
lea ecx, dword ptr [edi-04h]
push eax
inc ecx
push edi
dec eax
lea eax, dword ptr [edi+04h]
inc ebp
xor edi, edi
inc ecx
push esi
inc ecx
mov esi, 00000001h
inc ecx
push ebp
inc ebp
xor ebp, ebp
inc ecx
push esp
push ebp
push ebx
dec eax
sub esp, 48h
dec eax
mov dword ptr [esp+38h], ecx
dec eax
mov dword ptr [esp+20h], eax
mov eax, 00000001h
dec eax
mov dword ptr [esp+40h], esi
dec esp
mov dword ptr [esp+30h], eax
mov ebx, eax
inc esp
mov dword ptr [esp+2Ch], ecx
movzx ecx, byte ptr [edi+02h]
shl ebx, cl
mov ecx, ebx

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[IMP] VS2005 build 50727

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6b5eb0	0x4c0	b)b
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6a5000	0x10eb0	b)b
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x374000	0x43bc	"hR
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6b6370	0x20	b)b
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x6a4880	0x28	bbbb
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x6a48b0	0x140	bbbb
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
"hR	0x1000	0x561000	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bbbb	0x562000	0x143000	0x142a00	80d84fc3e7f6b67e27be7615a2010610	False	0.999211485373886	data	7.999837452913593	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
b)b	0x6a5000	0x12000	0x11400	0ebb83e4c065739382942bc7e69fdaf9	False	0.2616621376811594	data	3.947360720361499	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
None	0x6b5cec	0x2e	data			1.108695652173913
RT_RCDATA	0x389d18	0x3201	empty			0
RT_RCDATA	0x38cf1c	0x3201	empty			0
RT_RCDATA	0x390120	0x3201	empty			0
RT_RCDATA	0x393324	0x3201	empty			0
RT_RCDATA	0x396528	0x3201	empty			0
RT_RCDATA	0x39972c	0x3201	empty			0
RT_RCDATA	0x39c930	0x3201	empty			0
RT_RCDATA	0x39fb34	0x3201	empty			0
RT_RCDATA	0x3a2d38	0x3201	empty			0
RT_RCDATA	0x3a5f3c	0x3201	empty			0
RT_RCDATA	0x3a9140	0x3201	empty			0
RT_RCDATA	0x3ac344	0x3201	empty			0
RT_RCDATA	0x3af548	0x3201	empty			0
RT_RCDATA	0x3b274c	0x3201	empty			0
RT_RCDATA	0x3b5950	0x3201	empty			0
RT_RCDATA	0x3b8b54	0x3201	empty			0
RT_RCDATA	0x3bbd58	0x3201	empty			0
RT_RCDATA	0x3bef5c	0x3201	empty			0
RT_RCDATA	0x3c2160	0x3201	empty			0
RT_RCDATA	0x3c5364	0x3201	empty			0
RT_RCDATA	0x3c8568	0x3201	empty			0
RT_RCDATA	0x3cb76c	0x3201	empty			0
RT_RCDATA	0x3ce970	0x3201	empty			0
RT_RCDATA	0x3d1b74	0x22	empty			0
RT_RCDATA	0x3d1b98	0x77	empty			0
RT_RCDATA	0x3d1c10	0x3201	empty			0
RT_RCDATA	0x3d4e14	0x3201	empty			0
RT_RCDATA	0x3d8018	0x3201	empty			0
RT_RCDATA	0x3db21c	0x3201	empty			0
RT_RCDATA	0x3de420	0x3201	empty			0
RT_RCDATA	0x3e1624	0x3201	empty			0
RT_RCDATA	0x3e4828	0x3201	empty			0
RT_RCDATA	0x3e7a2c	0x68b	empty			0
RT_RCDATA	0x3e80b8	0xf	empty			0
RT_RCDATA	0x3e80c8	0x3201	empty			0
RT_RCDATA	0x3eb2cc	0x3201	empty			0
RT_RCDATA	0x3ee4d0	0xda443	empty			0
RT_RCDATA	0x4c8914	0x3201	empty			0
RT_RCDATA	0x4cbb18	0x3201	empty			0
RT_RCDATA	0x4ced1c	0x4d8a	empty			0
RT_RCDATA	0x4d3aa8	0x3201	empty			0
RT_RCDATA	0x4d6cac	0x3201	empty			0
RT_RCDATA	0x4d9eb0	0x3201	empty			0
RT_RCDATA	0x4dd0b4	0x3201	empty			0
RT_RCDATA	0x4e02b8	0x3201	empty			0
RT_RCDATA	0x4e34bc	0x3201	empty			0
RT_RCDATA	0x4e66c0	0x3201	empty			0
RT_RCDATA	0x4e98c4	0x3201	empty			0
RT_RCDATA	0x4ecac8	0x55	empty			0
RT_RCDATA	0x4ecb20	0x3201	empty			0
RT_RCDATA	0x4efd24	0x9e	empty			0
RT_RCDATA	0x4efdc4	0x1f2	empty			0
RT_RCDATA	0x4effb8	0x3201	empty			0
RT_RCDATA	0x4f31bc	0x3201	empty			0
RT_RCDATA	0x4f63c0	0x3201	empty			0
RT_RCDATA	0x4f95c4	0x3201	empty			0
RT_RCDATA	0x4fc7c8	0x3201	empty			0
RT_RCDATA	0x4ff9cc	0x7d	empty			0
RT_RCDATA	0x4ffa4c	0x7d	empty			0
RT_RCDATA	0x4ffacc	0x7d	empty			0
RT_RCDATA	0x4ffb4c	0x7d	empty			0
RT_RCDATA	0x4ffbcc	0x7d	empty			0
RT_RCDATA	0x4ffc4c	0x7d	empty			0
RT_RCDATA	0x4ffccc	0x7d	empty			0
RT_RCDATA	0x4ffd4c	0x7d	empty			0
RT_RCDATA	0x4ffdcc	0x7d	empty			0
RT_RCDATA	0x4ffe4c	0x7d	empty			0
RT_RCDATA	0x4ffecc	0x7d	empty			0
RT_RCDATA	0x4fff4c	0x7d	empty			0
RT_RCDATA	0x4fffcc	0x7d	empty			0
RT_RCDATA	0x50004c	0x7d	empty			0
RT_RCDATA	0x5000cc	0x7d	empty			0
RT_RCDATA	0x50014c	0x7d	empty			0
RT_RCDATA	0x5001cc	0x7d	empty			0
RT_RCDATA	0x50024c	0x7d	empty			0
RT_RCDATA	0x5002cc	0x7d	empty			0
RT_RCDATA	0x50034c	0x7d	empty			0
RT_RCDATA	0x5003cc	0x7d	empty			0
RT_RCDATA	0x50044c	0x3201	empty			0
RT_RCDATA	0x503650	0x3201	empty			0
RT_RCDATA	0x506854	0x3201	empty			0
RT_RCDATA	0x509a58	0x3201	empty			0
RT_RCDATA	0x50cc5c	0x3201	empty			0
RT_RCDATA	0x50fe60	0x3201	empty			0
RT_RCDATA	0x513064	0x3201	empty			0
RT_RCDATA	0x516268	0x3201	empty			0
RT_RCDATA	0x51946c	0x3201	empty			0
RT_RCDATA	0x51c670	0x3201	empty			0
RT_RCDATA	0x51f874	0x3201	empty			0
RT_RCDATA	0x522a78	0x3201	empty			0
RT_RCDATA	0x525c7c	0x3201	empty			0
RT_RCDATA	0x528e80	0x3201	empty			0
RT_RCDATA	0x52c084	0x3201	empty			0
RT_RCDATA	0x52f288	0x3201	empty			0
RT_RCDATA	0x53248c	0x3201	empty			0
RT_RCDATA	0x535690	0x3201	empty			0
RT_RCDATA	0x538894	0x3201	empty			0
RT_RCDATA	0x53ba98	0x3201	empty			0
RT_RCDATA	0x53ec9c	0x3201	empty			0
RT_RCDATA	0x541ea0	0x3201	empty			0
RT_RCDATA	0x5450a4	0x3201	empty			0
RT_RCDATA	0x5482a8	0x3201	empty			0
RT_RCDATA	0x54b4ac	0x3201	empty			0
RT_RCDATA	0x54e6b0	0x3201	empty			0
RT_RCDATA	0x5518b4	0x3201	empty			0
RT_RCDATA	0x554ab8	0x3201	empty			0
RT_RCDATA	0x557cbc	0x3201	empty			0
RT_RCDATA	0x55aec0	0x3201	empty			0
RT_RCDATA	0x55e0c4	0x3201	empty			0
RT_RCDATA	0x5612c8	0x3201	empty			0
RT_RCDATA	0x5644cc	0x3201	data			1.0008593078665728
RT_RCDATA	0x5676d0	0x3201	data			1.0008593078665728
RT_RCDATA	0x56a8d4	0x3201	data			1.0008593078665728
RT_RCDATA	0x56dad8	0x3201	data			1.0008593078665728
RT_RCDATA	0x570cdc	0x3201	data			1.0008593078665728
RT_RCDATA	0x573ee0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5770e4	0x3201	data			1.0008593078665728
RT_RCDATA	0x57a2e8	0x3201	data			1.0008593078665728
RT_RCDATA	0x57d4ec	0x3201	data			1.0008593078665728
RT_RCDATA	0x5806f0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5838f4	0x3201	data			1.0008593078665728
RT_RCDATA	0x586af8	0x3201	data			1.0008593078665728
RT_RCDATA	0x589cfc	0x3201	data			1.0008593078665728
RT_RCDATA	0x58cf00	0x3201	data			1.0008593078665728
RT_RCDATA	0x590104	0x3201	data			1.0008593078665728
RT_RCDATA	0x593308	0x3201	data			1.0008593078665728
RT_RCDATA	0x59650c	0x3201	data			1.0008593078665728
RT_RCDATA	0x599710	0x3201	data			1.0008593078665728
RT_RCDATA	0x59c914	0x3201	Dyalog APL external workspace version -15.-68			1.0008593078665728
RT_RCDATA	0x59fb18	0x3201	OpenPGP Public Key			1.0008593078665728
RT_RCDATA	0x5a2d1c	0x3201	Novell LANalyzer capture file			1.0008593078665728
RT_RCDATA	0x5a5f20	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a9124	0x3201	data			1.0008593078665728
RT_RCDATA	0x5ac328	0x3201	data			1.0008593078665728
RT_RCDATA	0x5af52c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b2730	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b5934	0x3201	OpenPGP Public Key			1.0008593078665728
RT_RCDATA	0x5b8b38	0x3201	data			1.0008593078665728
RT_RCDATA	0x5bbd3c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5bef40	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c2144	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c5348	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c854c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5cb750	0x3201	data			1.0008593078665728
RT_RCDATA	0x5ce954	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d1b58	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d4d5c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d7f60	0x3201	data			1.0008593078665728
RT_RCDATA	0x5db164	0x3201	data			1.0008593078665728
RT_RCDATA	0x5de368	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e156c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e4770	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e7974	0x3201	data			1.0008593078665728
RT_RCDATA	0x5eab78	0x3201	data			1.0008593078665728
RT_RCDATA	0x5edd7c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f0f80	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f4184	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f7388	0x3201	data			1.0008593078665728
RT_RCDATA	0x5fa58c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5fd790	0x3201	data			1.0008593078665728
RT_RCDATA	0x600994	0x3201	data			1.0008593078665728
RT_RCDATA	0x603b98	0x3201	data			1.0008593078665728
RT_RCDATA	0x606d9c	0x3201	data			1.0008593078665728
RT_RCDATA	0x609fa0	0x3201	data			1.0008593078665728
RT_RCDATA	0x60d1a4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6103a8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6135ac	0x3201	data			1.0008593078665728
RT_RCDATA	0x6167b0	0x3201	OpenPGP Public Key			1.0008593078665728
RT_RCDATA	0x6199b4	0x3201	data			1.0008593078665728
RT_RCDATA	0x61cbb8	0x3201	data			1.0008593078665728
RT_RCDATA	0x61fdbc	0x3201	data			1.0008593078665728
RT_RCDATA	0x622fc0	0x3201	data			1.0008593078665728
RT_RCDATA	0x6261c4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6293c8	0x3201	data			1.0008593078665728
RT_RCDATA	0x62c5cc	0x3201	data			1.0008593078665728
RT_RCDATA	0x62f7d0	0x3201	data			1.0008593078665728
RT_RCDATA	0x6329d4	0x3201	data			1.0008593078665728
RT_RCDATA	0x635bd8	0x3201	data			1.0008593078665728
RT_RCDATA	0x638ddc	0x3201	data			1.0008593078665728
RT_RCDATA	0x63bfe0	0x3201	data			1.0008593078665728
RT_RCDATA	0x63f1e4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6423e8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6455ec	0x3201	data			1.0008593078665728
RT_RCDATA	0x6487f0	0x3201	data			1.0008593078665728
RT_RCDATA	0x64b9f4	0x3201	data			1.0008593078665728
RT_RCDATA	0x64ebf8	0x3201	data			1.0008593078665728
RT_RCDATA	0x651dfc	0x3201	data			1.0008593078665728
RT_RCDATA	0x655000	0x3201	data			1.0008593078665728
RT_RCDATA	0x658204	0x3201	data			1.0008593078665728
RT_RCDATA	0x65b408	0x3201	data			1.0008593078665728
RT_RCDATA	0x65e60c	0x3201	data			1.0008593078665728
RT_RCDATA	0x661810	0x3201	data			1.0008593078665728
RT_RCDATA	0x664a14	0x3201	data			1.0008593078665728
RT_RCDATA	0x667c18	0x3201	data			1.0008593078665728
RT_RCDATA	0x66ae1c	0x3201	data			1.0008593078665728
RT_RCDATA	0x66e020	0x3201	data			1.0008593078665728
RT_RCDATA	0x671224	0x3201	data			1.0008593078665728
RT_RCDATA	0x674428	0x3201	data			1.0008593078665728
RT_RCDATA	0x67762c	0x3201	data			1.0008593078665728
RT_RCDATA	0x67a830	0x3201	data			1.0008593078665728
RT_RCDATA	0x67da34	0x3201	data			1.0008593078665728
RT_RCDATA	0x680c38	0x3201	data			1.0008593078665728
RT_RCDATA	0x683e3c	0x3201	data			1.0008593078665728
RT_RCDATA	0x687040	0x3201	data			1.0008593078665728
RT_RCDATA	0x68a244	0x3201	data			1.0008593078665728
RT_RCDATA	0x68d448	0x3201	data			1.0008593078665728
RT_RCDATA	0x69064c	0x3201	data			1.0008593078665728
RT_RCDATA	0x693850	0x3201	OpenPGP Secret Key			1.0008593078665728
RT_RCDATA	0x696a54	0x3201	data			1.0008593078665728
RT_MANIFEST	0x6b5d20	0x2	data			5.0
RT_MANIFEST	0x6b5d28	0x188	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5892857142857143
None	0x699de4	0x148	data			1.0335365853658536
None	0x699f2c	0x144	data			1.0339506172839505
None	0x69a070	0x114	data			1.039855072463768
None	0x69a184	0xc8	data			1.055
None	0x69a24c	0x16c	data			1.0302197802197801
None	0x69a3b8	0x11a	data			1.0390070921985815
None	0x69a4d4	0xce	data			1.0533980582524272
None	0x69a5a4	0xae	data			1.0632183908045978
None	0x69a654	0xcc	DOS executable (COM)			1.053921568627451
None	0x69a720	0xa8	data			1.0654761904761905
None	0x69a7c8	0x10a	data			1.0413533834586466
None	0x69a8d4	0xcc	data			1.053921568627451
None	0x69a9a0	0x114	data			1.039855072463768
None	0x69aab4	0x134	data			1.0357142857142858
None	0x69abe8	0xdc	data			1.05
None	0x69acc4	0x84	data			1.0833333333333333
None	0x69ad48	0xa0	data			1.06875
None	0x69ade8	0x64	COM executable for DOS			1.11
None	0x69ae4c	0xd2	data			1.0523809523809524
None	0x69af20	0x10c	data			1.041044776119403
None	0x69b02c	0x11a	data			1.0390070921985815
None	0x69b148	0xde	data			1.0495495495495495
None	0x69b228	0x18a	data			1.0279187817258884
None	0x69b3b4	0xac	data			1.063953488372093
None	0x69b460	0x150	data			1.0327380952380953
None	0x69b5b0	0x182	data			1.028497409326425
None	0x69b734	0x104	data			1.0423076923076924
None	0x69b838	0xea	data			1.047008547008547
None	0x69b924	0xc0	data			1.0572916666666667
None	0x69b9e4	0x116	data			1.039568345323741
None	0x69bafc	0x94	OpenPGP Public Key			1.0743243243243243
None	0x69bb90	0x180	data			1.0286458333333333
None	0x69bd10	0x16a	data			1.0303867403314917
None	0x69be7c	0x13a	data			1.035031847133758
None	0x69bfb8	0xd2	data			1.0523809523809524
None	0x69c08c	0x130	data			1.0361842105263157
None	0x69c1bc	0x84	data			1.0833333333333333
None	0x69c240	0xb2	data			1.0617977528089888
None	0x69c2f4	0xf2	data			1.0454545454545454
None	0x69c3e8	0xcc	data			1.053921568627451
None	0x69c4b4	0x96	data			1.0733333333333333
None	0x69c54c	0x13a	data			1.035031847133758
None	0x69c688	0x100	data			1.04296875
None	0x69c788	0xf8	data			1.0443548387096775
None	0x69c880	0x10a	data			1.0413533834586466
None	0x69c98c	0xd2	data			1.0523809523809524
None	0x69ca60	0x8c	data			1.0785714285714285
None	0x69caec	0xbe	data			1.0578947368421052
None	0x69cbac	0x114	data			1.039855072463768
None	0x69ccc0	0x7a	data			1.0901639344262295
None	0x69cd3c	0x90	data			1.0763888888888888
None	0x69cdcc	0x112	data			1.0401459854014599
None	0x69cee0	0x138	data			1.0352564102564104
None	0x69d018	0x12c	data			1.0366666666666666
None	0x69d144	0x9a	data			1.0714285714285714
None	0x69d1e0	0x12c	OpenPGP Secret Key			1.0366666666666666
None	0x69d30c	0xbe	data			1.0578947368421052
None	0x69d3cc	0xf8	data			1.0443548387096775
None	0x69d4c4	0x56	data			1.127906976744186
None	0x69d51c	0xe2	data			1.0486725663716814
None	0x69d600	0x140	data			1.034375
None	0x69d740	0xb8	data			1.059782608695652
None	0x69d7f8	0x128	data			1.037162162162162
None	0x69d920	0xe8	data			1.0474137931034482
None	0x69da08	0x9c	data			1.0705128205128205
None	0x69daa4	0x12e	data			1.0364238410596027
None	0x69dbd4	0xb0	data			1.0625
None	0x69dc84	0xf2	data			1.0454545454545454
None	0x69dd78	0xd4	data			1.0518867924528301
None	0x69de4c	0xf6	data			1.0447154471544715
None	0x69df44	0x11e	data			1.0384615384615385
None	0x69e064	0xc4	data			1.0561224489795917
None	0x69e128	0x10a	data			1.0413533834586466
None	0x69e234	0x90	data			1.0763888888888888
None	0x69e2c4	0xc0	data			1.0572916666666667
None	0x69e384	0x11c	data			1.0387323943661972
None	0x69e4a0	0x132	data			1.0359477124183007
None	0x69e5d4	0x128	data			1.037162162162162
None	0x69e6fc	0x72	data			1.0964912280701755
None	0x69e770	0x96	data			1.0733333333333333
None	0x69e808	0xcc	data			1.053921568627451
None	0x69e8d4	0xfa	data			1.044
None	0x69e9d0	0xa8	data			1.0654761904761905
None	0x69ea78	0xc0	data			1.0572916666666667
None	0x69eb38	0xde	data			1.0495495495495495
None	0x69ec18	0x10e	OpenPGP Secret Key			1.0407407407407407
None	0x69ed28	0x98	data			1.0723684210526316
None	0x69edc0	0x17a	data			1.029100529100529
None	0x69ef3c	0xd6	data			1.0514018691588785
None	0x69f014	0x9a	data			1.0714285714285714
None	0x69f0b0	0xf0	data			1.0458333333333334
None	0x69f1a0	0xea	data			1.047008547008547
None	0x69f28c	0x98	data			1.0723684210526316
None	0x69f324	0x78	data			1.0916666666666666
None	0x69f39c	0xf4	data			1.0450819672131149
None	0x69f490	0x120	data			1.0381944444444444
None	0x69f5b0	0xaa	data			1.0647058823529412
None	0x69f65c	0xc4	data			1.0561224489795917
None	0x69f720	0xc6	data			1.0555555555555556
None	0x69f7e8	0x66	data			1.107843137254902
None	0x69f850	0xec	data			1.0466101694915255
None	0x69f93c	0x134	data			1.0357142857142858
None	0x69fa70	0x5a	data			1.1222222222222222
None	0x69facc	0x8c	data			1.0785714285714285
None	0x69fb58	0xe4	data			1.0482456140350878
None	0x69fc3c	0x172	data			1.0297297297297296
None	0x69fdb0	0x11a	data			1.0390070921985815
None	0x69fecc	0xec	data			1.0466101694915255
None	0x69ffb8	0xe6	data			1.0478260869565217
None	0x6a00a0	0xb8	data			1.059782608695652
None	0x6a0158	0x128	data			1.037162162162162
None	0x6a0280	0x114	data			1.039855072463768
None	0x6a0394	0x132	data			1.0359477124183007
None	0x6a04c8	0xfe	data			1.0433070866141732
None	0x6a05c8	0x80	OpenPGP Secret Key			1.0859375
None	0x6a0648	0xca	data			1.0544554455445545
None	0x6a0714	0xdc	data			1.05
None	0x6a07f0	0x154	data			1.0323529411764707

Imports

DLL	Import
api-ms-win-crt-heap-l1-1-0.dll	free
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale
api-ms-win-crt-math-l1-1-0.dll	cosf
api-ms-win-crt-runtime-l1-1-0.dll	exit
api-ms-win-crt-stdio-l1-1-0.dll	fseek
api-ms-win-crt-string-l1-1-0.dll	strcmp
api-ms-win-crt-utility-l1-1-0.dll	qsort
d3d9.dll	Direct3DCreate9
IMM32.dll	ImmGetContext
KeRNeL32.dlL	LoadLibraryA, DeleteAtom, GetProcAddress, VirtualProtect
MSVCP140.dll	_Query_perf_counter
OLE32.Dll	CoTaskMemFree
SHELL32.dll	ShellExecuteA
USER32.dll	SetCursor
VCRUNTIME140.dll	memcpy
VCRUNTIME140_1.dll	__CxxFrameHandler4

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-08T02:19:47.038980+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49730	104.26.9.59	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 8, 2024 02:19:45.168939114 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:45.168976068 CET	443	49730	104.26.9.59	192.168.2.4
Dec 8, 2024 02:19:45.169054985 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:45.178530931 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:45.178544044 CET	443	49730	104.26.9.59	192.168.2.4
Dec 8, 2024 02:19:46.397152901 CET	443	49730	104.26.9.59	192.168.2.4
Dec 8, 2024 02:19:46.397315025 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:46.599015951 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:46.599045992 CET	443	49730	104.26.9.59	192.168.2.4
Dec 8, 2024 02:19:46.599301100 CET	443	49730	104.26.9.59	192.168.2.4
Dec 8, 2024 02:19:46.599360943 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:46.601301908 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:46.643332958 CET	443	49730	104.26.9.59	192.168.2.4
Dec 8, 2024 02:19:47.039005041 CET	443	49730	104.26.9.59	192.168.2.4
Dec 8, 2024 02:19:47.039072037 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:47.039082050 CET	443	49730	104.26.9.59	192.168.2.4
Dec 8, 2024 02:19:47.039093971 CET	443	49730	104.26.9.59	192.168.2.4
Dec 8, 2024 02:19:47.039138079 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:47.048192978 CET	49730	443	192.168.2.4	104.26.9.59
Dec 8, 2024 02:19:47.048207045 CET	443	49730	104.26.9.59	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 8, 2024 02:19:45.020402908 CET	59849	53	192.168.2.4	1.1.1.1
Dec 8, 2024 02:19:45.162736893 CET	53	59849	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 8, 2024 02:19:45.020402908 CET	192.168.2.4	1.1.1.1	0xc336	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 8, 2024 02:19:45.162736893 CET	1.1.1.1	192.168.2.4	0xc336	No error (0)	api.myip.com	104.26.9.59	A (IP address)	IN (0x0001)	false
Dec 8, 2024 02:19:45.162736893 CET	1.1.1.1	192.168.2.4	0xc336	No error (0)	api.myip.com	172.67.75.163	A (IP address)	IN (0x0001)	false
Dec 8, 2024 02:19:45.162736893 CET	1.1.1.1	192.168.2.4	0xc336	No error (0)	api.myip.com	104.26.8.59	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.myip.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	104.26.9.59	443	7348	C:\Users\user\Desktop\Nexus-Executor.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 01:19:46 UTC	182	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43 Host: api.myip.com
2024-12-08 01:19:47 UTC	772	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 01:19:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ogeMm7YnO7BdcQQ4bK3rlKSYfcdbgUl8sjDmuWsEUK8BZ8x4iDiMG7dAN3orR9r7nHNdKIG21n87t5884pHhYytnAvsBFyIjDD3RXdKO8gbMEbW1RpOvznPuDCTgCQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ee8eddd4afa0f3d-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1508&min_rtt=1482&rtt_var=607&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2818&recv_bytes=820&delivery_rate=1727810&cwnd=131&unsent_bytes=0&cid=6b0b40526998a249&ts=654&x=0"
2024-12-08 01:19:47 UTC	63	IN	Data Raw: 33 39 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 39{"ip":"8.46.123.228","country":"United States","cc":"US"}
2024-12-08 01:19:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	20:19:43
Start date:	07/12/2024
Path:	C:\Users\user\Desktop\Nexus-Executor.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Nexus-Executor.exe"
Imagebase:	0x7ff628610000
File size:	1'393'194 bytes
MD5 hash:	1D5119509128D468DD629FFF653A096A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	2.7%
Dynamic/Decrypted Code Coverage:	9%
Signature Coverage:	25.7%
Total number of Nodes:	709
Total number of Limit Nodes:	27

