Edit tour

Windows Analysis Report
WaveExecutor.exe

Overview

General Information

Sample name:	WaveExecutor.exe
Analysis ID:	1570766
MD5:	20530c9bc61569e79d6ffece7f7e426a
SHA1:	fe3dca7b627e8d3ae49d2e9c9145581f108330f2
SHA256:	76dbac3dc4d2dc8aa1e0e8de0d8f4d57172a8be90fc3ef535159ef649d762dd5
Tags:	exeuser-aachum
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

PE file contains section with special chars

Tries to harvest and steal browser information (history, passwords, etc)

Abnormal high CPU Usage

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the clipboard data

Detected potential crypto function

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

WaveExecutor.exe (PID: 7516 cmdline: "C:\Users\user\Desktop\WaveExecutor.exe" MD5: 20530C9BC61569E79D6FFECE7F7E426A)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: WaveExecutor.exe PID: 7516	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.WaveExecutor.exe.2c33ae0f1d0.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T02:12:09.105297+0100	2803274	2	Potentially Bad Traffic	192.168.2.8	49705	104.26.9.59	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: WaveExecutor.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: WaveExecutor.exe	ReversingLabs: Detection: 21%
Source: WaveExecutor.exe	Virustotal: Detection: 22%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: WaveExecutor.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_000002C33AD87750 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,

0_2_000002C33AD87750

Source: unknown

HTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.8:49705 version: TLS 1.2

Source: WaveExecutor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: WaveExecutor.exe, 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_000002C33ACEF46A Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,type_info::_name_internal_method,

0_2_000002C33ACEF46A

Source: Joe Sandbox View

IP Address: 104.26.9.59 104.26.9.59

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49705 -> 104.26.9.59:443

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: global traffic

DNS traffic detected: DNS query: api.myip.com

Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://https/:://websocketpp.processorGeneric
Source: WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: WaveExecutor.exe, 00000000.00000003.1483688447.000002C33ACB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: WaveExecutor.exe, 00000000.00000003.1451712581.000002C33B16F000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1457751354.000002C33B16F000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1464996705.000002C33B16F000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3888813379.000002C33B170000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1462341885.000002C33B16F000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1468124629.000002C33B170000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/7
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/Russia
Source: WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.
Source: WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta
Source: WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage
Source: WaveExecutor.exe, 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold
Source: WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi
Source: WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44
Source: WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown

HTTPS traffic detected: 104.26.9.59:443 -> 192.168.2.8:49705 version: TLS 1.2

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF652001C20 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,

0_2_00007FF652001C20

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF652001D70 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,

0_2_00007FF652001D70

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF652001C20 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,

0_2_00007FF652001C20

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652030330 GetClientRect,QueryPerformanceCounter,GetForegroundWindow,ClientToScreen,SetCursorPos,GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00007FF652030330
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652030D02 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00007FF652030D02

System Summary

PE file contains section with special chars

Source: WaveExecutor.exe	Static PE information: section name: "aR
Source: WaveExecutor.exe	Static PE information: section name: b@b8

Source: C:\Users\user\Desktop\WaveExecutor.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652033B90 PostQuitMessage,GetWindowRect,SetWindowPos,NtdllDefWindowProc_A,		0_2_00007FF652033B90
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D248 NtdllDefWindowProc_A,		0_2_00007FF65203D248

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65202FCE0	0_2_00007FF65202FCE0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65202EA60	0_2_00007FF65202EA60
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65202F2F0	0_2_00007FF65202F2F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652030330	0_2_00007FF652030330
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652034320	0_2_00007FF652034320
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65200DB50	0_2_00007FF65200DB50
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65202CB40	0_2_00007FF65202CB40
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65202A370	0_2_00007FF65202A370
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FE7390	0_2_00007FF651FE7390
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FEFBB0	0_2_00007FF651FEFBB0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652016BC0	0_2_00007FF652016BC0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652006C90	0_2_00007FF652006C90
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FE6CB0	0_2_00007FF651FE6CB0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF6520054F0	0_2_00007FF6520054F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652017CE0	0_2_00007FF652017CE0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65200BD10	0_2_00007FF65200BD10
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652030D02	0_2_00007FF652030D02
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65201D530	0_2_00007FF65201D530
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FFE1C0	0_2_00007FF651FFE1C0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF6520159E0	0_2_00007FF6520159E0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65200B1E0	0_2_00007FF65200B1E0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65201F9E0	0_2_00007FF65201F9E0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FFFA00	0_2_00007FF651FFFA00
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652022A00	0_2_00007FF652022A00
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FF5A30	0_2_00007FF651FF5A30
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FFC250	0_2_00007FF651FFC250
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FFF250	0_2_00007FF651FFF250
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65200C270	0_2_00007FF65200C270
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65202BA80	0_2_00007FF65202BA80
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65202C310	0_2_00007FF65202C310
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FEDFB0	0_2_00007FF651FEDFB0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65200BFC0	0_2_00007FF65200BFC0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF6520197F0	0_2_00007FF6520197F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652026090	0_2_00007FF652026090
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65200AD40	0_2_00007FF65200AD40
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FE5D90	0_2_00007FF651FE5D90
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65202E5B0	0_2_00007FF65202E5B0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65201CDD0	0_2_00007FF65201CDD0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF6520125F0	0_2_00007FF6520125F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652020DE0	0_2_00007FF652020DE0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FE9E10	0_2_00007FF651FE9E10
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FF4620	0_2_00007FF651FF4620
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FFD620	0_2_00007FF651FFD620
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF6520096B0	0_2_00007FF6520096B0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FF6EC0	0_2_00007FF651FF6EC0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FF46F0	0_2_00007FF651FF46F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF652007EF0	0_2_00007FF652007EF0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF651FE9730	0_2_00007FF651FE9730
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_000002C33ADB2720	0_2_000002C33ADB2720
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_000002C33ACDBA30	0_2_000002C33ACDBA30
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_000002C33AD13841	0_2_000002C33AD13841

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: String function: 00007FF652001F40 appears 40 times
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: String function: 00007FF65203D440 appears 867 times
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: String function: 00007FF651FF85B0 appears 36 times

Source: WaveExecutor.exe	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM)
Source: WaveExecutor.exe	Static PE information: Resource name: RT_RCDATA type: ARJ archive data, v65, multi-volume, slash-switched, backup, original name: \026)\246\274\303F"\306\005\301\206y\363\207\203X\304\254\227\252iV6\322\006\207\374\3137D\234T"\360;]w\263\233r\361\371\011<\337\274H\\234\220\365,

Source: WaveExecutor.exe

Static PE information: Section: bbbb ZLIB complexity 0.999073478746118

Source: classification engine

Classification label: mal84.spyw.evad.winEXE@1/1@1/1

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_000002C33ADD10E0 CreateToolhelp32Snapshot,Process32NextW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,Process32NextW,

0_2_000002C33ADD10E0

Source: C:\Users\user\Desktop\WaveExecutor.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\0JUUKU8Y.htm

Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1753164467.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1462576926.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2040627077.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889656381.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1610058737.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2046470525.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1705783497.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1574401896.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2025195253.000002C33B438000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE autofill (name VARCHAR, value VARCHAR, value_lower VARCHAR, date_created INTEGER DEFAULT 0, date_last_used INTEGER DEFAULT 0, count INTEGER DEFAULT 1, PRIMARY KEY (name, value))t4;
Source: WaveExecutor.exe, 00000000.00000002.3889012697.000002C33B320000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE server_addresses (id VARCHAR, company_name VARCHAR, street_address VARCHAR, address_1 VARCHAR, address_2 VARCHAR, address_3 VARCHAR, address_4 VARCHAR, postal_code VARCHAR, sorting_code VARCHAR, country_code VARCHAR, language_code VARCHAR, recipient_name VARCHAR, phone_number VARCHAR);
Source: WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1753164467.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1462576926.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2040627077.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889656381.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1610058737.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2046470525.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1705783497.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1574401896.000002C33B438000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2025195253.000002C33B438000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE offer_data (offer_id UNSIGNED LONG, offer_reward_amount VARCHAR, expiry UNSIGNED LONG, offer_details_url VARCHAR, merchant_domain VARCHAR, promo_code VARCHAR, value_prop_text VARCHAR, see_details_text VARCHAR, usage_instructions_text VARCHAR);M
Source: WaveExecutor.exe, 00000000.00000002.3886336510.000002C33ABF6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE server_card_cloud_token_data (id VARCHAR, suffix VARCHAR, exp_month INTEGER DEFAULT 0, exp_year INTEGER DEFAULT 0, card_art_url VARCHAR, instrument_token VARCHAR);~
Source: WaveExecutor.exe, 00000000.00000003.2025195253.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1945634611.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1705783497.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1465375008.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1517096164.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1574401896.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1569796602.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1758631606.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2036016440.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2040627077.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE clusters(cluster_id INTEGER PRIMARY KEY AUTOINCREMENT,should_show_on_prominent_ui_surfaces BOOLEAN NOT NULL,label VARCHAR NOT NULL,raw_label VARCHAR NOT NULL,triggerability_calculated BOOLEAN NOT NULL,originator_cache_guid TEXT NOT NULL,originator_cluster_id INTEGER NOT NULL)>;
Source: WaveExecutor.exe, 00000000.00000003.2025195253.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1945634611.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1705783497.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1465375008.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1517096164.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1574401896.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1569796602.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1758631606.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2036016440.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2040627077.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE safety_hub_navigations (navigation_date INTEGER,smartscreen_scanned_navigations_counter INTEGER,typosquatting_scanned_navigations_counter INTEGER,lookalike_scanned_navigations_counter INTEGER,certificate_warning_scanned_navigations_counter INTEGER,PRIMARY KEY(navigation_date))c4;
Source: WaveExecutor.exe, 00000000.00000003.1569796602.000002C33B443000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4C5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: WaveExecutor.exe, 00000000.00000002.3889656381.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1753164467.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2025195253.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1569796602.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1610058737.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2046470525.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1457995357.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1462576926.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1758631606.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1705783497.000002C33B3E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE masked_credit_cards (id VARCHAR, name_on_card VARCHAR, network VARCHAR, last_four VARCHAR, exp_month INTEGER DEFAULT 0, exp_year INTEGER DEFAULT 0, bank_name VARCHAR, nickname VARCHAR, card_issuer INTEGER DEFAULT 0, instrument_id INTEGER DEFAULT 0, virtual_card_enrollment_state INTEGER DEFAULT 0, card_art_url VARCHAR, product_description VARCHAR, card_issuer_id VARCHAR, virtual_card_enrollment_type INTEGER DEFAULT 0)H;
Source: WaveExecutor.exe, 00000000.00000003.1458873429.000002C33B4D1000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4D1000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4D1000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3891175971.000002C33B4D1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE masked_credit_cards (id VARCHAR, name_on_card VARCHAR, network VARCHAR, last_four VARCHAR, exp_month INTEGER DEFAULT 0, exp_year INTEGER DEFAULT 0, bank_name VARCHAR, nickname VARCHAR, card_issuer INTEGER DEFAULT 0, instrument_id INTEGER DEFAULT 0, virtual_card_enrollment_state INTEGER DEFAULT 0, card_art_url VARCHAR, product_description VARCHAR, card_issuer_id VARCHAR, virtual_card_enrollment_type INTEGER DEFAULT 0)C;

Source: WaveExecutor.exe	ReversingLabs: Detection: 21%
Source: WaveExecutor.exe	Virustotal: Detection: 22%

Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: xinput1_4.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: WaveExecutor.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: WaveExecutor.exe

Static file information: File size 1390123 > 1048576

Source: WaveExecutor.exe

Static PE information: Raw size of bbbb is bigger than: 0x100000 < 0x142000

Source: WaveExecutor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: WaveExecutor.exe, 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\WaveExecutor.exe

Unpacked PE file: 0.2.WaveExecutor.exe.7ff651fe0000.1.unpack "aR:EW;bbbb:EW;Unknown_Section2:W; vs "aR:ER;bbbb:ER;Unknown_Section2:W;

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF65202F7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,

0_2_00007FF65202F7A0

Source: initial sample

Static PE information: section where entry point is pointing to: bbbb

Source: WaveExecutor.exe	Static PE information: section name: "aR
Source: WaveExecutor.exe	Static PE information: section name: bbbb
Source: WaveExecutor.exe	Static PE information: section name: b@b8

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D168 push rbp; retf	0_2_00007FF65203D11B
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203B810 push rbp; retf	0_2_00007FF65203D09B
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D028 push rsi; retf	0_2_00007FF65203D02B
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D050 push rsi; retf	0_2_00007FF65203D063
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D038 push rbp; retf	0_2_00007FF65203D043
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D070 push r14; retf	0_2_00007FF65203D07B
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D060 push r14; retf	0_2_00007FF65203D06B
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D080 push rsi; retf	0_2_00007FF65203D063
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D080 push rbp; retf	0_2_00007FF65203D09B
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D0E8 push rbp; retf	0_2_00007FF65203D0EB
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D0D8 push rbp; retf	0_2_00007FF65203D0DB
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D0E0 push rsi; retf	0_2_00007FF65203D0E3
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF65203D100 push rbp; retf	0_2_00007FF65203D103
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_000002C33AD04970 push es; ret	0_2_000002C33AD0497F

Source: WaveExecutor.exe

Static PE information: section name: bbbb entropy: 7.9997575830156915

Source: C:\Users\user\Desktop\WaveExecutor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe	Window / User API: threadDelayed 5459			Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Window / User API: foregroundWindowGot 1634			Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\WaveExecutor.exe

0_2_000002C33ACEF46A

Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsdvboxserviceu
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696494690f
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtrayx64dbgh
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696494690s
Source: WaveExecutor.exe, 00000000.00000002.3886336510.000002C33AC30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWXU
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: P}GUqEmuneLbN\
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696494690d
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696494690u
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696494690t
Source: WaveExecutor.exe, 00000000.00000003.1468124629.000002C33B187000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1464996705.000002C33B187000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3886336510.000002C33ABF6000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3888813379.000002C33B187000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1457751354.000002C33B187000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1451712581.000002C33B187000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1462341885.000002C33B187000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696494690}
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696494690x
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-gaVGAuthServicevmwaretrayv
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696494690h
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696494690o
Source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
Source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696494690j
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: wiresharkvmwareuseri
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696494690t
Source: WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696494690x
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690}
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696494690]
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696494690x
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
Source: WaveExecutor.exe, 00000000.00000003.1434948593.000002C33B374000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696494690\|UE

Source: C:\Users\user\Desktop\WaveExecutor.exe

API call chain: ExitProcess graph end node

graph_0-89505

Source: C:\Users\user\Desktop\WaveExecutor.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF65203C0F8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF65203C0F8

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF65202F7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,

0_2_00007FF65202F7A0

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF65203C0F8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF65203C0F8

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,	0_2_00007FF65202F7A0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: GetLocaleInfoA,	0_2_00007FF65203D028
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: GetKeyboardLayout,GetLocaleInfoA,	0_2_00007FF65203105B

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF65203C388 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF65203C388

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: WaveExecutor.exe	String found in binary or memory: \Electrum\wallets
Source: WaveExecutor.exe	String found in binary or memory: ElectronCash
Source: WaveExecutor.exe	String found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: WaveExecutor.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: WaveExecutor.exe	String found in binary or memory: \Ethereum\keystore
Source: WaveExecutor.exe	String found in binary or memory: Exodus
Source: WaveExecutor.exe	String found in binary or memory: \Ethereum\keystore
Source: WaveExecutor.exe	String found in binary or memory: \Coinomi\Coinomi\wallets
Source: WaveExecutor.exe	String found in binary or memory: \Ethereum\keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\kz8kl7vh.default\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Source: Yara match	File source: 0.2.WaveExecutor.exe.2c33ae0f1d0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: WaveExecutor.exe PID: 7516, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Input Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	1 Input Capture	1 Query Registry	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	2 Process Discovery	Distributed Component Object Model	3 Clipboard Data	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	12 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
WaveExecutor.exe	21%	ReversingLabs
WaveExecutor.exe	23%	Virustotal		Browse
WaveExecutor.exe	100%	Avira	HEUR/AGEN.1314582
WaveExecutor.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://https://https/:://websocketpp.processorGeneric	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.myip.com	104.26.9.59	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.myip.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://https://https/:://websocketpp.processorGeneric	WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage	WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696491991400800003.1&ci=1696491991993.12791&cta	WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/7	WaveExecutor.exe, 00000000.00000003.1451712581.000002C33B16F000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1457751354.000002C33B16F000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1464996705.000002C33B16F000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3888813379.000002C33B170000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1462341885.000002C33B16F000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1468124629.000002C33B170000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/Russia	WaveExecutor.exe, 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold	WaveExecutor.exe, 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqX1CqX4pbW1pbWfpbZ7ReNxR3UIG8zInwYIFIVs9eYi	WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696491991400800003.2&ci=1696491991993.	WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	WaveExecutor.exe, 00000000.00000003.2088747718.000002C33B5C9000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1463509481.000002C33B4EA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3889125891.000002C33B361000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15d7e4b694824b33323940336fbf0bead57d89764383fe44	WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B36C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1453560608.000002C33B4B7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.1454931632.000002C33B4BB000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.9.59	api.myip.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570766
Start date and time:	2024-12-08 02:11:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 45s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	WaveExecutor.exe
Detection:	MAL
Classification:	mal84.spyw.evad.winEXE@1/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 85% Number of executed functions: 28 Number of non-executed functions: 153
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:12:44	API Interceptor	17718875x Sleep call for process: WaveExecutor.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.26.9.59	Fortexternal.exe	Get hash	malicious	Unknown	Browse
	Fortexternal.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc	Browse
	ZoomInstaller.exe	Get hash	malicious	Unknown	Browse
	ZoomInstaller.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer	Browse
	eSLlhErJ0q.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	iBO7gzlZr3.exe	Get hash	malicious	LummaC	Browse
	5zFCjSBLvw.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.myip.com	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	Amadey, Cryptbot	Browse	172.67.75.163
	file.exe	Get hash	malicious	Amadey, XWorm	Browse	172.67.75.163
	file.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	file.exe	Get hash	malicious	LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc	Browse	104.26.9.59
	file.exe	Get hash	malicious	Ailurophile Stealer	Browse	104.26.8.59
	installer.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	installer.exe	Get hash	malicious	Unknown	Browse	172.67.75.163

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Xeno Executor.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	Delta.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.36.51
	'Set-up.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.185.163
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.24.90
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.185.163
	meerkat.mips.elf	Get hash	malicious	Mirai	Browse	8.44.96.113
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.67.165.166
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Xeno Executor.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.9.59
	file.exe	Get hash	malicious	Amadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, Vidar	Browse	104.26.9.59
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.9.59
	malware.exe	Get hash	malicious	Targeted Ransomware, TrojanRansom	Browse	104.26.9.59
	INQUIRY REQUEST AND PRICES_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.9.59
	Bank Swift and SOA PRN00720031415453_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.9.59
	RFQ Order list #2667747.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.9.59
	Payment Details Ref#577767.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.9.59
	IBAN Payment confirmation.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.9.59

Process:	C:\Users\user\Desktop\WaveExecutor.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.3585198384225
Encrypted:	false
SSDEEP:	3:YMb1gXMlJ9eMfQxaNmGGL4:YMeX6uxaNmRL4
MD5:	E86153F34E01C5AED461F812D7472D86
SHA1:	CB4491FAC004B18059BA1BDDFE2CD5696CD94F87
SHA-256:	D174A4EFD5E9EAC12E0161D4C4A1D5C26122C4C5EA6A1BE49D7A277B535CB2DF
SHA-512:	CA8A07D9515808AC4331D1790F75C2A05672E299366DE0A0EE55698F8679B366428DFB18E8390FF034B58E3D0D05165F4C9EE8F7481B7509B51A18A84DF5F51B
Malicious:	false
Reputation:	low
Preview:	{"ip":"8.46.123.228","country":"United States","cc":"US"}

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.942431434635199
TrID:	Win64 Executable GUI (202006/5) 93.52% Win64 Executable (generic) (12005/4) 5.56% DOS Executable Generic (2002/1) 0.93%
File name:	WaveExecutor.exe
File size:	1'390'123 bytes
MD5:	20530c9bc61569e79d6ffece7f7e426a
SHA1:	fe3dca7b627e8d3ae49d2e9c9145581f108330f2
SHA256:	76dbac3dc4d2dc8aa1e0e8de0d8f4d57172a8be90fc3ef535159ef649d762dd5
SHA512:	b082c75d0cd5ce6249b06d814457352bf8f49d36fa2a9c697833ff0802e286f03b6bcf9edb2f3084fbfef876a6be37cec1ddd1747d90b1f772dee6b92cb23cce
SSDEEP:	24576:Ji25ZYwRgccqI/ZtjnftODZkIox/qLgzAlpe5Jwyytys4+/u9UkzVTMoxwz:BXmIdkf/qLg0Sf1duuBGUa
TLSH:	5855122FB3D42725D974D5B38AE7C30AB730A1A1D676CB6B09C14E5FA16A0026B47F1C
File Content Preview:	MZ......................@.2.92.UPX!._0x0023603..........................!..L.!This program cannot be run in DOS mode....$........z...............c.......................................c................................t.............Rich...................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x1406d2210
Entrypoint Section:	bbbb
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6753058D [Fri Dec 6 14:09:17 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	bd2500bb87e3a94d2777b94c3c55a684