Executed Functions

Function 00007FF628664320 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 888
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHBrowseForFolder.SHELL32 ref: 00007FF628664705
SHGetPathFromIDList.SHELL32 ref: 00007FF628664732
CoTaskMemFree.OLE32 ref: 00007FF628664806
RemoveDirectoryA.KERNEL32 ref: 00007FF628664E7E
CreateDirectoryA.KERNEL32 ref: 00007FF628664E8E
MessageBoxA.USER32 ref: 00007FF628664EB3
ExitProcess.KERNEL32 ref: 00007FF62866562A

Strings

Failed to create setup directory, xrefs: 00007FF628664EA5
continue, xrefs: 00007FF628665604
destinatinal folder, xrefs: 00007FF628664D51
C:\Users\user\Desktop\Nexus-Executor, xrefs: 00007FF628664740, 00007FF628664753, 00007FF62866476F, 00007FF6286647C7, 00007FF628664DB9, 00007FF628664E77, 00007FF628664E87
choose install folder, xrefs: 00007FF6286646E3
Install, xrefs: 00007FF628664E60
..., xrefs: 00007FF6286646A9
installation..., xrefs: 00007FF62866547A
Nexus-Executor, xrefs: 00007FF6286647A8
f, xrefs: 00007FF6286643FE
Nexus-Executor, xrefs: 00007FF628664817, 00007FF628664F86
Loader, xrefs: 00007FF628664843, 00007FF628664FB2
Fail, xrefs: 00007FF628664E9E
P, xrefs: 00007FF6286646F2

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: Directory$BrowseCreateExitFolderFreeFromListMessagePathProcessRemoveTask
String ID: Loader$...$C:\Users\user\Desktop\Nexus-Executor$Fail$Failed to create setup directory$Install$Nexus-Executor$Nexus-Executor$P$choose install folder$continue$destinatinal folder$f$installation...
API String ID: 3810817069-1189303417
Opcode ID: 2796e0ceb44c481c8094ebbb64c5a86d0a9228671a5d5b6b18e5b6bea70cc40e
Instruction ID: 545a5124aafda77bf026e84f80b2fe51807869a93b0f5415ef9a09b86e4f1dd2
Opcode Fuzzy Hash: 2796e0ceb44c481c8094ebbb64c5a86d0a9228671a5d5b6b18e5b6bea70cc40e
Instruction Fuzzy Hash: E0A2643191D6C685EA60DB36EC503AAB361FFC8740F404236DA8D97AAADF3CE144DB45

Function 00007FF62865F7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FF62865F803
QueryPerformanceCounter.KERNEL32 ref: 00007FF62865F819
GetKeyboardLayout.USER32 ref: 00007FF62865F910
GetLocaleInfoA.KERNEL32 ref: 00007FF62865F92C
LoadLibraryA.KERNEL32 ref: 00007FF62865F9C5
GetProcAddress.KERNEL32 ref: 00007FF62865F9FD
GetProcAddress.KERNEL32 ref: 00007FF62865FA11

Strings

XInputGetState, xrefs: 00007FF62865FA03
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62865F7BC
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF62865F7C3
xinput1_4.dll, xrefs: 00007FF62865F977
io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!", xrefs: 00007FF62865F7EE
XInputGetCapabilities, xrefs: 00007FF62865F9EF
i >= 0 && i < Size, xrefs: 00007FF62865F955
xinput9_1_0.dll, xrefs: 00007FF62865F98F
C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF62865F7E7
imgui_impl_win32, xrefs: 00007FF62865F8D0
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62865F94E
xinput1_1.dll, xrefs: 00007FF62865F9A7
xinput1_2.dll, xrefs: 00007FF62865F99B
xinput1_3.dll, xrefs: 00007FF62865F983

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: AddressPerformanceProcQuery$CounterFrequencyInfoKeyboardLayoutLibraryLoadLocale
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$XInputGetCapabilities$XInputGetState$i >= 0 && i < Size$imgui_impl_win32$io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!"$xinput1_1.dll$xinput1_2.dll$xinput1_3.dll$xinput1_4.dll$xinput9_1_0.dll
API String ID: 2839060773-805143068
Opcode ID: c0cd0a30def10a826129bf9a140cdbbcde0c23294fc851b4d240245f1bddf609
Instruction ID: 0a182119afba14dda186ad59f57248f1c58b36db4298593aec804e7723847e29
Opcode Fuzzy Hash: c0cd0a30def10a826129bf9a140cdbbcde0c23294fc851b4d240245f1bddf609
Instruction Fuzzy Hash: DC716D32A08F8686EB108F26EC802A973B5FB54B84F445137CA8D87B64EF3CE495D745

Function 00007FF628660330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182
keyboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClientRect.USER32 ref: 00007FF6286603B0
QueryPerformanceCounter.KERNEL32 ref: 00007FF6286603EC
GetForegroundWindow.USER32 ref: 00007FF628660445
ClientToScreen.USER32 ref: 00007FF62866047D
SetCursorPos.USER32 ref: 00007FF62866048F
GetCursorPos.USER32 ref: 00007FF6286604A9
ScreenToClient.USER32 ref: 00007FF6286604BB
GetKeyState.USER32 ref: 00007FF6286604FD
GetKeyState.USER32 ref: 00007FF628660544
GetKeyState.USER32 ref: 00007FF62866058B
GetKeyState.USER32 ref: 00007FF6286605D2

Strings

bd->hWnd != 0, xrefs: 00007FF628660438
bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?", xrefs: 00007FF628660361
C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF62866035A, 00007FF628660431
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628660380
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF628660387

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: State$Client$CursorScreen$CounterForegroundPerformanceQueryRectWindow
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?"$bd->hWnd != 0
API String ID: 1576454153-990843061
Opcode ID: 7959d9425d8ed27d20723f75cacdc1de561572c0acbd32c942e8bf78f96d5c61
Instruction ID: 3a3eb3e5946df514fff0698ba112295a6a79c63d9137c3e2726932c569bb7fd1
Opcode Fuzzy Hash: 7959d9425d8ed27d20723f75cacdc1de561572c0acbd32c942e8bf78f96d5c61
Instruction Fuzzy Hash: 0F918C21E086D786FF628B36DD4437977A1FF81B84F084136DA4D966A5CF6CE880DB06

Function 00007FF62865F2F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF62865F4C2
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62865F57D

Strings

, xrefs: 00007FF62865F3DD
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62865F319
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF62865F320

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007$A451310F020
String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"
API String ID: 4201092786-1764846569
Opcode ID: 6ae176d6e0eb2cf1f3d1eb99467d1eee22df9ef7a2d82d4be6f03e8a146695dc
Instruction ID: db4be2bc94543a12d9a468f0e84f32f05b8349c24577ddf0b262e3630963be97
Opcode Fuzzy Hash: 6ae176d6e0eb2cf1f3d1eb99467d1eee22df9ef7a2d82d4be6f03e8a146695dc
Instruction Fuzzy Hash: 6B916A32705B818AEB108F36DC902AD77A5FB99B88F548136DE4E93B69DF38E445C305

Function 00007FF628663B90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtdllDefWindowProc_A.NTDLL ref: 00007FF628663DD0

Strings

E, xrefs: 00007FF628663D76

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: NtdllProc_Window
String ID: E
API String ID: 4255912815-3568589458
Opcode ID: f71ada217520157a8222c974fd66714a8a8b4378b5c258b324b72a7210dee7ba
Instruction ID: 435076e74ae59fe65eada7619202886d4cfb2ef435277ff3403c99bfe8ec33e1
Opcode Fuzzy Hash: f71ada217520157a8222c974fd66714a8a8b4378b5c258b324b72a7210dee7ba
Instruction Fuzzy Hash: B6513231A0C6D38AEB608B28ED4437A77A0FB85751F180137EA9DC2699DF3DD844DB06

Function 000001FDF980F46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF980F47B
FindFirstFileA.KERNEL32 ref: 000001FDF980F48B

Part of subcall function 000001FDF97E5180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E5217

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$FileFindFirst
String ID:
API String ID: 2113789597-0
Opcode ID: 36f8d388834b13250c1cd56afc24a702a3d02f2d48f31d1d6ce06cf885ec64b2
Instruction ID: 3599ac5eccfd258bd4257624c9a866e809272d8ffb4eb95eab7587fcb223a34b
Opcode Fuzzy Hash: 36f8d388834b13250c1cd56afc24a702a3d02f2d48f31d1d6ce06cf885ec64b2
Instruction Fuzzy Hash: F212DF31518B498FE7A5FB14D895BFAB3E2FBD8344F50496EA08FC31A1DE3099458B42

Function 000001FDF97E6FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001FDF97EA110: char_traits.LIBCPMTD ref: 000001FDF97EA13D

std::_Fac_node::_Fac_node.LIBCPMTD ref: 000001FDF97E754F
CreateToolhelp32Snapshot.KERNEL32 ref: 000001FDF97E75C4
Process32FirstW.KERNEL32 ref: 000001FDF97E764B
Process32NextW.KERNEL32 ref: 000001FDF97E77AB

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Process32$CreateFac_nodeFac_node::_FirstNextSnapshotToolhelp32char_traitsstd::_
String ID:
API String ID: 4114415025-0
Opcode ID: 2cf1e73a0f9107235ddbfb485c3595bfcba21e3825775f53e0b531762a104419
Instruction ID: a8775efe14ac57bed0ff574f2e9416903a03b7995f9d30cd34bf7096697aced1
Opcode Fuzzy Hash: 2cf1e73a0f9107235ddbfb485c3595bfcba21e3825775f53e0b531762a104419
Instruction Fuzzy Hash: D9321132A14B494BE799FB34D865BFBB2D2FB98340F90097E614BC3192ED319946C742

Function 00007FF62865EA60 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 374
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF62865ED6F

Strings

i >= 0 && i < Size, xrefs: 00007FF62865ECA9, 00007FF62865EE48, 00007FF62865EE96
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62865ECA2, 00007FF62865EE41, 00007FF62865EE8F

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 338975850-1817040388
Opcode ID: b1eec2181c1e359eb28f9bbcb687503fb88331483defa231dfb92dd7bb477368
Instruction ID: 112b7bec902de2731f37191527658f698e58fd431de6c431788afef868a3f8e5
Opcode Fuzzy Hash: b1eec2181c1e359eb28f9bbcb687503fb88331483defa231dfb92dd7bb477368
Instruction Fuzzy Hash: 2F027936604B9586DB20CF26D8846AE37B5FB88B88F058226DF4D87B64CF38D544C705

Function 000001FDF98A7750 Relevance: 4.7, APIs: 3, Instructions: 164encryptionCOMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98A77E6
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98A7864
CryptUnprotectData.CRYPT32 ref: 000001FDF98A78BD

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$CryptDataUnprotect
String ID:
API String ID: 3418212865-0
Opcode ID: 556e178afae83e848aa0db7821902732236d66cfeb00a3b04a79be6355449cb0
Instruction ID: bc8958db8bb79d7ace9b8b419ea9bef725c2d2c9af1241058476e32b15465b22
Opcode Fuzzy Hash: 556e178afae83e848aa0db7821902732236d66cfeb00a3b04a79be6355449cb0
Instruction Fuzzy Hash: 1851DF70918B898FD7A4EF28D454BFAB7E1FB98301F50492DA08EC3261DB759885CB43

Function 00007FF62865FCE0 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 547d032ff03bed76e8d98501336aec72c7838b5fcf6afd06ef48b4c17f1abeb4
Instruction ID: ce96f212ae84a537fcff178c32b8f51722d159d905c18e396dff786635e46c8e
Opcode Fuzzy Hash: 547d032ff03bed76e8d98501336aec72c7838b5fcf6afd06ef48b4c17f1abeb4
Instruction Fuzzy Hash: 6A022702E287BB89FB529A355C413F96381EF6A344F188733ED5877DD6DF2CA4829205

Function 00007FF6286626C0 Relevance: 15.5, APIs: 10, Instructions: 516
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF628662818

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 13e46143c9bb452854fa26b528ea7cbc2fb7775d90ecdede2900193578d89e51
Instruction ID: 32a665b575f9e20af07df18025b21d2175e9cf585114ffc2a696487f1aa7c260
Opcode Fuzzy Hash: 13e46143c9bb452854fa26b528ea7cbc2fb7775d90ecdede2900193578d89e51
Instruction Fuzzy Hash: 0C42B332619BC685DAB0DB26EC943EAB3A4F7C8780F004536DA8D83B69DF7CD0549B45

Function 00007FF628663DE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF628663E21
RegisterClassExA.USER32 ref: 00007FF628663E7A
GetSystemMetrics.USER32 ref: 00007FF628663E82
GetSystemMetrics.USER32 ref: 00007FF628663E9B
CreateWindowExA.USER32 ref: 00007FF628663F0D
ShowWindow.USER32 ref: 00007FF628663F26
UpdateWindow.USER32 ref: 00007FF628663F33

Strings

class001, xrefs: 00007FF628663E5A, 00007FF628663F04

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: Window$MetricsSystem$ClassCreateHandleModuleRegisterShowUpdate
String ID: class001
API String ID: 3666473625-3656631403
Opcode ID: d0a26d07f94e715907fe1e9cd3793ffca38442d1c0a5227ed338969c9367bda1
Instruction ID: b3b7762d26093668b7cac05203eb0ffbcf37ef475eb959b586b13c769d060997
Opcode Fuzzy Hash: d0a26d07f94e715907fe1e9cd3793ffca38442d1c0a5227ed338969c9367bda1
Instruction Fuzzy Hash: 3931D870908B438AEB408F79FC5832A77A0FB44385F54013AD58EC66A5CF7DE048E74A

Function 00007FF628666800 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32 ref: 00007FF628666A5D

Strings

v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed, xrefs: 00007FF6286669EE
FrghcZrah, xrefs: 00007FF62866681B
Welcome to , xrefs: 00007FF6286669DA
Nexus-Executor, xrefs: 00007FF6286669D3, 00007FF628666A1A
v2.1.1 Setup, xrefs: 00007FF628666A13
A, xrefs: 00007FF6286668E6

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: Message
String ID: v2.1.1 Setup$ v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed$A$FrghcZrah$Nexus-Executor$Welcome to
API String ID: 2030045667-3858696906
Opcode ID: ef12e5db93a373ac1250658159a1f333ca049569d580d89cb042698ec6e65b16
Instruction ID: 82b0797ed9f266fc5ce53764de74d0484baf7816175d20f318f5cf19098fd11d
Opcode Fuzzy Hash: ef12e5db93a373ac1250658159a1f333ca049569d580d89cb042698ec6e65b16
Instruction Fuzzy Hash: 90716E21A0DBD381EE60DB75FC412AA67A4FB95784F404136E68DC3B6ADE2CD144DB06

Function 00007FF62861D4F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF62861D7AB

Strings

it >= Data && it <= Data + Size, xrefs: 00007FF62861D744
p >= begin() && p < end(), xrefs: 00007FF62861D6CE
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF62861D669, 00007FF62861D6C7
off >= 4 && off < Buf.Size, xrefs: 00007FF62861D670
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62861D73D

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$it >= Data && it <= Data + Size$off >= 4 && off < Buf.Size$p >= begin() && p < end()
API String ID: 338975850-15920025
Opcode ID: 99790948f109f600e1c394ed64e3b1af4ee5b5b93923c2e74f6dfed6afc58ff6
Instruction ID: f51c2a623521f167ade54fcc4cea7e446049b5df0c6817c0bc99cce2be742cd7
Opcode Fuzzy Hash: 99790948f109f600e1c394ed64e3b1af4ee5b5b93923c2e74f6dfed6afc58ff6
Instruction Fuzzy Hash: 9791CE72B18A9686EF148F36EC445B873A0FB44B84F488136DA0E87795DE3CF851D74A

Function 000001FDF98F10E0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000001FDF98F110D
Process32NextW.KERNEL32 ref: 000001FDF98F118F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98F11FC
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98F1235
Process32NextW.KERNEL32 ref: 000001FDF98F12DE

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyNextProcess32Queue::StructuredWork$CreateSnapshotToolhelp32
String ID:
API String ID: 2993956496-0
Opcode ID: e5cb6cc2a9d3f2d857daf4add4d4784c79b02a268af29c56eed9b1a154788f6c
Instruction ID: 1b9b0efc6c139123c968098ae67fd83038ed2f551964179e0a91e572c3bf89b5
Opcode Fuzzy Hash: e5cb6cc2a9d3f2d857daf4add4d4784c79b02a268af29c56eed9b1a154788f6c
Instruction Fuzzy Hash: A1514F31528B898BE3A5EB24D855FFAB7E2FBD4344F405A2DA08BC2191DF309945CB42

Function 000001FDF98C9E50 Relevance: 4.7, APIs: 3, Instructions: 233fileCOMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001FDF98C9EF0

Part of subcall function 000001FDF9816A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF9816AAB
Part of subcall function 000001FDF9816A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF9816ABA

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98C9F56
CreateFileA.KERNEL32 ref: 000001FDF98C9F82

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFiletype_info::_name_internal_method
String ID:
API String ID: 645652700-0
Opcode ID: f64b6eb87d80957077a350099af48cbfcdfbf435f0acf51f21d504348669a5e4
Instruction ID: 127e0738ac3891eef7f6c33aea4c05c486dd3b2c3d66b08d954b237da29c0b95
Opcode Fuzzy Hash: f64b6eb87d80957077a350099af48cbfcdfbf435f0acf51f21d504348669a5e4
Instruction Fuzzy Hash: 29811F30619B498FE794EB28D855FFAB7E2FB98350F404A6DA05FC3291DE359846C702

Function 000001FDF98CA470 Relevance: 4.6, APIs: 3, Instructions: 80fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98CA4B6
CreateFileA.KERNEL32 ref: 000001FDF98CA4E5
ReadFile.KERNEL32 ref: 000001FDF98CA514

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 80546502eef68e30b02b4317667652602f9fda14f3457cc9a4a8f846ae1d1ad4
Instruction ID: 615340607c94b8938f9721ec68cbf98f58387109a5d6252c5eb659c9c69c74b7
Opcode Fuzzy Hash: 80546502eef68e30b02b4317667652602f9fda14f3457cc9a4a8f846ae1d1ad4
Instruction Fuzzy Hash: E421D874618B888FD794EF2CC498B9ABBE1FB99300F50491DE48AC3260DB75D945CB42

Function 000001FDF97E4740 Relevance: 4.6, APIs: 3, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E476C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E477E

Part of subcall function 000001FDF97E53C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E53DD

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E47BB

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 2bd40488f3e532a51d24b491183ad7726d9c7802e0b56b6519047ab1d83811bb
Instruction ID: f48c554975181659ca0a922122859d0f875f336e54cfe6294483520c75cce8ff
Opcode Fuzzy Hash: 2bd40488f3e532a51d24b491183ad7726d9c7802e0b56b6519047ab1d83811bb
Instruction Fuzzy Hash: 8931DB70528B888FD795EF28C855BAAB7E2FB94344F80492DB08AC32A1DB719445CB43

Function 000001FDF98CA3D0 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98CA3F7
CreateFileA.KERNEL32 ref: 000001FDF98CA426
ReadFile.KERNEL32 ref: 000001FDF98CA44E

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 58da95cd914e928df27caef5f136864f76f7d90ee48b638eaa7250070e662160
Instruction ID: 9eb1feffd811f17b9643e27fe0c162d5155a09c4cb79d5d1a83d3e8737a65f67
Opcode Fuzzy Hash: 58da95cd914e928df27caef5f136864f76f7d90ee48b638eaa7250070e662160
Instruction Fuzzy Hash: FA01D374618B888FD744EF28C89971ABBF1FB99345F50091DF48AC32A0DB79D945CB42

Function 00007FF628664140 Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32 ref: 00007FF628664159
TranslateMessage.USER32 ref: 00007FF628664168
DispatchMessageA.USER32 ref: 00007FF628664173

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: Message$DispatchPeekTranslate
String ID:
API String ID: 4217535847-0
Opcode ID: 592db406a15101d98d1bfc7a93d39be7e429bab12ec8d4365a76516f4c6005f4
Instruction ID: 6543a2d9e20f968b0ea73aba6cd20da825f2f21ebaafcb2267e4da8ccae57f8d
Opcode Fuzzy Hash: 592db406a15101d98d1bfc7a93d39be7e429bab12ec8d4365a76516f4c6005f4
Instruction Fuzzy Hash: CC01712192C1E386FB505B31AC55679AA60BF91345F505033F24EC1999CF2DE049AB1A

Function 00007FF6286421B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62864236B

Strings

gfff, xrefs: 00007FF6286421F0

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: gfff
API String ID: 2739980228-1553575800
Opcode ID: 3985b5ed84eef8ca0e821c5cbf15f2fd17dab4a85c5385097c56e0a2979ad328
Instruction ID: ea907b794ad4094f6b2339dd39adaa383f1677806383624b656392c33c14ed6a
Opcode Fuzzy Hash: 3985b5ed84eef8ca0e821c5cbf15f2fd17dab4a85c5385097c56e0a2979ad328
Instruction Fuzzy Hash: DE515663708AC586DB058F389D112ADBBB2FB88B80F498226DA48D7799CF3CD555C701

Function 00007FF628663F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

00007FFDFB715F50.D3D9 ref: 00007FF628663F7B

Strings

@, xrefs: 00007FF62866400A

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007B715
String ID: @
API String ID: 1916461402-2766056989
Opcode ID: 73d6871cf4131e7e7e3c516ea5bb2b6940c2de2e4e255355f0021467e71eb675
Instruction ID: 184d5be541fd256e245f311168f0050143582605d99f993af89575117b8cf7c6
Opcode Fuzzy Hash: 73d6871cf4131e7e7e3c516ea5bb2b6940c2de2e4e255355f0021467e71eb675
Instruction Fuzzy Hash: 1511E671E0864796FF008F69EC5477527A0BB44789F54813AC90EC73A6DF7EA448AB0A

Function 000001FDF98CA2F0 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98CA310
CreateFileA.KERNEL32 ref: 000001FDF98CA33F

Part of subcall function 000001FDF97EA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97EA18D

Part of subcall function 000001FDF98C9E50: type_info::_name_internal_method.LIBCMTD ref: 000001FDF98C9EF0
Part of subcall function 000001FDF98C9E50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98C9F56
Part of subcall function 000001FDF98C9E50: CreateFileA.KERNEL32 ref: 000001FDF98C9F82

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFile$type_info::_name_internal_method
String ID:
API String ID: 2627539804-0
Opcode ID: 98ea87f00965d57ac3efe53a622e5d3c7e907a059cd269744f0d00fbdf9eee7f
Instruction ID: 1d23b41ed5b5187091ac7463d2ae2ab4d3eeff19c4d63917c3bf1e79a21a5e70
Opcode Fuzzy Hash: 98ea87f00965d57ac3efe53a622e5d3c7e907a059cd269744f0d00fbdf9eee7f
Instruction Fuzzy Hash: 97111E70518B898FD794EF28C44976AB7E1FBD9341F50492DE08EC3251DB79C8458B42

Function 00007FF62866BB9C Relevance: 3.1, APIs: 2, Instructions: 55COMMON

Download Yara Rule

APIs

_RTC_Initialize.LIBCMT ref: 00007FF62866BBD4
00007FFE1FFB1B20.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF62866BC20

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007Initialize
String ID:
API String ID: 3598312978-0
Opcode ID: d68fa1dd1f25c5d9833bb5b41399011af0f0bca26c4982c59452d0f3d9cb9bed
Instruction ID: 36c76fb6ccd24552b0f8a16ebf241ed3822a8b8bdd68ce3b70aa15fd1853ba94
Opcode Fuzzy Hash: d68fa1dd1f25c5d9833bb5b41399011af0f0bca26c4982c59452d0f3d9cb9bed
Instruction Fuzzy Hash: 7A119844E089E382FE58B7B24C632B8018A7FA0340F840833E90DC62C3ED1DB995726B

Function 00007FF62866BB34 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62866BB64

Part of subcall function 00007FF62866C368: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF62866C371

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62866BB6A

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: f263315650486d802dc5ceafc5012ad1b5bad17f869d85328af45017b7dfee40
Instruction ID: 33e7f6cbfb3e8c33165c2cab95399efa4ded732ce7eda33dbd47d1c1d4ae2a8e
Opcode Fuzzy Hash: f263315650486d802dc5ceafc5012ad1b5bad17f869d85328af45017b7dfee40
Instruction Fuzzy Hash: CFF0E210E196A7C1FE293A765C021B80202BF187B0F1C0232DC3CCA3C6ED1CA495A21B

Function 00007FF628661B90 Relevance: 1.7, APIs: 1, Instructions: 199libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF628661DDE

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
Instruction ID: dc41d191ebda40a0273f51382b85c7524c0635d5596a532e20a57ed3ba89c08d
Opcode Fuzzy Hash: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
Instruction Fuzzy Hash: CBA19A36619B8586DB60CB19E89032AB7A4F7C8B94F504126EBCE83B68DF3CD455CB04

Function 000001FDF990F2BC Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001FDF990F2EC

Part of subcall function 000001FDF990FD70: std::bad_alloc::bad_alloc.LIBCMTD ref: 000001FDF990FD79

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: 40e99fc6ce4dc2d146cdf7f013a5a6f8ee3dd898e06d9c12abdcb6339ef11b74
Instruction ID: e40cca877f1d08500ddf7641d3e411f5c5afd16822248d963276a9c9db12b527
Opcode Fuzzy Hash: 40e99fc6ce4dc2d146cdf7f013a5a6f8ee3dd898e06d9c12abdcb6339ef11b74
Instruction Fuzzy Hash: 3C01DB389189074AFA94737B7C89FF410C7AB48391F9D34349437C70E2E5148A838123

Function 00007FF62866B780 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF62866B7A3

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 68dcdc5df13b1305609106057423c5647b76bdd97cd7c73a0b3a13548c0169f4
Instruction ID: 0f65f70a49600f2dd62e0f6188f1dc317829d98a0a9974dbf5272321046ebd42
Opcode Fuzzy Hash: 68dcdc5df13b1305609106057423c5647b76bdd97cd7c73a0b3a13548c0169f4
Instruction Fuzzy Hash: 61015261A18F9381DA609B29EC4021AA7E4FF887A8F401336E69DC2794DF3CD5109B09

Non-executed Functions

Function 00007FF628656090 Relevance: 58.2, APIs: 5, Strings: 26, Instructions: 3919COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF62861CB20: __swprintf_l.LIBCMT ref: 00007FF62861CC55

00007FFE1A451310.VCRUNTIME140 ref: 00007FF628656942
00007FFE1A451310.VCRUNTIME140 ref: 00007FF6286569E9
00007FFE1A451310.VCRUNTIME140 ref: 00007FF628658B07

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF628656126, 00007FF62865614E, 00007FF628656176, 00007FF628656746, 00007FF628656B98, 00007FF628656F3E, 00007FF628656FC5, 00007FF628657109, 00007FF6286571FC, 00007FF628657615, 00007FF628658877, 00007FF6286588B5, 00007FF6286589A4, 00007FF628658B7C, 00007FF628658B9F, 00007FF628658BC2, 00007FF628658C69, 00007FF628658E94, 00007FF628658F51, 00007FF62865934E
apply_new_text_length <= buf_size, xrefs: 00007FF628658F58
font->ContainerAtlas->TexID == _CmdHeader.TextureId, xrefs: 00007FF6286592A9, 00007FF628659B64
idx <= obj->TextLen, xrefs: 00007FF628657110, 00007FF628657203
password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty(), xrefs: 00007FF628656F45
#SCROLLY, xrefs: 00007FF6286567C1, 00007FF6286567F0, 00007FF628659E36
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62865712D, 00007FF628657220, 00007FF62865753F
%*s%.*s, xrefs: 00007FF628659FA0
apply_new_text_length >= 0, xrefs: 00007FF628658E9B
callback_data.Buf == callback_buf, xrefs: 00007FF628658B83
state && state->ID == id, xrefs: 00007FF628656B9F
buf[0] != 0, xrefs: 00007FF6286588BC
g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel, xrefs: 00007FF62865A0A6
!((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput)), xrefs: 00007FF62865617D
state != 0, xrefs: 00007FF628656FCC, 00007FF62865761C, 00007FF62865887E, 00007FF628659355
buf != 0 && buf_size >= 0, xrefs: 00007FF62865612D
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628656C32, 00007FF628656CA1, 00007FF628656CDE, 00007FF628656D20, 00007FF628656D5D, 00007FF628656DA8, 00007FF62865770D, 00007FF6286577A3, 00007FF6286578C1, 00007FF62865796F, 00007FF628657A01, 00007FF628657A9D, 00007FF628657B44, 00007FF628657BEB, 00007FF628657C25, 00007FF628657CD3, 00007FF62865A09F
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6286592A2, 00007FF628659B5D
callback_data.BufSize == state->BufCapacity, xrefs: 00007FF628658BA6
callback_data.BufTextLen == (int)strlen(callback_data.Buf), xrefs: 00007FF628658C70
callback != 0, xrefs: 00007FF62865674D, 00007FF6286589AB
i >= 0 && i < Size, xrefs: 00007FF628657134, 00007FF628657227, 00007FF628657546
!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline)), xrefs: 00007FF628656155
@, xrefs: 00007FF62865A0BA
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF628656C39, 00007FF628656CA8, 00007FF628656CE5, 00007FF628656D27, 00007FF628656D64, 00007FF628656DAF, 00007FF628657714, 00007FF6286577AA, 00007FF6286578C8, 00007FF628657976, 00007FF628657A08, 00007FF628657AA4, 00007FF628657B4B, 00007FF628657BF2, 00007FF628657C2C, 00007FF628657CDA
callback_data.Flags == flags, xrefs: 00007FF628658BC9

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310$__swprintf_l
String ID: !((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput))$!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline))$#SCROLLY$%*s%.*s$@$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$apply_new_text_length <= buf_size$apply_new_text_length >= 0$buf != 0 && buf_size >= 0$buf[0] != 0$callback != 0$callback_data.Buf == callback_buf$callback_data.BufSize == state->BufCapacity$callback_data.BufTextLen == (int)strlen(callback_data.Buf)$callback_data.Flags == flags$font->ContainerAtlas->TexID == _CmdHeader.TextureId$g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel$i >= 0 && i < Size$idx <= obj->TextLen$password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty()$state != 0$state && state->ID == id
API String ID: 3841163933-4266151527
Opcode ID: c29adb02a62bfc558050144c48e99ed8f3a135345d2b512ffe02b0f90698da53
Instruction ID: efca486e41a0b27346eb4d1c7c1e2feebfa7a142c1f95f8f99dbf72c2cebcbdd
Opcode Fuzzy Hash: c29adb02a62bfc558050144c48e99ed8f3a135345d2b512ffe02b0f90698da53
Instruction Fuzzy Hash: 9A93E332A087868AEB61CF36DC447B977A1FF59748F048236DA4897696CF3CE444DB06

Function 00007FF628619E10 Relevance: 50.0, APIs: 3, Strings: 25, Instructions: 1049COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF628619F42
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62861AA84
00007FFE1FFBA0D0.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF62861AEDF

Strings

(Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames), xrefs: 00007FF62861AFA2
HoveredId: 0x%08X, xrefs: 00007FF62861ACF7
Debug##Default, xrefs: 00007FF62861AFCA
g.Font->IsLoaded(), xrefs: 00007FF62861A274
Right, xrefs: 00007FF62861AD1B
it >= Data && it < Data + Size, xrefs: 00007FF628619F07
g.MovingWindow && g.MovingWindow->RootWindow, xrefs: 00007FF62861A6D0
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628619E8F, 00007FF628619EC3, 00007FF628619F00, 00007FF62861A11A, 00007FF62861A23A, 00007FF62861A8EE, 00007FF62861A925, 00007FF62861A958, 00007FF62861AAF3, 00007FF62861ABD7
gfff, xrefs: 00007FF62861B114
Remap w/ Ctrl+Shift: click anywhere to select new mouse button., xrefs: 00007FF62861AD3B
g.WindowsFocusOrder.Size <= g.Windows.Size, xrefs: 00007FF62861A584
NewFrame(): ClearActiveID() because it isn't marked alive anymore!, xrefs: 00007FF62861A3C3
333?, xrefs: 00007FF62861ACDE
g.CurrentWindow->IsFallbackWindow == true, xrefs: 00007FF62861B026
Middle, xrefs: 00007FF62861AD27
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628619E4D, 00007FF62861A0F7, 00007FF62861A26D, 00007FF62861A57D, 00007FF62861A6C9, 00007FF62861A70E, 00007FF62861AD95, 00007FF62861B01F
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF628619E54
GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip, xrefs: 00007FF62861AD9C
g.Viewports.Size == 1, xrefs: 00007FF62861A0FE
i >= 0 && i < Size, xrefs: 00007FF628619E96, 00007FF628619ECA, 00007FF62861A121, 00007FF62861A241, 00007FF62861A8F5, 00007FF62861A92C, 00007FF62861A95F, 00007FF62861AAFA
Click %s Button to break in debugger! (remap w/ Ctrl+Shift), xrefs: 00007FF62861AD51
Press ESC to abort picking., xrefs: 00007FF62861AD03
GImGui != 0, xrefs: 00007FF62861A715
Left, xrefs: 00007FF62861AD0F
Size > 0, xrefs: 00007FF62861ABDE

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007$A451310F020
String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$333?$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Click %s Button to break in debugger! (remap w/ Ctrl+Shift)$Debug##Default$GImGui != 0$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip$HoveredId: 0x%08X$Left$Middle$NewFrame(): ClearActiveID() because it isn't marked alive anymore!$Press ESC to abort picking.$Remap w/ Ctrl+Shift: click anywhere to select new mouse button.$Right$Size > 0$g.CurrentWindow->IsFallbackWindow == true$g.Font->IsLoaded()$g.MovingWindow && g.MovingWindow->RootWindow$g.Viewports.Size == 1$g.WindowsFocusOrder.Size <= g.Windows.Size$gfff$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 4201092786-8291574
Opcode ID: 67dd819bf459e58f4dc24f307201e7a997b3b530ade4f3c3acdfb8b4452a2f7a
Instruction ID: bd400db76febee5073979dfb48fcfc824f07534d1f20c5134d0da3aee1131a32
Opcode Fuzzy Hash: 67dd819bf459e58f4dc24f307201e7a997b3b530ade4f3c3acdfb8b4452a2f7a
Instruction Fuzzy Hash: 58C2B332A046C289EF21CF36DC442F837A1FF54B49F084236DA0C9B6AADF39A655D715

Function 00007FF6286425F0 Relevance: 41.9, APIs: 9, Strings: 14, Instructions: 1603COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628643F7F
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628644005

Strings

font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found.", xrefs: 00007FF6286428CC
0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize.", xrefs: 00007FF628642A58
glyph_index_in_font != 0, xrefs: 00007FF628643163
src_tmp.GlyphsList.Size == src_tmp.GlyphsCount, xrefs: 00007FF628642D53
cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas), xrefs: 00007FF628642821
src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?", xrefs: 00007FF628642961
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF628642B50, 00007FF628642BAC, 00007FF628642BDE
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF62864262E, 00007FF62864281A, 00007FF6286428C5, 00007FF62864295A, 00007FF628642A5F, 00007FF628642A80, 00007FF628642D4C, 00007FF62864315C, 00007FF628643ABA
atlas->ConfigData.Size > 0, xrefs: 00007FF628642635
i >= 0 && i < Size, xrefs: 00007FF6286427C0, 00007FF6286427E5, 00007FF62864286B, 00007FF628642911, 00007FF628642A19, 00007FF628642F65, 00007FF628642FA8, 00007FF628642FED, 00007FF62864312F, 00007FF6286436A4, 00007FF6286439E4, 00007FF628643B3F
font->ConfigData == font_config, xrefs: 00007FF628643AC1
n < (Storage.Size << 5), xrefs: 00007FF628642B57, 00007FF628642BB3, 00007FF628642BE5
src_tmp.DstIndex != -1, xrefs: 00007FF628642A79
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6286427B9, 00007FF6286427DE, 00007FF628642864, 00007FF62864290A, 00007FF628642A12, 00007FF628642F5E, 00007FF628642FA1, 00007FF628642FE6, 00007FF628643128, 00007FF62864369D, 00007FF6286439DD, 00007FF628643B38

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: 0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize."$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$atlas->ConfigData.Size > 0$cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas)$font->ConfigData == font_config$font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found."$glyph_index_in_font != 0$i >= 0 && i < Size$n < (Storage.Size << 5)$src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?"$src_tmp.DstIndex != -1$src_tmp.GlyphsList.Size == src_tmp.GlyphsCount
API String ID: 2739980228-2192739418
Opcode ID: dca5a06350c0cdccd6253eb7eea086c7d5c9d276504d0648cc7ccdfc7beea38e
Instruction ID: 6e19aec8be68741e20e1d09384387352591e47f21a5119ade037e1f021e8a3e9
Opcode Fuzzy Hash: dca5a06350c0cdccd6253eb7eea086c7d5c9d276504d0648cc7ccdfc7beea38e
Instruction Fuzzy Hash: A8F20232A04A9686EB25CF35EC946BD77A0FB98B44F188237CA0D97394DF38E485D705

Function 00007FF628617390 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 530COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286175A9
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62861767F
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628617776
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628617807
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286178BC
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628617965
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286179F6
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628617AB5
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628617B84
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628617C89

Strings

Forgot to shutdown Renderer backend?, xrefs: 00007FF6286173E7
(g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?", xrefs: 00007FF6286173D0
(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?", xrefs: 00007FF62861740E
Forgot to shutdown Platform backend?, xrefs: 00007FF6286173A9
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6286173C9, 00007FF628617407

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: (g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?"$(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Forgot to shutdown Platform backend?$Forgot to shutdown Renderer backend?
API String ID: 2739980228-2716422499
Opcode ID: 96087274a65a48a19f2292afb59cc2bb9d0ee349fad39154f4d4ad274d245eb9
Instruction ID: ccdf9c826fa05363b235a6e7e9fde041ae89b1142245079fd4b3510efcb82284
Opcode Fuzzy Hash: 96087274a65a48a19f2292afb59cc2bb9d0ee349fad39154f4d4ad274d245eb9
Instruction Fuzzy Hash: 26428D32A08AD292DB09DF34DD941FCB3A1FB54B89F484136CA0D873A9DF39A566D305

Function 00007FF6286497F0 Relevance: 24.4, Strings: 19, Instructions: 617COMMON

Download Yara Rule

Strings

(inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!", xrefs: 00007FF628649F65
outer_window == inner_window || outer_window == inner_window->ParentWindow, xrefs: 00007FF6286498C7
Mismatching PushID/PopID!, xrefs: 00007FF628649F0F
Calling PopStyleColor() too many times!, xrefs: 00007FF6286497F7
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF628649846, 00007FF628649898, 00007FF6286498C0, 00007FF6286499CD, 00007FF628649F5E, 00007FF628649FAA, 00007FF62864A0E5, 00007FF62864A21D, 00007FF62864A240
g.CurrentWindow == outer_window && g.CurrentTable == table, xrefs: 00007FF62864A224
p >= Data && p < DataEnd, xrefs: 00007FF628649AA5, 00007FF628649C25, 00007FF628649DBA, 00007FF628649E44
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF628649A9E, 00007FF628649C1E, 00007FF628649DB3, 00007FF628649E3D, 00007FF62864A340
inner_window == g.CurrentWindow, xrefs: 00007FF62864989F
(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!", xrefs: 00007FF628649FB1
i >= 0 && i < Size, xrefs: 00007FF62864995E, 00007FF62864A27F, 00007FF62864A2C5
table->RowPosY2 == inner_window->DC.CursorPos.y, xrefs: 00007FF6286499D4
table != 0 && "Only call EndTable() if BeginTable() returns true!", xrefs: 00007FF62864984D
Too many PopItemWidth!, xrefs: 00007FF628649F83
Size > 0, xrefs: 00007FF628649B29, 00007FF628649EE4, 00007FF628649F35
p >= Buf.Data && p < Buf.Data + Buf.Size, xrefs: 00007FF62864A347
g.TablesTempDataStacked > 0, xrefs: 00007FF62864A247
(table->Flags & ImGuiTableFlags_ScrollX) == 0, xrefs: 00007FF62864A0EC
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628649957, 00007FF628649B22, 00007FF628649EDD, 00007FF628649F2E, 00007FF62864A278, 00007FF62864A2BE

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: (inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!"$(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!"$(table->Flags & ImGuiTableFlags_ScrollX) == 0$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$Calling PopStyleColor() too many times!$Mismatching PushID/PopID!$Size > 0$Too many PopItemWidth!$g.CurrentWindow == outer_window && g.CurrentTable == table$g.TablesTempDataStacked > 0$i >= 0 && i < Size$inner_window == g.CurrentWindow$outer_window == inner_window || outer_window == inner_window->ParentWindow$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table != 0 && "Only call EndTable() if BeginTable() returns true!"$table->RowPosY2 == inner_window->DC.CursorPos.y
API String ID: 0-2342475368
Opcode ID: c7d7ccd073aa28cc0a8da63f02696dfd21ea439c566dee167eb27b63e243ea54
Instruction ID: c57e260ee108cc88a16d5c4598a28c19553f69c6237e4d3e9cc7446d3cdcaeeb
Opcode Fuzzy Hash: c7d7ccd073aa28cc0a8da63f02696dfd21ea439c566dee167eb27b63e243ea54
Instruction Fuzzy Hash: B672DE32A08A8696EB25CB36CC553FC7360FF99745F088232DA09971A1DF3DB5A4E705

Function 00007FF62865CB40 Relevance: 23.8, APIs: 4, Strings: 9, Instructions: 1043COMMON

Download Yara Rule

APIs

00007FFE1FFA49A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF62865CE46
00007FFE1A451310.VCRUNTIME140 ref: 00007FF62865CF53
00007FFE1A451310.VCRUNTIME140 ref: 00007FF62865D049
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62865D0CA

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF62865D14E, 00007FF62865D1C9
i >= 0 && i < Size, xrefs: 00007FF62865CC07, 00007FF62865CC52, 00007FF62865CC85, 00007FF62865CCD8, 00007FF62865CD37, 00007FF62865D12C, 00007FF62865D283, 00007FF62865D450, 00007FF62865D47E, 00007FF62865D4AE, 00007FF62865D5D3
N/A, xrefs: 00007FF62865D1B2
tab->NameOffset < tab_bar->TabsNames.Buf.Size, xrefs: 00007FF62865D1D0
Calling PopStyleColor() too many times!, xrefs: 00007FF62865CB43
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF62865D9D7
tab->LastFrameVisible >= tab_bar->PrevFrameVisible, xrefs: 00007FF62865D155
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62865D9D0
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62865CC00, 00007FF62865CC4B, 00007FF62865CC7E, 00007FF62865CCD1, 00007FF62865CD30, 00007FF62865D125, 00007FF62865D27C, 00007FF62865D449, 00007FF62865D477, 00007FF62865D4A7, 00007FF62865D5CC

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007$A451310$F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$Calling PopStyleColor() too many times!$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$N/A$i >= 0 && i < Size$tab->LastFrameVisible >= tab_bar->PrevFrameVisible$tab->NameOffset < tab_bar->TabsNames.Buf.Size
API String ID: 1297745814-961183113
Opcode ID: e569d4938a06926f000cdbf7ab41f05daddb4fa3a658967ab75b5f26f8576b39
Instruction ID: 7fd07f5822dbfc800862e7c8bf744221c0d944e21be44e68d8545141544ebfaf
Opcode Fuzzy Hash: e569d4938a06926f000cdbf7ab41f05daddb4fa3a658967ab75b5f26f8576b39
Instruction Fuzzy Hash: 14B2CE32A087868AEB51CF36CC4016977A1FF59788F148736EA49A32A5DF3CF485D705

Function 00007FF628660D02 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 232keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 00007FF628660D24
GetKeyState.USER32 ref: 00007FF628660D62
GetKeyState.USER32 ref: 00007FF628660D98
GetKeyState.USER32 ref: 00007FF628660DCE
GetKeyState.USER32 ref: 00007FF628660DE0
GetKeyState.USER32 ref: 00007FF628660EB1
GetKeyState.USER32 ref: 00007FF628660EED
GetKeyState.USER32 ref: 00007FF628660F3D
GetKeyState.USER32 ref: 00007FF628660F79
GetKeyState.USER32 ref: 00007FF628660FC9
GetKeyState.USER32 ref: 00007FF628661005

Strings

ImGui::IsNamedKey(key), xrefs: 00007FF628660E96
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628660E8F

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: State
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$ImGui::IsNamedKey(key)
API String ID: 1649606143-1336968070
Opcode ID: 320e79d58a395caa32967525c0a4eeebff8b16c0838ad5b5bb5afecf55618b72
Instruction ID: eebd0a344360e0d8dcb1f7f36866dfbb18b81f3f35ef2cf634e7050eae6b8c74
Opcode Fuzzy Hash: 320e79d58a395caa32967525c0a4eeebff8b16c0838ad5b5bb5afecf55618b72
Instruction Fuzzy Hash: 9991E310E5C2F705FFA29A356C113B53281BF61748F190637EC4AA66D6CF2D7882A25B

Function 00007FF628626EC0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 524COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF628627633

Strings

i >= 0 && i < Size, xrefs: 00007FF628626F7B, 00007FF628627345, 00007FF628627515
0 && "Unknown event!", xrefs: 00007FF62862746A
Processed, xrefs: 00007FF6286274F9
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF62862704A
key != ImGuiKey_None, xrefs: 00007FF62862713B
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF62862718C, 00007FF628627270
it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size, xrefs: 00007FF6286275C8
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628627043, 00007FF628627134, 00007FF628627463
n >= 0 && n < BITCOUNT, xrefs: 00007FF628627193, 00007FF628627277
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628626F74, 00007FF62862733E, 00007FF62862750E, 00007FF6286275C1
Remaining, xrefs: 00007FF628627525

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: 0 && "Unknown event!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Processed$Remaining$button >= 0 && button < ImGuiMouseButton_COUNT$i >= 0 && i < Size$it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size$key != ImGuiKey_None$n >= 0 && n < BITCOUNT
API String ID: 338975850-1923509833
Opcode ID: 8a7e1af03d72756e019b02673daee7c066d9e9cf1c3008671a80216385de6d30
Instruction ID: 849a64c1648d460688f1a9ff4deb3d386f1d508a96da24c955e5a9f8e149af4f
Opcode Fuzzy Hash: 8a7e1af03d72756e019b02673daee7c066d9e9cf1c3008671a80216385de6d30
Instruction Fuzzy Hash: 37420472B082C246EF28CB359D507B97B90FB51744F044176DA9987A89CF3DE464EB0A

Function 00007FF628616CB0 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 396COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF628615CA0), ref: 00007FF6286171A7
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628617227

Strings

!g.Initialized && !g.SettingsLoaded, xrefs: 00007FF628616CF0
Window, xrefs: 00007FF628616D06
Table, xrefs: 00007FF628616E3E
FindSettingsHandler(handler->TypeName) == 0, xrefs: 00007FF628616E20, 00007FF628616F4E
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF628617329
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628616CE9, 00007FF628616E19, 00007FF628616F47
n >= 0 && n < BITCOUNT, xrefs: 00007FF628617330

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007$A451310F020
String ID: !g.Initialized && !g.SettingsLoaded$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$FindSettingsHandler(handler->TypeName) == 0$Table$Window$n >= 0 && n < BITCOUNT
API String ID: 4201092786-416841283
Opcode ID: 82590dc856df074005b7f033411ba8d91926e19d55c3d6f053fabf6f2a068ce4
Instruction ID: aa345fa5f685989772f0961d95e15e378a484a91777a468cf698200decd1207f
Opcode Fuzzy Hash: 82590dc856df074005b7f033411ba8d91926e19d55c3d6f053fabf6f2a068ce4
Instruction Fuzzy Hash: 7F128936A09B8686EB50CF35EC802A977A4FB54B44F48423BDA4D833A5DF3DE545D306

Function 00007FF628631D70 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00007FF628631D7B
MultiByteToWideChar.KERNEL32 ref: 00007FF628631DAE
GlobalAlloc.KERNEL32 ref: 00007FF628631DC2
GlobalLock.KERNEL32 ref: 00007FF628631DD3
MultiByteToWideChar.KERNEL32 ref: 00007FF628631DF2
GlobalUnlock.KERNEL32 ref: 00007FF628631DFB
EmptyClipboard.USER32 ref: 00007FF628631E01
SetClipboardData.USER32 ref: 00007FF628631E0F
GlobalFree.KERNEL32 ref: 00007FF628631E1D
CloseClipboard.USER32 ref: 00007FF628631E23

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: ClipboardGlobal$ByteCharMultiWide$AllocCloseDataEmptyFreeLockOpenUnlock
String ID:
API String ID: 1965520120-0
Opcode ID: ebbd9d8b24dcedb596b0ca59058d4c86985b5e6383d3a38eef27f5b3966815bd
Instruction ID: 32de991753a0e391a290fcbc98f2e6a94eda5557d5698b88b7ce3d2dfa0c1ba9
Opcode Fuzzy Hash: ebbd9d8b24dcedb596b0ca59058d4c86985b5e6383d3a38eef27f5b3966815bd
Instruction Fuzzy Hash: 8411B620B08A9342EF145F37BC04235A2A1BF49FD4F084236DA4D877A4DE3DE4455705