Entrypoint Preview

Instruction
push ebx
push esi
push edi
push ebp
dec eax
lea esi, dword ptr [FFEBEDE5h]
dec eax
lea edi, dword ptr [esi-00590000h]
push edi
mov eax, 006D0D9Dh
push eax
dec eax
mov ecx, esp
dec eax
mov edx, edi
dec eax
mov edi, esi
mov esi, 00141201h
push ebp
dec eax
mov ebp, esp
inc esp
mov ecx, dword ptr [ecx]
dec ecx
mov eax, edx
dec eax
mov edx, esi
dec eax
lea esi, dword ptr [edi+02h]
push esi
mov al, byte ptr [edi]
dec edx
mov cl, al
and al, 07h
shr cl, 00000003h
dec eax
mov ebx, FFFFFD00h
dec eax
shl ebx, cl
mov cl, al
dec eax
lea ebx, dword ptr [esp+ebx*2-00000E78h]
dec eax
and ebx, FFFFFFC0h
push 00000000h
dec eax
cmp esp, ebx
jne 00007F3848D4C0ABh
push ebx
dec eax
lea edi, dword ptr [ebx+08h]
mov cl, byte ptr [esi-01h]
dec edx
mov byte ptr [edi+02h], al
mov al, cl
shr cl, 00000004h
mov byte ptr [edi+01h], cl
and al, 0Fh
mov byte ptr [edi], al
dec eax
lea ecx, dword ptr [edi-04h]
push eax
inc ecx
push edi
dec eax
lea eax, dword ptr [edi+04h]
inc ebp
xor edi, edi
inc ecx
push esi
inc ecx
mov esi, 00000001h
inc ecx
push ebp
inc ebp
xor ebp, ebp
inc ecx
push esp
push ebp
push ebx
dec eax
sub esp, 48h
dec eax
mov dword ptr [esp+38h], ecx
dec eax
mov dword ptr [esp+20h], eax
mov eax, 00000001h
dec eax
mov dword ptr [esp+40h], esi
dec esp
mov dword ptr [esp+30h], eax
mov ebx, eax
inc esp
mov dword ptr [esp+2Ch], ecx
movzx ecx, byte ptr [edi+02h]
shl ebx, cl
mov ecx, ebx

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[IMP] VS2005 build 50727

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6e3c94	0x4c0	b@b8
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6d3000	0x10c94	b@b8
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x371000	0x43bc	"aR
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6e4154	0x20	b@b8
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x6d2df0	0x28	bbbb
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x6d2e20	0x140	bbbb
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
"aR	0x1000	0x590000	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bbbb	0x591000	0x142000	0x142000	9cb2738f30eee3b9289923700fa0b1c5	False	0.999073478746118	data	7.9997575830156915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
b@b8	0x6d3000	0x12000	0x11200	7203ffef5d1e7538bd4a499cb093a19b	False	0.2558308622262774	data	3.946927594863314	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
None	0x6e3ad0	0x2e	data			1.108695652173913
RT_RCDATA	0x386afc	0x3201	empty			0
RT_RCDATA	0x389d00	0x3201	empty			0
RT_RCDATA	0x38cf04	0x3201	empty			0
RT_RCDATA	0x390108	0x3201	empty			0
RT_RCDATA	0x39330c	0x3201	empty			0
RT_RCDATA	0x396510	0x3201	empty			0
RT_RCDATA	0x399714	0x3201	empty			0
RT_RCDATA	0x39c918	0x3201	empty			0
RT_RCDATA	0x39fb1c	0x3201	empty			0
RT_RCDATA	0x3a2d20	0x3201	empty			0
RT_RCDATA	0x3a5f24	0x3201	empty			0
RT_RCDATA	0x3a9128	0x3201	empty			0
RT_RCDATA	0x3ac32c	0x3201	empty			0
RT_RCDATA	0x3af530	0x3201	empty			0
RT_RCDATA	0x3b2734	0x3201	empty			0
RT_RCDATA	0x3b5938	0x3201	empty			0
RT_RCDATA	0x3b8b3c	0x3201	empty			0
RT_RCDATA	0x3bbd40	0x3201	empty			0
RT_RCDATA	0x3bef44	0x3201	empty			0
RT_RCDATA	0x3c2148	0x3201	empty			0
RT_RCDATA	0x3c534c	0x3201	empty			0
RT_RCDATA	0x3c8550	0x3201	empty			0
RT_RCDATA	0x3cb754	0x3201	empty			0
RT_RCDATA	0x3ce958	0x3201	empty			0
RT_RCDATA	0x3d1b5c	0x3201	empty			0
RT_RCDATA	0x3d4d60	0x3201	empty			0
RT_RCDATA	0x3d7f64	0x3201	empty			0
RT_RCDATA	0x3db168	0x3201	empty			0
RT_RCDATA	0x3de36c	0x3201	empty			0
RT_RCDATA	0x3e1570	0x3201	empty			0
RT_RCDATA	0x3e4774	0x3201	empty			0
RT_RCDATA	0x3e7978	0x76	empty			0
RT_RCDATA	0x3e79f0	0x22	empty			0
RT_RCDATA	0x3e7a14	0x3201	empty			0
RT_RCDATA	0x3eac18	0x3201	empty			0
RT_RCDATA	0x3ede1c	0x3201	empty			0
RT_RCDATA	0x3f1020	0x3201	empty			0
RT_RCDATA	0x3f4224	0x3201	empty			0
RT_RCDATA	0x3f7428	0x3201	empty			0
RT_RCDATA	0x3fa62c	0x3201	empty			0
RT_RCDATA	0x3fd830	0x3201	empty			0
RT_RCDATA	0x400a34	0x3201	empty			0
RT_RCDATA	0x403c38	0x3201	empty			0
RT_RCDATA	0x406e3c	0x3201	empty			0
RT_RCDATA	0x40a040	0x3201	empty			0
RT_RCDATA	0x40d244	0x740	empty			0
RT_RCDATA	0x40d984	0xf	empty			0
RT_RCDATA	0x40d994	0x3201	empty			0
RT_RCDATA	0x410b98	0x3201	empty			0
RT_RCDATA	0x413d9c	0x3201	empty			0
RT_RCDATA	0x416fa0	0x3201	empty			0
RT_RCDATA	0x41a1a4	0xe96ce	empty			0
RT_RCDATA	0x503874	0x3201	empty			0
RT_RCDATA	0x506a78	0x90ed	empty			0
RT_RCDATA	0x50fb68	0x3201	empty			0
RT_RCDATA	0x512d6c	0x3201	empty			0
RT_RCDATA	0x515f70	0x3201	empty			0
RT_RCDATA	0x519174	0x3201	empty			0
RT_RCDATA	0x51c378	0x3201	empty			0
RT_RCDATA	0x51f57c	0x55	empty			0
RT_RCDATA	0x51f5d4	0x3201	empty			0
RT_RCDATA	0x5227d8	0x3201	empty			0
RT_RCDATA	0x5259dc	0x3201	empty			0
RT_RCDATA	0x528be0	0x9e	empty			0
RT_RCDATA	0x528c80	0x1f2	empty			0
RT_RCDATA	0x528e74	0x3201	empty			0
RT_RCDATA	0x52c078	0x3201	empty			0
RT_RCDATA	0x52f27c	0x3201	empty			0
RT_RCDATA	0x532480	0x3201	empty			0
RT_RCDATA	0x535684	0x3201	empty			0
RT_RCDATA	0x538888	0x3201	empty			0
RT_RCDATA	0x53ba8c	0x3201	empty			0
RT_RCDATA	0x53ec90	0x7d	empty			0
RT_RCDATA	0x53ed10	0x7d	empty			0
RT_RCDATA	0x53ed90	0x7d	empty			0
RT_RCDATA	0x53ee10	0x7d	empty			0
RT_RCDATA	0x53ee90	0x7d	empty			0
RT_RCDATA	0x53ef10	0x7d	empty			0
RT_RCDATA	0x53ef90	0x7d	empty			0
RT_RCDATA	0x53f010	0x7d	empty			0
RT_RCDATA	0x53f090	0x7d	empty			0
RT_RCDATA	0x53f110	0x7d	empty			0
RT_RCDATA	0x53f190	0x7d	empty			0
RT_RCDATA	0x53f210	0x7d	empty			0
RT_RCDATA	0x53f290	0x7d	empty			0
RT_RCDATA	0x53f310	0x7d	empty			0
RT_RCDATA	0x53f390	0x7d	empty			0
RT_RCDATA	0x53f410	0x3201	empty			0
RT_RCDATA	0x542614	0x3201	empty			0
RT_RCDATA	0x545818	0x3201	empty			0
RT_RCDATA	0x548a1c	0x3201	empty			0
RT_RCDATA	0x54bc20	0x3201	empty			0
RT_RCDATA	0x54ee24	0x3201	empty			0
RT_RCDATA	0x552028	0x3201	empty			0
RT_RCDATA	0x55522c	0x3201	empty			0
RT_RCDATA	0x558430	0x3201	empty			0
RT_RCDATA	0x55b634	0x3201	empty			0
RT_RCDATA	0x55e838	0x3201	empty			0
RT_RCDATA	0x561a3c	0x3201	empty			0
RT_RCDATA	0x564c40	0x3201	empty			0
RT_RCDATA	0x567e44	0x3201	empty			0
RT_RCDATA	0x56b048	0x3201	empty			0
RT_RCDATA	0x56e24c	0x3201	empty			0
RT_RCDATA	0x571450	0x3201	empty			0
RT_RCDATA	0x574654	0x3201	empty			0
RT_RCDATA	0x577858	0x3201	empty			0
RT_RCDATA	0x57aa5c	0x3201	empty			0
RT_RCDATA	0x57dc60	0x3201	empty			0
RT_RCDATA	0x580e64	0x3201	empty			0
RT_RCDATA	0x584068	0x3201	empty			0
RT_RCDATA	0x58726c	0x3201	empty			0
RT_RCDATA	0x58a470	0x3201	empty			0
RT_RCDATA	0x58d674	0x3201	empty			0
RT_RCDATA	0x590878	0x3201	empty			0
RT_RCDATA	0x593a7c	0x3201	data			1.0008593078665728
RT_RCDATA	0x596c80	0x3201	data			1.0008593078665728
RT_RCDATA	0x599e84	0x3201	data			1.0008593078665728
RT_RCDATA	0x59d088	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a028c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a3490	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a6694	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a9898	0x3201	data			1.0008593078665728
RT_RCDATA	0x5aca9c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5afca0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b2ea4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b60a8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b92ac	0x3201	data			1.0008593078665728
RT_RCDATA	0x5bc4b0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5bf6b4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c28b8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c5abc	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c8cc0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5cbec4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5cf0c8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d22cc	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d54d0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d86d4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5db8d8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5deadc	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e1ce0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e4ee4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e80e8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5eb2ec	0x3201	data			1.0008593078665728
RT_RCDATA	0x5ee4f0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f16f4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f48f8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f7afc	0x3201	DOS executable (COM)			1.0008593078665728
RT_RCDATA	0x5fad00	0x3201	data			1.0008593078665728
RT_RCDATA	0x5fdf04	0x3201	data			1.0008593078665728
RT_RCDATA	0x601108	0x3201	data			1.0008593078665728
RT_RCDATA	0x60430c	0x3201	data			1.0008593078665728
RT_RCDATA	0x607510	0x3201	data			1.0008593078665728
RT_RCDATA	0x60a714	0x3201	data			1.0008593078665728
RT_RCDATA	0x60d918	0x3201	data			1.0008593078665728
RT_RCDATA	0x610b1c	0x3201	data			1.0008593078665728
RT_RCDATA	0x613d20	0x3201	data			1.0008593078665728
RT_RCDATA	0x616f24	0x3201	data			1.0008593078665728
RT_RCDATA	0x61a128	0x3201	data			1.0008593078665728
RT_RCDATA	0x61d32c	0x3201	data			1.0008593078665728
RT_RCDATA	0x620530	0x3201	data			1.0008593078665728
RT_RCDATA	0x623734	0x3201	data			1.0008593078665728
RT_RCDATA	0x626938	0x3201	data			1.0008593078665728
RT_RCDATA	0x629b3c	0x3201	data			1.0008593078665728
RT_RCDATA	0x62cd40	0x3201	data			1.0008593078665728
RT_RCDATA	0x62ff44	0x3201	data			1.0008593078665728
RT_RCDATA	0x633148	0x3201	data			1.0008593078665728
RT_RCDATA	0x63634c	0x3201	data			1.0008593078665728
RT_RCDATA	0x639550	0x3201	data			1.0008593078665728
RT_RCDATA	0x63c754	0x3201	data			1.0008593078665728
RT_RCDATA	0x63f958	0x3201	data			1.0008593078665728
RT_RCDATA	0x642b5c	0x3201	data			1.0008593078665728
RT_RCDATA	0x645d60	0x3201	data			1.0008593078665728
RT_RCDATA	0x648f64	0x3201	data			1.0008593078665728
RT_RCDATA	0x64c168	0x3201	data			1.0008593078665728
RT_RCDATA	0x64f36c	0x3201	data			1.0008593078665728
RT_RCDATA	0x652570	0x3201	data			1.0008593078665728
RT_RCDATA	0x655774	0x3201	data			1.0008593078665728
RT_RCDATA	0x658978	0x3201	data			1.0008593078665728
RT_RCDATA	0x65bb7c	0x3201	data			1.0008593078665728
RT_RCDATA	0x65ed80	0x3201	data			1.0008593078665728
RT_RCDATA	0x661f84	0x3201	data			1.0008593078665728
RT_RCDATA	0x665188	0x3201	data			1.0008593078665728
RT_RCDATA	0x66838c	0x3201	data			1.0008593078665728
RT_RCDATA	0x66b590	0x3201	data			1.0008593078665728
RT_RCDATA	0x66e794	0x3201	data			1.0008593078665728
RT_RCDATA	0x671998	0x3201	data			1.0008593078665728
RT_RCDATA	0x674b9c	0x3201	ARJ archive data, v65, multi-volume, slash-switched, backup, original name: \026)\246\274\303F"\306\005\301\206y\363\207\203X\304\254\227\252iV6\322\006\207\374\3137D\234T"\360;]w\263\233r\361\371\011<\337\274H\\234\220\365,			1.0008593078665728
RT_RCDATA	0x677da0	0x3201	data			1.0008593078665728
RT_RCDATA	0x67afa4	0x3201	data			1.0008593078665728
RT_RCDATA	0x67e1a8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6813ac	0x3201	data			1.0008593078665728
RT_RCDATA	0x6845b0	0x3201	data			1.0008593078665728
RT_RCDATA	0x6877b4	0x3201	data			1.0008593078665728
RT_RCDATA	0x68a9b8	0x3201	data			1.0008593078665728
RT_RCDATA	0x68dbbc	0x3201	data			1.0008593078665728
RT_RCDATA	0x690dc0	0x3201	data			1.0008593078665728
RT_RCDATA	0x693fc4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6971c8	0x3201	data			1.0008593078665728
RT_RCDATA	0x69a3cc	0x3201	data			1.0008593078665728
RT_RCDATA	0x69d5d0	0x3201	data			1.0008593078665728
RT_RCDATA	0x6a07d4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6a39d8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6a6bdc	0x3201	data			1.0008593078665728
RT_RCDATA	0x6a9de0	0x3201	data			1.0008593078665728
RT_RCDATA	0x6acfe4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6b01e8	0x3201	OpenPGP Secret Key			1.0008593078665728
RT_RCDATA	0x6b33ec	0x3201	data			1.0008593078665728
RT_RCDATA	0x6b65f0	0x3201	OpenPGP Secret Key			1.0008593078665728
RT_RCDATA	0x6b97f4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6bc9f8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6bfbfc	0x3201	data			1.0008593078665728
RT_RCDATA	0x6c2e00	0x3201	data			1.0008593078665728
RT_RCDATA	0x6c6004	0x3201	data			1.0008593078665728
RT_MANIFEST	0x6e3b04	0x2	data			5.0
RT_MANIFEST	0x6e3b0c	0x188	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5892857142857143
None	0x6c9394	0x110	data			1.0404411764705883
None	0x6c94a4	0xd6	data			1.0514018691588785
None	0x6c957c	0xd2	data			1.0523809523809524
None	0x6c9650	0x88	data			1.0808823529411764
None	0x6c96d8	0x9c	data			1.0705128205128205
None	0x6c9774	0x15a	data			1.0317919075144508
None	0x6c98d0	0x9c	data			1.0705128205128205
None	0x6c996c	0x11a	data			1.0390070921985815
None	0x6c9a88	0x96	data			1.0733333333333333
None	0x6c9b20	0xbe	data			1.0578947368421052
None	0x6c9be0	0xa2	data			1.0679012345679013
None	0x6c9c84	0xdc	OpenPGP Secret Key			1.05
None	0x6c9d60	0xd0	data			1.0528846153846154
None	0x6c9e30	0xf4	data			1.0450819672131149
None	0x6c9f24	0x114	OpenPGP Public Key			1.039855072463768
None	0x6ca038	0x9c	data			1.0705128205128205
None	0x6ca0d4	0x98	data			1.0723684210526316
None	0x6ca16c	0xa6	data			1.0662650602409638
None	0x6ca214	0xf6	data			1.0447154471544715
None	0x6ca30c	0xcc	data			1.053921568627451
None	0x6ca3d8	0x158	data			1.0319767441860466
None	0x6ca530	0xe0	data			1.0491071428571428
None	0x6ca610	0xa2	data			1.0679012345679013
None	0x6ca6b4	0xbc	data			1.0585106382978724
None	0x6ca770	0xd8	data			1.0509259259259258
None	0x6ca848	0xa6	data			1.0662650602409638
None	0x6ca8f0	0xea	data			1.047008547008547
None	0x6ca9dc	0xe0	data			1.0491071428571428
None	0x6caabc	0xba	data			1.0591397849462365
None	0x6cab78	0xbe	data			1.0578947368421052
None	0x6cac38	0x94	data			1.0743243243243243
None	0x6caccc	0x13e	OpenPGP Public Key Version 5, Created Sun Dec 7 14:05:53 2014, Unknown Algorithm (0x31)			1.0345911949685536
None	0x6cae0c	0xe8	data			1.0474137931034482
None	0x6caef4	0xc4	data			1.0561224489795917
None	0x6cafb8	0xca	data			1.0544554455445545
None	0x6cb084	0x16a	data			1.0303867403314917
None	0x6cb1f0	0xe4	data			1.0482456140350878
None	0x6cb2d4	0x12c	data			1.0366666666666666
None	0x6cb400	0xfe	data			1.0433070866141732
None	0x6cb500	0x158	data			1.0319767441860466
None	0x6cb658	0x116	data			1.039568345323741
None	0x6cb770	0x10a	data			1.0413533834586466
None	0x6cb87c	0x178	data			1.0292553191489362
None	0x6cb9f4	0x70	data			1.0982142857142858
None	0x6cba64	0x66	data			1.107843137254902
None	0x6cbacc	0x9c	data			1.0705128205128205
None	0x6cbb68	0x142	data			1.0341614906832297
None	0x6cbcac	0x15a	data			1.0317919075144508
None	0x6cbe08	0x132	data			1.0359477124183007
None	0x6cbf3c	0x96	data			1.0733333333333333
None	0x6cbfd4	0x160	data			1.03125
None	0x6cc134	0xba	data			1.0591397849462365
None	0x6cc1f0	0x182	data			1.028497409326425
None	0x6cc374	0xbc	data			1.0585106382978724
None	0x6cc430	0xfc	data			1.0436507936507937
None	0x6cc52c	0xd4	data			1.0518867924528301
None	0x6cc600	0x13c	data			1.0348101265822784
None	0x6cc73c	0x13a	data			1.035031847133758
None	0x6cc878	0x86	data			1.0820895522388059
None	0x6cc900	0xb2	data			1.0617977528089888
None	0x6cc9b4	0xe0	data			1.0491071428571428
None	0x6cca94	0x17e	data			1.0287958115183247
None	0x6ccc14	0xc0	data			1.0572916666666667
None	0x6cccd4	0xc6	data			1.0555555555555556
None	0x6ccd9c	0xae	data			1.0632183908045978
None	0x6cce4c	0xd8	data			1.0509259259259258
None	0x6ccf24	0x9e	data			1.0696202531645569
None	0x6ccfc4	0xc6	data			1.0555555555555556
None	0x6cd08c	0xa6	data			1.0662650602409638
None	0x6cd134	0x88	data			1.0808823529411764
None	0x6cd1bc	0x118	data			1.0392857142857144
None	0x6cd2d4	0xda	data			1.0504587155963303
None	0x6cd3b0	0xe2	data			1.0486725663716814
None	0x6cd494	0xcc	OpenPGP Secret Key			1.053921568627451
None	0x6cd560	0x146	data			1.0337423312883436
None	0x6cd6a8	0xdc	data			1.05
None	0x6cd784	0x156	data			1.0321637426900585
None	0x6cd8dc	0xfc	data			1.0436507936507937
None	0x6cd9d8	0xf0	data			1.0458333333333334
None	0x6cdac8	0xde	data			1.0495495495495495
None	0x6cdba8	0x7c	OpenPGP Public Key			1.0887096774193548
None	0x6cdc24	0xd8	data			1.0509259259259258
None	0x6cdcfc	0xac	data			1.063953488372093
None	0x6cdda8	0x102	data			1.0426356589147288
None	0x6cdeac	0x9a	data			1.0714285714285714
None	0x6cdf48	0xc2	data			1.056701030927835
None	0x6ce00c	0xa2	data			1.0679012345679013
None	0x6ce0b0	0xce	data			1.0533980582524272
None	0x6ce180	0x9c	data			1.0705128205128205
None	0x6ce21c	0x144	data			1.0339506172839505
None	0x6ce360	0xb6	data			1.0604395604395604
None	0x6ce418	0x150	data			1.0327380952380953
None	0x6ce568	0x126	data			1.0374149659863945
None	0x6ce690	0xea	data			1.047008547008547
None	0x6ce77c	0x160	data			1.03125
None	0x6ce8dc	0x14a	data			1.0333333333333334
None	0x6cea28	0xaa	data			1.0647058823529412
None	0x6cead4	0xaa	data			1.0647058823529412
None	0x6ceb80	0xb6	data			1.0604395604395604
None	0x6cec38	0x11c	data			1.0387323943661972
None	0x6ced54	0xe4	data			1.0482456140350878
None	0x6cee38	0xba	data			1.0591397849462365
None	0x6ceef4	0x192	data			1.027363184079602
None	0x6cf088	0x102	data			1.0426356589147288
None	0x6cf18c	0xd0	data			1.0528846153846154
None	0x6cf25c	0xa0	data			1.06875
None	0x6cf2fc	0x1b6	data			1.0251141552511416
None	0x6cf4b4	0x134	data			1.0357142857142858
None	0x6cf5e8	0xc6	data			1.0555555555555556
None	0x6cf6b0	0xd8	data			1.0509259259259258