Function 00007FF628647CE0 Relevance: 13.8, Strings: 10, Instructions: 1289COMMON

Download Yara Rule

Strings

table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0, xrefs: 00007FF628648168
!is_visible, xrefs: 00007FF628648CC9
i >= 0 && i < Size, xrefs: 00007FF6286486E4
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF628647D54, 00007FF628648008, 00007FF628648161, 00007FF628648CC2
#ContextMenu, xrefs: 00007FF628649129
p >= Data && p < DataEnd, xrefs: 00007FF628647E50, 00007FF628647E91, 00007FF628647F8F, 00007FF628648220, 00007FF62864833B, 00007FF628648388, 00007FF628648524, 00007FF628648646, 00007FF628648678, 00007FF628648900, 00007FF628648938, 00007FF628648A6C, 00007FF628648E47, 00007FF628648E81, 00007FF628648F16, 00007FF6286491DB, 00007FF62864920D
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF628647E49, 00007FF628647E8A, 00007FF628647F88, 00007FF628648219, 00007FF628648334, 00007FF628648381, 00007FF62864851D, 00007FF62864863F, 00007FF628648671, 00007FF6286488F9, 00007FF628648931, 00007FF628648A65, 00007FF628648E40, 00007FF628648E7A, 00007FF628648F0F, 00007FF6286491D4, 00007FF628649206
table->IsLayoutLocked == false, xrefs: 00007FF628647D5B
column->IndexWithinEnabledSet <= column->DisplayOrder, xrefs: 00007FF62864800F
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6286486DD

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: !is_visible$#ContextMenu$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->IndexWithinEnabledSet <= column->DisplayOrder$i >= 0 && i < Size$p >= Data && p < DataEnd$table->IsLayoutLocked == false$table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0
API String ID: 0-1387518580
Opcode ID: 4a9ae7a7dfc95e9f833c2f08296e03bc7dc638ae3a7b9870f2afbfcbe5ec5d51
Instruction ID: 749a0b937ff55bac92ffd4236562e2c69db55195b8aa445cdab41ade9bdd22b4
Opcode Fuzzy Hash: 4a9ae7a7dfc95e9f833c2f08296e03bc7dc638ae3a7b9870f2afbfcbe5ec5d51
Instruction Fuzzy Hash: D3E2C032A0868696EB65CB36CD513BC77A0FF99744F088326DB08635A5DF38F4A4E705

Function 00007FF628636C90 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 830COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF6286371E5

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2705777111
Opcode ID: 537b359fd7f27905f7452b495d4ffd540ff7b2b3c9caac0e11bb7bb2024810df
Instruction ID: fd8a78d1185cad5e3a6d6624df3ea749247a4515cf09060f162364e7bc3a8415
Opcode Fuzzy Hash: 537b359fd7f27905f7452b495d4ffd540ff7b2b3c9caac0e11bb7bb2024810df
Instruction Fuzzy Hash: F2727B23A18BE845D7138B369C422B9B7A1FF6EB84F19C323ED45A6661EF38D541D700

Function 00007FF628631C20 Relevance: 12.1, APIs: 8, Instructions: 87clipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6286110A0: 00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62861112E

OpenClipboard.USER32 ref: 00007FF628631C38
GetClipboardData.USER32 ref: 00007FF628631C55
CloseClipboard.USER32 ref: 00007FF628631C63

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: Clipboard$00007CloseDataF020Open
String ID:
API String ID: 2409120337-0
Opcode ID: 26d566c6706ed3b603c2ca6413b7fcc995dc930fd5e624c9433e805aea778b59
Instruction ID: 29c4d903792ca673efe878767e1005dca09de977c64aef69e807cf249ca4be25
Opcode Fuzzy Hash: 26d566c6706ed3b603c2ca6413b7fcc995dc930fd5e624c9433e805aea778b59
Instruction Fuzzy Hash: 9531B432B09B8283EB549F36BC051AA66E5FB88B90F140136EF8D87794DF3CE4519618

Function 00007FF62866C0F8 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF62866C114
RtlCaptureContext.KERNEL32 ref: 00007FF62866C141
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF62866C15B
RtlVirtualUnwind.KERNEL32 ref: 00007FF62866C19C
IsDebuggerPresent.KERNEL32 ref: 00007FF62866C1F0
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF62866C20D
UnhandledExceptionFilter.KERNEL32 ref: 00007FF62866C218

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 8964dd5a87bbd0479f9b080791705f60ec265abbfbc2f45a2eb81db15352648c
Instruction ID: fe22417e90707d0d338d04d9936c2e6f68f743eb83a3e37b050d2202d4c88e77
Opcode Fuzzy Hash: 8964dd5a87bbd0479f9b080791705f60ec265abbfbc2f45a2eb81db15352648c
Instruction Fuzzy Hash: 8E315972608AD28AEB608F61EC503EA7361FB84748F44403ADA4E87B99DF3DD548C705

Function 00007FF62862E1C0 Relevance: 10.5, Strings: 8, Instructions: 475COMMON

Download Yara Rule

Strings

g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded, xrefs: 00007FF62862E28D
!scoring_rect.IsInverted(), xrefs: 00007FF62862E9E4
[nav] NavMoveRequest: clamp NavRectRel for gamepad move, xrefs: 00007FF62862E6AF
[nav] NavMoveRequestForward %d, xrefs: 00007FF62862E2A9
g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None, xrefs: 00007FF62862E264
<NULL>, xrefs: 00007FF62862E522
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62862E25D, 00007FF62862E286, 00007FF62862E9DD
[nav] NavInitRequest: from move, window "%s", layer=%d, xrefs: 00007FF62862E530

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: !scoring_rect.IsInverted()$<NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: from move, window "%s", layer=%d$[nav] NavMoveRequest: clamp NavRectRel for gamepad move$[nav] NavMoveRequestForward %d$g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None$g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded
API String ID: 0-1751011103
Opcode ID: e4aba979aa13f89c1d393d52a5a001510e270dacfaf0202835dd2f82b435fe5c
Instruction ID: fbf33d473f03ab57489ef118a79efb3a5b62671b2d0a6f9adf555f10b8c98d1e
Opcode Fuzzy Hash: e4aba979aa13f89c1d393d52a5a001510e270dacfaf0202835dd2f82b435fe5c
Instruction Fuzzy Hash: 3B322832D18ACA42EB628B768C412F87350FF69794F188373DE58766EADF2C75809605

Function 00007FF6286396B0 Relevance: 10.4, Strings: 8, Instructions: 438COMMON

Download Yara Rule

Strings

dy >= 0, xrefs: 00007FF628639977
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF628639742, 00007FF628639808, 00007FF6286398C7, 00007FF628639970, 00007FF628639993, 00007FF628639B43, 00007FF628639B6F
e->ey >= y_top, xrefs: 00007FF628639749
sy1 > y_final-0.01f, xrefs: 00007FF628639B76
e->sy <= y_bottom && e->ey >= y_top, xrefs: 00007FF62863980F
fabsf(area) <= 1.01f, xrefs: 00007FF628639B4A
dx >= 0, xrefs: 00007FF62863999A
x >= 0 && x < len, xrefs: 00007FF6286398CE

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$dx >= 0$dy >= 0$e->ey >= y_top$e->sy <= y_bottom && e->ey >= y_top$fabsf(area) <= 1.01f$sy1 > y_final-0.01f$x >= 0 && x < len
API String ID: 0-3568222241
Opcode ID: 790997296c3ace0f49b917fc0f4bb1bfed2a2440f2ab62fef7e3b804057f5052
Instruction ID: 7c4a470dea7602219db2c1b9690f09e6b880c8a01e391e986b6ebdb1b52c6f12
Opcode Fuzzy Hash: 790997296c3ace0f49b917fc0f4bb1bfed2a2440f2ab62fef7e3b804057f5052
Instruction Fuzzy Hash: AE12F622D18B8D81E6129B335C421F6A250FFBF7C5F189733FD48B65A2DF287581AA05

Function 00007FF62864CDD0 Relevance: 9.0, Strings: 7, Instructions: 237COMMON

Download Yara Rule

Strings

<Unknown>, xrefs: 00007FF62864D0B9
*Missing Text*, xrefs: 00007FF62864CE76
(0) && "Calling PopItemFlag() too many times!", xrefs: 00007FF62864D13A
Calling PopItemFlag() too many times!, xrefs: 00007FF62864D11D
p >= Data && p < DataEnd, xrefs: 00007FF62864CE53, 00007FF62864CEE5, 00007FF62864CF83, 00007FF62864D090
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF62864CE4C, 00007FF62864CEDE, 00007FF62864CF7C, 00007FF62864D089
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62864D133

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopItemFlag() too many times!"$*Missing Text*$<Unknown>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Calling PopItemFlag() too many times!$p >= Data && p < DataEnd
API String ID: 0-3275063505
Opcode ID: daca524e7c5dbf27fa7a34285fc0e3a370f51538253c794bdcc54b755110fd88
Instruction ID: 992e964a5a1ad094aab7c26d1cdf5d06b97b43332a4d8bbf881e0c20973b2de8
Opcode Fuzzy Hash: daca524e7c5dbf27fa7a34285fc0e3a370f51538253c794bdcc54b755110fd88
Instruction Fuzzy Hash: 5DB1A132A0868292FF649B35DD542AD27A2FB81B84F040037DE4D87B95DF3DE855E31A

Function 00007FF62862D620 Relevance: 8.1, Strings: 6, Instructions: 635COMMON

Download Yara Rule

Strings

g.NavActivateDownId == g.NavActivateId, xrefs: 00007FF62862DD3B
[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s", xrefs: 00007FF62862D837
g.NavMoveDir == ImGuiDir_None, xrefs: 00007FF62862DDE0
g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu, xrefs: 00007FF62862D94C
g.NavWindow != 0, xrefs: 00007FF62862DF11
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62862D945, 00007FF62862DD34, 00007FF62862DDD9, 00007FF62862DF0A

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s"$g.NavActivateDownId == g.NavActivateId$g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu$g.NavMoveDir == ImGuiDir_None$g.NavWindow != 0
API String ID: 0-2167808928
Opcode ID: 0183191b6d91be417bd1c7107b1b726c92c41574d8174999c2f60281904307fd
Instruction ID: b26a8de07f27e83fb604cf5467f0f98c2c0686939f3e1586fb9daa8bd8f8388c
Opcode Fuzzy Hash: 0183191b6d91be417bd1c7107b1b726c92c41574d8174999c2f60281904307fd
Instruction Fuzzy Hash: F972CF32E082C649EB658B35CC443F92691FF45B48F1842B7DA58876E9CFBC7881E706

Function 00007FF62864F9E0 Relevance: 8.0, Strings: 6, Instructions: 493COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF62864FB94
button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown)))), xrefs: 00007FF62865002F
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF62864FD06, 00007FF628650058, 00007FF628650100
id != 0, xrefs: 00007FF62864FB9B
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF62864FCFF, 00007FF628650051, 00007FF6286500F9
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628650028

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown))))$button >= 0 && button < ImGuiMouseButton_COUNT$id != 0
API String ID: 338975850-2768765550
Opcode ID: 88b3baaae7ef37454bd0309ba98a3de903c58a9088266fe0384f8de82cd0dde6
Instruction ID: fa0c22c9c1aee8e1cfc214acf142c626503fe6646873d8ce20144eaa36e5154f
Opcode Fuzzy Hash: 88b3baaae7ef37454bd0309ba98a3de903c58a9088266fe0384f8de82cd0dde6
Instruction Fuzzy Hash: 2222F332E082868AEF788A359D503BD7691FF85344F044236CE5997AD6CF3DB854A70B

Function 00007FF62861DFB0 Relevance: 7.2, Strings: 5, Instructions: 977COMMON

Download Yara Rule

Strings

idx == 0 || idx == 1, xrefs: 00007FF62861E714, 00007FF62861E782, 00007FF62861E90A, 00007FF62861E94B, 00007FF62861E98D, 00007FF62861E9C7, 00007FF62861EA2E, 00007FF62861EA63, 00007FF62861EA8E, 00007FF62861EAC0
#RESIZE, xrefs: 00007FF62861E142
5, xrefs: 00007FF62861E62E
6, xrefs: 00007FF62861E607
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62861E70D, 00007FF62861E77B, 00007FF62861E903, 00007FF62861E944, 00007FF62861E986, 00007FF62861E9C0, 00007FF62861EA27, 00007FF62861EA5C, 00007FF62861EA87, 00007FF62861EAB9

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: #RESIZE$5$6$C:\Users\55yar\Desktop\imgui-master\imgui.h$idx == 0 || idx == 1
API String ID: 0-650503096
Opcode ID: bf26349d3ab49ba21dda182bb6882259765bc9e983ce837090972ddbe99c5440
Instruction ID: e857fd9c40f93831aeb530d50967cb18cd79edd5672fabc148a45c3b6aca8adc
Opcode Fuzzy Hash: bf26349d3ab49ba21dda182bb6882259765bc9e983ce837090972ddbe99c5440
Instruction Fuzzy Hash: DEB21732D0868985EB52CB779C412B97760FF59344F188733EA48A76A2DF78F484EB05

Function 00007FF62864D530 Relevance: 6.4, Strings: 5, Instructions: 140COMMON

Download Yara Rule

Strings

settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount, xrefs: 00007FF62864D617
settings->ID == table->ID, xrefs: 00007FF62864D5EE
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF62864D5E7, 00007FF62864D610
p >= begin() && p < end(), xrefs: 00007FF62864D5B6
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF62864D5AF

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$p >= begin() && p < end()$settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount$settings->ID == table->ID
API String ID: 0-2168725360
Opcode ID: dbd1ca440d040c993ee2685d397bd915aafff7e4aec8d0b619bb3bcf36a6bb7e
Instruction ID: 64531f4d0df1eac0c968dfb0442cf66e96dc6eb73addc5d5e9732b2765805c14
Opcode Fuzzy Hash: dbd1ca440d040c993ee2685d397bd915aafff7e4aec8d0b619bb3bcf36a6bb7e
Instruction Fuzzy Hash: 2D61BF3390868286EB61CF39EC942AD7BA0FB81745F148437DB89872A5DF3CE549D706

Function 00007FF62866C388 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF62866C3B4
GetCurrentThreadId.KERNEL32 ref: 00007FF62866C3C2
GetCurrentProcessId.KERNEL32 ref: 00007FF62866C3CE
QueryPerformanceCounter.KERNEL32 ref: 00007FF62866C3DE

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 68b080e5c74ecdc989d9497fb427bfec2812cf223949a70a0905cf8ba2b6c893
Instruction ID: 4838847ffd278ec2d5fc3a764395d087360d10fc4bce38f937f18692a9d96bf2
Opcode Fuzzy Hash: 68b080e5c74ecdc989d9497fb427bfec2812cf223949a70a0905cf8ba2b6c893
Instruction Fuzzy Hash: 82110622B18B528AEF008F71EC542B833A4FB59758F440A32DA6D867A4DF7CE1599285

Function 00007FF62862FA00 Relevance: 5.6, Strings: 4, Instructions: 628COMMON

Download Yara Rule

Strings

shared_mods != 0, xrefs: 00007FF62862FEB3
##NavUpdateWindowing, xrefs: 00007FF62862FAE6
GImGui != 0, xrefs: 00007FF6286300D7, 00007FF628630133
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62862FEAC, 00007FF6286300D0, 00007FF62863012C

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: ##NavUpdateWindowing$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0$shared_mods != 0
API String ID: 0-1670481530
Opcode ID: 04b31613541f7851fe5fa51a6883c1d55b506e0910f57327a67c4b686c1ca123
Instruction ID: c22a9b512c3ddb60b2707654b56d3345840c7fa80f298c48fda5972641532cf6
Opcode Fuzzy Hash: 04b31613541f7851fe5fa51a6883c1d55b506e0910f57327a67c4b686c1ca123
Instruction Fuzzy Hash: 4B62C332E086869AFF698A358D443F97291FF45B44F084277CA4C93696CF6C7898D707

Function 00007FF62861FBB0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON

Download Yara Rule

Strings

#COLLAPSE, xrefs: 00007FF62861FDAE
Size > 0, xrefs: 00007FF62861FD39, 00007FF62861FF66
#CLOSE, xrefs: 00007FF62861FFDA
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62861FD32, 00007FF62861FF5F

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: #CLOSE$#COLLAPSE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-766050946
Opcode ID: c667e738bb88e9983f5b0a5b33468422bbcf6a4303e5676e8c40f70c724579e5
Instruction ID: 7eb012e527ebb03c93ff3217866c5cbd6674ffbafd68cad7ceb3fc238d42b9da
Opcode Fuzzy Hash: c667e738bb88e9983f5b0a5b33468422bbcf6a4303e5676e8c40f70c724579e5
Instruction Fuzzy Hash: C1123932E0878989FB11CB369C416F87360FF6A384F149733EE48676A6DF28A4859705

Function 00007FF628650DE0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF628650FF9
idx == 0 || idx == 1, xrefs: 00007FF628651121, 00007FF628651159
ImMax(size_contents_v, size_visible_v) > 0.0f, xrefs: 00007FF628651000
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62865111A, 00007FF628651152

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImMax(size_contents_v, size_visible_v) > 0.0f$idx == 0 || idx == 1
API String ID: 0-3128625980
Opcode ID: dc63a2eb52d91a7c96ab9617dc742f0ba242692b369b0ab69c027296cb449c46
Instruction ID: 4db09a90b2184205bb81c9034179c496cbb29d7208a027dcd224f0a7538d2c09
Opcode Fuzzy Hash: dc63a2eb52d91a7c96ab9617dc742f0ba242692b369b0ab69c027296cb449c46
Instruction Fuzzy Hash: EC12F622D187DD85E62386379C412B9A350BFAE784F1CC733ED48729A2DF6DB4C19605

Function 00007FF628652A00 Relevance: 5.3, Strings: 4, Instructions: 302COMMON

Download Yara Rule

Strings

##v, xrefs: 00007FF628652A6E, 00007FF628652ECF
i >= 0 && i < Size, xrefs: 00007FF628652CAA
#ComboPopup, xrefs: 00007FF628652C31
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628652CA3

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: ##v$#ComboPopup$C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 0-2429816084
Opcode ID: d223ba95fa3f8431c3527eb8a8addc1fc094f61dda7c71b05821a76b8b7267f5
Instruction ID: 8f0ec268b27cc1aba2ccf2cfdd22446b9af2f59e6c820b0bec0a1227d4719656
Opcode Fuzzy Hash: d223ba95fa3f8431c3527eb8a8addc1fc094f61dda7c71b05821a76b8b7267f5
Instruction Fuzzy Hash: ABE1F732E14B898AEB11CB369C402ED7360FF69748F149723EE08B76A5DF38A155E744

Function 00007FF62865C310 Relevance: 4.1, Strings: 3, Instructions: 301COMMON

Download Yara Rule

Strings

(0) && "Calling PopItemFlag() too many times!", xrefs: 00007FF62865C8CB
Calling PopItemFlag() too many times!, xrefs: 00007FF62865C8AE
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62865C8C4

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopItemFlag() too many times!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Calling PopItemFlag() too many times!
API String ID: 0-102052167
Opcode ID: 96fb338a3eb5323ad8e16e2236e7e16ed0364ae2ad41a9e1da31dbf1eaac17b2
Instruction ID: 83e7a46ec2ad1a5f2d03b1c1ac841c988a275b58237a0b3c7e7c01871eaecdd0
Opcode Fuzzy Hash: 96fb338a3eb5323ad8e16e2236e7e16ed0364ae2ad41a9e1da31dbf1eaac17b2
Instruction Fuzzy Hash: 3DE107319187C981FB268B369C413F9B391FF59784F088333EA48A71A6DF2CA195D705

Function 00007FF62863B1E0 Relevance: 3.3, APIs: 2, Instructions: 255COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62863B53F
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62863B5C0

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID:
API String ID: 2739980228-0
Opcode ID: 89a1eaa537f98bdf62386232f3624c061cf0e3d8d3dbcf3ca7194298f4348eb7
Instruction ID: ed7db9656cc564859c2f61f29fef14ddfa9ee2c7486a9777d19c55c2b192c286
Opcode Fuzzy Hash: 89a1eaa537f98bdf62386232f3624c061cf0e3d8d3dbcf3ca7194298f4348eb7
Instruction Fuzzy Hash: 72B1E632A18A9586E722DF3598452FEB7A4FF59B84F048327EB8552654EF38E482D700

Function 00007FF62866105B Relevance: 3.0, APIs: 2, Instructions: 26COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 00007FF62866105D
GetLocaleInfoA.KERNEL32 ref: 00007FF628661079

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: InfoKeyboardLayoutLocale
String ID:
API String ID: 1218629382-0
Opcode ID: 9e33f65f36021c76e3ce5085f13d9bf961fb33b85001965e3fe80dccfd441406
Instruction ID: 414414ca5423ed3bf09701ff7f46cfb54951d34c96c3aabdfebfdcb6cf0b10c9
Opcode Fuzzy Hash: 9e33f65f36021c76e3ce5085f13d9bf961fb33b85001965e3fe80dccfd441406
Instruction Fuzzy Hash: 62F08226A145D286EB628B37AC016AA6394FB48754F144037CF8D93610DE3DE487D744

Function 00007FF62862C250 Relevance: 2.8, Strings: 2, Instructions: 281COMMON

Download Yara Rule

Strings

(window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened, xrefs: 00007FF62862C2E4
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62862C2DD

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: (window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened$C:\Users\55yar\Desktop\imgui-master\imgui.cpp
API String ID: 0-3836044477
Opcode ID: 5a185c5bc87efbe87e49fe26606f6f425be744948ca03a92641440ced4ace0dc
Instruction ID: 590c50cdbd37077ee7867204b7f77c15302d8110caf0ff17a9d12ffcd9c24018
Opcode Fuzzy Hash: 5a185c5bc87efbe87e49fe26606f6f425be744948ca03a92641440ced4ace0dc
Instruction Fuzzy Hash: D0D11523D08A8E81FA2257374C420B96391BF7E384F189773FD4CB69A5CF1C75946649

Function 00007FF628637EF0 Relevance: 2.7, Strings: 2, Instructions: 225COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF628638FAD
!(o > b->size || o < 0), xrefs: 00007FF628638FB4

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: !(o > b->size || o < 0)$C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2013812653
Opcode ID: 338cbcf2d73f435f5922b98e8238c06777b811b88471036ee86486d399c18bc5
Instruction ID: ed57a1de57b810ab7568c65ba8aae5c18d22d21755c982228682346a3ae80606
Opcode Fuzzy Hash: 338cbcf2d73f435f5922b98e8238c06777b811b88471036ee86486d399c18bc5
Instruction Fuzzy Hash: 56B1B332A08AC48AFB01CF7A98411FDB7B0FB99385F145325EF8962665DF39A585DF00

Function 00007FF62863BFC0 Relevance: 2.7, Strings: 2, Instructions: 203COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF62863C1EE
pixels[i*stride_in_bytes] == 0, xrefs: 00007FF62863C1F5

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i*stride_in_bytes] == 0
API String ID: 0-15633718
Opcode ID: 31de7da7b85a2ca0f7b465d4c6b43859fb456ff60d2410b47046c024e5081591
Instruction ID: ee58dd06a24d688d383d8b5f05f5909e873d53f2187bf7e960e30cc1274c467e
Opcode Fuzzy Hash: 31de7da7b85a2ca0f7b465d4c6b43859fb456ff60d2410b47046c024e5081591
Instruction Fuzzy Hash: C5710B73A0C2E247E766473CAC413AEAED2B789744F1C4236F9C9C2B45CE3CD951AA45

Function 00007FF62863BD10 Relevance: 2.7, Strings: 2, Instructions: 196COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF62863BF4D
pixels[i] == 0, xrefs: 00007FF62863BF54

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i] == 0
API String ID: 0-2060079458
Opcode ID: 00354369be909df9498fe21faccccd311e8301600fa052487b4864d57ac2e6d2
Instruction ID: c297f7464390bddcc65de4a15536e7891d5cc6ab4dd2855fc7c15774620b1d04
Opcode Fuzzy Hash: 00354369be909df9498fe21faccccd311e8301600fa052487b4864d57ac2e6d2
Instruction Fuzzy Hash: 5271E66362C6E686DB128B7DAC006B9BF91F785744F08423AEACC82B45CE3DD514DB05

Function 00007FF6286459E0 Relevance: 2.6, Strings: 2, Instructions: 124COMMON

Download Yara Rule

Strings

text_end != 0, xrefs: 00007FF628645A2F
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF628645A28

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$text_end != 0
API String ID: 0-48455972
Opcode ID: 337525c904e070bd42df79c0a6487294a94bd2ebcfc3121796ca707f84feba5e
Instruction ID: ab58a10d9b4fc9827e40c11721a653841dbaf903b2b54596c237a1e3feef7ab8
Opcode Fuzzy Hash: 337525c904e070bd42df79c0a6487294a94bd2ebcfc3121796ca707f84feba5e
Instruction Fuzzy Hash: 8F41D811A0C65A46ED318D339CA817DA652BFA9780F5C8733DD0857A94DF3CE485A70A

Function 00007FF6286246F0 Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

Size > 0, xrefs: 00007FF628624716
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62862470F

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-1180621679
Opcode ID: 6ed20166e65553b91257ace29f513335ab454b8572dbed2f61cfc2601968656f
Instruction ID: 20617dcfde337fc1f4159b4bc30d1dfe09853bcd9184bba636622b423c106125
Opcode Fuzzy Hash: 6ed20166e65553b91257ace29f513335ab454b8572dbed2f61cfc2601968656f
Instruction Fuzzy Hash: 5C31AE72B141E68FEB94CB72AC10F793B60E3D5782B896122EF8057A48CB3CE511CB50

Function 00007FF628624620 Relevance: 2.6, Strings: 2, Instructions: 52COMMON

Download Yara Rule

Strings

Size > 0, xrefs: 00007FF62862464F
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628624648

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-1180621679
Opcode ID: 440f36ff81ebcb3adc85cc04d88a8c0a58b369e470e635c1928618b8866c0834
Instruction ID: 07b410c68592e105e7c79c9b4432173ff3ff1b7a0836a3783382f28766a358f9
Opcode Fuzzy Hash: 440f36ff81ebcb3adc85cc04d88a8c0a58b369e470e635c1928618b8866c0834
Instruction Fuzzy Hash: 9711E9B16086D286EB08CB72ECE04B977A0F784782F45503BEBDA47A49DE3CD181DB50

Function 000001FDF97FBA30 Relevance: 1.7, Strings: 1, Instructions: 479COMMON

Download Yara Rule

Strings

P, xrefs: 000001FDF97FBE43

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction ID: 63212c39e43509e722ae06674b2bcfce3318e658d7dc30e5e28f5ba46f396aa3
Opcode Fuzzy Hash: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction Fuzzy Hash: 4D12D0706187458FD348DF28C490A6AB7E2FBCD348F504A6DF48AE7765D634E942CB82

Function 000001FDF98D2720 Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

@, xrefs: 000001FDF98D2AA8

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: af22b2a64cd9b34464c746f31960b8c553625a99857650b96e506a8a1dbf1dca
Instruction ID: 5c230503ecdc097c4b36583bb48ed541acd8b238face9da60ccc8f28650cf41f
Opcode Fuzzy Hash: af22b2a64cd9b34464c746f31960b8c553625a99857650b96e506a8a1dbf1dca
Instruction Fuzzy Hash: 0EE1D27461CA488FE7A4DF18D858BAAB7E1FB99305F104A2DE48FC3260DB75D845CB06

Function 00007FF6286354F0 Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF628635726

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2705777111
Opcode ID: 64546066472ca3b8349dd8d249968d4cd0d82be6d00cd49db611cd94df8f4d3b
Instruction ID: 481a5169fbd829cf05ce487bdeea512b46b9a05f89eda182079976f68b2bbac4
Opcode Fuzzy Hash: 64546066472ca3b8349dd8d249968d4cd0d82be6d00cd49db611cd94df8f4d3b
Instruction Fuzzy Hash: 135115A6A284B183DE208F3ACCC55BC37D1F74AB42FD48477D658C2E61CA2DD54AAF11

Function 00007FF62863DB50 Relevance: .9, Instructions: 868COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d529cf8631021c5dd542a830c84e469b7f6db80fccbf318bd5255d4788bf88
Instruction ID: 13b6f943bf3d8284495a4987ccdcacca79592d774f2364bda83f1efd14f2bff0
Opcode Fuzzy Hash: 19d529cf8631021c5dd542a830c84e469b7f6db80fccbf318bd5255d4788bf88
Instruction Fuzzy Hash: 29925F33924B8886D716CF37988116DBB60FFADB84B19D716EE0863761EB35E494DB00

Function 00007FF628615D90 Relevance: .6, Instructions: 579COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007
String ID:
API String ID: 3568877910-0
Opcode ID: f9d01269032edfe605ba9ee75bb53b8e442012ac64e2949f0b5a13a459ae737e
Instruction ID: 97ac948f8c4df51a7d585352551d3212f015a5e2cb4eabde78b25bdd4acf5075
Opcode Fuzzy Hash: f9d01269032edfe605ba9ee75bb53b8e442012ac64e2949f0b5a13a459ae737e
Instruction Fuzzy Hash: BD829E73814BC187D728CF30B9981DAB7A8FB55340F105219DBF622A61DB78E1A6E709

Function 00007FF62865A370 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26b4d47ad76f81d195c8f0f126609d9310c86f704e33473ce772df188177d854
Instruction ID: e633be673327bb9f6a3bce82369d9c608a6077e81fe02cc634523054d26ca2c3
Opcode Fuzzy Hash: 26b4d47ad76f81d195c8f0f126609d9310c86f704e33473ce772df188177d854
Instruction Fuzzy Hash: A522D532E087858AEB11CA769C403BD77A0FF59349F044337EE48A6596DF3DA468EB05

Function 00007FF62863C270 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c56881822656bce64306f4bdbbfd4d3a54c53e1fbf9d1ba752f976963bfc6c0c
Instruction ID: 7eedbd4187ca4f1841a1c8d118d4fae13422a4f593e30cb53ca9bf0b81eb1cdc
Opcode Fuzzy Hash: c56881822656bce64306f4bdbbfd4d3a54c53e1fbf9d1ba752f976963bfc6c0c
Instruction Fuzzy Hash: 2E023B32A146C486E721CB36D8416B9B7A1FF5DB84F148322EB89A3655DF3CE9D1DB00

Function 00007FF628646BC0 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cdcacff072863030bac574a795dcf5713a463dc51147c05da48169f858605a4
Instruction ID: e330b5c804772241d14dd6f717e082010421ebbdc786388cbd75d91f12aedc46
Opcode Fuzzy Hash: 5cdcacff072863030bac574a795dcf5713a463dc51147c05da48169f858605a4
Instruction Fuzzy Hash: 6502FF23D18B8986E62196369C421F9F360FFAE384F145722FE44629B2DF29F451A605

Function 00007FF62865BA80 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5317f72f240fe5e613bfbcefe3a1641e28353fe1cc31e2d5af9e94ad44fd5358
Instruction ID: d36ad2576077a563e792749cf187ddb9f409fe3f5618f8e48a6c41708e0e94f0
Opcode Fuzzy Hash: 5317f72f240fe5e613bfbcefe3a1641e28353fe1cc31e2d5af9e94ad44fd5358
Instruction Fuzzy Hash: EDF1B1729087838AEF718A359C403B977A0FB45744F084536DE898B2D6CF7DE845EB0A

Function 00007FF628619730 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afc59dc2018c5ed4bc9c3a55fd55fd1d2e106552e6602e1d74bb624f49eb36f9
Instruction ID: 288fc623c4965b7affab2abe5c2fe230bac32621f1123d2878d377808e111d1c
Opcode Fuzzy Hash: afc59dc2018c5ed4bc9c3a55fd55fd1d2e106552e6602e1d74bb624f49eb36f9
Instruction Fuzzy Hash: 67D1D262A0D6C245EFA58E354C003B927D1BF1274AF9C4537EE499A7C7CF3C6845A32A

Function 00007FF62865E5B0 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fbf8747a14f15bf5d526cc27580a8984dc6b205a8b29d6e8ef1f11398739796
Instruction ID: 554d83cb01d8c723016c661fa9e4b79ccf8f9667027faaf4e6a0f5c88808fa8a
Opcode Fuzzy Hash: 7fbf8747a14f15bf5d526cc27580a8984dc6b205a8b29d6e8ef1f11398739796
Instruction Fuzzy Hash: 93C11D36750B8982EB158F3BD854BAD2761EB9DF89F09D232CE0A17B64DF3AD1458700

Function 00007FF62863AD40 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 562b7d3f91c9f74b619fe1397834ae2ab76450cf0a24359a5ff58522b0b22631
Instruction ID: 15a5ca55a1dd87d0511a2058caf8257c3f10c3025d10d961d0ac0671cb6f7454
Opcode Fuzzy Hash: 562b7d3f91c9f74b619fe1397834ae2ab76450cf0a24359a5ff58522b0b22631
Instruction Fuzzy Hash: 84B15122E28FCC41E223963758821F9E250AFBF7C5F2DDB23F984756B2AF2565D16500

Function 00007FF628625A30 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07cb8aba6307fe7dc9cd5f23d641e01c29a23161fcd7abab4b59ac3142b8c2da
Instruction ID: e3d0658adfed50d9e5facac06cfe2a8cc3ac76282a404d61b93a5ecb0d89e5d9
Opcode Fuzzy Hash: 07cb8aba6307fe7dc9cd5f23d641e01c29a23161fcd7abab4b59ac3142b8c2da
Instruction Fuzzy Hash: 31D1C632D0A3C195E7918F355C517F83BD4FB66B48F0D82BBDB8857A4ACF285450AB22

Function 00007FF62862F250 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2103458bef360e4307c807517193c080bccb7cfe3cd90ec02abd82c8c74968f6
Instruction ID: f7700b271f9bf2cd71ca57344a73c27707b7af8546099eb2c3a28c38aac06b6a
Opcode Fuzzy Hash: 2103458bef360e4307c807517193c080bccb7cfe3cd90ec02abd82c8c74968f6
Instruction Fuzzy Hash: E29147329186858BEB668F359C003FA73A0FF09758F188337DB59669D9CF3CA4909B05

Function 000001FDF9833841 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction ID: 8f60a195d6f7ff8a9d00f3ef039faeb7920a6cf85c5f7e98934ea5b2fa68ee25
Opcode Fuzzy Hash: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction Fuzzy Hash: 48410DDFC0DAC51BC7428664ACAA6827F709A2324EBCF58DBD498CA587F048D409D712

Function 00007FF62866D248 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e382bf20dea637b18d83081c31d60b7654a54f485161703c9828a3f2dd19b069
Instruction ID: 67cba2454282005511bda0df726a3b2ebdd9385f6bd3c2e790b4cb48d5096a26
Opcode Fuzzy Hash: e382bf20dea637b18d83081c31d60b7654a54f485161703c9828a3f2dd19b069
Instruction Fuzzy Hash: 96C012A7D5CAF62AE65306298C237952A942BE5100F4A8022CA84832C3A80E6806A046

Function 000001FDF97E4850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON

Download Yara Rule

APIs

Part of subcall function 000001FDF97E5360: _WChar_traits.LIBCPMTD ref: 000001FDF97E538D

Part of subcall function 000001FDF97E4AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E4AD0
Part of subcall function 000001FDF97E4AA0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF97E4B2F
Part of subcall function 000001FDF97E4AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E4B41

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF97E48B8

Strings

i, xrefs: 000001FDF97E4900
o, xrefs: 000001FDF97E4946
, xrefs: 000001FDF97E490A
t, xrefs: 000001FDF97E492D
a, xrefs: 000001FDF97E4928
K, xrefs: 000001FDF97E490F
, xrefs: 000001FDF97E491E
l, xrefs: 000001FDF97E4941
c, xrefs: 000001FDF97E4905
y, xrefs: 000001FDF97E4919
B, xrefs: 000001FDF97E493C
g, xrefs: 000001FDF97E48FB
D, xrefs: 000001FDF97E4923
M, xrefs: 000001FDF97E48F1
b, xrefs: 000001FDF97E494B
KDBM, xrefs: 000001FDF97E49A9
e, xrefs: 000001FDF97E4914
a, xrefs: 000001FDF97E48F6
a, xrefs: 000001FDF97E4932
, xrefs: 000001FDF97E4937

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork$Char_traits
String ID: $ $ $B$D$K$KDBM$M$a$a$a$b$c$e$g$i$l$o$t$y
API String ID: 1777712374-1292890139
Opcode ID: c02a726d3c2bd88a4534588b83aa4fca235328903684469cf21292f4d99c4a12
Instruction ID: 52dcb5f98c20b6e99794dfbae93e319bc8e23446150c35b2b927f4397f83e3d6
Opcode Fuzzy Hash: c02a726d3c2bd88a4534588b83aa4fca235328903684469cf21292f4d99c4a12
Instruction Fuzzy Hash: D761E87050CB848FE761EB68C449B9ABBE1FBE9304F04491DE4C9C7261DBB99488CB53

Function 00007FF628627C60 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 76COMMON

Download Yara Rule

APIs

00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF628627C8F
00007FFE1FFB5630.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF628627CA4

Strings

sz_io == sizeof(ImGuiIO) && "Mismatched struct layout!", xrefs: 00007FF628627CDD
sz_idx == sizeof(ImDrawIdx) && "Mismatched struct layout!", xrefs: 00007FF628627D90
1.91.6 WIP, xrefs: 00007FF628627C80, 00007FF628627C98
sz_vec4 == sizeof(ImVec4) && "Mismatched struct layout!", xrefs: 00007FF628627D48
strcmp(version, "1.91.6 WIP") == 0 && "Mismatched version string!", xrefs: 00007FF628627CBA
sz_style == sizeof(ImGuiStyle) && "Mismatched struct layout!", xrefs: 00007FF628627D02
sz_vec2 == sizeof(ImVec2) && "Mismatched struct layout!", xrefs: 00007FF628627D24
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628627CB3, 00007FF628627CD6, 00007FF628627CFB, 00007FF628627D1D, 00007FF628627D41, 00007FF628627D65, 00007FF628627D89
sz_vert == sizeof(ImDrawVert) && "Mismatched struct layout!", xrefs: 00007FF628627D6C

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007B5630
String ID: 1.91.6 WIP$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$strcmp(version, "1.91.6 WIP") == 0 && "Mismatched version string!"$sz_idx == sizeof(ImDrawIdx) && "Mismatched struct layout!"$sz_io == sizeof(ImGuiIO) && "Mismatched struct layout!"$sz_style == sizeof(ImGuiStyle) && "Mismatched struct layout!"$sz_vec2 == sizeof(ImVec2) && "Mismatched struct layout!"$sz_vec4 == sizeof(ImVec4) && "Mismatched struct layout!"$sz_vert == sizeof(ImDrawVert) && "Mismatched struct layout!"
API String ID: 2248877218-1295771896
Opcode ID: 81d2e9201c58c4257a11a08258dd765dc5fa7c07bb397093847fbf6462c9f984
Instruction ID: f79a6923ed2e05e6a36a5c558b6be0a9580aa8a262ed9dedd14330533e5b60ea
Opcode Fuzzy Hash: 81d2e9201c58c4257a11a08258dd765dc5fa7c07bb397093847fbf6462c9f984
Instruction Fuzzy Hash: 0B314C20B19A9380FF109B26EC545743361FBA5784F845437D90D8BAA4DF2EF548D78A

Function 000001FDF9866FF0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF986722D
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98672AA
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98672C3
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF9867303
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF9867362
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF986737B
_Min_value.LIBCPMTD ref: 000001FDF98673B2
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98673CE
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98673E7
_Max_value.LIBCPMTD ref: 000001FDF986741E
_Min_value.LIBCPMTD ref: 000001FDF986743B

Part of subcall function 000001FDF986F190: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001FDF986F1B5

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction ID: 8ab0660a526b09c3814e0626b2725d36aeda3a125866672ca6d28487c214d3fb
Opcode Fuzzy Hash: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction Fuzzy Hash: 1102FE7151CB898FD7B5EB18D454BFAB3E1FBA8300F80092E958FC7291DA749985CB42

Function 000001FDF98669A0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF9866BDD
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF9866C5A
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF9866C73
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF9866CB3
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF9866D12
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF9866D2B
_Min_value.LIBCPMTD ref: 000001FDF9866D62
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF9866D7E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF9866D97
_Max_value.LIBCPMTD ref: 000001FDF9866DCE
_Min_value.LIBCPMTD ref: 000001FDF9866DEB

Part of subcall function 000001FDF986F140: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001FDF986F165

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
Instruction ID: c1f3ecaf21421fd2b9f8740e92a71683779c99409860c6598c4abd5e19217738
Opcode Fuzzy Hash: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
Instruction Fuzzy Hash: 6A020F7151CB898FD7B5EB18D494BFAB3E1FBA8300F80092E958FC7291DA709945CB42

Function 00007FF62861C240 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 313COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF62861C5B2

Strings

draw_data->CmdLists.Size == draw_data->CmdListsCount, xrefs: 00007FF62861C61C
##Foreground, xrefs: 00007FF62861C5E0
Size > 0, xrefs: 00007FF62861C679
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62861C25A, 00007FF62861C332, 00007FF62861C615
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF62861C339
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62861C672
g.Initialized, xrefs: 00007FF62861C261
##Background, xrefs: 00007FF62861C3E3

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: ##Background$##Foreground$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$Size > 0$draw_data->CmdLists.Size == draw_data->CmdListsCount$g.Initialized
API String ID: 338975850-3285338674
Opcode ID: 55e0a90a21c0d75db33410e0f2d76169ae9688cc536bc39d37b1e1ec5e10517e
Instruction ID: 9d5ee50610698b0677654b26f6780041daa5ab4aca706fe5cf35bd5638fbdbb5
Opcode Fuzzy Hash: 55e0a90a21c0d75db33410e0f2d76169ae9688cc536bc39d37b1e1ec5e10517e
Instruction Fuzzy Hash: FFE18B32A08A8286EF508F35DD446BD37A6FB84B84F484036DA0DC775ADF38E850E346

Function 00007FF6286552B0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 211COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF6286553CB
00007FFE1A451310.VCRUNTIME140 ref: 00007FF628655498

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF628655501
((char*)(state->undo_rec + state->redo_point + 1) + move_size) <= buf_end, xrefs: 00007FF628655475
i >= 0 && i < Size, xrefs: 00007FF62865552C
((char*)(state->undo_rec + state->redo_point)) >= buf_begin, xrefs: 00007FF628655441
C:\Users\55yar\Desktop\imgui-master\imstb_textedit.h, xrefs: 00007FF62865543A, 00007FF62865546E
idx <= obj->TextLen, xrefs: 00007FF628655508
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628655525

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: ((char*)(state->undo_rec + state->redo_point + 1) + move_size) <= buf_end$((char*)(state->undo_rec + state->redo_point)) >= buf_begin$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$C:\Users\55yar\Desktop\imgui-master\imstb_textedit.h$i >= 0 && i < Size$idx <= obj->TextLen
API String ID: 338975850-1648308927
Opcode ID: cba7749c605e8c7e24c6b8a343890df7f9a2b9aba5917ea33c91d25d186e9d41
Instruction ID: 469ff87764b55c372afa0985cd847feb54a9b987a2699a2ab133be659a4cffd5
Opcode Fuzzy Hash: cba7749c605e8c7e24c6b8a343890df7f9a2b9aba5917ea33c91d25d186e9d41
Instruction Fuzzy Hash: AE91DCB2B14B9682EF00CF24DC483BC2762FB95B88F084136CA498B656DF3DE541D75A

Function 00007FF6286419E0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 180COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140(00000000,?,00000000,?,00007FF628641E8F), ref: 00007FF628641C6E

Strings

font_cfg->FontData != 0 && font_cfg->FontDataSize > 0, xrefs: 00007FF628641A39
Fonts.Size > 0 && "Cannot use MergeMode for the first font", xrefs: 00007FF628641BB2
font_cfg->SizePixels > 0.0f && "Is ImFontConfig struct correctly initialized?", xrefs: 00007FF628641A60
Size > 0, xrefs: 00007FF628641BDE, 00007FF628641C16
font_cfg->OversampleH > 0 && font_cfg->OversampleV > 0 && "Is ImFontConfig struct correctly initialized?", xrefs: 00007FF628641A86
!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF628641A13
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF628641A0C, 00007FF628641A32, 00007FF628641A59, 00007FF628641A7F, 00007FF628641BAB
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628641BD7, 00007FF628641C0F

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$Fonts.Size > 0 && "Cannot use MergeMode for the first font"$Size > 0$font_cfg->FontData != 0 && font_cfg->FontDataSize > 0$font_cfg->OversampleH > 0 && font_cfg->OversampleV > 0 && "Is ImFontConfig struct correctly initialized?"$font_cfg->SizePixels > 0.0f && "Is ImFontConfig struct correctly initialized?"
API String ID: 338975850-1408190167
Opcode ID: 4b026fe13ab83fc8438c196aeeeb5438b1cc742c023650797a3835b1c7df2fda
Instruction ID: 5106b50fbb6665030f3a18f14a059e3635153c37228eeee754a4a434ec66b7d4
Opcode Fuzzy Hash: 4b026fe13ab83fc8438c196aeeeb5438b1cc742c023650797a3835b1c7df2fda
Instruction Fuzzy Hash: A1918032908B8296EB60DF25EC506AC33A5FB44B84F404137CA4D97665DF3CE5A9E34A

Function 000001FDF9852A10 Relevance: 15.2, APIs: 10, Instructions: 190COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001FDF9852A62

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

std::make_error_code.LIBCPMTD ref: 000001FDF9852AB6
std::make_error_code.LIBCPMTD ref: 000001FDF9852AF1

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
Instruction ID: b41a66003cc61e183b418c6a9b1c03a62612de19701739bae026572584f60fef
Opcode Fuzzy Hash: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
Instruction Fuzzy Hash: D9611F30A286568BE654EB19EC50FFBB6E2BBC4395F400479F087D61E6CE24DC06D683

Function 00007FF628640850 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 322COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF62863D0B7), ref: 00007FF628640A83
00007FFE1A451310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF62863D0B7), ref: 00007FF628640C0C
00007FFE1A451310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF62863D0B7), ref: 00007FF628640C2C

Strings

i >= 0 && i < Size, xrefs: 00007FF628640968, 00007FF6286409D1, 00007FF628640BDE
it >= Data && it < Data + Size, xrefs: 00007FF628640A45
, xrefs: 00007FF628640C34
Size > 0, xrefs: 00007FF6286408CE, 00007FF628640C7C
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6286408C7, 00007FF628640961, 00007FF6286409CA, 00007FF628640A3E, 00007FF628640BD7, 00007FF628640C75

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 338975850-669993125
Opcode ID: 71389e765cdf82a4882dcaf081e1e13a47cd802ca95431e42650f4a32f630d61
Instruction ID: 387d234b6a827e3783d301b0ccfa93393878cb80af5f9c2c7314e6ffe5243025
Opcode Fuzzy Hash: 71389e765cdf82a4882dcaf081e1e13a47cd802ca95431e42650f4a32f630d61
Instruction Fuzzy Hash: EFE1CD72A08AA68AEFA4CF25DC5076D33A1FB80B84F058136DA4DC7654DF3DE481D74A

Function 00007FF628623320 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 206COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF6286234DD
00007FFE1A451310.VCRUNTIME140 ref: 00007FF62862353A

Strings

i >= 0 && i < Size, xrefs: 00007FF6286234FB, 00007FF628623558
<NULL>, xrefs: 00007FF628623456
window == 0 || window->RootWindow != 0, xrefs: 00007FF628623615
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62862360E
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6286234F4, 00007FF628623551
[focus] FocusWindow("%s", UnlessBelowModal): prevented by "%s"., xrefs: 00007FF628623461

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: <NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$[focus] FocusWindow("%s", UnlessBelowModal): prevented by "%s".$i >= 0 && i < Size$window == 0 || window->RootWindow != 0
API String ID: 338975850-1613245857
Opcode ID: 38ba76fbec77e7e4ee3866a5998e65f7bd94d7ae0fa5277d0de83dec56c81f92
Instruction ID: 1f6a855675fcaa2b3c4fdd84468882b881bb53a5f391c86707ebc5b2e7a7ad99
Opcode Fuzzy Hash: 38ba76fbec77e7e4ee3866a5998e65f7bd94d7ae0fa5277d0de83dec56c81f92
Instruction Fuzzy Hash: 06A18F32A096C296EF198B35DE402B9A7A1FF00B80F4C0077DA5D87AA9DF6DF550D306

Function 00007FF62864DF40 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 114COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62864E006

Strings

i >= 0 && i < Size, xrefs: 00007FF62864E11C
table->MemoryCompacted == false, xrefs: 00007FF62864DF6F
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF62864DF68
p >= Buf.Data && p < Buf.Data + Buf.Size, xrefs: 00007FF62864E0D1
p >= Data && p < DataEnd, xrefs: 00007FF62864E070
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF62864E069, 00007FF62864E0CA
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62864E115

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$i >= 0 && i < Size$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table->MemoryCompacted == false
API String ID: 2739980228-1783795845
Opcode ID: 05490356745c638e72b665715467a340bbf28cbfda5662b06804bd3badcdefa0
Instruction ID: 94c1a82bc82d29aab150e115b611ef4ee051e9ec30a8e9bcaeb3d3900e05092f
Opcode Fuzzy Hash: 05490356745c638e72b665715467a340bbf28cbfda5662b06804bd3badcdefa0
Instruction Fuzzy Hash: 16517172A08A8286DF20CF25EC542EC77A0FB55B84F440137CA4D8B664DF7EE556D346

Function 000001FDF982AB60 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001FDF982AC65
shared_ptr.LIBCMTD ref: 000001FDF982ACD3

Strings

d, xrefs: 000001FDF982AC6C

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 1a6a6722034d945976169db871c6d8bc4f2ed9e348582280147d843b730620fb
Instruction ID: f2367845c521af2b5aa3e3d8f2b2909be11d5ceb7ae3ee3115847974cd675af6
Opcode Fuzzy Hash: 1a6a6722034d945976169db871c6d8bc4f2ed9e348582280147d843b730620fb
Instruction Fuzzy Hash: C69115305287858FD794EB28D454BBABBE2FFD9310F54496EB48BC32A1DA349945CB03