Imports

DLL	Import
api-ms-win-crt-heap-l1-1-0.dll	free
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale
api-ms-win-crt-math-l1-1-0.dll	cosf
api-ms-win-crt-runtime-l1-1-0.dll	exit
api-ms-win-crt-stdio-l1-1-0.dll	fseek
api-ms-win-crt-string-l1-1-0.dll	strcmp
api-ms-win-crt-utility-l1-1-0.dll	qsort
d3d9.dll	Direct3DCreate9
IMM32.dll	ImmGetContext
kernEl32.dll	LoadLibraryA, DeleteAtom, GetProcAddress, VirtualProtect
MSVCP140.dll	_Query_perf_counter
Ole32.dll	CoTaskMemFree
SHELL32.dll	ShellExecuteA
USER32.dll	SetCursor
VCRUNTIME140.dll	memcpy
VCRUNTIME140_1.dll	__CxxFrameHandler4

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-08T02:12:09.105297+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.8	49705	104.26.9.59	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 8, 2024 02:12:07.374892950 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:07.374914885 CET	443	49705	104.26.9.59	192.168.2.8
Dec 8, 2024 02:12:07.375066042 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:07.385560989 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:07.385576963 CET	443	49705	104.26.9.59	192.168.2.8
Dec 8, 2024 02:12:08.625339031 CET	443	49705	104.26.9.59	192.168.2.8
Dec 8, 2024 02:12:08.625427008 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:08.683504105 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:08.683517933 CET	443	49705	104.26.9.59	192.168.2.8
Dec 8, 2024 02:12:08.683886051 CET	443	49705	104.26.9.59	192.168.2.8
Dec 8, 2024 02:12:08.683952093 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:08.685735941 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:08.731329918 CET	443	49705	104.26.9.59	192.168.2.8
Dec 8, 2024 02:12:09.105317116 CET	443	49705	104.26.9.59	192.168.2.8
Dec 8, 2024 02:12:09.105416059 CET	443	49705	104.26.9.59	192.168.2.8
Dec 8, 2024 02:12:09.105422020 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:09.105462074 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:09.106522083 CET	49705	443	192.168.2.8	104.26.9.59
Dec 8, 2024 02:12:09.106534958 CET	443	49705	104.26.9.59	192.168.2.8

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 8, 2024 02:12:07.229907036 CET	57293	53	192.168.2.8	1.1.1.1
Dec 8, 2024 02:12:07.367870092 CET	53	57293	1.1.1.1	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 8, 2024 02:12:07.229907036 CET	192.168.2.8	1.1.1.1	0xd4c	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 8, 2024 02:12:07.367870092 CET	1.1.1.1	192.168.2.8	0xd4c	No error (0)	api.myip.com	104.26.9.59	A (IP address)	IN (0x0001)	false
Dec 8, 2024 02:12:07.367870092 CET	1.1.1.1	192.168.2.8	0xd4c	No error (0)	api.myip.com	104.26.8.59	A (IP address)	IN (0x0001)	false
Dec 8, 2024 02:12:07.367870092 CET	1.1.1.1	192.168.2.8	0xd4c	No error (0)	api.myip.com	172.67.75.163	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.myip.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.8	49705	104.26.9.59	443	7516	C:\Users\user\Desktop\WaveExecutor.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 01:12:08 UTC	182	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43 Host: api.myip.com
2024-12-08 01:12:09 UTC	784	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 01:12:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c3kpMN1cUR4Xoq3H0xg4I2DYMbC6fZhZq%2F5QJ8B%2FD9Cw20DVOYyca7v9%2BdUTlXY4lXF%2BWC5lZcVWTYT79CFhGYz6C5WNHU7dkieIV6i1WG%2FAYRL4zUjfVRyy%2F0fTYw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ee8e2af9c08423a-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2224&min_rtt=2214&rtt_var=851&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2819&recv_bytes=820&delivery_rate=1270670&cwnd=170&unsent_bytes=0&cid=d93003c86295a372&ts=491&x=0"
2024-12-08 01:12:09 UTC	63	IN	Data Raw: 33 39 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 39{"ip":"8.46.123.228","country":"United States","cc":"US"}
2024-12-08 01:12:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	20:12:04
Start date:	07/12/2024
Path:	C:\Users\user\Desktop\WaveExecutor.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\WaveExecutor.exe"
Imagebase:	0x7ff651fe0000
File size:	1'390'123 bytes
MD5 hash:	20530C9BC61569E79D6FFECE7F7E426A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	2.7%
Dynamic/Decrypted Code Coverage:	9.2%
Signature Coverage:	26.2%
Total number of Nodes:	694
Total number of Limit Nodes:	26

Executed Functions

Function 00007FF652034320 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 888
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHBrowseForFolder.SHELL32 ref: 00007FF652034705
SHGetPathFromIDList.SHELL32 ref: 00007FF652034732
CoTaskMemFree.OLE32 ref: 00007FF652034806
RemoveDirectoryA.KERNEL32 ref: 00007FF652034E7E
CreateDirectoryA.KERNEL32 ref: 00007FF652034E8E
MessageBoxA.USER32 ref: 00007FF652034EB3
ExitProcess.KERNEL32 ref: 00007FF65203562A

Strings

choose install folder, xrefs: 00007FF6520346E3
WaveExecutor, xrefs: 00007FF6520347A8
Install, xrefs: 00007FF652034E60
P, xrefs: 00007FF6520346F2
C:\Users\user\Desktop\WaveExecutor, xrefs: 00007FF652034740, 00007FF652034753, 00007FF65203476F, 00007FF6520347C7, 00007FF652034DB9, 00007FF652034E77, 00007FF652034E87
Failed to create setup directory, xrefs: 00007FF652034EA5
WaveExecutor, xrefs: 00007FF652034817, 00007FF652034F86
installation..., xrefs: 00007FF65203547A
f, xrefs: 00007FF6520343FE
Loader, xrefs: 00007FF652034843, 00007FF652034FB2
..., xrefs: 00007FF6520346A9
destinatinal folder, xrefs: 00007FF652034D51
continue, xrefs: 00007FF652035604
Fail, xrefs: 00007FF652034E9E

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: Directory$BrowseCreateExitFolderFreeFromListMessagePathProcessRemoveTask
String ID: Loader$...$C:\Users\user\Desktop\WaveExecutor$Fail$Failed to create setup directory$Install$P$WaveExecutor$WaveExecutor$choose install folder$continue$destinatinal folder$f$installation...
API String ID: 3810817069-47129801
Opcode ID: 07efe965cc40bf00cbb360a237ecad9b1944d4cf306ea226f799986d2252d6e3
Instruction ID: d12feafffb1f952b4bab0507fff67de7eb1f43f02cb494983843ed753210d4e4
Opcode Fuzzy Hash: 07efe965cc40bf00cbb360a237ecad9b1944d4cf306ea226f799986d2252d6e3
Instruction Fuzzy Hash: 54A2683290E78695E761DB22F8503AAB360FFD9344F484235D98DA76A9DF7CE148CB40

Function 00007FF65202F7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FF65202F803
QueryPerformanceCounter.KERNEL32 ref: 00007FF65202F819
GetKeyboardLayout.USER32 ref: 00007FF65202F910
GetLocaleInfoA.KERNEL32 ref: 00007FF65202F92C
LoadLibraryA.KERNEL32 ref: 00007FF65202F9C5
GetProcAddress.KERNEL32 ref: 00007FF65202F9FD
GetProcAddress.KERNEL32 ref: 00007FF65202FA11

Strings

imgui_impl_win32, xrefs: 00007FF65202F8D0
xinput1_4.dll, xrefs: 00007FF65202F977
C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF65202F7E7
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF65202F7C3
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF65202F94E
XInputGetState, xrefs: 00007FF65202FA03
xinput1_3.dll, xrefs: 00007FF65202F983
xinput9_1_0.dll, xrefs: 00007FF65202F98F
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF65202F7BC
xinput1_1.dll, xrefs: 00007FF65202F9A7
xinput1_2.dll, xrefs: 00007FF65202F99B
i >= 0 && i < Size, xrefs: 00007FF65202F955
io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!", xrefs: 00007FF65202F7EE
XInputGetCapabilities, xrefs: 00007FF65202F9EF

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: AddressPerformanceProcQuery$CounterFrequencyInfoKeyboardLayoutLibraryLoadLocale
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$XInputGetCapabilities$XInputGetState$i >= 0 && i < Size$imgui_impl_win32$io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!"$xinput1_1.dll$xinput1_2.dll$xinput1_3.dll$xinput1_4.dll$xinput9_1_0.dll
API String ID: 2839060773-805143068
Opcode ID: 260d99728c683016137ac75114b4de807555a0406b12ed98fa5fd299fab68a23
Instruction ID: c7890772c19f3537688a10972a09fd7c0ef11e2a3048eb1bea90ab819c5b0558
Opcode Fuzzy Hash: 260d99728c683016137ac75114b4de807555a0406b12ed98fa5fd299fab68a23
Instruction Fuzzy Hash: F2717572A0AF8686D7148F15ED442A973B5FB54B88F485136CB8D93760EFBCE06AC740

Function 00007FF652030330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182
keyboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClientRect.USER32 ref: 00007FF6520303B0
QueryPerformanceCounter.KERNEL32 ref: 00007FF6520303EC
GetForegroundWindow.USER32 ref: 00007FF652030445
ClientToScreen.USER32 ref: 00007FF65203047D
SetCursorPos.USER32 ref: 00007FF65203048F
GetCursorPos.USER32 ref: 00007FF6520304A9
ScreenToClient.USER32 ref: 00007FF6520304BB
GetKeyState.USER32 ref: 00007FF6520304FD
GetKeyState.USER32 ref: 00007FF652030544
GetKeyState.USER32 ref: 00007FF65203058B
GetKeyState.USER32 ref: 00007FF6520305D2

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF652030380
C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF65203035A, 00007FF652030431
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF652030387
bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?", xrefs: 00007FF652030361
bd->hWnd != 0, xrefs: 00007FF652030438

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: State$Client$CursorScreen$CounterForegroundPerformanceQueryRectWindow
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?"$bd->hWnd != 0
API String ID: 1576454153-990843061
Opcode ID: b15be0b44c692230b85c4defaefc4a5a4583acdefd80d0cc3f04028913e3d836
Instruction ID: 7bda9616b07d76cba8d73462779a79247c677dd036cb28cd2ed0c21061a8c7bc
Opcode Fuzzy Hash: b15be0b44c692230b85c4defaefc4a5a4583acdefd80d0cc3f04028913e3d836
Instruction Fuzzy Hash: C791A362A0E68646FB518B25DC4477A63A2FFA5B8CF0C4131D94DA7595CFBCE489CB00

Function 00007FF65202F2F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF65202F4C2
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65202F57D

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF65202F319
, xrefs: 00007FF65202F3DD
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF65202F320

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007$D91310F020
String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"
API String ID: 3519738495-1764846569
Opcode ID: 5397640f03628bea786c5d9e820ab445c411807759423a60697ec29a5e8f1976
Instruction ID: 7555987cf19e1fd34e16aa471dc949ef65283e4055291bac648f7ea05d409649
Opcode Fuzzy Hash: 5397640f03628bea786c5d9e820ab445c411807759423a60697ec29a5e8f1976
Instruction Fuzzy Hash: DC917D72705A858AEB10CF25D8943AD77A5FB88B88F488136DE4E93B64DF78D449C700

Function 00007FF652033B90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtdllDefWindowProc_A.NTDLL ref: 00007FF652033DD0

Strings

E, xrefs: 00007FF652033D76

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: NtdllProc_Window
String ID: E
API String ID: 4255912815-3568589458
Opcode ID: d9f9fd3d91a60987a5f48f68ece85a5dcac14300b8f46c6e9c972fc7a4a4e4b9
Instruction ID: a1dae69c5590962ea21b78c49f1a08991b10a5595387733403ac5e614f15a241
Opcode Fuzzy Hash: d9f9fd3d91a60987a5f48f68ece85a5dcac14300b8f46c6e9c972fc7a4a4e4b9
Instruction Fuzzy Hash: 0851663171D6828AE7748B18EC8477A73A0FB95758F140535EA8DE2694DFBDD488CB40

Function 000002C33ACEF46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACEF47B
FindFirstFileA.KERNEL32 ref: 000002C33ACEF48B

Part of subcall function 000002C33ACC5180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC5217

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$FileFindFirst
String ID:
API String ID: 2113789597-0
Opcode ID: cfa9f5777d2db9ce4048483391da668259afc2d594878e3b9cda18768d7dc9b0
Instruction ID: 15da54d511c946ae0b6fa4141cbee027347d6db1893087a18dd11e7924f8e9e9
Opcode Fuzzy Hash: cfa9f5777d2db9ce4048483391da668259afc2d594878e3b9cda18768d7dc9b0
Instruction Fuzzy Hash: 99129D31158A888EE765FB54C499FDEB3E1FBD8741F508DADD08EC31A2DE309A458782

Function 000002C33ADD10E0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000002C33ADD110D
Process32NextW.KERNEL32 ref: 000002C33ADD118F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ADD11FC
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ADD1235
Process32NextW.KERNEL32 ref: 000002C33ADD12DE

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyNextProcess32Queue::StructuredWork$CreateSnapshotToolhelp32
String ID:
API String ID: 2993956496-0
Opcode ID: e5cb6cc2a9d3f2d857daf4add4d4784c79b02a268af29c56eed9b1a154788f6c
Instruction ID: c4ef9c8fbe70cf8b44fa2cd0e8a20ffc9dfbd858d6f1b63ade20444758933c76
Opcode Fuzzy Hash: e5cb6cc2a9d3f2d857daf4add4d4784c79b02a268af29c56eed9b1a154788f6c
Instruction Fuzzy Hash: 9151FB30158B888BF7A5EB64C459BEEB7E1FFD4740F508A5DE08AC31A1DE349A45CB81

Function 00007FF65202EA60 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 374
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF65202ED6F

Strings

i >= 0 && i < Size, xrefs: 00007FF65202ECA9, 00007FF65202EE48, 00007FF65202EE96
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF65202ECA2, 00007FF65202EE41, 00007FF65202EE8F

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 1541411109-1817040388
Opcode ID: 7f0815f646b9be6a47ebf33997fd40430ce2371def073614a23dc5631ded96a8
Instruction ID: e3303d2b7622a733d13748121f311a36ad6e3a55d699cb6f75134fdc2850a827
Opcode Fuzzy Hash: 7f0815f646b9be6a47ebf33997fd40430ce2371def073614a23dc5631ded96a8
Instruction Fuzzy Hash: 31028976605B9586DB20CF26D884AAE37B4FB88B88F058126DF4D97764CF38E449CB00

Function 000002C33AD87750 Relevance: 4.7, APIs: 3, Instructions: 164encryptionCOMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD877E6
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD87864
CryptUnprotectData.CRYPT32 ref: 000002C33AD878BD

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$CryptDataUnprotect
String ID:
API String ID: 3418212865-0
Opcode ID: 51fe853a7d2b22d5b21b9f7a4f3a10a826fa85b530eb29a0291643d65522cfaf
Instruction ID: 6cec9a6aa59feec2fcbf31b9eb0c819f1f90696644c6e48491953a5b700dc8a2
Opcode Fuzzy Hash: 51fe853a7d2b22d5b21b9f7a4f3a10a826fa85b530eb29a0291643d65522cfaf
Instruction Fuzzy Hash: C451CD70558B888FE7A4EB68C458BAEB7E1FBD8301F50496DE08DC3261DB749985CB42

Function 00007FF65202FCE0 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 547d032ff03bed76e8d98501336aec72c7838b5fcf6afd06ef48b4c17f1abeb4
Instruction ID: 297c9ea45a9e5fcc6670f88890b07a2eaf9817feb7bcb537508ffb33d197b079
Opcode Fuzzy Hash: 547d032ff03bed76e8d98501336aec72c7838b5fcf6afd06ef48b4c17f1abeb4
Instruction Fuzzy Hash: 2E025C02E196BB85F75296328C417FE63819F7A388F1C8733ED58779D9DF6CA4868240

Function 00007FF6520326C0 Relevance: 15.5, APIs: 10, Instructions: 516
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF652032818

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a3eeb29371fb47a965077e410e082878baaf3524c6b8feef568940cf3953f533
Instruction ID: cddee4bd029b4d3d35db2bfe50ce5db275ecb9a1812c5d3b64be5a14ce16ef51
Opcode Fuzzy Hash: a3eeb29371fb47a965077e410e082878baaf3524c6b8feef568940cf3953f533
Instruction Fuzzy Hash: FB42D43260ABC585DAB0DB15F8947EAB3A4F7D9B84F044536DA8D93B69DF7CC4448B00

Function 00007FF652033DE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF652033E21
RegisterClassExA.USER32 ref: 00007FF652033E7A
GetSystemMetrics.USER32 ref: 00007FF652033E82
GetSystemMetrics.USER32 ref: 00007FF652033E9B
CreateWindowExA.USER32 ref: 00007FF652033F0D
ShowWindow.USER32 ref: 00007FF652033F26
UpdateWindow.USER32 ref: 00007FF652033F33

Strings

class001, xrefs: 00007FF652033E5A, 00007FF652033F04

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: Window$MetricsSystem$ClassCreateHandleModuleRegisterShowUpdate
String ID: class001
API String ID: 3666473625-3656631403
Opcode ID: c65b6a3a3c5298f372adfd29b74c1c22faed9294b5240e563b4d02c16027923c
Instruction ID: d165aa605992cc7a3298d6dc9df8d225c37e3600a255c02cba3ce3e6fcdd7263
Opcode Fuzzy Hash: c65b6a3a3c5298f372adfd29b74c1c22faed9294b5240e563b4d02c16027923c
Instruction Fuzzy Hash: 5E310A71A0DB428AE7408F24FC5872A77A0FB98308F5805B9D58DE6664DFFEE048CB40

Function 00007FF652036800 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32 ref: 00007FF652036A5D

Strings

WaveExecutor, xrefs: 00007FF6520369D3, 00007FF652036A1A
Welcome to , xrefs: 00007FF6520369DA
v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed, xrefs: 00007FF6520369EE
v2.1.1 Setup, xrefs: 00007FF652036A13
A, xrefs: 00007FF6520368E6
FrghcZrah, xrefs: 00007FF65203681B

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: Message
String ID: v2.1.1 Setup$ v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed$A$FrghcZrah$WaveExecutor$Welcome to
API String ID: 2030045667-1564511172
Opcode ID: 578fb85d05ac807efce2f1816e923275f42c98e49a4d3e3cb657846628bf40dd
Instruction ID: 5f07150da83db6d30672d6803fd51d359858632d1c3f09316ba737dc6e1f4b26
Opcode Fuzzy Hash: 578fb85d05ac807efce2f1816e923275f42c98e49a4d3e3cb657846628bf40dd
Instruction Fuzzy Hash: 4A71762260EB8681E660DB55FC516BE77A0FBA5348F484035E6CDD3B66DFACD149CB00

Function 000002C33ACC6FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000002C33ACCA110: char_traits.LIBCPMTD ref: 000002C33ACCA13D

std::_Fac_node::_Fac_node.LIBCPMTD ref: 000002C33ACC754F
CreateToolhelp32Snapshot.KERNEL32 ref: 000002C33ACC75C4
Process32FirstW.KERNEL32 ref: 000002C33ACC764B
Process32NextW.KERNEL32 ref: 000002C33ACC77AB

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Process32$CreateFac_nodeFac_node::_FirstNextSnapshotToolhelp32char_traitsstd::_
String ID:
API String ID: 4114415025-0
Opcode ID: 2cf1e73a0f9107235ddbfb485c3595bfcba21e3825775f53e0b531762a104419
Instruction ID: 31eca5e99702b4d00581108708964e4a756de0dd9e5b6191adc43fc8b2b823ce
Opcode Fuzzy Hash: 2cf1e73a0f9107235ddbfb485c3595bfcba21e3825775f53e0b531762a104419
Instruction Fuzzy Hash: 1E3222316549888FF755FB64C469BDFB2D2FBD8B00F804DBAE14AC3192ED319A468781

Function 000002C33ADA9E50 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::_name_internal_method.LIBCMTD ref: 000002C33ADA9EF0

Part of subcall function 000002C33ACF6A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACF6AAB
Part of subcall function 000002C33ACF6A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACF6ABA

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ADA9F56
CreateFileA.KERNEL32 ref: 000002C33ADA9F82

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFiletype_info::_name_internal_method
String ID:
API String ID: 645652700-0
Opcode ID: f64b6eb87d80957077a350099af48cbfcdfbf435f0acf51f21d504348669a5e4
Instruction ID: 26197f88bfb649d73361486ba6abcc3909ebff60b1cf5c3f20626d851b0f3ed8
Opcode Fuzzy Hash: f64b6eb87d80957077a350099af48cbfcdfbf435f0acf51f21d504348669a5e4
Instruction Fuzzy Hash: 2481FD30259A888FF794FB68C859F9EB6E1FBD8710F408A6DE049C32D1DE35D9458B42

Function 000002C33ADAA470 Relevance: 4.6, APIs: 3, Instructions: 80fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ADAA4B6
CreateFileA.KERNEL32 ref: 000002C33ADAA4E5
ReadFile.KERNEL32 ref: 000002C33ADAA514

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 02f2dc65f8decb4645fb847ec84ab164623bd49ce40520f2aa61d7a6ee298412
Instruction ID: 47bc82f6d7f15a890dac160374ace06841ce33e3487c743304e08f80303f8a9c
Opcode Fuzzy Hash: 02f2dc65f8decb4645fb847ec84ab164623bd49ce40520f2aa61d7a6ee298412
Instruction Fuzzy Hash: A021F270658B888FEB94EF2CC498B5ABBE0FB98301F50495DE489C3260DB75D944CB42

Function 000002C33ACC4740 Relevance: 4.6, APIs: 3, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC476C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC477E

Part of subcall function 000002C33ACC53C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC53DD