Function 000001FDF982A850 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001FDF982A955
shared_ptr.LIBCMTD ref: 000001FDF982A9C3

Strings

d, xrefs: 000001FDF982A95C

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 69cead7afb0e039ecb5138173952be44cfc6b8be8a7abe79b5a91df074882742
Instruction ID: a0431f21527008b9c21454522c734e1920d3943d073f62a2c2caca39f1ec3c41
Opcode Fuzzy Hash: 69cead7afb0e039ecb5138173952be44cfc6b8be8a7abe79b5a91df074882742
Instruction Fuzzy Hash: CE9115305287858FD794EB28D455BBABBE2FFD9310F54096EB48BC32A1DA349945CB03

Function 000001FDF982A540 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001FDF982A647
shared_ptr.LIBCMTD ref: 000001FDF982A6B5

Strings

d, xrefs: 000001FDF982A64E

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 2612a0b920fc091130e9c3c3613e0ec6eef3206baac283914f1a5a83fc148c58
Instruction ID: 0590cd776525b9fe7fed6f4eefda1848e7b5e4565a571e357e4e994e6ef58374
Opcode Fuzzy Hash: 2612a0b920fc091130e9c3c3613e0ec6eef3206baac283914f1a5a83fc148c58
Instruction Fuzzy Hash: 339117305187858FD795EB28D454BBABBE2FFD9340F44096EB48BC32A1DA349946CB03

Function 00007FF628644020 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 216COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6286350E0: 00007FFE1FFA49A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF628635139

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286443A0

Strings

pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height, xrefs: 00007FF6286442DB
i >= 0 && i < Size, xrefs: 00007FF628644107, 00007FF62864412F, 00007FF62864415D, 00007FF628644185, 00007FF6286441CD, 00007FF628644221, 00007FF62864424C, 00007FF628644287, 00007FF6286442B3
user_rects.Size >= 1, xrefs: 00007FF628644074
pack_context != 0, xrefs: 00007FF628644054
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF62864404D, 00007FF62864406D, 00007FF6286442D4
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628644100, 00007FF628644128, 00007FF628644156, 00007FF62864417E, 00007FF6286441C6, 00007FF62864421A, 00007FF628644245, 00007FF628644280, 00007FF6286442AC

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007$F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$i >= 0 && i < Size$pack_context != 0$pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height$user_rects.Size >= 1
API String ID: 4100318414-766226355
Opcode ID: d8d0bebeb08d036a40d74117251c14b4f782741f3faf700fef8f86834b9736d4
Instruction ID: 1e1b16d4a8bad3afdabcf1eceb46a84806aa213b6b4e7c89f405735a0b00e292
Opcode Fuzzy Hash: d8d0bebeb08d036a40d74117251c14b4f782741f3faf700fef8f86834b9736d4
Instruction Fuzzy Hash: 02A19D32A09A9292EF14DF26DC511B87360FB84B88F408137DA4D87A64DF3DE596D34A

Function 00007FF62861D070 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 172COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF62861D2E0

Strings

i >= 0 && i < Size, xrefs: 00007FF62861D1CF, 00007FF62861D246
g.WindowsFocusOrder[window->FocusOrder] == window, xrefs: 00007FF62861D205
it >= Data && it < Data + Size, xrefs: 00007FF62861D2AB
!g.WindowsFocusOrder.contains(window), xrefs: 00007FF62861D110
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62861D109, 00007FF62861D1FE
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62861D1C8, 00007FF62861D23F, 00007FF62861D2A4

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: !g.WindowsFocusOrder.contains(window)$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$g.WindowsFocusOrder[window->FocusOrder] == window$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 338975850-3130785268
Opcode ID: 9f02b039fdcaa7b742a3d60f602bcfec43f35c8abd80d2da92b53ff394a33b45
Instruction ID: fbafa1013cf8e4e7d001bbf0a8b3684e37e8b30fb61bb930ca9c6f1af4455400
Opcode Fuzzy Hash: 9f02b039fdcaa7b742a3d60f602bcfec43f35c8abd80d2da92b53ff394a33b45
Instruction Fuzzy Hash: F6719A22609A9291EF20CF26DC402E86321FB84B85F844133CA1D87795DE7EF696D35A

Function 00007FF62861B560 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 159COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF62861B7D7

Strings

it >= Data && it <= Data + Size, xrefs: 00007FF62861B770
i >= 0 && i < Size, xrefs: 00007FF62861B5B3
cmd.ElemCount == 6, xrefs: 00007FF62861B70A
Size > 0, xrefs: 00007FF62861B6B0, 00007FF62861B729
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62861B703
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62861B5AC, 00007FF62861B6A9, 00007FF62861B722, 00007FF62861B769

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$cmd.ElemCount == 6$i >= 0 && i < Size$it >= Data && it <= Data + Size
API String ID: 338975850-3684587188
Opcode ID: 32f969d57518e8ff86bb7a1ee6f74f0bf99713afd0104c017ab027245c74de74
Instruction ID: a9465d727b78ff4364f5681cffaf32cf6b7592bee72346dc65cc6ffaafdcd50f
Opcode Fuzzy Hash: 32f969d57518e8ff86bb7a1ee6f74f0bf99713afd0104c017ab027245c74de74
Instruction Fuzzy Hash: 7281A422A18AC681EB108F3ADC403F9B360FF94B44F049232EA4D97765DF2DE586D705

Function 000001FDF9830EC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON

Download Yara Rule

APIs

Part of subcall function 000001FDF97EA110: char_traits.LIBCPMTD ref: 000001FDF97EA13D

type_info::_name_internal_method.LIBCMTD ref: 000001FDF9830F36
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9830F55
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9830FE6
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9831041
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9831093

Strings

, xrefs: 000001FDF9830F08
', xrefs: 000001FDF9830F6D

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID: $'
API String ID: 2432257368-2481900351
Opcode ID: 52a6df86987effc56c3942b1dc471f96e7d443776264125f91504f2597ebadb0
Instruction ID: 06ab0449e69ef5c20ecad6472877cd0f84f6bca04e0e723fdcc4d270062c32be
Opcode Fuzzy Hash: 52a6df86987effc56c3942b1dc471f96e7d443776264125f91504f2597ebadb0
Instruction Fuzzy Hash: C9510131518B898FD7A5FB14D895FFAB7E1FB94340F40496DA08BC3261DE349985CB42

Function 00007FF628660C30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

TrackMouseEvent.USER32 ref: 00007FF628660CCE
GetMessageExtraInfo.USER32 ref: 00007FF62866126A
TrackMouseEvent.USER32 ref: 00007FF6286612FB
TrackMouseEvent.USER32 ref: 00007FF628661305
ScreenToClient.USER32 ref: 00007FF628661331

Strings

Ctx != 0, xrefs: 00007FF628661355
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62866134E

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: EventMouseTrack$ClientExtraInfoMessageScreen
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 3561655495-3890275027
Opcode ID: abe9a299fd20b9a6fbd2fc3767dffb8d4ebf984e011b516c80763c98f3087046
Instruction ID: bba36ec6e66be07056ead69f4f12adb9d91972f98ec462c0dbc6da7ba7155bfe
Opcode Fuzzy Hash: abe9a299fd20b9a6fbd2fc3767dffb8d4ebf984e011b516c80763c98f3087046
Instruction Fuzzy Hash: DA61AD32E086928AEB51CF76DC402BD37B5FB44748F18813ADA0AA3A94CF7CE446D705

Function 00007FF62861CB20 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 130COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF62861CC55
__swprintf_l.LIBCMT ref: 00007FF62861CC67

Strings

%s/%s_%08X, xrefs: 00007FF62861CC49
#Child, xrefs: 00007FF62861CCB9
id != 0, xrefs: 00007FF62861CB61
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62861CB5A
%s/%08X, xrefs: 00007FF62861CC5C

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: __swprintf_l
String ID: #Child$%s/%08X$%s/%s_%08X$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$id != 0
API String ID: 1488884202-1586801193
Opcode ID: 6db79fa99209152f1d7b5e30e8589ad90eaa443debf081e66ebce48769e8c08d
Instruction ID: 6a48700996820a7a108909ea76ba5bd7668ec82179b38eb6e98166d9b4274306
Opcode Fuzzy Hash: 6db79fa99209152f1d7b5e30e8589ad90eaa443debf081e66ebce48769e8c08d
Instruction Fuzzy Hash: CD51CF32A0868696EB54CF369C402EDB7A1FF98744F048237DA0D83692DF3CA495E746

Function 00007FF6286343E0 Relevance: 12.4, APIs: 8, Instructions: 350COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62863446E
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62863455A
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286345DA
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286346F6
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628634806
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286348E6
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628634966
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286349E7

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID:
API String ID: 2739980228-0
Opcode ID: 3bdaf2d7e444b422f850cb11a475b2b945d7ea902e82f7935716d9e8c5838d19
Instruction ID: f45cb8355517e7a14f921a69247a27c8dae4d6411f4e25024cd4697c3c77179d
Opcode Fuzzy Hash: 3bdaf2d7e444b422f850cb11a475b2b945d7ea902e82f7935716d9e8c5838d19
Instruction Fuzzy Hash: 55024F3261999292DB49EF74CD550FCA374FB54B44B948133D60EC32A2EF38E5AAC349

Function 00007FF628639E40 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 426COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF62863A001, 00007FF62863A0E1, 00007FF62863A17E
z->direction, xrefs: 00007FF62863A008
z != 0, xrefs: 00007FF62863A0E8
z->ey >= scan_y_top, xrefs: 00007FF62863A185

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$z != 0$z->direction$z->ey >= scan_y_top
API String ID: 0-479673919
Opcode ID: 496177e30f1f47a0253c2eb182772cfe53367d7ba0e27b4cf9f0b1df9b37e93e
Instruction ID: 166816cc57132abda3f09a4353b9d06c65c5a6996050554e3299c366d64ee2b7
Opcode Fuzzy Hash: 496177e30f1f47a0253c2eb182772cfe53367d7ba0e27b4cf9f0b1df9b37e93e
Instruction Fuzzy Hash: 15120632908AC586DB52CF35DC412E9B3A0FF58B85F188323DA49A3664EF39E595D701

Function 00007FF628618380 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 164COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628618442
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286184FA
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62861858A

Part of subcall function 00007FF6286181E0: 00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628618269
Part of subcall function 00007FF6286181E0: 00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286182E9
Part of subcall function 00007FF6286181E0: 00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62861836A

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628618624

Strings

DrawList == &DrawListInst, xrefs: 00007FF6286183BA
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6286183B3

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$DrawList == &DrawListInst
API String ID: 2739980228-20161693
Opcode ID: 8f0dc90c3efb46d4bbd22a949c9ecc273bb37a15ecf20fa59b12ee5c9ffabb3b
Instruction ID: 3d812139f8b9cccbd68b6b0db92d404e745fa7fcd3a372d795ed2825e9e2de11
Opcode Fuzzy Hash: 8f0dc90c3efb46d4bbd22a949c9ecc273bb37a15ecf20fa59b12ee5c9ffabb3b
Instruction Fuzzy Hash: 7A71AA72609A9286CB45DF28DC951FC73B5FB48B84B584237CA0E87365DF38D59AC341

Function 00007FF62864CA90 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 147COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF62864CB41
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62864CBC0

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF62864CC78
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF62864CC4E
p >= Data && p < DataEnd, xrefs: 00007FF62864CC55
column->SortOrder < table->SortSpecsCount, xrefs: 00007FF62864CC7F

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007$A451310F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->SortOrder < table->SortSpecsCount$p >= Data && p < DataEnd
API String ID: 4201092786-2291414753
Opcode ID: 2daecdd42683de9e67c7ebe30f5f9e664cce386a52ea0e40aa00c526c14ccb8b
Instruction ID: 7f09c20f25d6c49ccccedca98b85d3621572ecf9e076018209ebdff92c3db40a
Opcode Fuzzy Hash: 2daecdd42683de9e67c7ebe30f5f9e664cce386a52ea0e40aa00c526c14ccb8b
Instruction Fuzzy Hash: 5B61B932608A9292EB18CF29DD942BC73A2FB84B81F444137CB4D87354EF38E5A6D355

Function 00007FF6286538D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 117COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF6286539CD
00007FFE1A451310.VCRUNTIME140 ref: 00007FF6286539E0

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF628653902
i >= 0 && i < Size, xrefs: 00007FF628653A0C
pos <= text_len, xrefs: 00007FF628653909
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628653A05

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$i >= 0 && i < Size$pos <= text_len
API String ID: 338975850-3124524525
Opcode ID: 43148d90905608da133ba6f2dc9b7995a38c7d11a5028563e3b51f33180f49da
Instruction ID: c8bf8eae1d1779c243969ef81bd2bab7103e98733e35f1a7d1a6acfaf3ddad7d
Opcode Fuzzy Hash: 43148d90905608da133ba6f2dc9b7995a38c7d11a5028563e3b51f33180f49da
Instruction Fuzzy Hash: 1441F772B0874686EF248F25EE4027AB751FB84B84F4C0036DA8DC3696EE7CF5819345

Function 000001FDF981FBC0 Relevance: 9.4, APIs: 6, Instructions: 410COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001FDF981FC91

Part of subcall function 000001FDF9820350: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF982035E

Part of subcall function 000001FDF9823150: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF9823163

bool_.LIBCPMTD ref: 000001FDF981FDA3
shared_ptr.LIBCMTD ref: 000001FDF981FDB0
UnDecorator::getVbTableType.LIBCMTD ref: 000001FDF981FE53
bool_.LIBCPMTD ref: 000001FDF981FF3B
shared_ptr.LIBCMTD ref: 000001FDF981FF48

Part of subcall function 000001FDF9823080: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF982308E
Part of subcall function 000001FDF9823080: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98230C4

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Decorator::getTableTypebool_shared_ptr
String ID:
API String ID: 2413108386-0
Opcode ID: 860d05d0c23d945e2812b9969cd3f9d0f2eb79ac7c3eafe6dc3321d711d52ae6
Instruction ID: 1c5b0b4d21c4c774ee1bae36170cb93c137fa701cc8e3b9f5895975608f662b7
Opcode Fuzzy Hash: 860d05d0c23d945e2812b9969cd3f9d0f2eb79ac7c3eafe6dc3321d711d52ae6
Instruction Fuzzy Hash: C5F1553052CA898FE7A5EB18D854FFAB3E1FF99300F404969A48BC7191DE709885CB43

Function 000001FDF984E080 Relevance: 9.4, APIs: 6, Instructions: 408COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001FDF984E0A3
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001FDF984E0B7
std::make_error_code.LIBCPMTD ref: 000001FDF984E0D0
std::make_error_code.LIBCPMTD ref: 000001FDF984E132
std::make_error_code.LIBCPMTD ref: 000001FDF984E300

Part of subcall function 000001FDF97F6020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 000001FDF97F602E

std::make_error_code.LIBCPMTD ref: 000001FDF984E1B7

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction ID: 13d5fe61445af9710d3cd831f610da482f767bf442b2a79fa60b1f7c5722cd24
Opcode Fuzzy Hash: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction Fuzzy Hash: 90F1AF305287898FD6A5EB28D855FFAB7E2FB99340F40486DA48FC3192DE349946C743

Function 000001FDF981BB60 Relevance: 9.1, APIs: 6, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF981BBA6
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001FDF981BBC9
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001FDF981BBEF
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001FDF981BC62
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001FDF981BC88
List.LIBCMTD ref: 000001FDF981BC94

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::ContextIdentityQueueWork$Affinity::operator!=HardwareList
String ID:
API String ID: 2242293343-0
Opcode ID: 88a63c18065b4d406e2cb50c44761dcb7cf26b639b903796a9ee2bdb5b598967
Instruction ID: c2f83689a56cda83a9c3be90156c3b21e7b586f3e436b515b3b572f7d34a2b2a
Opcode Fuzzy Hash: 88a63c18065b4d406e2cb50c44761dcb7cf26b639b903796a9ee2bdb5b598967
Instruction Fuzzy Hash: 60410F70528A499FD794EB24E855FFAB7E1FBD4300F80492DA08BD3292DE749985C742

Function 000001FDF9861A30 Relevance: 9.1, APIs: 6, Instructions: 93COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861A5E

Part of subcall function 000001FDF98376A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001FDF98376B8

type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861A80

Part of subcall function 000001FDF9860D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001FDF9860D48

type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861AA2
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861AC4
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861AE6
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861B08

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction ID: 2687b89a67bb9756f0f74890b33022e6167c3de051a74158020fc714d11c6f23
Opcode Fuzzy Hash: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction Fuzzy Hash: CB316E70A18B898FD694FF68D455BAAB7E2FBD9340F50496DA08EC3352DA34D881C743

Function 00007FF62864E150 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF62864E2FB
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62864E432

Strings

p < end(), xrefs: 00007FF62864E209, 00007FF62864E376
p >= begin() && p < end(), xrefs: 00007FF62864E1CC, 00007FF62864E339
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF62864E1C5, 00007FF62864E202, 00007FF62864E332, 00007FF62864E36F

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007$A451310F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$p < end()$p >= begin() && p < end()
API String ID: 4201092786-1901453082
Opcode ID: 0d51d6373e06558a37e86f363c533bfeb682a8ec1d5eb1e082d5d3f253b449a9
Instruction ID: 65f05990d9da7e9906177f3ca0583ed17f8d8ede5a760c110697282519742d78
Opcode Fuzzy Hash: 0d51d6373e06558a37e86f363c533bfeb682a8ec1d5eb1e082d5d3f253b449a9
Instruction Fuzzy Hash: 1A81F272B04A9292EE248F64DD542AEB7A1FF44B95F484136CA0D87390EF3CE555C30A

Function 00007FF6286413B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628641484
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628641567
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286415F0

Strings

!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF6286413DA
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6286413D3

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 2739980228-3599239301
Opcode ID: a32acda8ac8af02c719bca1bcece888833a57668d5cda898378eef80b58275bd
Instruction ID: 2ad695c0353427a0201a0747a4173058ee016502cc14f991edf6d362c86b1c87
Opcode Fuzzy Hash: a32acda8ac8af02c719bca1bcece888833a57668d5cda898378eef80b58275bd
Instruction Fuzzy Hash: F861AE72A09A86C2DB59DF28DD542BC73B1FB54B84F548227CA0E83364DF38E56AC345

Function 00007FF628612E30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON

Download Yara Rule

APIs

00007FFE1FFA8950.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF628612EC1
00007FFE1FFA8950.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF628612EEC
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628612FA9

Strings

filename && mode, xrefs: 00007FF628612E58
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628612E51

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007$A8950$F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$filename && mode
API String ID: 3465666832-1878659873
Opcode ID: 92a00fba4662b5b3aba7ee4f4b4580fb012074609316d33d69bf72cd44fc9188
Instruction ID: 7be610e6f0d3c6f6994e99de10cfca42af0adc5abe24caacba7b0c8d7d1a59cf
Opcode Fuzzy Hash: 92a00fba4662b5b3aba7ee4f4b4580fb012074609316d33d69bf72cd44fc9188
Instruction Fuzzy Hash: 6441E121B19A5386EE94DF36AC4417863A0FF48F94F480232DA0E877D9EF3DE4569705

Function 00007FF6286613F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetMessageExtraInfo.USER32 ref: 00007FF6286613F9
GetCapture.USER32 ref: 00007FF628661491
SetCapture.USER32 ref: 00007FF62866149F

Strings

Ctx != 0, xrefs: 00007FF6286614C5
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6286614BE

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: Capture$ExtraInfoMessage
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 2172523684-3890275027
Opcode ID: 923c053ce066281c7ac671ef25c172f5d6b9f676048f14a3257d116d11b5ca04
Instruction ID: c1a087c6b66b99ed7fbe958016da3f2f73a651ac51112c463894712bc48938f1
Opcode Fuzzy Hash: 923c053ce066281c7ac671ef25c172f5d6b9f676048f14a3257d116d11b5ca04
Instruction Fuzzy Hash: F221B466A05A9387EB51CB36DC042A933A4FF44BA8F400137DA1EC7794DF3DE5469741

Function 00007FF628631F40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

printf.MSPDB140-MSVCRT ref: 00007FF62863203E

Strings

[%05d] , xrefs: 00007FF628631FAF
[%s] [%05d] , xrefs: 00007FF628631F9A
Size > 0, xrefs: 00007FF628632020
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628632019

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: printf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$[%05d] $[%s] [%05d]
API String ID: 3524737521-3476604433
Opcode ID: 3791ea77b646f4efedb4acf6e20016a352b3f2d24d4217499d1552f2091f9011
Instruction ID: 44b5d29e71609dd64141e7f3a145de4a651b7a3c0cc0c7b364c5382918060612
Opcode Fuzzy Hash: 3791ea77b646f4efedb4acf6e20016a352b3f2d24d4217499d1552f2091f9011
Instruction Fuzzy Hash: 1C21C072B08A8295EE118F32FD445EAA7A1FB40B84F884036EE4D97265DF3CE884D745

Function 00007FF62865FA50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF62865FAD2

Strings

C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF62865FA84
bd != nullptr && "No platform backend to shutdown, or already shutdown?", xrefs: 00007FF62865FA8B
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF62865FAAA
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF62865FAB1

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: FreeLibrary
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "No platform backend to shutdown, or already shutdown?"
API String ID: 3664257935-1332676508
Opcode ID: 8892cb04782d5aeb6a338803f32bc4cec3f8f323c030194c26ef7242e1d1625e
Instruction ID: e2d7eae4e73637cedcd6d51eb2c32ca33973f05f79c678b243f05bc9a66e54fa
Opcode Fuzzy Hash: 8892cb04782d5aeb6a338803f32bc4cec3f8f323c030194c26ef7242e1d1625e
Instruction Fuzzy Hash: C5315A32A09A92C6EF448F29EC9067833A0FB54B84F488137DA0D87765DF2CE455D346

Function 00007FF6286614F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetMessageExtraInfo.USER32 ref: 00007FF6286614F3
GetCapture.USER32 ref: 00007FF628661573
ReleaseCapture.USER32 ref: 00007FF62866157E

Strings

Ctx != 0, xrefs: 00007FF62866159A
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628661593

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: Capture$ExtraInfoMessageRelease
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 1767768705-3890275027
Opcode ID: cb19a9e6c1605ae45a3bbd78077dd2cfbef91a2a50fb1b9c956a217acb42d625
Instruction ID: e7a66660159d66cf2652f6d4a5c000f144afeeeb104fc53f0396c71663d24a17
Opcode Fuzzy Hash: cb19a9e6c1605ae45a3bbd78077dd2cfbef91a2a50fb1b9c956a217acb42d625
Instruction Fuzzy Hash: 9B21C2A1A256E387EF528B76DC002B962A1FB44BD4F400033DA0E977A5CF3DE5469746

Function 000001FDF9835F20 Relevance: 8.0, APIs: 5, Instructions: 479COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001FDF9836127

Part of subcall function 000001FDF980AB90: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF980ABAE

Part of subcall function 000001FDF98155D0: _Func_class.LIBCONCRTD ref: 000001FDF98155E3

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001FDF983615A
std::make_error_code.LIBCPMTD ref: 000001FDF98361A5

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::Func_classGroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 831135708-0
Opcode ID: 63f4ccc0c719f990fd2cecc369a8989cbc0d16d11778b62a075870b531d386af
Instruction ID: 0bec57d21bfd542a259a98a6b82e2cb9ea0d583cb7ca4ee1148242a86e0f8058
Opcode Fuzzy Hash: 63f4ccc0c719f990fd2cecc369a8989cbc0d16d11778b62a075870b531d386af
Instruction Fuzzy Hash: 26F11530528B494FE7A5EB28D855FFEB3D2FB94300F904979A44FC3296DE3899468742

Function 000001FDF9832740 Relevance: 7.9, APIs: 5, Instructions: 422COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001FDF98327C5
std::make_error_code.LIBCPMTD ref: 000001FDF9832810
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF9832904
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001FDF9832BB3

Part of subcall function 000001FDF983F6A0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001FDF983F6CB

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001FDF9832C8E

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Scheduler$ProcessorProxyRoot::Virtual$Base::ChoresConcurrency::details::_EmptyGroupQueue::ScheduleScheduler::_SegmentStructuredUnrealizedWorkstd::make_error_code
String ID:
API String ID: 1866601945-0
Opcode ID: 1c48c8f7abf4ee09f37d3fb5ff55bc5fc80e92da85bd99eabbe83459b1591442
Instruction ID: 204afb1fbbee519bf16da4fb9fe8abc1bc43a689791849eeb49419e6f0e9ba0e
Opcode Fuzzy Hash: 1c48c8f7abf4ee09f37d3fb5ff55bc5fc80e92da85bd99eabbe83459b1591442
Instruction Fuzzy Hash: EFF1D230628B498FE7A5EB28D855FFAB3E1FB94300F40496A948FC3291DE749586C743

Function 000001FDF98213D0 Relevance: 7.8, APIs: 5, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c96d07edaa8d96b886f0cee9a5a5907d98ccd0e4b1558795c881cfd67141d54
Instruction ID: 34b2c43ca2efe351af239caa7c8dc181f1aaf5f7e7f5d1858866757837a4741a
Opcode Fuzzy Hash: 8c96d07edaa8d96b886f0cee9a5a5907d98ccd0e4b1558795c881cfd67141d54
Instruction Fuzzy Hash: 82B1EE3051CA899FDBA4EB18C495FAAB7E1FB99344F50496DA08FC7261DB70D881CB42

Function 000001FDF9815960 Relevance: 7.8, APIs: 5, Instructions: 294COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 000001FDF9815A03
fpos.LIBCPMTD ref: 000001FDF9815B8E
fpos.LIBCPMTD ref: 000001FDF9815BC9
fpos.LIBCPMTD ref: 000001FDF9815C3C

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 3f23ec98ed8d0db8145a29062c11fbcc78a6c96a5bf2dc5e6165215fd931549f
Instruction ID: 8022158a0530bae41f7d3b00b3b189aa130578beb44aba2cdadbcb1d4219f0be
Opcode Fuzzy Hash: 3f23ec98ed8d0db8145a29062c11fbcc78a6c96a5bf2dc5e6165215fd931549f
Instruction Fuzzy Hash: 5CB1FC30628B899FD7A4DB18D854BBAB7E1FB98305F54092DE48BC32A0C775D885CB03

Function 000001FDF98599B0 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001FDF98599F1

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

std::make_error_code.LIBCPMTD ref: 000001FDF9859A94
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF9859B96
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF9859BBA

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 1851498522-0
Opcode ID: 216af3604e034a8d617a86ff12bb7c94723bc8f844cd3d72ff026fb2d344c1b4
Instruction ID: 0a0a8bfb452138080643ee91316dffc98e289526596f63526dd54c8057153e97
Opcode Fuzzy Hash: 216af3604e034a8d617a86ff12bb7c94723bc8f844cd3d72ff026fb2d344c1b4
Instruction Fuzzy Hash: 80A13531528B8A8BE765E714D851FFBB7D2FB94360F800929A08BC31E1DE74D9468783

Function 000001FDF984F260 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001FDF984F2A2

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

std::make_error_code.LIBCPMTD ref: 000001FDF984F373

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 52cd85fabb40296642562d013464caab3b67d2761199756b925dca6721a50769
Instruction ID: 0ef536779988ba4d06ca6250febacd4da74aa62facc817a9a89922306d1fa899
Opcode Fuzzy Hash: 52cd85fabb40296642562d013464caab3b67d2761199756b925dca6721a50769
Instruction Fuzzy Hash: 0491F2305287898BE3A5EB14D855FFBB7E2FBD4344F40496EA08BC2196DE309945CB83

Function 000001FDF9846EA9 Relevance: 7.7, APIs: 5, Instructions: 198COMMON

Download Yara Rule

APIs

Mailbox.LIBCMTD ref: 000001FDF9846EF2
Mailbox.LIBCMTD ref: 000001FDF9846F2A
Mailbox.LIBCMTD ref: 000001FDF9846F95
Mailbox.LIBCMTD ref: 000001FDF9846FC6
Mailbox.LIBCMTD ref: 000001FDF9846FF0

Part of subcall function 000001FDF980BC30: Mailbox.LIBCMTD ref: 000001FDF980BC7E

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Mailbox
String ID:
API String ID: 1763892119-0
Opcode ID: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction ID: 0b38179b7e5d301f5ab149d637b2a86bbe1d164eea186f5df2046dc13fdd2034
Opcode Fuzzy Hash: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction Fuzzy Hash: D6612F3151CA888FE765EB18C454BFBB7E1FBA8301F540A2EA48BD32A1DE74D945C742

Function 000001FDF98026B0 Relevance: 7.7, APIs: 5, Instructions: 190COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 000001FDF98026D8
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001FDF9802767

Part of subcall function 000001FDF9800B80: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF9800BB2

Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001FDF98027FE
std::error_condition::error_condition.LIBCPMTD ref: 000001FDF980286F
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001FDF98028DC

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_SchedulerScheduler::_$std::error_condition::error_condition$std::bad_exception::bad_exception
String ID:
API String ID: 3801495819-0
Opcode ID: 855e9fad3cf8b62679a3ed4dce5103e3daddbb4618be66b587f956b2a1f93412
Instruction ID: 703f2d7b0050cb4b45e544ade37421af6325913bdf0a23afffc91cc1399809c0
Opcode Fuzzy Hash: 855e9fad3cf8b62679a3ed4dce5103e3daddbb4618be66b587f956b2a1f93412
Instruction Fuzzy Hash: 4D61FC34628B498FD7A4EB28D845BEAB7E1FF98314F44496DE08AC32A1DB74D445CB42

Function 000001FDF987AAA0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001FDF987AAC8

Part of subcall function 000001FDF987C040: shared_ptr.LIBCPMTD ref: 000001FDF987C061

__crt_scoped_stack_ptr.LIBCPMTD ref: 000001FDF987AB47
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF987ABA6
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF987ABBD
__crt_scoped_stack_ptr.LIBCPMTD ref: 000001FDF987AC66

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: 91d403a99b0aa0b9c84ca8b623b580e6659b45cf93c11dcecb02eb8a3e2d9174
Instruction ID: dded1bc37da0302bf18cad72b84297b54bbc23615d8337ba30c9db88ec8adb82
Opcode Fuzzy Hash: 91d403a99b0aa0b9c84ca8b623b580e6659b45cf93c11dcecb02eb8a3e2d9174
Instruction Fuzzy Hash: F261D170518B498FE7A4EF28D845FAAB7E1FB98341F50492EA48EC3261DB74D485CB43

Function 000001FDF987A5E0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001FDF987A608

Part of subcall function 000001FDF987C140: shared_ptr.LIBCPMTD ref: 000001FDF987C161

__crt_scoped_stack_ptr.LIBCPMTD ref: 000001FDF987A687
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF987A6E6
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF987A6FD
__crt_scoped_stack_ptr.LIBCPMTD ref: 000001FDF987A7A6

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction ID: f1f8dc9477719e8cfa987b393db8af8c91d9b5a85a2ca0cbe01bd6c32592a267
Opcode Fuzzy Hash: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction Fuzzy Hash: 4E61D270518B498FE7A4EF18D845FAAB7E1FB98341F50492EA48EC3261DB74D485CB43

Function 000001FDF984FF60 Relevance: 7.7, APIs: 5, Instructions: 171COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001FDF984FF83
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001FDF984FF97
std::make_error_code.LIBCPMTD ref: 000001FDF984FFB0
std::make_error_code.LIBCPMTD ref: 000001FDF9850003

Part of subcall function 000001FDF97F6020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 000001FDF97F602E

std::make_error_code.LIBCPMTD ref: 000001FDF9850067

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 8fc910353a04408718612e5cf30e4eda843c1b23e99fc2a10d87dd0fa77c1dfc
Instruction ID: fe3c86a1ec20da202a2d008b405af0da489e28a73fa0341de55ee771de95daf3
Opcode Fuzzy Hash: 8fc910353a04408718612e5cf30e4eda843c1b23e99fc2a10d87dd0fa77c1dfc
Instruction Fuzzy Hash: 6051A3305246495FE2A4EB18D855FFAB7E3FB94350F904569A08FC31A6DE345886CB43

Function 000001FDF9850D30 Relevance: 7.6, APIs: 5, Instructions: 146COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF9850D65

Part of subcall function 000001FDF98542A0: type_info::_name_internal_method.LIBCMTD ref: 000001FDF98542B8

std::make_error_code.LIBCPMTD ref: 000001FDF9850D7E

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF9850DA7
std::make_error_code.LIBCPMTD ref: 000001FDF9850DC0

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: 4b51986160a4cd423a99c67445d446e796d3c0d4e65a0d82bc8bd3ca371d903f
Instruction ID: 8c022172ce2bcafed9623f65513c925f975a1f621ad06496eb204a3e59d407a9
Opcode Fuzzy Hash: 4b51986160a4cd423a99c67445d446e796d3c0d4e65a0d82bc8bd3ca371d903f
Instruction Fuzzy Hash: 545151309287864BE754EB24E851FFBB7E2FB84354F404A29A08BD71D2DA34D9098B43

Function 00007FF628612CA0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF628612CE2
MultiByteToWideChar.KERNEL32 ref: 00007FF628612D05
MultiByteToWideChar.KERNEL32 ref: 00007FF628612D53
MultiByteToWideChar.KERNEL32 ref: 00007FF628612D73
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628612DFC

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: ByteCharMultiWide$00007F020
String ID:
API String ID: 2477082939-0
Opcode ID: 0b2e8bf071135731bc7520decbbdd93ff4010c1c39ddf66d315a4dd53760ce29
Instruction ID: 829a18c6c923affc40ade51aee2137fb77b9347a87c2a957ccc4ec2707b1a3c1
Opcode Fuzzy Hash: 0b2e8bf071135731bc7520decbbdd93ff4010c1c39ddf66d315a4dd53760ce29
Instruction Fuzzy Hash: 4641D172608A9182D724EF26FC400A9B7A1FB48BD4F048236DE4D87BA4DF3CD59AC705

Function 000001FDF984FCF0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF984FD17

Part of subcall function 000001FDF98542A0: type_info::_name_internal_method.LIBCMTD ref: 000001FDF98542B8

std::make_error_code.LIBCPMTD ref: 000001FDF984FD2D

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF984FD50
std::make_error_code.LIBCPMTD ref: 000001FDF984FD66

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: 18c570fd0deab407a0f837e49046f6b791d582b1a6d6ce112fe98874db57e66e
Instruction ID: 628ea97604963939abfe7e79bcca164f26cc1f0d8d9f1eb2bf1870b6ece305ec
Opcode Fuzzy Hash: 18c570fd0deab407a0f837e49046f6b791d582b1a6d6ce112fe98874db57e66e
Instruction Fuzzy Hash: 9321E130524B454BD645EB29DC51FFA77E2FBC4380F404569A047C72A6DA24D946D783

Function 000001FDF982BF60 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001FDF982BF8E

Part of subcall function 000001FDF98376A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001FDF98376B8

type_info::_name_internal_method.LIBCMTD ref: 000001FDF982BFB0
type_info::_name_internal_method.LIBCMTD ref: 000001FDF982BFD2
type_info::_name_internal_method.LIBCMTD ref: 000001FDF982BFF4
type_info::_name_internal_method.LIBCMTD ref: 000001FDF982C016

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction ID: e00df561cb3c73636ecd0a6cf3472da90c03f6c6153353d25083a8209d0ee044
Opcode Fuzzy Hash: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction Fuzzy Hash: AC217170628B894FD6A4FB2CD455FAAB7E2FBD8340F50496DA08EC3352DA34D8858743

Function 000001FDF9861C70 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861C9E

Part of subcall function 000001FDF9860D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001FDF9860D48

type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861CC0
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861CE2
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861D04
type_info::_name_internal_method.LIBCMTD ref: 000001FDF9861D26

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction ID: 529623c7c7f465a919478b737e261535c1619ba0475b75ddaf1d038d8f7d95aa
Opcode Fuzzy Hash: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction Fuzzy Hash: AD217170628B894FD6A4FB2CD455BAAB7E2FBD8340F50496DA08EC3252DA34D8858743

Function 000001FDF98494F0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF984951A
shared_ptr.LIBCMTD ref: 000001FDF984952E

Part of subcall function 000001FDF9851B90: shared_ptr.LIBCMTD ref: 000001FDF9851B9E

allocator.LIBCPMTD ref: 000001FDF9849542
shared_ptr.LIBCMTD ref: 000001FDF9849554
allocator.LIBCPMTD ref: 000001FDF9849568

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: shared_ptr$allocator$Affinity::operator!=Concurrency::details::Hardware
String ID:
API String ID: 1053258265-0
Opcode ID: 731d90d100de80035144f11b9cbff0f6121979b4b1cf63ee1738207ad95db791
Instruction ID: b38ffd19c7f1ce8d8befa91c486e8858c2decf28c90765014d3658b870a6e02d
Opcode Fuzzy Hash: 731d90d100de80035144f11b9cbff0f6121979b4b1cf63ee1738207ad95db791
Instruction Fuzzy Hash: 9F110030528B498FD6A0EB28D845BFAB7E2FBD8750F40496DA48ED3251DA309945C743

Function 000001FDF97EE510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001FDF97EE53C
type_info::_name_internal_method.LIBCMTD ref: 000001FDF97EE5F2
type_info::_name_internal_method.LIBCMTD ref: 000001FDF97EE6BA

Part of subcall function 000001FDF97EA110: char_traits.LIBCPMTD ref: 000001FDF97EA13D

Strings

, xrefs: 000001FDF97EE734

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID:
API String ID: 2432257368-3916222277
Opcode ID: fc3064d62a3cd5194dff096c9fc33b5f2c68b979ee5dc823d586b5ed394c8f21
Instruction ID: 0d690c30000b5a31bbaeb9809b69d1692c54fe8c9420f02ea321dd94c29b62df
Opcode Fuzzy Hash: fc3064d62a3cd5194dff096c9fc33b5f2c68b979ee5dc823d586b5ed394c8f21
Instruction Fuzzy Hash: CCC1DD31518B898BD7A5EB28D855BFBB3E1FB98344F400A2DA08BC3191EF74D945CB42

Function 00007FF628617D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 246COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF628617F8E

Strings

#MOVE, xrefs: 00007FF6286180C0
Size > 0, xrefs: 00007FF62861805B
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628618054

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: #MOVE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 338975850-319756798
Opcode ID: a9447c703a5c6f419a763ba9b790bfdbb90cf70eb01f7ac6463506faf4b27953
Instruction ID: 7b92d2ed0403bf7e48f47c5807022ff4861424968619cc748be2d44c7f7190b3
Opcode Fuzzy Hash: a9447c703a5c6f419a763ba9b790bfdbb90cf70eb01f7ac6463506faf4b27953
Instruction Fuzzy Hash: C5D14832606BC19AD754CF29ED8879977A9F305F14FA94239C7A84B3A1DF35E062C708

Function 000001FDF9833328 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF983374F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98337BB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF9833815

Strings

e, xrefs: 000001FDF983340C

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID: e
API String ID: 1865873047-4024072794
Opcode ID: a5aedeaa2a5e8da9842271219853bb447ad559dd74de6758b306763cffed3ded
Instruction ID: a6f1c1999e9a5ed121d2479f0cf594d1a0c82475e647453defe0b964a4757cc1
Opcode Fuzzy Hash: a5aedeaa2a5e8da9842271219853bb447ad559dd74de6758b306763cffed3ded
Instruction Fuzzy Hash: 8761FF3492CA458FD754EB68D845FBA77E1FB94301F90092DA15BC73A1D775D882CB02

Function 00007FF628631090 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140(00000000,?,00000000,000001FDF4F83B20,00007FF628630EC1,?,?,00000000,00007FF628619F9A), ref: 00007FF62863114C
00007FFE1A451310.VCRUNTIME140 ref: 00007FF6286312A7

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6286310C3
g.Initialized, xrefs: 00007FF6286310CA

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.Initialized
API String ID: 338975850-1422301356
Opcode ID: 3e9c344c1d301b24d002604c38042e59a87773ff59d66f59d2992e4b1af52429
Instruction ID: 4253d7aa3b0d4731fd34f4b54fb92ce1b4cb4073d91037a95f5a7cf738a2351e
Opcode Fuzzy Hash: 3e9c344c1d301b24d002604c38042e59a87773ff59d66f59d2992e4b1af52429
Instruction Fuzzy Hash: E7610712B09A9685EE118A359C082FA6791BB45FC4F884133EE5CC7385FE3CE885D30A

Function 000001FDF97FC5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

_Subatomic.LIBCONCRTD ref: 000001FDF97FC660
_Subatomic.LIBCONCRTD ref: 000001FDF97FC6FC

Strings

d, xrefs: 000001FDF97FC630

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Subatomic
String ID: d
API String ID: 3648745215-2564639436
Opcode ID: 54bdeb58da35ab94bcf85085278a1c4949db9dfd6b8a7e539e187413d69c00dd
Instruction ID: f86b6121ddab2433d6c2fcea1c0efdf3d118a09e97bbc2f3ce1708555908aca8
Opcode Fuzzy Hash: 54bdeb58da35ab94bcf85085278a1c4949db9dfd6b8a7e539e187413d69c00dd
Instruction Fuzzy Hash: 7D411330618F888FD754EF28D4497AAB7E2FBD9345F44492EA08AD3260DB74D5408B42

Function 00007FF628661091 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

IsWindowUnicode.USER32 ref: 00007FF628661094
MultiByteToWideChar.KERNEL32 ref: 00007FF62866116F

Strings

Ctx != 0, xrefs: 00007FF62866118F
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628661188

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: ByteCharMultiUnicodeWideWindow
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 3417139564-3890275027
Opcode ID: d9a610a5f53e9fa10297ec8690aded1cef327910e5f6d708596898dc3a383a64
Instruction ID: fc8e940271241684cb6dca15ca418e0e000e8caf5021810b83e9b883c06781cc
Opcode Fuzzy Hash: d9a610a5f53e9fa10297ec8690aded1cef327910e5f6d708596898dc3a383a64
Instruction Fuzzy Hash: A251C226F186A386EB25CF39DC416B963A1FB44B48F484137DA4DC7A98DF3CE8429315

Function 00007FF6286341F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628634304
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286343C6

Strings

!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF628634224, 00007FF628634255
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF62863421D, 00007FF62863424E

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 2739980228-3599239301
Opcode ID: e21a51cd6fc816a2bd9147ba443e1185ee90a422f277b73c4d41c78987587b6a
Instruction ID: dac8df8ee2c0d8e5732b0b420f6bb5ed28e47df5ce4e9d691e91f935e39aed79
Opcode Fuzzy Hash: e21a51cd6fc816a2bd9147ba443e1185ee90a422f277b73c4d41c78987587b6a
Instruction Fuzzy Hash: 8C51BD72A08A9282DB04EF25EC551BCB3B4FB54B80B548133CA4D87A51DF3CD996C34A

Function 000001FDF97E4AA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E4AD0
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF97E4B2F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E4B41

Strings

, xrefs: 000001FDF97E4B85

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
String ID:
API String ID: 991905282-3916222277
Opcode ID: 36a22229416e564e8440cefac388c07ecd404f3bbc27db4e377a02a1a41e44dc
Instruction ID: 6fd29ea1beab2a8112b9df5341a20e688278f2c086655ff5c147c9dde025e63d
Opcode Fuzzy Hash: 36a22229416e564e8440cefac388c07ecd404f3bbc27db4e377a02a1a41e44dc
Instruction Fuzzy Hash: 44410B30518B498FE794EF28C895BBAB7E1FBC4345F90592DB49BC32A1CB719845CB42

Function 00007FF628623110 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF628623241

Strings

i >= 0 && i < Size, xrefs: 00007FF62862319B, 00007FF6286231DE, 00007FF628623212, 00007FF628623265
Size > 0, xrefs: 00007FF62862313F
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628623138, 00007FF628623194, 00007FF6286231D7, 00007FF62862320B, 00007FF62862325E

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$i >= 0 && i < Size
API String ID: 338975850-3833649686
Opcode ID: 2d656bff229cbb4746685fbfad4308eb7320790fdcd0fb319f4a17860adbbdb5
Instruction ID: 35d601ec2d81270d5fab163673e03209ba724b36e64522dcdcfe2fbd9e433fe0
Opcode Fuzzy Hash: 2d656bff229cbb4746685fbfad4308eb7320790fdcd0fb319f4a17860adbbdb5
Instruction Fuzzy Hash: FF415E31B08A9791EF148F36ED801A96360FB44B84F484172DA5EC7A68CF2DF285D356

Function 00007FF628641620 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286416C6
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628641744

Strings

!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF628641640
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF628641639

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 2739980228-3599239301
Opcode ID: cb5a36fee1d6425d1c033b334fafb6d3c66ff7acfe97189d89c7330356846d2d
Instruction ID: ac1175429d1967c262cec6fc4d134e40dcbe4fc1588542d08566c8571858882c
Opcode Fuzzy Hash: cb5a36fee1d6425d1c033b334fafb6d3c66ff7acfe97189d89c7330356846d2d
Instruction Fuzzy Hash: 11311473A09A9282DF45DF28DC914BC73B5FB54B84B644233CA0E83264DF38D59AC345

Function 000001FDF9852950 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001FDF98529A7

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

std::make_error_code.LIBCPMTD ref: 000001FDF98529D2
std::make_error_code.LIBCPMTD ref: 000001FDF98529EE

Strings

}, xrefs: 000001FDF9852996

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID: }
API String ID: 2527301759-4239843852
Opcode ID: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
Instruction ID: 63b1e01bae4acbf9828febd0b1f1247cf3dcc4d1595683292d5a92308f4347dc
Opcode Fuzzy Hash: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
Instruction Fuzzy Hash: C62121305286868FD354EB18D840FBABBE2FB853A4F50097DE087D22A5CA74C986D743

Function 000001FDF98A79A0 Relevance: 6.5, APIs: 4, Instructions: 491COMMON

Download Yara Rule

APIs

Part of subcall function 000001FDF97EA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97EA18D

Part of subcall function 000001FDF97EA110: char_traits.LIBCPMTD ref: 000001FDF97EA13D

type_info::_name_internal_method.LIBCMTD ref: 000001FDF98A7A14

Part of subcall function 000001FDF98C9E50: type_info::_name_internal_method.LIBCMTD ref: 000001FDF98C9EF0
Part of subcall function 000001FDF98C9E50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF98C9F56
Part of subcall function 000001FDF98C9E50: CreateFileA.KERNEL32 ref: 000001FDF98C9F82

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF98A7AE4

Part of subcall function 000001FDF97E5180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E5217

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$type_info::_name_internal_method$Affinity::operator!=CreateFileHardwarechar_traits
String ID:
API String ID: 2370075206-0
Opcode ID: a65eba7b441e30818a227a1c83e82e3293a1d35dbeeb2e9a63ea877c5ac8c65b
Instruction ID: 2005103a881d749fc6afacb40d2dc770756aa8afb5cf456f154f92829a6e9e55
Opcode Fuzzy Hash: a65eba7b441e30818a227a1c83e82e3293a1d35dbeeb2e9a63ea877c5ac8c65b
Instruction Fuzzy Hash: 3E02C431529B498AE765FB24D855FFBB3E1FB94340F50497EA08BC21A2EE309946C743

Function 000001FDF9843900 Relevance: 6.4, APIs: 4, Instructions: 439COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001FDF9843951

Part of subcall function 000001FDF9812880: _Ptr_base.LIBCMTD ref: 000001FDF9812893

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Base::ChoresConcurrency::details::GroupPtr_baseScheduleSegmentUnrealized
String ID:
API String ID: 3333744592-0
Opcode ID: 570f11bbdc05f9da95d07b3fdbdb974941727138929f366d8f2bea2d8099bd35
Instruction ID: da6fb91835f6e3e562e1ab9be4216dd6b2b3d8028202c61588d7c7e741d02a08
Opcode Fuzzy Hash: 570f11bbdc05f9da95d07b3fdbdb974941727138929f366d8f2bea2d8099bd35
Instruction Fuzzy Hash: DBF1F431528B8D8FE7A5EB18D855BFAB3E1FB98300F40492EA44FC3295DE749585CB42

Function 000001FDF9835890 Relevance: 6.4, APIs: 4, Instructions: 359COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001FDF9835917
std::make_error_code.LIBCPMTD ref: 000001FDF9835992
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001FDF9835B1C

Part of subcall function 000001FDF983F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001FDF983F8CD
Part of subcall function 000001FDF983F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001FDF983F8E4

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001FDF9835CAB

Part of subcall function 000001FDF9816BC0: char_traits.LIBCPMTD ref: 000001FDF9816BE0

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::$Concurrency::details::_ProcessorProxyRoot::Scheduler::_Virtual$Base::ChoresGroupScheduleSegmentUnrealizedchar_traitsstd::make_error_code
String ID:
API String ID: 3113402709-0
Opcode ID: 8315beeaeb721658927f8f770d131a9c147b9258a1641d469c0d50eda48e832c
Instruction ID: d2398e161108b5a9c596bc67dbcc219c0d067f6afc5875d534043f85ecd406a9
Opcode Fuzzy Hash: 8315beeaeb721658927f8f770d131a9c147b9258a1641d469c0d50eda48e832c
Instruction Fuzzy Hash: B5C1D131518A4D8FE7A5EB18D855FFBB7E2FB98310F40092E948FC3291DE7499858B42

Function 000001FDF97F2C70 Relevance: 6.4, APIs: 4, Instructions: 351COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97F2CA2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97F2E63
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97F2E78

Part of subcall function 000001FDF97EB170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97EB17E
Part of subcall function 000001FDF97EB170: _Max_value.LIBCPMTD ref: 000001FDF97EB1A3
Part of subcall function 000001FDF97EB170: _Min_value.LIBCPMTD ref: 000001FDF97EB1D1