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC47BB

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 2bd40488f3e532a51d24b491183ad7726d9c7802e0b56b6519047ab1d83811bb
Instruction ID: 38a7ac616076f602310792176a975b16f3d08fa164795efd7e1d5712f6101725
Opcode Fuzzy Hash: 2bd40488f3e532a51d24b491183ad7726d9c7802e0b56b6519047ab1d83811bb
Instruction Fuzzy Hash: FD31DB70568B888FE794EF28C449B9EB7E1FBD4700F80495DF089C32A2DB749545CB82

Function 000002C33ADAA3D0 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ADAA3F7
CreateFileA.KERNEL32 ref: 000002C33ADAA426
ReadFile.KERNEL32 ref: 000002C33ADAA44E

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 58da95cd914e928df27caef5f136864f76f7d90ee48b638eaa7250070e662160
Instruction ID: e07b5ec453423766d1705d788318c711dd96d86f9d087d4cfbc11eb7afb934bf
Opcode Fuzzy Hash: 58da95cd914e928df27caef5f136864f76f7d90ee48b638eaa7250070e662160
Instruction Fuzzy Hash: D201D374618B888FDB44EF28C49971ABBE1FB99305F50491DF48AC32A0DB79D945CB82

Function 00007FF652034140 Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32 ref: 00007FF652034159
TranslateMessage.USER32 ref: 00007FF652034168
DispatchMessageA.USER32 ref: 00007FF652034173

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: Message$DispatchPeekTranslate
String ID:
API String ID: 4217535847-0
Opcode ID: 592db406a15101d98d1bfc7a93d39be7e429bab12ec8d4365a76516f4c6005f4
Instruction ID: c6d91315ffaa6a24d06ffcef02facafc827716642ba197ece7b5ab1dffc5cb38
Opcode Fuzzy Hash: 592db406a15101d98d1bfc7a93d39be7e429bab12ec8d4365a76516f4c6005f4
Instruction Fuzzy Hash: 31018F2192E59282F7909B20AC51F7E7A60BFB1349F581031F68EE65A5CFACE00DDB10

Function 00007FF6520121B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65201236B

Strings

gfff, xrefs: 00007FF6520121F0

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: gfff
API String ID: 2739980228-1553575800
Opcode ID: 75ee16a53b5f2482ab3f520c53e8ea14cbdc9166c07df525deeded777f2b7237
Instruction ID: 65ab2a7f244268f2d3dbafcd3c7b1bc35b226ef9c29d2ef4729f507013523559
Opcode Fuzzy Hash: 75ee16a53b5f2482ab3f520c53e8ea14cbdc9166c07df525deeded777f2b7237
Instruction Fuzzy Hash: CF518763709AD58AD7058F289D112BDBBB2FB88B44F4D8226DA48D3799CF3CD295C700

Function 00007FF652033F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

00007FFBAAC45F50.D3D9 ref: 00007FF652033F7B

Strings

@, xrefs: 00007FF65203400A

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007
String ID: @
API String ID: 3568877910-2766056989
Opcode ID: 25b0d2ce2a38a7156871d754f39201a56fb4b69c342f7591e255e8e05feafcfc
Instruction ID: dadf123614a29485f731926d58708d3d03ee558b88d9943c9f44d03b2d288c14
Opcode Fuzzy Hash: 25b0d2ce2a38a7156871d754f39201a56fb4b69c342f7591e255e8e05feafcfc
Instruction Fuzzy Hash: 7511A2B5B09B5686FB908F11EC5477527E0FB9879CF4841B5C90EA73A1DFBEA0498B00

Function 000002C33ADAA2F0 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ADAA310
CreateFileA.KERNEL32 ref: 000002C33ADAA33F

Part of subcall function 000002C33ACCA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACCA18D

Part of subcall function 000002C33ADA9E50: type_info::_name_internal_method.LIBCMTD ref: 000002C33ADA9EF0
Part of subcall function 000002C33ADA9E50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ADA9F56
Part of subcall function 000002C33ADA9E50: CreateFileA.KERNEL32 ref: 000002C33ADA9F82

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFile$type_info::_name_internal_method
String ID:
API String ID: 2627539804-0
Opcode ID: 98ea87f00965d57ac3efe53a622e5d3c7e907a059cd269744f0d00fbdf9eee7f
Instruction ID: 1594f49f62c4fa070c047d851c2ef3803d3c2c49f2f8cc15f3634913fe154a5e
Opcode Fuzzy Hash: 98ea87f00965d57ac3efe53a622e5d3c7e907a059cd269744f0d00fbdf9eee7f
Instruction Fuzzy Hash: 2B111B70618B888FE794EF68C45DB6AB7E1FBD9341F40892DE08DC3261DB79C9458B42

Function 00007FF65203BB9C Relevance: 3.1, APIs: 2, Instructions: 55COMMON

Download Yara Rule

APIs

_RTC_Initialize.LIBCMT ref: 00007FF65203BBD4
00007FFBC92F1B20.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF65203BC20

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007Initialize
String ID:
API String ID: 3598312978-0
Opcode ID: d68fa1dd1f25c5d9833bb5b41399011af0f0bca26c4982c59452d0f3d9cb9bed
Instruction ID: 6714d3a91f4771c4cfbaa44a744d39ce1346c15c70297c50540cfed303773e4a
Opcode Fuzzy Hash: d68fa1dd1f25c5d9833bb5b41399011af0f0bca26c4982c59452d0f3d9cb9bed
Instruction Fuzzy Hash: A311AF47E0A24342FA6877F14C62AB811847FB136CFAC0430E50DF62C7DD9CB99E4222

Function 00007FF65203BB34 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65203BB64

Part of subcall function 00007FF65203C368: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF65203C371

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65203BB6A

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: 579fdc101cb57f0dd8a8ec204abd9f99143d0278c37e83ebbe356b3a60883766
Instruction ID: f212dac749981ce32ac92adc5471be7b8d80c7158cd5382227bee3c160ac5973
Opcode Fuzzy Hash: 579fdc101cb57f0dd8a8ec204abd9f99143d0278c37e83ebbe356b3a60883766
Instruction Fuzzy Hash: B7F05E11E1B20B41FD2936665C569F80250AF297BCE2C0630DD7CE57C6EEDCA4DD8210

Function 000002C33ADD7650 Relevance: 1.7, APIs: 1, Instructions: 247COMMON

Download Yara Rule

APIs

std::_Fac_node::_Fac_node.LIBCPMTD ref: 000002C33ADD76CA

Part of subcall function 000002C33ACCA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACCA18D

Part of subcall function 000002C33ADA9E50: type_info::_name_internal_method.LIBCMTD ref: 000002C33ADA9EF0
Part of subcall function 000002C33ADA9E50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ADA9F56
Part of subcall function 000002C33ADA9E50: CreateFileA.KERNEL32 ref: 000002C33ADA9F82

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFac_nodeFac_node::_Filestd::_type_info::_name_internal_method
String ID:
API String ID: 3000750846-0
Opcode ID: 00adcd673186d3be9c868df7961a00515725e50a38e87df9d4bbbf832d19ea52
Instruction ID: 276cdee9f0d3412512905d308a66853b90235ce1ea6da718f46a5e6a544aede6
Opcode Fuzzy Hash: 00adcd673186d3be9c868df7961a00515725e50a38e87df9d4bbbf832d19ea52
Instruction Fuzzy Hash: C8913B30299B888FE765EB68C458BDEB7E1FB99304F40499DE089C3292DA75DA41C742

Function 00007FF652031B90 Relevance: 1.7, APIs: 1, Instructions: 199libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF652031DDE

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
Instruction ID: 0c6a2da14006f3d0e6e6d106ae17352fc4bcf700bee524e92f9d4815025e413a
Opcode Fuzzy Hash: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
Instruction Fuzzy Hash: 81A1B836619B8486DB60CB0AE49072AB7A4F7CDB98F144125EBCE83B68DF7DD455CB00

Function 000002C33ADEF2BC Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000002C33ADEF2EC

Part of subcall function 000002C33ADEFD70: std::bad_alloc::bad_alloc.LIBCMTD ref: 000002C33ADEFD79

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: 6b617ec2180372ffccc889888c4318af6079f51c42d92b87c56cb71e91508389
Instruction ID: 776388e5de87c8f3d35e0921e5ebeffd0a38e9f65dd902d7d64c9b1f73520966
Opcode Fuzzy Hash: 6b617ec2180372ffccc889888c4318af6079f51c42d92b87c56cb71e91508389
Instruction Fuzzy Hash: 6101D6101909890AFA9AF3F454BDF7D11C4BB4D3C1F948C94D815CF0E2EA148B8183D0

Function 00007FF65203B780 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF65203B7A3

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 68dcdc5df13b1305609106057423c5647b76bdd97cd7c73a0b3a13548c0169f4
Instruction ID: f08c7640692aab3105cea216c928e682591289c77fe58eaf5dc4a426a26eab30
Opcode Fuzzy Hash: 68dcdc5df13b1305609106057423c5647b76bdd97cd7c73a0b3a13548c0169f4
Instruction Fuzzy Hash: 22017561A19F4181D660AB19E840B1BA3E4FF987ACF440335E6DDD27E4DF7CD5148B04

Non-executed Functions

Function 00007FF652026090 Relevance: 58.2, APIs: 5, Strings: 26, Instructions: 3919COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF651FECB20: __swprintf_l.LIBCMT ref: 00007FF651FECC55

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF652026942
00007FFBBBD91310.VCRUNTIME140 ref: 00007FF6520269E9
00007FFBBBD91310.VCRUNTIME140 ref: 00007FF652028B07

Strings

g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel, xrefs: 00007FF65202A0A6
!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline)), xrefs: 00007FF652026155
password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty(), xrefs: 00007FF652026F45
apply_new_text_length <= buf_size, xrefs: 00007FF652028F58
buf[0] != 0, xrefs: 00007FF6520288BC
callback_data.Buf == callback_buf, xrefs: 00007FF652028B83
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF65202712D, 00007FF652027220, 00007FF65202753F
font->ContainerAtlas->TexID == _CmdHeader.TextureId, xrefs: 00007FF6520292A9, 00007FF652029B64
state != 0, xrefs: 00007FF652026FCC, 00007FF65202761C, 00007FF65202887E, 00007FF652029355
!((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput)), xrefs: 00007FF65202617D
idx <= obj->TextLen, xrefs: 00007FF652027110, 00007FF652027203
i >= 0 && i < Size, xrefs: 00007FF652027134, 00007FF652027227, 00007FF652027546
#SCROLLY, xrefs: 00007FF6520267C1, 00007FF6520267F0, 00007FF652029E36
callback_data.Flags == flags, xrefs: 00007FF652028BC9
state && state->ID == id, xrefs: 00007FF652026B9F
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF652026C39, 00007FF652026CA8, 00007FF652026CE5, 00007FF652026D27, 00007FF652026D64, 00007FF652026DAF, 00007FF652027714, 00007FF6520277AA, 00007FF6520278C8, 00007FF652027976, 00007FF652027A08, 00007FF652027AA4, 00007FF652027B4B, 00007FF652027BF2, 00007FF652027C2C, 00007FF652027CDA
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6520292A2, 00007FF652029B5D
@, xrefs: 00007FF65202A0BA
callback_data.BufTextLen == (int)strlen(callback_data.Buf), xrefs: 00007FF652028C70
%*s%.*s, xrefs: 00007FF652029FA0
callback_data.BufSize == state->BufCapacity, xrefs: 00007FF652028BA6
callback != 0, xrefs: 00007FF65202674D, 00007FF6520289AB
apply_new_text_length >= 0, xrefs: 00007FF652028E9B
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF652026C32, 00007FF652026CA1, 00007FF652026CDE, 00007FF652026D20, 00007FF652026D5D, 00007FF652026DA8, 00007FF65202770D, 00007FF6520277A3, 00007FF6520278C1, 00007FF65202796F, 00007FF652027A01, 00007FF652027A9D, 00007FF652027B44, 00007FF652027BEB, 00007FF652027C25, 00007FF652027CD3, 00007FF65202A09F
buf != 0 && buf_size >= 0, xrefs: 00007FF65202612D
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF652026126, 00007FF65202614E, 00007FF652026176, 00007FF652026746, 00007FF652026B98, 00007FF652026F3E, 00007FF652026FC5, 00007FF652027109, 00007FF6520271FC, 00007FF652027615, 00007FF652028877, 00007FF6520288B5, 00007FF6520289A4, 00007FF652028B7C, 00007FF652028B9F, 00007FF652028BC2, 00007FF652028C69, 00007FF652028E94, 00007FF652028F51, 00007FF65202934E

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310$__swprintf_l
String ID: !((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput))$!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline))$#SCROLLY$%*s%.*s$@$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$apply_new_text_length <= buf_size$apply_new_text_length >= 0$buf != 0 && buf_size >= 0$buf[0] != 0$callback != 0$callback_data.Buf == callback_buf$callback_data.BufSize == state->BufCapacity$callback_data.BufTextLen == (int)strlen(callback_data.Buf)$callback_data.Flags == flags$font->ContainerAtlas->TexID == _CmdHeader.TextureId$g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel$i >= 0 && i < Size$idx <= obj->TextLen$password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty()$state != 0$state && state->ID == id
API String ID: 16103177-4266151527
Opcode ID: 305c6a2d5bde13b75109bbc060a96d180a3a505ac7283807dc5ecf498293a827
Instruction ID: d019c240149a15d3f7944abd15f1ca8abee5bb6f1a27068b00d1702d05148b47
Opcode Fuzzy Hash: 305c6a2d5bde13b75109bbc060a96d180a3a505ac7283807dc5ecf498293a827
Instruction Fuzzy Hash: A893E572A0A2858AE751CF35CC846B977A1FB5974CF1C8236DE4CA7695CFB8E449CB00

Function 00007FF651FE9E10 Relevance: 50.0, APIs: 3, Strings: 25, Instructions: 1049COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FE9F42
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FEAA84
00007FFBC92FA0D0.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF651FEAEDF

Strings

g.CurrentWindow->IsFallbackWindow == true, xrefs: 00007FF651FEB026
Click %s Button to break in debugger! (remap w/ Ctrl+Shift), xrefs: 00007FF651FEAD51
g.Viewports.Size == 1, xrefs: 00007FF651FEA0FE
g.Font->IsLoaded(), xrefs: 00007FF651FEA274
Press ESC to abort picking., xrefs: 00007FF651FEAD03
Right, xrefs: 00007FF651FEAD1B
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF651FE9E54
g.MovingWindow && g.MovingWindow->RootWindow, xrefs: 00007FF651FEA6D0
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FE9E8F, 00007FF651FE9EC3, 00007FF651FE9F00, 00007FF651FEA11A, 00007FF651FEA23A, 00007FF651FEA8EE, 00007FF651FEA925, 00007FF651FEA958, 00007FF651FEAAF3, 00007FF651FEABD7
333?, xrefs: 00007FF651FEACDE
g.WindowsFocusOrder.Size <= g.Windows.Size, xrefs: 00007FF651FEA584
Remap w/ Ctrl+Shift: click anywhere to select new mouse button., xrefs: 00007FF651FEAD3B
HoveredId: 0x%08X, xrefs: 00007FF651FEACF7
GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip, xrefs: 00007FF651FEAD9C
i >= 0 && i < Size, xrefs: 00007FF651FE9E96, 00007FF651FE9ECA, 00007FF651FEA121, 00007FF651FEA241, 00007FF651FEA8F5, 00007FF651FEA92C, 00007FF651FEA95F, 00007FF651FEAAFA
Size > 0, xrefs: 00007FF651FEABDE
Left, xrefs: 00007FF651FEAD0F
Middle, xrefs: 00007FF651FEAD27
gfff, xrefs: 00007FF651FEB114
NewFrame(): ClearActiveID() because it isn't marked alive anymore!, xrefs: 00007FF651FEA3C3
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FE9E4D, 00007FF651FEA0F7, 00007FF651FEA26D, 00007FF651FEA57D, 00007FF651FEA6C9, 00007FF651FEA70E, 00007FF651FEAD95, 00007FF651FEB01F
(Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames), xrefs: 00007FF651FEAFA2
it >= Data && it < Data + Size, xrefs: 00007FF651FE9F07
GImGui != 0, xrefs: 00007FF651FEA715
Debug##Default, xrefs: 00007FF651FEAFCA

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007$D91310F020
String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$333?$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Click %s Button to break in debugger! (remap w/ Ctrl+Shift)$Debug##Default$GImGui != 0$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip$HoveredId: 0x%08X$Left$Middle$NewFrame(): ClearActiveID() because it isn't marked alive anymore!$Press ESC to abort picking.$Remap w/ Ctrl+Shift: click anywhere to select new mouse button.$Right$Size > 0$g.CurrentWindow->IsFallbackWindow == true$g.Font->IsLoaded()$g.MovingWindow && g.MovingWindow->RootWindow$g.Viewports.Size == 1$g.WindowsFocusOrder.Size <= g.Windows.Size$gfff$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 3519738495-8291574
Opcode ID: ffb8797e1eb16f8155c6f2f688ecd77d435fdf8ab629db649c8d15db83102da1
Instruction ID: 9a222470230d6681a89cd4633c23b03f42f98ab4bdd867f31f0f606ab389fa94
Opcode Fuzzy Hash: ffb8797e1eb16f8155c6f2f688ecd77d435fdf8ab629db649c8d15db83102da1
Instruction Fuzzy Hash: 20C28232A096C68AEB65CF35C8442F837A1FF54748F0C8235DA0DAB6A9DF79E645C710

Function 00007FF6520125F0 Relevance: 41.9, APIs: 9, Strings: 14, Instructions: 1603COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652013F7F
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652014005

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF65201262E, 00007FF65201281A, 00007FF6520128C5, 00007FF65201295A, 00007FF652012A5F, 00007FF652012A80, 00007FF652012D4C, 00007FF65201315C, 00007FF652013ABA
font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found.", xrefs: 00007FF6520128CC
n < (Storage.Size << 5), xrefs: 00007FF652012B57, 00007FF652012BB3, 00007FF652012BE5
src_tmp.GlyphsList.Size == src_tmp.GlyphsCount, xrefs: 00007FF652012D53
glyph_index_in_font != 0, xrefs: 00007FF652013163
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6520127B9, 00007FF6520127DE, 00007FF652012864, 00007FF65201290A, 00007FF652012A12, 00007FF652012F5E, 00007FF652012FA1, 00007FF652012FE6, 00007FF652013128, 00007FF65201369D, 00007FF6520139DD, 00007FF652013B38
src_tmp.DstIndex != -1, xrefs: 00007FF652012A79
0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize.", xrefs: 00007FF652012A58
src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?", xrefs: 00007FF652012961
cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas), xrefs: 00007FF652012821
font->ConfigData == font_config, xrefs: 00007FF652013AC1
atlas->ConfigData.Size > 0, xrefs: 00007FF652012635
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF652012B50, 00007FF652012BAC, 00007FF652012BDE
i >= 0 && i < Size, xrefs: 00007FF6520127C0, 00007FF6520127E5, 00007FF65201286B, 00007FF652012911, 00007FF652012A19, 00007FF652012F65, 00007FF652012FA8, 00007FF652012FED, 00007FF65201312F, 00007FF6520136A4, 00007FF6520139E4, 00007FF652013B3F

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: 0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize."$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$atlas->ConfigData.Size > 0$cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas)$font->ConfigData == font_config$font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found."$glyph_index_in_font != 0$i >= 0 && i < Size$n < (Storage.Size << 5)$src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?"$src_tmp.DstIndex != -1$src_tmp.GlyphsList.Size == src_tmp.GlyphsCount
API String ID: 2739980228-2192739418
Opcode ID: c6bae62cf4d860f169560fa24d2b3f10bebd5f6796277dc105493d95423a3bbc
Instruction ID: 22f1bf58ac73627019800a4c6d82e4b2dfbdd958b59e328a621e40354924e130
Opcode Fuzzy Hash: c6bae62cf4d860f169560fa24d2b3f10bebd5f6796277dc105493d95423a3bbc
Instruction Fuzzy Hash: 07F20472B05A968AE715CF25DC842BD77B0FB5874CF188236DA4DA3690DF78E49AC700

Function 00007FF651FE7390 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 530COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE75A9
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE767F
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE7776
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE7807
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE78BC
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE7965
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE79F6
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE7AB5
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE7B84
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE7C89

Strings

Forgot to shutdown Platform backend?, xrefs: 00007FF651FE73A9
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FE73C9, 00007FF651FE7407
(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?", xrefs: 00007FF651FE740E
(g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?", xrefs: 00007FF651FE73D0
Forgot to shutdown Renderer backend?, xrefs: 00007FF651FE73E7

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: (g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?"$(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Forgot to shutdown Platform backend?$Forgot to shutdown Renderer backend?
API String ID: 2739980228-2716422499
Opcode ID: 8631f41f780fcb6922e1570db1d0de5d2e5d582f4444700ffc315402fe0eb1ef
Instruction ID: 4885a1fab54d17c37fc6b160797fcc90d73c8dd88b66166276c848c4af295173
Opcode Fuzzy Hash: 8631f41f780fcb6922e1570db1d0de5d2e5d582f4444700ffc315402fe0eb1ef
Instruction Fuzzy Hash: D4427C32709A8292D749DF24D5941FCB3B5FB54B88F884236DB0D97298DF38E66AC340

Function 00007FF6520197F0 Relevance: 24.4, Strings: 19, Instructions: 617COMMON

Download Yara Rule

Strings

g.CurrentWindow == outer_window && g.CurrentTable == table, xrefs: 00007FF65201A224
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF652019846, 00007FF652019898, 00007FF6520198C0, 00007FF6520199CD, 00007FF652019F5E, 00007FF652019FAA, 00007FF65201A0E5, 00007FF65201A21D, 00007FF65201A240
p >= Buf.Data && p < Buf.Data + Buf.Size, xrefs: 00007FF65201A347
(table->Flags & ImGuiTableFlags_ScrollX) == 0, xrefs: 00007FF65201A0EC
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652019957, 00007FF652019B22, 00007FF652019EDD, 00007FF652019F2E, 00007FF65201A278, 00007FF65201A2BE
p >= Data && p < DataEnd, xrefs: 00007FF652019AA5, 00007FF652019C25, 00007FF652019DBA, 00007FF652019E44
Calling PopStyleColor() too many times!, xrefs: 00007FF6520197F7
inner_window == g.CurrentWindow, xrefs: 00007FF65201989F
table != 0 && "Only call EndTable() if BeginTable() returns true!", xrefs: 00007FF65201984D
(inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!", xrefs: 00007FF652019F65
(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!", xrefs: 00007FF652019FB1
outer_window == inner_window || outer_window == inner_window->ParentWindow, xrefs: 00007FF6520198C7
table->RowPosY2 == inner_window->DC.CursorPos.y, xrefs: 00007FF6520199D4
g.TablesTempDataStacked > 0, xrefs: 00007FF65201A247
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF652019A9E, 00007FF652019C1E, 00007FF652019DB3, 00007FF652019E3D, 00007FF65201A340
Too many PopItemWidth!, xrefs: 00007FF652019F83
i >= 0 && i < Size, xrefs: 00007FF65201995E, 00007FF65201A27F, 00007FF65201A2C5
Size > 0, xrefs: 00007FF652019B29, 00007FF652019EE4, 00007FF652019F35
Mismatching PushID/PopID!, xrefs: 00007FF652019F0F

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!"$(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!"$(table->Flags & ImGuiTableFlags_ScrollX) == 0$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$Calling PopStyleColor() too many times!$Mismatching PushID/PopID!$Size > 0$Too many PopItemWidth!$g.CurrentWindow == outer_window && g.CurrentTable == table$g.TablesTempDataStacked > 0$i >= 0 && i < Size$inner_window == g.CurrentWindow$outer_window == inner_window || outer_window == inner_window->ParentWindow$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table != 0 && "Only call EndTable() if BeginTable() returns true!"$table->RowPosY2 == inner_window->DC.CursorPos.y
API String ID: 0-2342475368
Opcode ID: e5b94c1b8dcf2da7007be3781829aa8966bd72bc356f6867aad3938fa65a2b63
Instruction ID: a3c5a9e99b1e989f6fdd8c396e4f355fbd0dcd1555c496b029693215a52ee061
Opcode Fuzzy Hash: e5b94c1b8dcf2da7007be3781829aa8966bd72bc356f6867aad3938fa65a2b63
Instruction Fuzzy Hash: 4172AF32A09A8A96EB15CB36CD853B97360FF5574CF0C8631DA59A31A1DFB8B1D9C700

Function 00007FF65202CB40 Relevance: 23.8, APIs: 4, Strings: 9, Instructions: 1043COMMON

Download Yara Rule

APIs

00007FFBC92E49A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF65202CE46
00007FFBBBD91310.VCRUNTIME140 ref: 00007FF65202CF53
00007FFBBBD91310.VCRUNTIME140 ref: 00007FF65202D049
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65202D0CA

Strings

Calling PopStyleColor() too many times!, xrefs: 00007FF65202CB43
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF65202D9D7
tab->LastFrameVisible >= tab_bar->PrevFrameVisible, xrefs: 00007FF65202D155
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF65202D9D0
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF65202D14E, 00007FF65202D1C9
i >= 0 && i < Size, xrefs: 00007FF65202CC07, 00007FF65202CC52, 00007FF65202CC85, 00007FF65202CCD8, 00007FF65202CD37, 00007FF65202D12C, 00007FF65202D283, 00007FF65202D450, 00007FF65202D47E, 00007FF65202D4AE, 00007FF65202D5D3
N/A, xrefs: 00007FF65202D1B2
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF65202CC00, 00007FF65202CC4B, 00007FF65202CC7E, 00007FF65202CCD1, 00007FF65202CD30, 00007FF65202D125, 00007FF65202D27C, 00007FF65202D449, 00007FF65202D477, 00007FF65202D4A7, 00007FF65202D5CC
tab->NameOffset < tab_bar->TabsNames.Buf.Size, xrefs: 00007FF65202D1D0

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007$D91310$F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$Calling PopStyleColor() too many times!$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$N/A$i >= 0 && i < Size$tab->LastFrameVisible >= tab_bar->PrevFrameVisible$tab->NameOffset < tab_bar->TabsNames.Buf.Size
API String ID: 2829325567-961183113
Opcode ID: 1dd7511a9398aec8ed7414ed426b944933fa59f1edda0e31c62fa7d12f7c8315
Instruction ID: 38b88cd745fcd2de1e016d9b43e1f0a50c7ccbf77c74d4d68dd1cb007d89fd3b
Opcode Fuzzy Hash: 1dd7511a9398aec8ed7414ed426b944933fa59f1edda0e31c62fa7d12f7c8315
Instruction Fuzzy Hash: 46B2C072A096858AE755CF36C84017977A0FF5878CF198736DA4DB36A4DF78E88AC700

Function 00007FF652030D02 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 232keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 00007FF652030D24
GetKeyState.USER32 ref: 00007FF652030D62
GetKeyState.USER32 ref: 00007FF652030D98
GetKeyState.USER32 ref: 00007FF652030DCE
GetKeyState.USER32 ref: 00007FF652030DE0
GetKeyState.USER32 ref: 00007FF652030EB1
GetKeyState.USER32 ref: 00007FF652030EED
GetKeyState.USER32 ref: 00007FF652030F3D
GetKeyState.USER32 ref: 00007FF652030F79
GetKeyState.USER32 ref: 00007FF652030FC9
GetKeyState.USER32 ref: 00007FF652031005

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF652030E8F
ImGui::IsNamedKey(key), xrefs: 00007FF652030E96

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: State
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$ImGui::IsNamedKey(key)
API String ID: 1649606143-1336968070
Opcode ID: 320e79d58a395caa32967525c0a4eeebff8b16c0838ad5b5bb5afecf55618b72
Instruction ID: 4441cee890af3732e426b6e4f854c2801d33072e3b9f71432f6d5b80911a8aaa
Opcode Fuzzy Hash: 320e79d58a395caa32967525c0a4eeebff8b16c0838ad5b5bb5afecf55618b72
Instruction Fuzzy Hash: 5091F310E5E29605FFA186355C01BBA22C2AF7574CF1D0635E84ABA5D9CFADB88B8250

Function 00007FF651FF6EC0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 524COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FF7633

Strings

Processed, xrefs: 00007FF651FF74F9
Remaining, xrefs: 00007FF651FF7525
n >= 0 && n < BITCOUNT, xrefs: 00007FF651FF7193, 00007FF651FF7277
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FF7043, 00007FF651FF7134, 00007FF651FF7463
0 && "Unknown event!", xrefs: 00007FF651FF746A
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF651FF704A
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF651FF718C, 00007FF651FF7270
i >= 0 && i < Size, xrefs: 00007FF651FF6F7B, 00007FF651FF7345, 00007FF651FF7515
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FF6F74, 00007FF651FF733E, 00007FF651FF750E, 00007FF651FF75C1
key != ImGuiKey_None, xrefs: 00007FF651FF713B
it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size, xrefs: 00007FF651FF75C8

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: 0 && "Unknown event!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Processed$Remaining$button >= 0 && button < ImGuiMouseButton_COUNT$i >= 0 && i < Size$it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size$key != ImGuiKey_None$n >= 0 && n < BITCOUNT
API String ID: 1541411109-1923509833
Opcode ID: da6d3a92aa33f98c79226d23127867b8a240d3247100d9651d618393ae0055c9
Instruction ID: 85200faf45bbafe51a5666453a02a44ee77d2ef3cb7716346452b430c077c826
Opcode Fuzzy Hash: da6d3a92aa33f98c79226d23127867b8a240d3247100d9651d618393ae0055c9
Instruction Fuzzy Hash: FB42F572B083C257EB28DB2595503B9BBD0FB51748F184235DAAD97698DFBCE468CB00

Function 00007FF651FE6CB0 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 396COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF651FE5CA0), ref: 00007FF651FE71A7
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE7227

Strings

FindSettingsHandler(handler->TypeName) == 0, xrefs: 00007FF651FE6E20, 00007FF651FE6F4E
n >= 0 && n < BITCOUNT, xrefs: 00007FF651FE7330
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FE6CE9, 00007FF651FE6E19, 00007FF651FE6F47
Window, xrefs: 00007FF651FE6D06
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF651FE7329
!g.Initialized && !g.SettingsLoaded, xrefs: 00007FF651FE6CF0
Table, xrefs: 00007FF651FE6E3E

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007$D91310F020
String ID: !g.Initialized && !g.SettingsLoaded$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$FindSettingsHandler(handler->TypeName) == 0$Table$Window$n >= 0 && n < BITCOUNT
API String ID: 3519738495-416841283
Opcode ID: 4062fd74c71728996d8a688af9939b4e7822aed5dbbc0d4bdb3eeccc7cb9b2ac
Instruction ID: 51b512dffdf894270c098df304102773c14f9b3f79a9bcb625bbd89b9154c1b1
Opcode Fuzzy Hash: 4062fd74c71728996d8a688af9939b4e7822aed5dbbc0d4bdb3eeccc7cb9b2ac
Instruction Fuzzy Hash: 3412E432A0AB8686EB54CF24E8402B977F5FB54B48F584236DA8D933A4DF7CE159C740

Function 00007FF652001D70 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00007FF652001D7B
MultiByteToWideChar.KERNEL32 ref: 00007FF652001DAE
GlobalAlloc.KERNEL32 ref: 00007FF652001DC2
GlobalLock.KERNEL32 ref: 00007FF652001DD3
MultiByteToWideChar.KERNEL32 ref: 00007FF652001DF2
GlobalUnlock.KERNEL32 ref: 00007FF652001DFB
EmptyClipboard.USER32 ref: 00007FF652001E01
SetClipboardData.USER32 ref: 00007FF652001E0F
GlobalFree.KERNEL32 ref: 00007FF652001E1D
CloseClipboard.USER32 ref: 00007FF652001E23

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: ClipboardGlobal$ByteCharMultiWide$AllocCloseDataEmptyFreeLockOpenUnlock
String ID:
API String ID: 1965520120-0
Opcode ID: ebbd9d8b24dcedb596b0ca59058d4c86985b5e6383d3a38eef27f5b3966815bd
Instruction ID: 1a23acd1c0e2d7fef8a2b496cb63bae07ec23f9f66b34b76f00b51067881dca7
Opcode Fuzzy Hash: ebbd9d8b24dcedb596b0ca59058d4c86985b5e6383d3a38eef27f5b3966815bd
Instruction Fuzzy Hash: 9C11B620B0AB4242E7145F25BC14639A3A1BF58FD8F0C4234DE4D937A4DFBCD04A4700

Function 00007FF652017CE0 Relevance: 13.8, Strings: 10, Instructions: 1289COMMON

Download Yara Rule

Strings

!is_visible, xrefs: 00007FF652018CC9
p >= Data && p < DataEnd, xrefs: 00007FF652017E50, 00007FF652017E91, 00007FF652017F8F, 00007FF652018220, 00007FF65201833B, 00007FF652018388, 00007FF652018524, 00007FF652018646, 00007FF652018678, 00007FF652018900, 00007FF652018938, 00007FF652018A6C, 00007FF652018E47, 00007FF652018E81, 00007FF652018F16, 00007FF6520191DB, 00007FF65201920D
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF652017D54, 00007FF652018008, 00007FF652018161, 00007FF652018CC2
table->IsLayoutLocked == false, xrefs: 00007FF652017D5B
table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0, xrefs: 00007FF652018168
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF652017E49, 00007FF652017E8A, 00007FF652017F88, 00007FF652018219, 00007FF652018334, 00007FF652018381, 00007FF65201851D, 00007FF65201863F, 00007FF652018671, 00007FF6520188F9, 00007FF652018931, 00007FF652018A65, 00007FF652018E40, 00007FF652018E7A, 00007FF652018F0F, 00007FF6520191D4, 00007FF652019206
column->IndexWithinEnabledSet <= column->DisplayOrder, xrefs: 00007FF65201800F
i >= 0 && i < Size, xrefs: 00007FF6520186E4
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6520186DD
#ContextMenu, xrefs: 00007FF652019129

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: !is_visible$#ContextMenu$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->IndexWithinEnabledSet <= column->DisplayOrder$i >= 0 && i < Size$p >= Data && p < DataEnd$table->IsLayoutLocked == false$table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0
API String ID: 0-1387518580
Opcode ID: 19ad48cc859dbbf9d7e2c9b3bb525ef016caea7ee0b204106524b712a34c540f
Instruction ID: d019c42c881f611d2571289c22ea2cde8713256987761d380d46042537aa7afd
Opcode Fuzzy Hash: 19ad48cc859dbbf9d7e2c9b3bb525ef016caea7ee0b204106524b712a34c540f
Instruction Fuzzy Hash: F4E2AE32A0968996E7198B36C9413B877A0FF5974CF0C8325DB48A35A5DFB8F5E9C700

Function 00007FF652006C90 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 830COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF6520071E5

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2705777111
Opcode ID: 19a88e1a9b5ab548e5e32b03ce6634717bf750d432390f921d47a077f58b5809
Instruction ID: 4c166fd700ba13a11120ec364e77232c7201db341560729ceeb8110f8655f4a6
Opcode Fuzzy Hash: 19a88e1a9b5ab548e5e32b03ce6634717bf750d432390f921d47a077f58b5809
Instruction Fuzzy Hash: A6727923A29BE845D3128B3694422B9B7A1EF6E784F5DC323ED44E6661EF3CE545C700

Function 00007FF652001C20 Relevance: 12.1, APIs: 8, Instructions: 87clipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF651FE10A0: 00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE112E

OpenClipboard.USER32 ref: 00007FF652001C38
GetClipboardData.USER32 ref: 00007FF652001C55
CloseClipboard.USER32 ref: 00007FF652001C63

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: Clipboard$00007CloseDataF020Open
String ID:
API String ID: 2409120337-0
Opcode ID: 26d566c6706ed3b603c2ca6413b7fcc995dc930fd5e624c9433e805aea778b59
Instruction ID: 778335fb9c6b2575b64bbd480ab46a9fa8fe63378fc29e1b0f3440ece794a7aa
Opcode Fuzzy Hash: 26d566c6706ed3b603c2ca6413b7fcc995dc930fd5e624c9433e805aea778b59
Instruction Fuzzy Hash: D631E632B0AB8183E7549F25BC0456AB7E1FB88B94F580134DF8D97794DF3CE4559600

Function 00007FF65203C0F8 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF65203C114
RtlCaptureContext.KERNEL32 ref: 00007FF65203C141
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF65203C15B
RtlVirtualUnwind.KERNEL32 ref: 00007FF65203C19C
IsDebuggerPresent.KERNEL32 ref: 00007FF65203C1F0
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF65203C20D
UnhandledExceptionFilter.KERNEL32 ref: 00007FF65203C218

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 8964dd5a87bbd0479f9b080791705f60ec265abbfbc2f45a2eb81db15352648c
Instruction ID: 6ac8f9d192ee917d6b6ef00a1f08500a961ab7d0053e13d46e28fe19f1e5f9c2
Opcode Fuzzy Hash: 8964dd5a87bbd0479f9b080791705f60ec265abbfbc2f45a2eb81db15352648c
Instruction Fuzzy Hash: C8317E7260AB818AEB609F60EC407ED7360FB94758F48443ADA4E97B98DF78D14DC700

Function 00007FF651FFE1C0 Relevance: 10.5, Strings: 8, Instructions: 475COMMON

Download Yara Rule

Strings

<NULL>, xrefs: 00007FF651FFE522
g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None, xrefs: 00007FF651FFE264
g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded, xrefs: 00007FF651FFE28D
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FFE25D, 00007FF651FFE286, 00007FF651FFE9DD
!scoring_rect.IsInverted(), xrefs: 00007FF651FFE9E4
[nav] NavMoveRequestForward %d, xrefs: 00007FF651FFE2A9
[nav] NavInitRequest: from move, window "%s", layer=%d, xrefs: 00007FF651FFE530
[nav] NavMoveRequest: clamp NavRectRel for gamepad move, xrefs: 00007FF651FFE6AF

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: !scoring_rect.IsInverted()$<NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: from move, window "%s", layer=%d$[nav] NavMoveRequest: clamp NavRectRel for gamepad move$[nav] NavMoveRequestForward %d$g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None$g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded
API String ID: 0-1751011103
Opcode ID: ad27c87af09b4b14593f7e486a964ee187bae4ca7698edc377c855b789bca920
Instruction ID: a4d406505dab33fea4a03b9fb288fd3c36d8af2373578decbfec0d8449085e18
Opcode Fuzzy Hash: ad27c87af09b4b14593f7e486a964ee187bae4ca7698edc377c855b789bca920
Instruction Fuzzy Hash: F732E732D186CA46E3629B3680412F97390EF69758F1D9332DE68771EADFA8B1D1C700

Function 00007FF6520096B0 Relevance: 10.4, Strings: 8, Instructions: 438COMMON

Download Yara Rule

Strings

e->sy <= y_bottom && e->ey >= y_top, xrefs: 00007FF65200980F
dx >= 0, xrefs: 00007FF65200999A
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF652009742, 00007FF652009808, 00007FF6520098C7, 00007FF652009970, 00007FF652009993, 00007FF652009B43, 00007FF652009B6F
e->ey >= y_top, xrefs: 00007FF652009749
fabsf(area) <= 1.01f, xrefs: 00007FF652009B4A
x >= 0 && x < len, xrefs: 00007FF6520098CE
dy >= 0, xrefs: 00007FF652009977
sy1 > y_final-0.01f, xrefs: 00007FF652009B76

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$dx >= 0$dy >= 0$e->ey >= y_top$e->sy <= y_bottom && e->ey >= y_top$fabsf(area) <= 1.01f$sy1 > y_final-0.01f$x >= 0 && x < len
API String ID: 0-3568222241
Opcode ID: 790997296c3ace0f49b917fc0f4bb1bfed2a2440f2ab62fef7e3b804057f5052
Instruction ID: 9fa1c18b767ee7283164cc90bed9b9f8cb58f3a19bdf5e1c7bacae232e647729
Opcode Fuzzy Hash: 790997296c3ace0f49b917fc0f4bb1bfed2a2440f2ab62fef7e3b804057f5052
Instruction Fuzzy Hash: DD12FC22D19F8D81F6129B3358820B5B250AFBF7C8F5DD732F948B25B2DF6871999600

Function 00007FF65201CDD0 Relevance: 9.0, Strings: 7, Instructions: 237COMMON

Download Yara Rule

Strings

*Missing Text*, xrefs: 00007FF65201CE76
p >= Data && p < DataEnd, xrefs: 00007FF65201CE53, 00007FF65201CEE5, 00007FF65201CF83, 00007FF65201D090
Calling PopItemFlag() too many times!, xrefs: 00007FF65201D11D
<Unknown>, xrefs: 00007FF65201D0B9
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF65201D133
(0) && "Calling PopItemFlag() too many times!", xrefs: 00007FF65201D13A
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF65201CE4C, 00007FF65201CEDE, 00007FF65201CF7C, 00007FF65201D089

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopItemFlag() too many times!"$*Missing Text*$<Unknown>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Calling PopItemFlag() too many times!$p >= Data && p < DataEnd
API String ID: 0-3275063505
Opcode ID: 3f237b405e67921bd9baae32f9dd3e624540f6d79c49b90a67d27e0e418c0d1c
Instruction ID: 92c1c20e66c2503a744edf12f36509bd3c401bea9b7382bb00ba295a2f0fd4b6
Opcode Fuzzy Hash: 3f237b405e67921bd9baae32f9dd3e624540f6d79c49b90a67d27e0e418c0d1c
Instruction Fuzzy Hash: 98B1F473A0E68292EB148B14DD446B927A1FB45B9CF0C4135DE4CA3695DFBDE89EC301

Function 00007FF651FFD620 Relevance: 8.1, Strings: 6, Instructions: 635COMMON

Download Yara Rule

Strings

g.NavWindow != 0, xrefs: 00007FF651FFDF11
g.NavActivateDownId == g.NavActivateId, xrefs: 00007FF651FFDD3B
g.NavMoveDir == ImGuiDir_None, xrefs: 00007FF651FFDDE0
[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s", xrefs: 00007FF651FFD837
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FFD945, 00007FF651FFDD34, 00007FF651FFDDD9, 00007FF651FFDF0A
g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu, xrefs: 00007FF651FFD94C

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s"$g.NavActivateDownId == g.NavActivateId$g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu$g.NavMoveDir == ImGuiDir_None$g.NavWindow != 0
API String ID: 0-2167808928
Opcode ID: 427d0da141f637192a49a342c54ed31517ac9e5b0644ee7899aab770a3be49cc
Instruction ID: f2d6e692edf9629940ddada9a2ef848a5834e48ce3b3c125f041723b69ee71e0
Opcode Fuzzy Hash: 427d0da141f637192a49a342c54ed31517ac9e5b0644ee7899aab770a3be49cc
Instruction Fuzzy Hash: AA72A936E086C689E7658F25C0443F92BE1EF45B48F1C4235DA6CA72E9DFF8A885C701

Function 00007FF65201F9E0 Relevance: 8.0, Strings: 6, Instructions: 493COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF652020028
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF65201FB94
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF65201FD06, 00007FF652020058, 00007FF652020100
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF65201FCFF, 00007FF652020051, 00007FF6520200F9
button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown)))), xrefs: 00007FF65202002F
id != 0, xrefs: 00007FF65201FB9B

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown))))$button >= 0 && button < ImGuiMouseButton_COUNT$id != 0
API String ID: 1541411109-2768765550
Opcode ID: 3900b037c2da2cdda5bc8362f99d76c0409d858221d9f0606cb69f2f5720e628
Instruction ID: 2eac30570d334de077b89cbcab7280b3b08c04031eb0c87780ed012f0cea782e
Opcode Fuzzy Hash: 3900b037c2da2cdda5bc8362f99d76c0409d858221d9f0606cb69f2f5720e628
Instruction Fuzzy Hash: 8F220132E0D38646FB689A259C443BA6692BF5534CF0C4235DE5DA72E6CFBDB498C700

Function 00007FF651FEDFB0 Relevance: 7.2, Strings: 5, Instructions: 977COMMON

Download Yara Rule

Strings

idx == 0 || idx == 1, xrefs: 00007FF651FEE714, 00007FF651FEE782, 00007FF651FEE90A, 00007FF651FEE94B, 00007FF651FEE98D, 00007FF651FEE9C7, 00007FF651FEEA2E, 00007FF651FEEA63, 00007FF651FEEA8E, 00007FF651FEEAC0
#RESIZE, xrefs: 00007FF651FEE142
6, xrefs: 00007FF651FEE607
5, xrefs: 00007FF651FEE62E
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FEE70D, 00007FF651FEE77B, 00007FF651FEE903, 00007FF651FEE944, 00007FF651FEE986, 00007FF651FEE9C0, 00007FF651FEEA27, 00007FF651FEEA5C, 00007FF651FEEA87, 00007FF651FEEAB9

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: #RESIZE$5$6$C:\Users\55yar\Desktop\imgui-master\imgui.h$idx == 0 || idx == 1
API String ID: 0-650503096
Opcode ID: 116432343c9dd05c69f452d8b133a1a96b05ce90b026dd6bd93dd86571db12b9
Instruction ID: 870656314a2f34b7d92b224c181b76148e27ab66d642d548810ea9452cec6d05
Opcode Fuzzy Hash: 116432343c9dd05c69f452d8b133a1a96b05ce90b026dd6bd93dd86571db12b9
Instruction Fuzzy Hash: 7AB2FB32D1868A85E392CB36A4452B977A0EF59348F1C8731DA4CB75AADF38F585CB00

Function 00007FF65201D530 Relevance: 6.4, Strings: 5, Instructions: 140COMMON

Download Yara Rule

Strings

p >= begin() && p < end(), xrefs: 00007FF65201D5B6
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF65201D5E7, 00007FF65201D610
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF65201D5AF
settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount, xrefs: 00007FF65201D617
settings->ID == table->ID, xrefs: 00007FF65201D5EE

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$p >= begin() && p < end()$settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount$settings->ID == table->ID
API String ID: 0-2168725360
Opcode ID: 81fdfe0895e2e1dec32a2632009a5933e542f692bb517f10a4627c86eb4c6a01
Instruction ID: ee18d61bde7a5888cc019c745b7b7a39afb1166d3bb4baf83280f63df11ae97f
Opcode Fuzzy Hash: 81fdfe0895e2e1dec32a2632009a5933e542f692bb517f10a4627c86eb4c6a01
Instruction Fuzzy Hash: 7261A133A19A8186EB51CF25E8842A977A0FB5174CF18C436DB8D97291DF7CE58ACB01

Function 00007FF65203C388 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF65203C3B4
GetCurrentThreadId.KERNEL32 ref: 00007FF65203C3C2
GetCurrentProcessId.KERNEL32 ref: 00007FF65203C3CE
QueryPerformanceCounter.KERNEL32 ref: 00007FF65203C3DE

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 68b080e5c74ecdc989d9497fb427bfec2812cf223949a70a0905cf8ba2b6c893
Instruction ID: c2290ec1f0126bfdefb3445c43aade35696345a3cef2313ae91ce37750114197
Opcode Fuzzy Hash: 68b080e5c74ecdc989d9497fb427bfec2812cf223949a70a0905cf8ba2b6c893
Instruction Fuzzy Hash: 48112122B15F018AEB00CF60EC547B933A4FB59B58F481D31DA5D96754DF7CD1598380

Function 00007FF651FFFA00 Relevance: 5.6, Strings: 4, Instructions: 628COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FFFEAC, 00007FF6520000D0, 00007FF65200012C
shared_mods != 0, xrefs: 00007FF651FFFEB3
##NavUpdateWindowing, xrefs: 00007FF651FFFAE6
GImGui != 0, xrefs: 00007FF6520000D7, 00007FF652000133

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: ##NavUpdateWindowing$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0$shared_mods != 0
API String ID: 0-1670481530
Opcode ID: d6e076c0ac488d410e9a78e98a7fd59ac4bda507aceceb91430f4d5e6cb44405
Instruction ID: 6a15f403c692c1b0122f0739f61673ed2d4afb79b2f795c770be4100bd435cbf
Opcode Fuzzy Hash: d6e076c0ac488d410e9a78e98a7fd59ac4bda507aceceb91430f4d5e6cb44405
Instruction Fuzzy Hash: 3462C232A0968696F7698B3184443BA63D1FF55748F4C8235CA6DB32D6DFBCB4A8C701

Function 00007FF651FEFBB0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON

Download Yara Rule

Strings

Size > 0, xrefs: 00007FF651FEFD39, 00007FF651FEFF66
#CLOSE, xrefs: 00007FF651FEFFDA
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FEFD32, 00007FF651FEFF5F
#COLLAPSE, xrefs: 00007FF651FEFDAE

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: #CLOSE$#COLLAPSE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-766050946
Opcode ID: 9ccbf3832dd879df979d0510c95930e81aaf760122ae5999722055eed8b2c8c9
Instruction ID: 034bb6f64c6f5f49d9ae7223cfde1ff7c1210426ab5e9b81638327c5cebe5f62
Opcode Fuzzy Hash: 9ccbf3832dd879df979d0510c95930e81aaf760122ae5999722055eed8b2c8c9
Instruction Fuzzy Hash: 1E121A32E08B8985E311CB3694416F977A0EF6A348F189732EE5CB32A5DF69E585C740

Function 00007FF652020DE0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON

Download Yara Rule

Strings

idx == 0 || idx == 1, xrefs: 00007FF652021121, 00007FF652021159
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF652020FF9
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF65202111A, 00007FF652021152
ImMax(size_contents_v, size_visible_v) > 0.0f, xrefs: 00007FF652021000

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImMax(size_contents_v, size_visible_v) > 0.0f$idx == 0 || idx == 1
API String ID: 0-3128625980
Opcode ID: 9aa9ca5f5fb1dfc7c2ff6d298503054f82a894e230bacc3a804948fe63dc92af
Instruction ID: 8a65b5529242c415a84002764b7bfe6fc06f187c6e5b0128738542951c107c2c
Opcode Fuzzy Hash: 9aa9ca5f5fb1dfc7c2ff6d298503054f82a894e230bacc3a804948fe63dc92af
Instruction Fuzzy Hash: EE120862D197DD85E213C63798412B9E351AF6E388F1CC733FD58729A6DF68B0D98600

Function 00007FF652022A00 Relevance: 5.3, Strings: 4, Instructions: 302COMMON

Download Yara Rule

Strings

#ComboPopup, xrefs: 00007FF652022C31
i >= 0 && i < Size, xrefs: 00007FF652022CAA
##v, xrefs: 00007FF652022A6E, 00007FF652022ECF
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652022CA3

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: ##v$#ComboPopup$C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 0-2429816084
Opcode ID: 7f38be3dd6622036638159a4989da26a2b1f188278f5f2b1d16b63fbcbe0086e
Instruction ID: b7452937f4909519f86db5e7e6b11125db1f8910f9510b602b88ba236d4edbe2
Opcode Fuzzy Hash: 7f38be3dd6622036638159a4989da26a2b1f188278f5f2b1d16b63fbcbe0086e
Instruction Fuzzy Hash: A6E11533E09B898AE321CB76C8402E97360FF6934CF189722EE48775A5DF78A059D740

Function 00007FF65202C310 Relevance: 4.1, Strings: 3, Instructions: 301COMMON

Download Yara Rule

Strings

Calling PopItemFlag() too many times!, xrefs: 00007FF65202C8AE
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF65202C8C4
(0) && "Calling PopItemFlag() too many times!", xrefs: 00007FF65202C8CB

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopItemFlag() too many times!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Calling PopItemFlag() too many times!
API String ID: 0-102052167
Opcode ID: 5c341cd6e1511ed2b285bccf83dd54460226a3d6e45a8981b339dc82e5f08e18
Instruction ID: 51d1df7ec22f1a54d8b415d925fac0947820a8e85076e5c165a8b5b61215c19a
Opcode Fuzzy Hash: 5c341cd6e1511ed2b285bccf83dd54460226a3d6e45a8981b339dc82e5f08e18
Instruction Fuzzy Hash: BBE1F8729186C985E3268B35D8413F9B3A0FF59758F0C8332EA88B71A5DF79A1D9C740

Function 00007FF65200B1E0 Relevance: 3.3, APIs: 2, Instructions: 255COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65200B53F
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65200B5C0

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID:
API String ID: 2739980228-0
Opcode ID: a2a33c03c673fc3db5b0a7af2bb4ad5d87ef3dece1cacefedc8f0cb3854d976e
Instruction ID: c34210efd2d686af556f2574a493c324131b862c08a6dbdf395210457abf3a31
Opcode Fuzzy Hash: a2a33c03c673fc3db5b0a7af2bb4ad5d87ef3dece1cacefedc8f0cb3854d976e
Instruction Fuzzy Hash: C1B12933A18AD586E721DF3594442BEB7A4FF59B48F088322EB8562654EF78E486C700

Function 00007FF65203105B Relevance: 3.0, APIs: 2, Instructions: 26COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 00007FF65203105D
GetLocaleInfoA.KERNEL32 ref: 00007FF652031079

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: InfoKeyboardLayoutLocale
String ID:
API String ID: 1218629382-0
Opcode ID: 9e33f65f36021c76e3ce5085f13d9bf961fb33b85001965e3fe80dccfd441406
Instruction ID: 1912a7d9314e2acff168cca7fb1bfcfc36f9f027808d232b0c151e4e7d4fd82d
Opcode Fuzzy Hash: 9e33f65f36021c76e3ce5085f13d9bf961fb33b85001965e3fe80dccfd441406
Instruction Fuzzy Hash: 0BF0E526715A8186E7628B66A800AAEB394FB5CB58F184037CF8DA3310DE7DD48BC740

Function 00007FF651FFC250 Relevance: 2.8, Strings: 2, Instructions: 281COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FFC2DD
(window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened, xrefs: 00007FF651FFC2E4

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened$C:\Users\55yar\Desktop\imgui-master\imgui.cpp
API String ID: 0-3836044477
Opcode ID: fd5fe447b9d7518a35cc5895bd672c193580b2feb93a140ec6dd6fc64d8195f5
Instruction ID: 3f85a5327f4232055055dac7c339def23fc8e933f629a3d3144bfb0a7bdaaa75
Opcode Fuzzy Hash: fd5fe447b9d7518a35cc5895bd672c193580b2feb93a140ec6dd6fc64d8195f5
Instruction Fuzzy Hash: D0D1E963D2C6AD81E322963740424B863D09F7E389F1D9F32ED6CB35A5DF98B5858740

Function 00007FF652007EF0 Relevance: 2.7, Strings: 2, Instructions: 225COMMON

Download Yara Rule

Strings

!(o > b->size || o < 0), xrefs: 00007FF652008FB4
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF652008FAD

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: !(o > b->size || o < 0)$C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2013812653
Opcode ID: 338cbcf2d73f435f5922b98e8238c06777b811b88471036ee86486d399c18bc5
Instruction ID: f5491227508b8a849dfe76b5025329294cedd01a4787c5d0d2a711b9d5b4d8d0
Opcode Fuzzy Hash: 338cbcf2d73f435f5922b98e8238c06777b811b88471036ee86486d399c18bc5
Instruction Fuzzy Hash: CAB1B032A08AD88AF701CF7A94411BDB7B0FB99389F145325EF8972675DF78A585CB00

Function 00007FF65200BFC0 Relevance: 2.7, Strings: 2, Instructions: 203COMMON

Download Yara Rule

Strings

pixels[i*stride_in_bytes] == 0, xrefs: 00007FF65200C1F5
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF65200C1EE

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i*stride_in_bytes] == 0
API String ID: 0-15633718
Opcode ID: 31de7da7b85a2ca0f7b465d4c6b43859fb456ff60d2410b47046c024e5081591
Instruction ID: 0f8e9a654ac78f5313ae9ba2de77d3d2b252c996092bd2c9111b81303e77088e
Opcode Fuzzy Hash: 31de7da7b85a2ca0f7b465d4c6b43859fb456ff60d2410b47046c024e5081591
Instruction Fuzzy Hash: EA71187360D2E247E3264B2CAC4136EAED1B79A358F5C4235EAC9D3B45CD7CE515CA40

Function 00007FF65200BD10 Relevance: 2.7, Strings: 2, Instructions: 196COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF65200BF4D
pixels[i] == 0, xrefs: 00007FF65200BF54

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i] == 0
API String ID: 0-2060079458
Opcode ID: 00354369be909df9498fe21faccccd311e8301600fa052487b4864d57ac2e6d2
Instruction ID: 0a6a64e83b7abc164428ec1f094f654a0ddbe9abe39047fca294e0801d8aac83
Opcode Fuzzy Hash: 00354369be909df9498fe21faccccd311e8301600fa052487b4864d57ac2e6d2
Instruction Fuzzy Hash: 3871D26362D6E286D7218F79980067EBFE5E795348F4C4236EA8893B45CE7DE118CB00

Function 00007FF6520159E0 Relevance: 2.6, Strings: 2, Instructions: 124COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF652015A28
text_end != 0, xrefs: 00007FF652015A2F

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$text_end != 0
API String ID: 0-48455972
Opcode ID: 337525c904e070bd42df79c0a6487294a94bd2ebcfc3121796ca707f84feba5e
Instruction ID: 03c8b011e01b25c42bbc24430d386aed4eb6a612aecaca8a15c8eb7589189dd6
Opcode Fuzzy Hash: 337525c904e070bd42df79c0a6487294a94bd2ebcfc3121796ca707f84feba5e
Instruction Fuzzy Hash: 3841E921B4E65A46E96189239CC0179AA61AF6978CF9CC732DD0C7B6D4DFBCE4C98600

Function 00007FF651FF46F0 Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

Size > 0, xrefs: 00007FF651FF4716
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FF470F

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-1180621679
Opcode ID: 6ed20166e65553b91257ace29f513335ab454b8572dbed2f61cfc2601968656f
Instruction ID: 264d2c3895ebfcb24cfeb4049bdb327dd8e5c5a93ce5497d7caac6a040398f3e
Opcode Fuzzy Hash: 6ed20166e65553b91257ace29f513335ab454b8572dbed2f61cfc2601968656f
Instruction Fuzzy Hash: 46318E72B141E58FEB98CB62A854F7D7B60E3D5782B896121EFC067A48C73CD511CB50

Function 00007FF651FF4620 Relevance: 2.6, Strings: 2, Instructions: 52COMMON

Download Yara Rule

Strings

Size > 0, xrefs: 00007FF651FF464F
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FF4648

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-1180621679
Opcode ID: 440f36ff81ebcb3adc85cc04d88a8c0a58b369e470e635c1928618b8866c0834
Instruction ID: 19075b2ab0f1e291aa1a97fafd24f054b045b7f15cde5a17298550c2f100513b
Opcode Fuzzy Hash: 440f36ff81ebcb3adc85cc04d88a8c0a58b369e470e635c1928618b8866c0834
Instruction Fuzzy Hash: 541159B160869186EB08CB21E8E007973A0F394786F45103BEBDA47648DE3CD185C750

Function 000002C33ACDBA30 Relevance: 1.7, Strings: 1, Instructions: 479COMMON

Download Yara Rule

Strings

P, xrefs: 000002C33ACDBE43

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction ID: 5f1c3e9186a8e9691e5333081fb3756cb76a4d43ce9e6cfbb900152b332c1f28
Opcode Fuzzy Hash: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction Fuzzy Hash: 1012D0302587898FD348DF28C490A6AB7E2FBCD308F504A6DF48AD7765D634EA41CB42

Function 000002C33ADB2720 Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

@, xrefs: 000002C33ADB2AA8

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: af22b2a64cd9b34464c746f31960b8c553625a99857650b96e506a8a1dbf1dca
Instruction ID: 8d39a64b74d77ae21423f447306f5b9bd0b98a53fb0a265c529c47dcb502e0d2
Opcode Fuzzy Hash: af22b2a64cd9b34464c746f31960b8c553625a99857650b96e506a8a1dbf1dca
Instruction Fuzzy Hash: D7E10F7421CB888FE7A8DF18C458B6AB7E1FB99305F10891DE08EC3260DB75D985CB46

Function 00007FF6520054F0 Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF652005726

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2705777111
Opcode ID: 64546066472ca3b8349dd8d249968d4cd0d82be6d00cd49db611cd94df8f4d3b
Instruction ID: 7924848363486da09d770220c8ab4941626c49f9cacf8b6673f8dce2cf4dd00b
Opcode Fuzzy Hash: 64546066472ca3b8349dd8d249968d4cd0d82be6d00cd49db611cd94df8f4d3b
Instruction Fuzzy Hash: C6513AA6B254B183EB248F2AC8D15BC3BD1F74A746FD88476D65CC2E91C93DC14A9F10

Function 00007FF65200DB50 Relevance: .9, Instructions: 868COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d529cf8631021c5dd542a830c84e469b7f6db80fccbf318bd5255d4788bf88
Instruction ID: 2f482ad9b1fd292d995525a962cc0b6d0573ba70eb3d393c221b6b1fb605de89
Opcode Fuzzy Hash: 19d529cf8631021c5dd542a830c84e469b7f6db80fccbf318bd5255d4788bf88
Instruction Fuzzy Hash: A3926B33925B8886D716CF37948106DBB60FFADB88B19D716EE0863761EB35E494DB00

Function 00007FF651FE5D90 Relevance: .6, Instructions: 579COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007
String ID:
API String ID: 3568877910-0
Opcode ID: 0272e996983db26e572b41d2953600904384c8fc52a617507253f3357cb87ccd
Instruction ID: 9c739e366e1138d33c6c8b9d07ce72f331b45f103475fc254695a117189144dc
Opcode Fuzzy Hash: 0272e996983db26e572b41d2953600904384c8fc52a617507253f3357cb87ccd
Instruction Fuzzy Hash: F2829F73815BC187D328CF30B9981DAB7A8FB55344F105219DBF623A61DB78E1A6E708

Function 00007FF65202A370 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c56d570ab54005e0ebe5a6e5812436a4f6b652bcd2b91132ad8201dc9bb1d3d0
Instruction ID: 315f8a48f5b5c879785e9b118704061efbc545ee3383e09bc6301545d4334c32
Opcode Fuzzy Hash: c56d570ab54005e0ebe5a6e5812436a4f6b652bcd2b91132ad8201dc9bb1d3d0
Instruction Fuzzy Hash: 6D22C373E096958AE711CA36D8403BEB7B0EF5934CF184736EE48B6595DFB8A458CB00

Function 00007FF65200C270 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c56881822656bce64306f4bdbbfd4d3a54c53e1fbf9d1ba752f976963bfc6c0c
Instruction ID: 3ffdbff9ba9254cb097bdad1c103ebee23de5074470ad8d741dc083893148f4d
Opcode Fuzzy Hash: c56881822656bce64306f4bdbbfd4d3a54c53e1fbf9d1ba752f976963bfc6c0c
Instruction Fuzzy Hash: 2C02E633A186C486E325CF36944167DB7E0FF5D798F188326EB89A3655EB38E591CB00

Function 00007FF652016BC0 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cdcacff072863030bac574a795dcf5713a463dc51147c05da48169f858605a4
Instruction ID: e2a0ba2f564178d6d7947b9f565f7d4563496066846af6f94acec6320b569028
Opcode Fuzzy Hash: 5cdcacff072863030bac574a795dcf5713a463dc51147c05da48169f858605a4
Instruction Fuzzy Hash: 5602FD33E19B8986E2119B379C421B9B360FFAE38CF185721FE44725B1DF69F1959600

Function 00007FF65202BA80 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36815946f53eb744c7e6b2d6d659516926bc1e14d115f35c3d92e5c89833b246
Instruction ID: 7ce23f588a88d7ed3dbf3ea172e03cf8f354aaf19d1e433d2c96a0d420ba8a3b
Opcode Fuzzy Hash: 36815946f53eb744c7e6b2d6d659516926bc1e14d115f35c3d92e5c89833b246
Instruction Fuzzy Hash: 73F1D37290A6828AEB71EA25DC403BD77A0EB4474CF1C4136DE89A76D5DFBDE449C700

Function 00007FF651FE9730 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f2afc71bcb6e60fe6b48f1fd428c52dd563754f62c92c5580ba7913ac805761
Instruction ID: 012f7190429cfbba7b846fc07d36cca8efd2a7d94cbe68a07a0cd29c0fc3fe45
Opcode Fuzzy Hash: 2f2afc71bcb6e60fe6b48f1fd428c52dd563754f62c92c5580ba7913ac805761
Instruction Fuzzy Hash: A7D16C6290D6C396EFE68E3540002BD27D1BF12B48F5C4335ED89AB59ACF2DEB459231

Function 00007FF65202E5B0 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 921d0129446da77aaddaa4aa987365c8784144cb00f78a1ee875d2a03e3975c2
Instruction ID: e54fd8894988dd67248fddf40a688080aa7c01eb062b669a2b6ad65f8664c70a
Opcode Fuzzy Hash: 921d0129446da77aaddaa4aa987365c8784144cb00f78a1ee875d2a03e3975c2
Instruction Fuzzy Hash: 41C12B36750B8982E7148F3BD454BAD2761EB9EF98F09D231CE0A17B64DF3AD1458700

Function 00007FF65200AD40 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 562b7d3f91c9f74b619fe1397834ae2ab76450cf0a24359a5ff58522b0b22631
Instruction ID: 5f65d2d95faa777c738e9e95c0aa3e7aaa731f01363ceee8bdc9eadb6d249729
Opcode Fuzzy Hash: 562b7d3f91c9f74b619fe1397834ae2ab76450cf0a24359a5ff58522b0b22631
Instruction Fuzzy Hash: 9BB1A622E28BCC81E223963754825FAE250AF7F3C5F2DDB23FD84756B29F6461D55500

Function 00007FF651FF5A30 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a80b03f7bc89fefc7a1c72021f62cde799e707efb33d253c2770a742c07cca4
Instruction ID: a7bdaea942706108a9e7b3565a6cff3fcdbb60ed4d64b47766a4bfc059f1e44d
Opcode Fuzzy Hash: 4a80b03f7bc89fefc7a1c72021f62cde799e707efb33d253c2770a742c07cca4
Instruction Fuzzy Hash: 1AD1F633E0A7C199E3518F3584807F83BD4FB66B08F0D827ADB986765ACF689450DB61

Function 00007FF651FFF250 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64ea5ef9b4145974ce1aca6257ee471b40ef25de3a4544f3e9e6309c1d7e7050
Instruction ID: 9a5ed40e8a14cabe3c5d001a30875d33127ae4e9c808c2ceae89307b4aff5882
Opcode Fuzzy Hash: 64ea5ef9b4145974ce1aca6257ee471b40ef25de3a4544f3e9e6309c1d7e7050
Instruction Fuzzy Hash: 0B91BF339186C596E3568F3690443EA77E0FF44758F1C8336DA69A72E9DFB8A584CB00

Function 000002C33AD13841 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction ID: 8f60a195d6f7ff8a9d00f3ef039faeb7920a6cf85c5f7e98934ea5b2fa68ee25
Opcode Fuzzy Hash: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction Fuzzy Hash: 48410DDFC0DAC51BC7428664ACAA6827F709A2324EBCF58DBD498CA587F048D409D712

Function 00007FF65203D028 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b1cbfc256745a41373ab982e6b066a4e4986348924d812dd01365a69b9172fb
Instruction ID: 0b8c262bd31554d784fc85a2a79a1c657d3875aa40628a584bc82343b995d675
Opcode Fuzzy Hash: 3b1cbfc256745a41373ab982e6b066a4e4986348924d812dd01365a69b9172fb
Instruction Fuzzy Hash:

Function 00007FF65203D248 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b779b2a95b4f300d0ae6a9b3ef9dedb5f3a86a9cee5a172e0f78046b74256c
Instruction ID: 66e4aaf4312735dc546ff477af0efbe1747efa09a2892316617352e5cecb37ff
Opcode Fuzzy Hash: f7b779b2a95b4f300d0ae6a9b3ef9dedb5f3a86a9cee5a172e0f78046b74256c
Instruction Fuzzy Hash:

Function 000002C33ACC4850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON

Download Yara Rule

APIs

Part of subcall function 000002C33ACC5360: _WChar_traits.LIBCPMTD ref: 000002C33ACC538D

Part of subcall function 000002C33ACC4AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC4AD0
Part of subcall function 000002C33ACC4AA0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33ACC4B2F
Part of subcall function 000002C33ACC4AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC4B41

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33ACC48B8

Strings

a, xrefs: 000002C33ACC4928
g, xrefs: 000002C33ACC48FB
, xrefs: 000002C33ACC491E
, xrefs: 000002C33ACC490A
a, xrefs: 000002C33ACC48F6
a, xrefs: 000002C33ACC4932
K, xrefs: 000002C33ACC490F
i, xrefs: 000002C33ACC4900
M, xrefs: 000002C33ACC48F1
l, xrefs: 000002C33ACC4941
D, xrefs: 000002C33ACC4923
b, xrefs: 000002C33ACC494B
, xrefs: 000002C33ACC4937
y, xrefs: 000002C33ACC4919
c, xrefs: 000002C33ACC4905
t, xrefs: 000002C33ACC492D
B, xrefs: 000002C33ACC493C
o, xrefs: 000002C33ACC4946
KDBM, xrefs: 000002C33ACC49A9
e, xrefs: 000002C33ACC4914

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork$Char_traits
String ID: $ $ $B$D$K$KDBM$M$a$a$a$b$c$e$g$i$l$o$t$y
API String ID: 1777712374-1292890139
Opcode ID: c02a726d3c2bd88a4534588b83aa4fca235328903684469cf21292f4d99c4a12
Instruction ID: d9a0fc87192b81c1058513830f1fa3c18287c8e7f8de41083ba33988f843711f
Opcode Fuzzy Hash: c02a726d3c2bd88a4534588b83aa4fca235328903684469cf21292f4d99c4a12
Instruction Fuzzy Hash: FC61D77050CB848FE760EB68C448B9ABBE1FBA9704F04495DE0C9C7261DBB99488CB53

Function 00007FF651FF7C60 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 76COMMON

Download Yara Rule

APIs

00007FFBC92F5630.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF651FF7C8F
00007FFBC92F5630.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF651FF7CA4

Strings

strcmp(version, "1.91.6 WIP") == 0 && "Mismatched version string!", xrefs: 00007FF651FF7CBA
sz_idx == sizeof(ImDrawIdx) && "Mismatched struct layout!", xrefs: 00007FF651FF7D90
sz_io == sizeof(ImGuiIO) && "Mismatched struct layout!", xrefs: 00007FF651FF7CDD
sz_vert == sizeof(ImDrawVert) && "Mismatched struct layout!", xrefs: 00007FF651FF7D6C
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FF7CB3, 00007FF651FF7CD6, 00007FF651FF7CFB, 00007FF651FF7D1D, 00007FF651FF7D41, 00007FF651FF7D65, 00007FF651FF7D89
sz_vec2 == sizeof(ImVec2) && "Mismatched struct layout!", xrefs: 00007FF651FF7D24
sz_style == sizeof(ImGuiStyle) && "Mismatched struct layout!", xrefs: 00007FF651FF7D02
sz_vec4 == sizeof(ImVec4) && "Mismatched struct layout!", xrefs: 00007FF651FF7D48
1.91.6 WIP, xrefs: 00007FF651FF7C80, 00007FF651FF7C98

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F5630
String ID: 1.91.6 WIP$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$strcmp(version, "1.91.6 WIP") == 0 && "Mismatched version string!"$sz_idx == sizeof(ImDrawIdx) && "Mismatched struct layout!"$sz_io == sizeof(ImGuiIO) && "Mismatched struct layout!"$sz_style == sizeof(ImGuiStyle) && "Mismatched struct layout!"$sz_vec2 == sizeof(ImVec2) && "Mismatched struct layout!"$sz_vec4 == sizeof(ImVec4) && "Mismatched struct layout!"$sz_vert == sizeof(ImDrawVert) && "Mismatched struct layout!"
API String ID: 1938522722-1295771896
Opcode ID: 81d2e9201c58c4257a11a08258dd765dc5fa7c07bb397093847fbf6462c9f984
Instruction ID: 2ed73370e715d600205872a5cb4423e2b80109ee1f9f3e6a990005f1931ae3ad
Opcode Fuzzy Hash: 81d2e9201c58c4257a11a08258dd765dc5fa7c07bb397093847fbf6462c9f984
Instruction Fuzzy Hash: 91318031B0AA0281F714AB01EC446B57361FB65B8CF8C4435D84DA3AA4DFEDE15EC780

Function 000002C33AD469A0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD46BDD
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD46C5A
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD46C73
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD46CB3
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD46D12
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD46D2B
_Min_value.LIBCPMTD ref: 000002C33AD46D62
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD46D7E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD46D97
_Max_value.LIBCPMTD ref: 000002C33AD46DCE
_Min_value.LIBCPMTD ref: 000002C33AD46DEB

Part of subcall function 000002C33AD4F140: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000002C33AD4F165

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
Instruction ID: cfc6ea34865f99da8a5338392fc648e444087e218c60997649b962db8ccf6a97
Opcode Fuzzy Hash: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
Instruction Fuzzy Hash: 6902CB7015CB888FE7B5EB58C498BDEB3E1FBA8301F40495E958EC3291DE749585CB82

Function 000002C33AD46FF0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD4722D
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD472AA
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD472C3
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD47303
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD47362
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD4737B
_Min_value.LIBCPMTD ref: 000002C33AD473B2
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD473CE
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD473E7
_Max_value.LIBCPMTD ref: 000002C33AD4741E
_Min_value.LIBCPMTD ref: 000002C33AD4743B

Part of subcall function 000002C33AD4F190: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000002C33AD4F1B5

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction ID: 58e9f6b75b8db293e9d76648804f805b34b5a0a092627240131a4af32848d918
Opcode Fuzzy Hash: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction Fuzzy Hash: 4602C97015CB888FE7B5EB58C498BDEB7E1FBA8300F40495E958EC3291DE749585CB82

Function 00007FF651FEC240 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 313COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FEC5B2

Strings

g.Initialized, xrefs: 00007FF651FEC261
draw_data->CmdLists.Size == draw_data->CmdListsCount, xrefs: 00007FF651FEC61C
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FEC25A, 00007FF651FEC332, 00007FF651FEC615
##Background, xrefs: 00007FF651FEC3E3
##Foreground, xrefs: 00007FF651FEC5E0
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF651FEC339
Size > 0, xrefs: 00007FF651FEC679
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FEC672

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: ##Background$##Foreground$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$Size > 0$draw_data->CmdLists.Size == draw_data->CmdListsCount$g.Initialized
API String ID: 1541411109-3285338674
Opcode ID: 3eddb23e6f65979a2f4295522fa07fb78cbb8d6acc2174c13f76836e2abaee22
Instruction ID: 9cb7601b87a44ff75364757fd2cea063cb3bf8f8194171d193d54ea0e64066f5
Opcode Fuzzy Hash: 3eddb23e6f65979a2f4295522fa07fb78cbb8d6acc2174c13f76836e2abaee22
Instruction Fuzzy Hash: 48E1CB32B09A8686EB90CF25C9446B937E5FB84B88F4C4635EA0DE7759DF38E945C300

Function 00007FF6520252B0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 211COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF6520253CB
00007FFBBBD91310.VCRUNTIME140 ref: 00007FF652025498

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_textedit.h, xrefs: 00007FF65202543A, 00007FF65202546E
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF652025501
idx <= obj->TextLen, xrefs: 00007FF652025508
((char*)(state->undo_rec + state->redo_point)) >= buf_begin, xrefs: 00007FF652025441
i >= 0 && i < Size, xrefs: 00007FF65202552C
((char*)(state->undo_rec + state->redo_point + 1) + move_size) <= buf_end, xrefs: 00007FF652025475
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652025525

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: ((char*)(state->undo_rec + state->redo_point + 1) + move_size) <= buf_end$((char*)(state->undo_rec + state->redo_point)) >= buf_begin$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$C:\Users\55yar\Desktop\imgui-master\imstb_textedit.h$i >= 0 && i < Size$idx <= obj->TextLen
API String ID: 1541411109-1648308927
Opcode ID: cba7749c605e8c7e24c6b8a343890df7f9a2b9aba5917ea33c91d25d186e9d41
Instruction ID: 29bc885444d47dc5985d1a8756a6731c3f2327e92884d8b4c9b21e61d07b5805
Opcode Fuzzy Hash: cba7749c605e8c7e24c6b8a343890df7f9a2b9aba5917ea33c91d25d186e9d41
Instruction Fuzzy Hash: B791FEB2B1679582EB08CF24D8443BC3B62FB95B88F088135CA4DA7645DF7CE54AC714

Function 00007FF6520119E0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 180COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140(00000000,?,00000000,?,00007FF652011E8F), ref: 00007FF652011C6E

Strings

Fonts.Size > 0 && "Cannot use MergeMode for the first font", xrefs: 00007FF652011BB2
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF652011A0C, 00007FF652011A32, 00007FF652011A59, 00007FF652011A7F, 00007FF652011BAB
font_cfg->SizePixels > 0.0f && "Is ImFontConfig struct correctly initialized?", xrefs: 00007FF652011A60
!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF652011A13
font_cfg->FontData != 0 && font_cfg->FontDataSize > 0, xrefs: 00007FF652011A39
Size > 0, xrefs: 00007FF652011BDE, 00007FF652011C16
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652011BD7, 00007FF652011C0F
font_cfg->OversampleH > 0 && font_cfg->OversampleV > 0 && "Is ImFontConfig struct correctly initialized?", xrefs: 00007FF652011A86

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$Fonts.Size > 0 && "Cannot use MergeMode for the first font"$Size > 0$font_cfg->FontData != 0 && font_cfg->FontDataSize > 0$font_cfg->OversampleH > 0 && font_cfg->OversampleV > 0 && "Is ImFontConfig struct correctly initialized?"$font_cfg->SizePixels > 0.0f && "Is ImFontConfig struct correctly initialized?"
API String ID: 1541411109-1408190167
Opcode ID: 948f9d0b89698d981a0300441c81e106b63c47d57a014fc4e40133443b453c44
Instruction ID: ee9b58349e8b0e4fe1c09f65156d7e0f37b5ed6ecc6ec17b0b89b6589670f330
Opcode Fuzzy Hash: 948f9d0b89698d981a0300441c81e106b63c47d57a014fc4e40133443b453c44
Instruction Fuzzy Hash: 6791C132609B8296EB54DF25EC8076873B4FB14B8CF484536CA4DA32A5DFB8D5ADC341

Function 000002C33AD32A10 Relevance: 15.2, APIs: 10, Instructions: 190COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000002C33AD32A62

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

std::make_error_code.LIBCPMTD ref: 000002C33AD32AB6
std::make_error_code.LIBCPMTD ref: 000002C33AD32AF1

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
Instruction ID: e97cd9e581f63ce5617c5dba642904c761e1838623199b71ccb89e87710faee7
Opcode Fuzzy Hash: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
Instruction Fuzzy Hash: BC6143306986954BF259EB99C469F2FB7E1FBD5340F508C98F089C71E2DA24DE01C792

Function 00007FF652010850 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 322COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF65200D0B7), ref: 00007FF652010A83
00007FFBBBD91310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF65200D0B7), ref: 00007FF652010C0C
00007FFBBBD91310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF65200D0B7), ref: 00007FF652010C2C

Strings

it >= Data && it < Data + Size, xrefs: 00007FF652010A45
i >= 0 && i < Size, xrefs: 00007FF652010968, 00007FF6520109D1, 00007FF652010BDE
Size > 0, xrefs: 00007FF6520108CE, 00007FF652010C7C
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6520108C7, 00007FF652010961, 00007FF6520109CA, 00007FF652010A3E, 00007FF652010BD7, 00007FF652010C75
, xrefs: 00007FF652010C34

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 1541411109-669993125
Opcode ID: 71389e765cdf82a4882dcaf081e1e13a47cd802ca95431e42650f4a32f630d61
Instruction ID: 24ba234f86d0930ee8736fbe499a9d346bfa334a5cb34d690a3fca74635313e8
Opcode Fuzzy Hash: 71389e765cdf82a4882dcaf081e1e13a47cd802ca95431e42650f4a32f630d61
Instruction Fuzzy Hash: 72E1CD72B09A8686EB14CF15DC4076A33A1FB94B8CF498135DE8ED7694DFB8E489C740

Function 00007FF651FF3320 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 206COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FF34DD
00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FF353A

Strings

<NULL>, xrefs: 00007FF651FF3456
window == 0 || window->RootWindow != 0, xrefs: 00007FF651FF3615
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FF360E
[focus] FocusWindow("%s", UnlessBelowModal): prevented by "%s"., xrefs: 00007FF651FF3461
i >= 0 && i < Size, xrefs: 00007FF651FF34FB, 00007FF651FF3558
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FF34F4, 00007FF651FF3551

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: <NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$[focus] FocusWindow("%s", UnlessBelowModal): prevented by "%s".$i >= 0 && i < Size$window == 0 || window->RootWindow != 0
API String ID: 1541411109-1613245857
Opcode ID: 0de476a2f64df0a755ba6e5737fd8eb24f836f4b030cf11e6ebc8070b5858ee1
Instruction ID: 9a5787960c14dd2bc59d6c7cd292fcec33ff191de4bddc640671f4f1348c0ae3
Opcode Fuzzy Hash: 0de476a2f64df0a755ba6e5737fd8eb24f836f4b030cf11e6ebc8070b5858ee1
Instruction Fuzzy Hash: 31A1AF72B0968286EB69CF25E544AB9A3E1FF40B84F4C0135DA6DA7799DFACF454C300

Function 00007FF65201DF40 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 114COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65201E006

Strings

p >= Data && p < DataEnd, xrefs: 00007FF65201E070
table->MemoryCompacted == false, xrefs: 00007FF65201DF6F
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF65201DF68
p >= Buf.Data && p < Buf.Data + Buf.Size, xrefs: 00007FF65201E0D1
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF65201E069, 00007FF65201E0CA
i >= 0 && i < Size, xrefs: 00007FF65201E11C
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF65201E115

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$i >= 0 && i < Size$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table->MemoryCompacted == false
API String ID: 2739980228-1783795845
Opcode ID: fc0a72d210a41ad6fc96d4dd79000ba97f4ed6267a4d297a9d124af00df6f25a
Instruction ID: f1b6b3457268e61ffccff2c3231441f1fd82b78ab968a10580250e49de016079
Opcode Fuzzy Hash: fc0a72d210a41ad6fc96d4dd79000ba97f4ed6267a4d297a9d124af00df6f25a
Instruction Fuzzy Hash: 6451C272A0AA8286DB14CF15EC542E877A0FB55B4CF480132CE4C977A4DFBDE19AC340

Function 000002C33AD0A850 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000002C33AD0A955
shared_ptr.LIBCMTD ref: 000002C33AD0A9C3

Strings

d, xrefs: 000002C33AD0A95C

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 69cead7afb0e039ecb5138173952be44cfc6b8be8a7abe79b5a91df074882742
Instruction ID: 60e2754373e60e53fbb70ece5289229a49512edffc67678d0a841c4a813cf692
Opcode Fuzzy Hash: 69cead7afb0e039ecb5138173952be44cfc6b8be8a7abe79b5a91df074882742
Instruction Fuzzy Hash: D29130305587888FE795EB68C058B9EBBE1FBD9300F544D9DF089C32A2DA349A45DB42

Function 000002C33AD0AB60 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000002C33AD0AC65
shared_ptr.LIBCMTD ref: 000002C33AD0ACD3

Strings

d, xrefs: 000002C33AD0AC6C

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 1a6a6722034d945976169db871c6d8bc4f2ed9e348582280147d843b730620fb
Instruction ID: 7a6e5732ecd04e6bb800ab8b9c4757ab79a9e370e7a6ea551f092bf70572adfb
Opcode Fuzzy Hash: 1a6a6722034d945976169db871c6d8bc4f2ed9e348582280147d843b730620fb
Instruction Fuzzy Hash: 4A9121305587888FE795EB68C058B9EB7E1FBD9300F544D9DF089C32A1DA349A45DB42

Function 000002C33AD0A540 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000002C33AD0A647
shared_ptr.LIBCMTD ref: 000002C33AD0A6B5

Strings

d, xrefs: 000002C33AD0A64E

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 2612a0b920fc091130e9c3c3613e0ec6eef3206baac283914f1a5a83fc148c58
Instruction ID: 7d5ff02190664c0c6f4584b3c4124cdf598266ab5879110ead33a8430605d0f4
Opcode Fuzzy Hash: 2612a0b920fc091130e9c3c3613e0ec6eef3206baac283914f1a5a83fc148c58
Instruction Fuzzy Hash: 7D9130301187C48FE395EB68C458BAEBBE1FBD9300F444D9DF089C72A2DA349A45DB42

Function 00007FF652014020 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 216COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6520050E0: 00007FFBC92E49A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF652005139

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6520143A0

Strings

pack_context != 0, xrefs: 00007FF652014054
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF65201404D, 00007FF65201406D, 00007FF6520142D4
user_rects.Size >= 1, xrefs: 00007FF652014074
pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height, xrefs: 00007FF6520142DB
i >= 0 && i < Size, xrefs: 00007FF652014107, 00007FF65201412F, 00007FF65201415D, 00007FF652014185, 00007FF6520141CD, 00007FF652014221, 00007FF65201424C, 00007FF652014287, 00007FF6520142B3
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652014100, 00007FF652014128, 00007FF652014156, 00007FF65201417E, 00007FF6520141C6, 00007FF65201421A, 00007FF652014245, 00007FF652014280, 00007FF6520142AC

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007$F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$i >= 0 && i < Size$pack_context != 0$pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height$user_rects.Size >= 1
API String ID: 4100318414-766226355
Opcode ID: f3745da6aa7887e7c659632f348144b4e38ccf6ef361ce7be0997c7e4011c5c9
Instruction ID: 3093d431653d28e59054fd3d0fc9cf457a4e809d9e5f03037561f2dcb4672750
Opcode Fuzzy Hash: f3745da6aa7887e7c659632f348144b4e38ccf6ef361ce7be0997c7e4011c5c9
Instruction Fuzzy Hash: F3A1AF32B0AA5296EB44DF15DC445B87360FB90B8CF488136CE4DA76A4DFBCE59AC740

Function 00007FF651FED070 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 172COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FED2E0

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FED109, 00007FF651FED1FE
it >= Data && it < Data + Size, xrefs: 00007FF651FED2AB
i >= 0 && i < Size, xrefs: 00007FF651FED1CF, 00007FF651FED246
!g.WindowsFocusOrder.contains(window), xrefs: 00007FF651FED110
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FED1C8, 00007FF651FED23F, 00007FF651FED2A4
g.WindowsFocusOrder[window->FocusOrder] == window, xrefs: 00007FF651FED205

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: !g.WindowsFocusOrder.contains(window)$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$g.WindowsFocusOrder[window->FocusOrder] == window$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 1541411109-3130785268
Opcode ID: 51fa6353a5e719cb7f80786e05cf48ca506108d67d08d8a577123632a494ddae
Instruction ID: 8bed9b5681fc5ef6980c13f95c11d7e30281e661f86b8f6c91ee0c3dffe50375
Opcode Fuzzy Hash: 51fa6353a5e719cb7f80786e05cf48ca506108d67d08d8a577123632a494ddae
Instruction Fuzzy Hash: 0171B43670A68386EB24CF15D8406F83761FB94B98F584132CA4DA7B98CF7DE696C700

Function 00007FF651FEB560 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 159COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FEB7D7

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FEB703
it >= Data && it <= Data + Size, xrefs: 00007FF651FEB770
i >= 0 && i < Size, xrefs: 00007FF651FEB5B3
Size > 0, xrefs: 00007FF651FEB6B0, 00007FF651FEB729
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FEB5AC, 00007FF651FEB6A9, 00007FF651FEB722, 00007FF651FEB769
cmd.ElemCount == 6, xrefs: 00007FF651FEB70A

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$cmd.ElemCount == 6$i >= 0 && i < Size$it >= Data && it <= Data + Size
API String ID: 1541411109-3684587188
Opcode ID: 28aed653d5d53d3af5ea67f15fe131aa0ac912b20bf8b35b3c199dbb44b19b6e
Instruction ID: 55dcd0e4c64b88735dbddaa2170a181a98324798a8ee16f14235ed4d917c8e8a
Opcode Fuzzy Hash: 28aed653d5d53d3af5ea67f15fe131aa0ac912b20bf8b35b3c199dbb44b19b6e
Instruction Fuzzy Hash: 6E819532A18AC682E7508F29D8403B97370FFA8748F489331DA8D67664DF7DE59AC740

Function 000002C33AD10EC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON

Download Yara Rule

APIs

Part of subcall function 000002C33ACCA110: char_traits.LIBCPMTD ref: 000002C33ACCA13D

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD10F36
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD10F55
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD10FE6
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD11041
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD11093

Strings

, xrefs: 000002C33AD10F08
', xrefs: 000002C33AD10F6D

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID: $'
API String ID: 2432257368-2481900351
Opcode ID: 52a6df86987effc56c3942b1dc471f96e7d443776264125f91504f2597ebadb0
Instruction ID: 7546a2ac1962c802496b815f31e747a93687e248f562e63695811f749b4d24b8
Opcode Fuzzy Hash: 52a6df86987effc56c3942b1dc471f96e7d443776264125f91504f2597ebadb0
Instruction Fuzzy Hash: B9511F31558AC88FE395FB54C499BDEB7E1FBD8700F40895DE48AC31A2DE349645CB82

Function 00007FF652030C30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

TrackMouseEvent.USER32 ref: 00007FF652030CCE
GetMessageExtraInfo.USER32 ref: 00007FF65203126A
TrackMouseEvent.USER32 ref: 00007FF6520312FB
TrackMouseEvent.USER32 ref: 00007FF652031305
ScreenToClient.USER32 ref: 00007FF652031331

Strings

Ctx != 0, xrefs: 00007FF652031355
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF65203134E

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: EventMouseTrack$ClientExtraInfoMessageScreen
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 3561655495-3890275027
Opcode ID: abe9a299fd20b9a6fbd2fc3767dffb8d4ebf984e011b516c80763c98f3087046
Instruction ID: 8fab4a5a8a71f296ae02397c040bc790723b3e2cc21f6b6411cb02b5305820b8
Opcode Fuzzy Hash: abe9a299fd20b9a6fbd2fc3767dffb8d4ebf984e011b516c80763c98f3087046
Instruction Fuzzy Hash: 2B61AF72A096428BE750CF65D8406BD77B5FB68748F1C8136DE0AA3A94CFBCE55AC700

Function 00007FF651FECB20 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 130COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF651FECC55
__swprintf_l.LIBCMT ref: 00007FF651FECC67

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FECB5A
#Child, xrefs: 00007FF651FECCB9
%s/%s_%08X, xrefs: 00007FF651FECC49
%s/%08X, xrefs: 00007FF651FECC5C
id != 0, xrefs: 00007FF651FECB61

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: __swprintf_l
String ID: #Child$%s/%08X$%s/%s_%08X$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$id != 0
API String ID: 1488884202-1586801193
Opcode ID: bdd4c8a56be0493f01b00d6cc279636af3cb9b378932b88e7a53b070b5721d9e
Instruction ID: 5ccef60fc0176071170b3a55caf94f7ded775cf5dbf215e6fb9d68f2dbfc0fd5
Opcode Fuzzy Hash: bdd4c8a56be0493f01b00d6cc279636af3cb9b378932b88e7a53b070b5721d9e
Instruction Fuzzy Hash: 7051E332A0868696E754DF26D4402E977E0FF98748F0C8636EA4DA3695CF7CE1A5C700

Function 00007FF6520043E0 Relevance: 12.4, APIs: 8, Instructions: 350COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65200446E
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65200455A
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6520045DA
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6520046F6
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652004806
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6520048E6
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652004966
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6520049E7

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID:
API String ID: 2739980228-0
Opcode ID: 57775b08057a0cb686b1252a14b079b2badbfb1439e6d4f1093d26c913e37d6c
Instruction ID: cb4072a2afcde86af7a1d94ed82764def0f4afffa5c657bc1814d358ee8b399b
Opcode Fuzzy Hash: 57775b08057a0cb686b1252a14b079b2badbfb1439e6d4f1093d26c913e37d6c
Instruction Fuzzy Hash: CC02D17271998292DB99EF24C9954FC73B0FB54B44B984232D70ED72A1DF38E66AC300

Function 00007FF652009E40 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 426COMMON

Download Yara Rule

Strings

z != 0, xrefs: 00007FF65200A0E8
z->direction, xrefs: 00007FF65200A008
z->ey >= scan_y_top, xrefs: 00007FF65200A185
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF65200A001, 00007FF65200A0E1, 00007FF65200A17E

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$z != 0$z->direction$z->ey >= scan_y_top
API String ID: 0-479673919
Opcode ID: 207b780c0f846decccf7b2c64cf49cdc236c3d2dc65c4374e3ac0e9dfbeac955
Instruction ID: 2088103acc0d9f991a3a79035c03c2d47d2f5171e4fa0b1a7d8a92d2b1cc07f7
Opcode Fuzzy Hash: 207b780c0f846decccf7b2c64cf49cdc236c3d2dc65c4374e3ac0e9dfbeac955
Instruction Fuzzy Hash: EE12EA3290ABC586E752CF35D4412A9B360FF58788F5C8322DB49B3664EF78E599C700

Function 00007FF651FED4F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 218COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FED7AB

Strings

off >= 4 && off < Buf.Size, xrefs: 00007FF651FED670
p >= begin() && p < end(), xrefs: 00007FF651FED6CE
it >= Data && it <= Data + Size, xrefs: 00007FF651FED744
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF651FED669, 00007FF651FED6C7
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FED73D

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$it >= Data && it <= Data + Size$off >= 4 && off < Buf.Size$p >= begin() && p < end()
API String ID: 1541411109-15920025
Opcode ID: f146da49762cb8cd1275c042e6d03367f461630165a1e30583ec68414f4dae0a
Instruction ID: 99c4fe7f320a4724cb8cb589b8ad0f43e91f60bb57f6316658ddf8c9ccfe232c
Opcode Fuzzy Hash: f146da49762cb8cd1275c042e6d03367f461630165a1e30583ec68414f4dae0a
Instruction Fuzzy Hash: 4891E3B6B19A8786EB548F25D8405B873A1FF44B88F488235DA0ED7B98DF3CE955C700

Function 00007FF651FE8380 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 164COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE8442
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE84FA
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE858A

Part of subcall function 00007FF651FE81E0: 00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE8269
Part of subcall function 00007FF651FE81E0: 00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE82E9
Part of subcall function 00007FF651FE81E0: 00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE836A

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE8624

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FE83B3
DrawList == &DrawListInst, xrefs: 00007FF651FE83BA

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$DrawList == &DrawListInst
API String ID: 2739980228-20161693
Opcode ID: c8be5354a01ef17ca92d8d4e428b236ce82e9f2ba0a2a98cb91df7b37cfa96f1
Instruction ID: b95c36af6f430d04b1ef853ec43f2e6a3b15bea586490d009f96d0eea4e7c34a
Opcode Fuzzy Hash: c8be5354a01ef17ca92d8d4e428b236ce82e9f2ba0a2a98cb91df7b37cfa96f1
Instruction Fuzzy Hash: 6871F173609A8286C785EF24E4951FC73B5FB58B48F584236DA0ED7264DF38D69AC340

Function 00007FF65201CA90 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 147COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF65201CB41
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65201CBC0

Strings

p >= Data && p < DataEnd, xrefs: 00007FF65201CC55
column->SortOrder < table->SortSpecsCount, xrefs: 00007FF65201CC7F
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF65201CC78
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF65201CC4E

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007$D91310F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->SortOrder < table->SortSpecsCount$p >= Data && p < DataEnd
API String ID: 3519738495-2291414753
Opcode ID: c98e87dfe587c474b0860b6d55d617259ab1cc65025dcbfab041ced95545847a
Instruction ID: bd2e593211d1ca8b0bb8f77a2aa660d2987a2fe4d3b09664e71d51d499a791b2
Opcode Fuzzy Hash: c98e87dfe587c474b0860b6d55d617259ab1cc65025dcbfab041ced95545847a
Instruction Fuzzy Hash: C161AE3360AA9296DB08DF29D9842BC73B0FB44B48F484136DB5DD7254DFB8E5AAC341

Function 00007FF6520238D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 117COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF6520239CD
00007FFBBBD91310.VCRUNTIME140 ref: 00007FF6520239E0

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF652023902
pos <= text_len, xrefs: 00007FF652023909
i >= 0 && i < Size, xrefs: 00007FF652023A0C
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652023A05

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$i >= 0 && i < Size$pos <= text_len
API String ID: 1541411109-3124524525
Opcode ID: 43148d90905608da133ba6f2dc9b7995a38c7d11a5028563e3b51f33180f49da
Instruction ID: 7311fab317086b481b3a6220a20664cda0c48484970f540ee2d503f2d98fa29d
Opcode Fuzzy Hash: 43148d90905608da133ba6f2dc9b7995a38c7d11a5028563e3b51f33180f49da
Instruction Fuzzy Hash: E141F773B0964687E7288F19ED4027A7761FB44798F084036CE8DE3695DEBCF58A8740

Function 000002C33ACFFBC0 Relevance: 9.4, APIs: 6, Instructions: 410COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000002C33ACFFC91

Part of subcall function 000002C33AD00350: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD0035E

Part of subcall function 000002C33AD03150: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD03163

bool_.LIBCPMTD ref: 000002C33ACFFDA3
shared_ptr.LIBCMTD ref: 000002C33ACFFDB0
UnDecorator::getVbTableType.LIBCMTD ref: 000002C33ACFFE53
bool_.LIBCPMTD ref: 000002C33ACFFF3B
shared_ptr.LIBCMTD ref: 000002C33ACFFF48

Part of subcall function 000002C33AD03080: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD0308E
Part of subcall function 000002C33AD03080: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD030C4

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Decorator::getTableTypebool_shared_ptr
String ID:
API String ID: 2413108386-0
Opcode ID: 860d05d0c23d945e2812b9969cd3f9d0f2eb79ac7c3eafe6dc3321d711d52ae6
Instruction ID: 5d5c578a44d183e1014a4fa544e6921a6854fd44cdcf66f9ac2c14826c2078a6
Opcode Fuzzy Hash: 860d05d0c23d945e2812b9969cd3f9d0f2eb79ac7c3eafe6dc3321d711d52ae6
Instruction Fuzzy Hash: 72F10130158AC88FF765EB58C458FDEB7E0FBD9700F508D99E08AC71A6DA749A44C782

Function 000002C33AD2E080 Relevance: 9.4, APIs: 6, Instructions: 408COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000002C33AD2E0A3
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000002C33AD2E0B7
std::make_error_code.LIBCPMTD ref: 000002C33AD2E0D0
std::make_error_code.LIBCPMTD ref: 000002C33AD2E132
std::make_error_code.LIBCPMTD ref: 000002C33AD2E300

Part of subcall function 000002C33ACD6020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 000002C33ACD602E

std::make_error_code.LIBCPMTD ref: 000002C33AD2E1B7

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction ID: 1533fc2b49286b86821c12b77678ebf3edb80f88bc5ddd0667d55f21683bc281
Opcode Fuzzy Hash: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction Fuzzy Hash: 50F1ED301587C84EE6A5EB58C469FDEB7E1FBD9700F408D9DE089C3296DE349A41C782

Function 000002C33ACFBB60 Relevance: 9.1, APIs: 6, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33ACFBBA6
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000002C33ACFBBC9
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000002C33ACFBBEF
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000002C33ACFBC62
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000002C33ACFBC88
List.LIBCMTD ref: 000002C33ACFBC94

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::ContextIdentityQueueWork$Affinity::operator!=HardwareList
String ID:
API String ID: 2242293343-0
Opcode ID: 88a63c18065b4d406e2cb50c44761dcb7cf26b639b903796a9ee2bdb5b598967
Instruction ID: 7072928fcb091ac0290a2ca1829647ce5106fb2f1249ef702a323e436a9f8a91
Opcode Fuzzy Hash: 88a63c18065b4d406e2cb50c44761dcb7cf26b639b903796a9ee2bdb5b598967
Instruction Fuzzy Hash: D4410D30158A884FEA94FB58D459BDEB7E0FBE4701F808E59E08AD3295DE74DA44C782

Function 000002C33AD41A30 Relevance: 9.1, APIs: 6, Instructions: 93COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41A5E

Part of subcall function 000002C33AD176A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000002C33AD176B8

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41A80

Part of subcall function 000002C33AD40D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000002C33AD40D48

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41AA2
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41AC4
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41AE6
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41B08

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction ID: 9d71a3bfa1c9fb20b9f60679c976671256fce39ea57fdeaf5d8296875d921aff
Opcode Fuzzy Hash: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction Fuzzy Hash: 77319B34658B888FE695EF68C059B5EF7E1FBD9340F504D5DE08DC3262DA309981CB82

Function 00007FF65201E150 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF65201E2FB
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65201E432

Strings

p >= begin() && p < end(), xrefs: 00007FF65201E1CC, 00007FF65201E339
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF65201E1C5, 00007FF65201E202, 00007FF65201E332, 00007FF65201E36F
p < end(), xrefs: 00007FF65201E209, 00007FF65201E376

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007$D91310F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$p < end()$p >= begin() && p < end()
API String ID: 3519738495-1901453082
Opcode ID: cf2c493598631b777911c369357c2c8d88ea23896cc8ed727317d93ff17d9880
Instruction ID: 403cfa85028894e0728a05bd20963793bd99b790f440b93368ef826c25d64658
Opcode Fuzzy Hash: cf2c493598631b777911c369357c2c8d88ea23896cc8ed727317d93ff17d9880
Instruction Fuzzy Hash: 2A81A172706A5296EB188F14ED582ACB3A1FB44B8DF488135DA4D97290EF7CE5A9C300

Function 00007FF6520113B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652011484
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652011567
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6520115F0

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6520113D3
!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF6520113DA

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 2739980228-3599239301
Opcode ID: a27dbbe3b8e8369e739a25ded0ea2982dee22f6b7ac45c46d309ae0859b59bb8
Instruction ID: 51ad0258a5c696b11cfd96280392be85e425db63d6fa666232a528b481f9cc41
Opcode Fuzzy Hash: a27dbbe3b8e8369e739a25ded0ea2982dee22f6b7ac45c46d309ae0859b59bb8
Instruction Fuzzy Hash: 6E61C372A0AA45C7DB49DF14D9552BCB3B1FB14B88F588226C70E93354DF78D5AAC340

Function 00007FF651FE2E30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON

Download Yara Rule

APIs

00007FFBC92E8950.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF651FE2EC1
00007FFBC92E8950.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF651FE2EEC
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE2FA9

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF651FE2E51
filename && mode, xrefs: 00007FF651FE2E58

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007$E8950$F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$filename && mode
API String ID: 3346678122-1878659873
Opcode ID: 4098060a98a758b466de7112bd39a24fe73d93be71fe8198c069658b61a7736b
Instruction ID: e544caa34f9476dfbc3a17b26cc97854e830d05cbeaa85b27d874d481d5d0b00
Opcode Fuzzy Hash: 4098060a98a758b466de7112bd39a24fe73d93be71fe8198c069658b61a7736b
Instruction Fuzzy Hash: 8941B421B0AA5382EB98DF19A85417D63A0FF54B98F5C0231D94EA37D8EF3CE55B8300

Function 00007FF6520313F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetMessageExtraInfo.USER32 ref: 00007FF6520313F9
GetCapture.USER32 ref: 00007FF652031491
SetCapture.USER32 ref: 00007FF65203149F

Strings

Ctx != 0, xrefs: 00007FF6520314C5
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6520314BE

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: Capture$ExtraInfoMessage
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 2172523684-3890275027
Opcode ID: 923c053ce066281c7ac671ef25c172f5d6b9f676048f14a3257d116d11b5ca04
Instruction ID: 3cb07f79f11125dac84249ee9d4a2df9ac21fd07ffed7624081accb20d1ffa05
Opcode Fuzzy Hash: 923c053ce066281c7ac671ef25c172f5d6b9f676048f14a3257d116d11b5ca04
Instruction Fuzzy Hash: 29210776606B4283E711CB25E800AAD73A0FB58BBCF880132DE1ED7394DF78E54A8740

Function 00007FF652001F40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

printf.MSPDB140-MSVCRT ref: 00007FF65200203E

Strings

[%s] [%05d] , xrefs: 00007FF652001F9A
[%05d] , xrefs: 00007FF652001FAF
Size > 0, xrefs: 00007FF652002020
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652002019

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: printf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$[%05d] $[%s] [%05d]
API String ID: 3524737521-3476604433
Opcode ID: d970e6bb0d4a413c039538619d901c7932e0038d053f9d91cdc7bebea93272d9
Instruction ID: 05c189562f980020251b20e90f3f7492fdadcd1eb5b36ec6ce6e7119f3e38a62
Opcode Fuzzy Hash: d970e6bb0d4a413c039538619d901c7932e0038d053f9d91cdc7bebea93272d9
Instruction Fuzzy Hash: 4C21C272709A4295EB219F11FC449A9B7A0FF44788F884131EE4DA7259CF7CE589C740

Function 00007FF65202FA50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF65202FAD2

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF65202FAAA
C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF65202FA84
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF65202FAB1
bd != nullptr && "No platform backend to shutdown, or already shutdown?", xrefs: 00007FF65202FA8B

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: FreeLibrary
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "No platform backend to shutdown, or already shutdown?"
API String ID: 3664257935-1332676508
Opcode ID: a88f10e153ff5662c3eda2797c9295a1957fe6c79fdca9ae89574122b0fd71b3
Instruction ID: 12d3d23b6a4289ebb535110d2bbf703a38cf439cbf2361d413f6d6d0ff7b2f14
Opcode Fuzzy Hash: a88f10e153ff5662c3eda2797c9295a1957fe6c79fdca9ae89574122b0fd71b3
Instruction Fuzzy Hash: 3A316EB2B0AA4282EB048F14ED946787370FB54B88F4C8136DA4D93760DF7CE46AC740

Function 00007FF6520314F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetMessageExtraInfo.USER32 ref: 00007FF6520314F3
GetCapture.USER32 ref: 00007FF652031573
ReleaseCapture.USER32 ref: 00007FF65203157E

Strings

Ctx != 0, xrefs: 00007FF65203159A
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF652031593

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: Capture$ExtraInfoMessageRelease
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 1767768705-3890275027
Opcode ID: cb19a9e6c1605ae45a3bbd78077dd2cfbef91a2a50fb1b9c956a217acb42d625
Instruction ID: 2179b5d64441030a451be826d20e90fa7cb32aede36c3f87177acd6f880c9688
Opcode Fuzzy Hash: cb19a9e6c1605ae45a3bbd78077dd2cfbef91a2a50fb1b9c956a217acb42d625
Instruction Fuzzy Hash: 4C210462A1664282E7518F65DC00AB962A1FB68BDCF881031DD0FA7794CFBDE58A8740

Function 000002C33AD15F20 Relevance: 8.0, APIs: 5, Instructions: 479COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000002C33AD16127

Part of subcall function 000002C33ACEAB90: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACEABAE

Part of subcall function 000002C33ACF55D0: _Func_class.LIBCONCRTD ref: 000002C33ACF55E3

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000002C33AD1615A
std::make_error_code.LIBCPMTD ref: 000002C33AD161A5

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::Func_classGroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 831135708-0
Opcode ID: 63f4ccc0c719f990fd2cecc369a8989cbc0d16d11778b62a075870b531d386af
Instruction ID: c7fc12a2f8a1fc30b5f2e35395e601b1afd4928df46c2648d9036cea6090e111
Opcode Fuzzy Hash: 63f4ccc0c719f990fd2cecc369a8989cbc0d16d11778b62a075870b531d386af
Instruction Fuzzy Hash: CEF1EF30158B884FF7A5FB68C459FDEB2E1FBD4700F908DA9E049C3296DE789A458781

Function 000002C33AD12740 Relevance: 7.9, APIs: 5, Instructions: 422COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000002C33AD127C5
std::make_error_code.LIBCPMTD ref: 000002C33AD12810
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD12904
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000002C33AD12BB3

Part of subcall function 000002C33AD1F6A0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000002C33AD1F6CB

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000002C33AD12C8E

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Scheduler$ProcessorProxyRoot::Virtual$Base::ChoresConcurrency::details::_EmptyGroupQueue::ScheduleScheduler::_SegmentStructuredUnrealizedWorkstd::make_error_code
String ID:
API String ID: 1866601945-0
Opcode ID: 1c48c8f7abf4ee09f37d3fb5ff55bc5fc80e92da85bd99eabbe83459b1591442
Instruction ID: fbfd91ebc8f01e0f6b3a5a9245900595f9c8e16b04b6d32d8aa8428259010ad7
Opcode Fuzzy Hash: 1c48c8f7abf4ee09f37d3fb5ff55bc5fc80e92da85bd99eabbe83459b1591442
Instruction Fuzzy Hash: 1FF1BD31658B888FE7A5FB68C459FDEB3E1FBD8700F404D6AA08DC3291DE7496458B42

Function 000002C33AD013D0 Relevance: 7.8, APIs: 5, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28bcf8cbf4f9d8ee0fb80cf63995194d2d98c00cad99854f8db27e055435d40e
Instruction ID: 0d3f67f96c05ed9ee20ab34c15a64785a9061a3a6c38f3dfac9592a5dcd4b307
Opcode Fuzzy Hash: 28bcf8cbf4f9d8ee0fb80cf63995194d2d98c00cad99854f8db27e055435d40e
Instruction Fuzzy Hash: 6AB1CE3015CA888FDBA4EB58C095F9AB7E1FBA8344F508D5DE08EC7261DB74D981CB42

Function 000002C33ACF5960 Relevance: 7