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97F2FB7

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
String ID:
API String ID: 348937374-0
Opcode ID: 9076abe83797b2f5b95f51d9a62a17b5c4646a91e0ea6bac038e2092eb8d8266
Instruction ID: 112fddbd707f74844d055617d0bdd29b6f56aa0d7262a60f8dc104cc602ab84c
Opcode Fuzzy Hash: 9076abe83797b2f5b95f51d9a62a17b5c4646a91e0ea6bac038e2092eb8d8266
Instruction Fuzzy Hash: 54D1AC3061CB898FD7A4FB18D454FBAB7E2FBE9345F40496DA08ED3265DA70D8418B42

Function 000001FDF9803390 Relevance: 6.3, APIs: 4, Instructions: 324COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 000001FDF980352B
std::error_condition::error_condition.LIBCPMTD ref: 000001FDF9803551

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: std::error_condition::error_condition
String ID:
API String ID: 246976077-0
Opcode ID: 5f3126eda9a4eb9af231d5239096d653e2129c4e3c35e502a72c1b9b8bd3846d
Instruction ID: 0a12804345391c252bea8d0c37c333a3ea1507e5ee2582ed60f1b53441ff8fc3
Opcode Fuzzy Hash: 5f3126eda9a4eb9af231d5239096d653e2129c4e3c35e502a72c1b9b8bd3846d
Instruction Fuzzy Hash: F1C1F230528B498FE7A5EB28D855FFAB7E1FF98340F54096DA08BC3261DA74D941CB42

Function 000001FDF9851370 Relevance: 6.3, APIs: 4, Instructions: 304COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001FDF9851564

Part of subcall function 000001FDF98250A0: char_traits.LIBCPMTD ref: 000001FDF98250C1

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001FDF98515C1

Part of subcall function 000001FDF985A0F0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001FDF985A112

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::Concurrency::details::_Decorator::getProcessorProxyRoot::Scheduler::_TableTypeVirtualchar_traits
String ID:
API String ID: 1673230147-0
Opcode ID: 54f13db51325af36e86bb9f0e7cfac0249b4394f15ed719d382bbe191eb23ca8
Instruction ID: 60521673b282b5c95be17e1880ea59241cba7b176f80e70f92d5640c5b053ddf
Opcode Fuzzy Hash: 54f13db51325af36e86bb9f0e7cfac0249b4394f15ed719d382bbe191eb23ca8
Instruction Fuzzy Hash: 98C1BE70528B898FE7A4EB18D495FEAB7E1FB98310F50492E918EC3261DF349585CB43

Function 000001FDF98524C0 Relevance: 6.3, APIs: 4, Instructions: 266COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001FDF98524E3
std::make_error_code.LIBCPMTD ref: 000001FDF98524FC

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

std::make_error_code.LIBCPMTD ref: 000001FDF985253B

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 1046759889-0
Opcode ID: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction ID: d32f07aa589937342fa7267d04044b2656ae6be67132ef743beb826497c57d49
Opcode Fuzzy Hash: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction Fuzzy Hash: 3BB1B130528B898FD6A5EB18D855BFAB7E2FBD4350F40496DA08FC3296DE319846C743

Function 000001FDF981BF20 Relevance: 6.3, APIs: 4, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34be266543894efc96d51f676f5f1ca7cc37a58dd76303ca975cdefcda27a6da
Instruction ID: 6f0063363123223972dc94c34544beabec5134d8e6e83d6905aa31a7a12fcf76
Opcode Fuzzy Hash: 34be266543894efc96d51f676f5f1ca7cc37a58dd76303ca975cdefcda27a6da
Instruction Fuzzy Hash: 6191F230518A489FD7A4EB18C495FAAB7E1FFE9304F50495DA04FC7262CB71E946CB42

Function 000001FDF984DCB0 Relevance: 6.2, APIs: 4, Instructions: 212COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001FDF984DCED

Part of subcall function 000001FDF97F8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001FDF97F8FFE

std::make_error_code.LIBCPMTD ref: 000001FDF984DD3C

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 58c7311be2cb89b8753877e7c75642fcbb82317ee9f238dba1156d6b4c2a68d4
Instruction ID: 39a34a1454c1622464f033e7fde2acca68ea7b2897761aa2ae899eef0e80da6d
Opcode Fuzzy Hash: 58c7311be2cb89b8753877e7c75642fcbb82317ee9f238dba1156d6b4c2a68d4
Instruction Fuzzy Hash: 6C81E2305187898FE7A5EB18D851FFEB7E2FF94340F504969A08BC31A1DA309986CB43

Function 000001FDF985B2A0 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF985B33B
type_info::_name_internal_method.LIBCMTD ref: 000001FDF985B462

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction ID: df0583a9fa6ac755ac7dff9c79b9bb47bf21cb931df312af139d107f8e9caf55
Opcode Fuzzy Hash: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction Fuzzy Hash: 7471D73056C7498FD7A5EB28D855BFAB3E2FB98310F804969A44FC3251DA74D846C743

Function 000001FDF985B610 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF985B6AB
type_info::_name_internal_method.LIBCMTD ref: 000001FDF985B7D2

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction ID: 76ee34d20eca3750a808eb97ceb07789a6d35a2ab423fdfac07c8ec2b1220fcf
Opcode Fuzzy Hash: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction Fuzzy Hash: 3171E330528A899FD7A5EB18D855BFAB3D2FB98350F804829E44FC7291DE34D945CB43

Function 000001FDF9815700 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 000001FDF981579A
fpos.LIBCPMTD ref: 000001FDF9815863
fpos.LIBCPMTD ref: 000001FDF98158B2
fpos.LIBCPMTD ref: 000001FDF981594F

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: a06c74410f647526738439c1d7a2df2a66b16ccba1c99b2313f6c08277eab004
Instruction ID: eeae4a6b345accb0265663666731116692c7bbbb65b2980fd7a1e0c88da232f7
Opcode Fuzzy Hash: a06c74410f647526738439c1d7a2df2a66b16ccba1c99b2313f6c08277eab004
Instruction Fuzzy Hash: D281D930628B459FE7A4DB28D855B7AB7E1FB98345F54092DB49BC32B1C725D881CB03

Function 000001FDF97F8290 Relevance: 6.1, APIs: 4, Instructions: 147COMMON

Download Yara Rule

APIs

Part of subcall function 000001FDF97EA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97EA18D

type_info::_name_internal_method.LIBCMTD ref: 000001FDF97F83B2
type_info::_name_internal_method.LIBCMTD ref: 000001FDF97F83CD
type_info::_name_internal_method.LIBCMTD ref: 000001FDF97F840F
type_info::_name_internal_method.LIBCMTD ref: 000001FDF97F842A

Part of subcall function 000001FDF97EA110: char_traits.LIBCPMTD ref: 000001FDF97EA13D

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
String ID:
API String ID: 1744367693-0
Opcode ID: 30ffffbc32562f55399461986d00f4272352037bfd5b746e90ae5d919702b9bf
Instruction ID: f5caccc34c377bbc9c3d22fa8082a00ecf10ce87aa848b49bf33681b79bb2c53
Opcode Fuzzy Hash: 30ffffbc32562f55399461986d00f4272352037bfd5b746e90ae5d919702b9bf
Instruction Fuzzy Hash: 6351FF305187858BE7A4EB14D841BFBB7E2FB94344F404A2DA48BD71A1DB74D946CB83

Function 00007FF6286559A0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628655A26
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628655AA3
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628655B20
00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628655B9E

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID:
API String ID: 2739980228-0
Opcode ID: 87edbd7c1ca10c775655078cece7bcc32b684bf25203532633eabef71ff50005
Instruction ID: 010aeded4d4f58f22f9335027cec46129a7b692e858677835bf4606d7e343130
Opcode Fuzzy Hash: 87edbd7c1ca10c775655078cece7bcc32b684bf25203532633eabef71ff50005
Instruction Fuzzy Hash: 72519073619A9286CB49DF28DC990FC73B1FB58B44B548227CA0EC3265DF39D55AC341

Function 000001FDF981C210 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

APIs

shared_ptr.LIBCMTD ref: 000001FDF981C2E4
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001FDF981C2F4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001FDF981C305

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Affinity::operator!=Base::ContextHardwareIdentityQueueWorkshared_ptr
String ID:
API String ID: 714649587-0
Opcode ID: 56e7f5989e768847083db759d86a7ebfa7ab74bda9f1653fe54440c5e8e10927
Instruction ID: 8489ee0f905231fd203b504e7a45d31777ca87b7e9c5b50a1722d0a0dbe21725
Opcode Fuzzy Hash: 56e7f5989e768847083db759d86a7ebfa7ab74bda9f1653fe54440c5e8e10927
Instruction Fuzzy Hash: 7A41E230518E499FD794EB18D495FBAB7E1FB98345F50092DA08BC7261DB34D982CB42

Function 000001FDF98BFC90 Relevance: 6.1, APIs: 4, Instructions: 120COMMON

Download Yara Rule

APIs

Part of subcall function 000001FDF98BFE90: _Byte_length.LIBCPMTD ref: 000001FDF98BFEFE

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98BFD15
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98BFD3E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98BFD75
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF98BFD9E

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Byte_length
String ID:
API String ID: 1141060839-0
Opcode ID: a094d049b7394f019bb74d8a9ce6fa8793c3500efc0350374be82258551a5043
Instruction ID: aaaf36ad0e9a836f8f12d688ad87bb350f2aaae7e5ae680253a46134759f6661
Opcode Fuzzy Hash: a094d049b7394f019bb74d8a9ce6fa8793c3500efc0350374be82258551a5043
Instruction Fuzzy Hash: 4F41DD30518B498FE794FB28D855BFAB7E1FB98341F50492EA08AD3161DE319985CB43

Function 000001FDF982B130 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001FDF982B15B

Part of subcall function 000001FDF98376A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001FDF98376B8

type_info::_name_internal_method.LIBCMTD ref: 000001FDF982B17A
type_info::_name_internal_method.LIBCMTD ref: 000001FDF982B199
type_info::_name_internal_method.LIBCMTD ref: 000001FDF982B1B8

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction ID: 4cd94087b847f2697c84e7c7a71088ef7597e651ad2ef32d0fb453110efdb99b
Opcode Fuzzy Hash: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction Fuzzy Hash: 38116170628F894FD694FB2CD455FAAB7E2FBD8340F50496DA18AC3261DA34D8858B43

Function 000001FDF983F060 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001FDF983F08B

Part of subcall function 000001FDF98376A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001FDF98376B8

type_info::_name_internal_method.LIBCMTD ref: 000001FDF983F0AA
type_info::_name_internal_method.LIBCMTD ref: 000001FDF983F0C9
type_info::_name_internal_method.LIBCMTD ref: 000001FDF983F0E8

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction ID: bbf3985384b1de7a40715642332e74974c6b63a718c5e90bbc4cac8931c21473
Opcode Fuzzy Hash: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction Fuzzy Hash: 31119170628F894FD694FB2CD455FAAB7E2FBD8340F50496DA08AC3261DA34D8858B43

Function 000001FDF986D460 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001FDF986D48B

Part of subcall function 000001FDF98376A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001FDF98376B8

type_info::_name_internal_method.LIBCMTD ref: 000001FDF986D4AA

Part of subcall function 000001FDF9860D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001FDF9860D48

type_info::_name_internal_method.LIBCMTD ref: 000001FDF986D4C9
type_info::_name_internal_method.LIBCMTD ref: 000001FDF986D4E8

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction ID: 5b2026614add0630e98ff9f4e51b5cb667daa6d134d59ef35c67d910c20e3eea
Opcode Fuzzy Hash: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction Fuzzy Hash: 01119470528F894FD694FB28D455BAAB7E2FBD8340F50496DA18AC3261DA34D8458B43

Function 000001FDF98233B0 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_Func_class.LIBCONCRTD ref: 000001FDF98233C3
_Func_class.LIBCONCRTD ref: 000001FDF982341D

Part of subcall function 000001FDF9819830: _Func_class.LIBCONCRTD ref: 000001FDF981983E
Part of subcall function 000001FDF9819830: _Func_class.LIBCONCRTD ref: 000001FDF981989C

_Func_class.LIBCONCRTD ref: 000001FDF9823441
_Func_class.LIBCONCRTD ref: 000001FDF982344D

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Func_class
String ID:
API String ID: 1670654298-0
Opcode ID: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction ID: 90b4db7b7049cf36d566f49c9f4091f88927c903bf876acfb2747eb9ba51426d
Opcode Fuzzy Hash: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction Fuzzy Hash: C111F430928A095FD684EB1CD855F7A77E2FFA9345F40496AA54FC32B2DA21D882C742

Function 000001FDF983EF60 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF983EFAA
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF983EFBE

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction ID: 11e8500df9c7c36c4ad576ebf6b29b675ede972146dfbe2777a72ca1c99b14c1
Opcode Fuzzy Hash: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction Fuzzy Hash: BC012970538A5E4BE3E5DB29D854BBAB5D3FB88340FC0086DB547C23A2CAF5D4818603

Function 000001FDF983EEC0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF983EF0A
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF983EF1E

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction ID: 6772af2e53c54f0b8d2fc1440609664dbfcadff861c74fb37d96a8cad3aebf28
Opcode Fuzzy Hash: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction Fuzzy Hash: BF01E170538B4A4BE3E6DB29D854BBD75D3FB88344F90096DA44BC23D2DAB5D4418603

Function 000001FDF97E3D40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 000001FDF97E5360: _WChar_traits.LIBCPMTD ref: 000001FDF97E538D

Part of subcall function 000001FDF97E4740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E476C
Part of subcall function 000001FDF97E4740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E477E
Part of subcall function 000001FDF97E4740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001FDF97E47BB

Part of subcall function 000001FDF97E4850: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF97E48B8

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001FDF97E412A

Strings

, xrefs: 000001FDF97E41B1
X, xrefs: 000001FDF97E3EE3

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Char_traits
String ID: $X
API String ID: 1626164810-1398056850
Opcode ID: b7fe99cffcf7bd97a9e81d5aad9f532e1525070ba119c050f664d87821b138ec
Instruction ID: bd2ddebf2c4d71daf15d9e45225249a5e2df60417679e9020b1483c98f9002ae
Opcode Fuzzy Hash: b7fe99cffcf7bd97a9e81d5aad9f532e1525070ba119c050f664d87821b138ec
Instruction Fuzzy Hash: 03D1B170518B898FD7B4EF28D499BEAB7E1FBD8341F50492EA48EC3251DB709485CB42

Function 000001FDF9845560 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON

Download Yara Rule

Strings

", xrefs: 000001FDF9845636
", xrefs: 000001FDF984574E

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID:
String ID: "$"
API String ID: 0-3758156766
Opcode ID: d9ca275203620766a00d06b5d65ade6f880f8bd0154771a424bc1f8235aa31d6
Instruction ID: 77f1f6fd8f94f2e0e2c4334024a1bc9aa4d6b0b7733317becf0166b89da64751
Opcode Fuzzy Hash: d9ca275203620766a00d06b5d65ade6f880f8bd0154771a424bc1f8235aa31d6
Instruction Fuzzy Hash: 2F71ED31528B499AD795EB18D891FFBB7E2FF98344F404969B08BC31A1DA30D645CB43

Function 000001FDF9804B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 000001FDF9804CEA

Part of subcall function 000001FDF98001A0: Concurrency::details::VirtualProcessor::ClaimTicket::InitializeTicket.LIBCMTD ref: 000001FDF98001BD

Strings

@, xrefs: 000001FDF9804B66
@, xrefs: 000001FDF9804BED

Memory Dump Source

Source File: 00000000.00000002.3505466703.000001FDF97E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001FDF97E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1fdf97e0000_Nexus-Executor.jbxd

Yara matches

Similarity

API ID: ClaimConcurrency::details::InitializeProcessor::TicketTicket::Virtualstd::error_condition::error_condition
String ID: @$@
API String ID: 2004282921-149943524
Opcode ID: 5d6c2f79357090950899d93de7d3641f261afb3f4bf2f8be1211dfb2002849bd
Instruction ID: 46212c22b6881ab5d824210b56fcb5b6e425c3a369435ce672a4e76fbbe92eb6
Opcode Fuzzy Hash: 5d6c2f79357090950899d93de7d3641f261afb3f4bf2f8be1211dfb2002849bd
Instruction Fuzzy Hash: EB51E4709587458FE7A4EB28D854BAAB7E1FFD5304F14092DE18BC32A0E77598458B07

Function 00007FF628619BC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

00007FFE1FFBA0D0.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF628619D80

Strings

max_error > 0.0f, xrefs: 00007FF628619CC6
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF628619CBF

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$max_error > 0.0f
API String ID: 3568877910-3636960062
Opcode ID: 173fbfa97a9e8faf60806451bce5e775cbc6d79fbfbf66f348b23af2c050349d
Instruction ID: e54508e1ab89abb00783fa89732a2eb586cf98323884e1f0f75bd10cfb2d949b
Opcode Fuzzy Hash: 173fbfa97a9e8faf60806451bce5e775cbc6d79fbfbf66f348b23af2c050349d
Instruction Fuzzy Hash: 8C61C432D08BC985F7028B368C413B97790FF69745F5C8733EA48762A6DF28B4C19A05

Function 00007FF628630E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628630F2F

Strings

g.SettingsWindows.empty(), xrefs: 00007FF628630E7A
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF628630E73

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.SettingsWindows.empty()
API String ID: 2739980228-1747592857
Opcode ID: 170e04b973949e5f49f0dbd9dc130716887260cca0c17508c06e4d01c7df8597
Instruction ID: 697a1ed406df526b424d3730e2f5406168940ec529ac9db70d5696cd3b84f6df
Opcode Fuzzy Hash: 170e04b973949e5f49f0dbd9dc130716887260cca0c17508c06e4d01c7df8597
Instruction Fuzzy Hash: 77419D32A19A8286EB41DF36AC541A873A0FB48F84F58413BEE4E87759DF3CE445C746

Function 00007FF628632A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628632BA4

Strings

i >= 0 && i < Size, xrefs: 00007FF628632A96, 00007FF628632AC6
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628632A8F, 00007FF628632ABF

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2739980228-1817040388
Opcode ID: 9a9350dd72d12d3fe3cdaffedce5434e64b06f0471b182a10d57f79dce085956
Instruction ID: ab72ad3a24820a86ff2063f70314497d691bbc72ba393f536845afc8f49b1041
Opcode Fuzzy Hash: 9a9350dd72d12d3fe3cdaffedce5434e64b06f0471b182a10d57f79dce085956
Instruction Fuzzy Hash: 5041BB32A08A9292DB14DF25EC801A8B370FB54B84F548232DA4D877A0DF39E9A6D345

Function 00007FF628632BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF628632D10

Strings

i >= 0 && i < Size, xrefs: 00007FF628632C16, 00007FF628632C46
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628632C0F, 00007FF628632C3F

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2739980228-1817040388
Opcode ID: 8a08cfacd40c638483205b80b2c85210fff27a7fdd7df82892847bc392aadf12
Instruction ID: 9bb749f8a603ff4f220fe6535bcc8af13bcc5310d251eab82a8d77e339d10e83
Opcode Fuzzy Hash: 8a08cfacd40c638483205b80b2c85210fff27a7fdd7df82892847bc392aadf12
Instruction Fuzzy Hash: 4C41BF32A08A9682DB04DF25EC901A8B374FB44F89F548133DA4D873A4DF3DE996D746

Function 00007FF628632810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF62863293C

Strings

i >= 0 && i < Size, xrefs: 00007FF628632858, 00007FF628632887
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628632851, 00007FF628632880

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2739980228-1817040388
Opcode ID: cbd96c97ff7e78fc22fdf30f912b4748780d3bf07ba9c45d4c4a176889ab244b
Instruction ID: 602d316d70e8320dedf0f2c91099007e0b15b80ac8c097e6fee32d774852ff1f
Opcode Fuzzy Hash: cbd96c97ff7e78fc22fdf30f912b4748780d3bf07ba9c45d4c4a176889ab244b
Instruction Fuzzy Hash: C7318F72A08A9682DB04CF25EC900A873B4FB44B89B544137DA4D877A4DF3DE996C746

Function 00007FF62861B200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

00007FFE1FFA49A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF62861B28E

Strings

i >= 0 && i < Size, xrefs: 00007FF62861B2BC
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF62861B2B5

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 3568877910-1817040388
Opcode ID: 3a94cb1d79306fdc9a050dd449591057f5d3f3fa0e938ade244f3a3a1197444a
Instruction ID: 41d0881ee6c6c8c13fffff85848bd1571ee6731cbeb4313f02c351d13413dd84
Opcode Fuzzy Hash: 3a94cb1d79306fdc9a050dd449591057f5d3f3fa0e938ade244f3a3a1197444a
Instruction Fuzzy Hash: A521FF31B1869385EFA48B2AEC412BD6720FB84B80F884036DA8EC3756CE3DE845C705

Function 00007FF628655F80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140 ref: 00007FF628656070

Part of subcall function 00007FF628633900: 00007FFE1A451310.VCRUNTIME140 ref: 00007FF62863393C
Part of subcall function 00007FF628633900: 00007FFE1FF9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6286339BA

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF628656004
state->TextA.Data != 0, xrefs: 00007FF62865600B

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007$A451310$F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$state->TextA.Data != 0
API String ID: 1297745814-1138122324
Opcode ID: aa4380df76de35955622659888f7b988f766b4deb2fbaf4c5fddfc36e82c04f4
Instruction ID: 9a0bc7eb6666496ded8123b7db978d2372c74232768afd7540649ba8652b3531
Opcode Fuzzy Hash: aa4380df76de35955622659888f7b988f766b4deb2fbaf4c5fddfc36e82c04f4
Instruction Fuzzy Hash: FE21B472B0474282EF08CF35DC482A82391FB84B44F48003AEE0DCB689DE3CE985D715

Function 00007FF628633820 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140(?,?,00000000,00007FF62861D62F), ref: 00007FF6286338C4

Strings

it >= Data && it <= Data + Size, xrefs: 00007FF62863385D
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF628633856

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$it >= Data && it <= Data + Size
API String ID: 338975850-3870282576
Opcode ID: 84a9b61979137050a1197245c5bdd7e55bba15df666dd3b8409ce5f9d3bc927c
Instruction ID: ad25ee48f5f85fe7cc97b9d1d11271ef5d2c6781e5bd62bd9b088248c6bd2eee
Opcode Fuzzy Hash: 84a9b61979137050a1197245c5bdd7e55bba15df666dd3b8409ce5f9d3bc927c
Instruction Fuzzy Hash: D4218471B1469582EF148B2AEE411A86321FB94BC0B4CD036DB5D8B755DF2CF9A1C345

Function 00007FF628631E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

00007FFE21072E80.IMM32 ref: 00007FF628631EA2

Strings

@, xrefs: 00007FF628631EF3
, xrefs: 00007FF628631EB5

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007E21072
String ID: $@
API String ID: 1568574306-1077428164
Opcode ID: 4be356fa8e074784c90dbf701479d069685c3cbf6e883b402ec0f34ae6b6c832
Instruction ID: cf4b770101b6c22779071e2161344361fe71b14ff7a949a312b1f3f326bd7a75
Opcode Fuzzy Hash: 4be356fa8e074784c90dbf701479d069685c3cbf6e883b402ec0f34ae6b6c832
Instruction Fuzzy Hash: 3C115E7290878187DB25CF22F94416AB3A1FB89B84F144226EBC947B18DF3CE885CF04

Function 00007FF628647320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

00007FFE1A451310.VCRUNTIME140(?,?,00000000,00007FF628647563,?,?,00000000,00007FF628641FCF), ref: 00007FF6286473A6

Strings

stb__dout + length <= stb__barrier_out_e, xrefs: 00007FF628647358
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF628647351

Memory Dump Source

Source File: 00000000.00000002.3508238381.00007FF628611000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF628610000, based on PE: true

Associated: 00000000.00000002.3508214796.00007FF628610000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF62898D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628AD8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508238381.00007FF628CB2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508705260.00007FF628CB3000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3508758245.00007FF628CB5000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff628610000_Nexus-Executor.jbxd

Similarity

API ID: 00007A451310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$stb__dout + length <= stb__barrier_out_e
API String ID: 338975850-3603624656
Opcode ID: 4929abf8706d8f602428b6fe1b765513a0fac0a761fcb1cd9c61d870a0381a7c
Instruction ID: 2117f1122f1bd4099903430fac5d0820cbd2e042cc1b108b01a9439546bd4409
Opcode Fuzzy Hash: 4929abf8706d8f602428b6fe1b765513a0fac0a761fcb1cd9c61d870a0381a7c
Instruction Fuzzy Hash: F9110921F1CA83A1EE508B26FC804696761FB88FC1B889033DE5D87765DF2CE591D70A

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Nexus-Executor.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\50SHUV6X.htm

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
Nexus-Executor.exe

Function 00007FF628664320 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 888
windowCOMMON

Function 00007FF62865F7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150
libraryloaderCOMMON

Function 00007FF628660330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182
keyboardCOMMON

Function 00007FF62865F2F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 215
COMMON

Function 00007FF628663B90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126
nativeCOMMON

Function 000001FDF980F46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Function 000001FDF97E6FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Function 00007FF62865EA60 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 374
COMMON

Function 00007FF6286626C0 Relevance: 15.5, APIs: 10, Instructions: 516
COMMON

Function 00007FF628663DE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59
registryCOMMON

Function 00007FF628666800 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151
windowCOMMON

Function 00007FF62861D4F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 218
COMMON

Function 000001FDF98F10E0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON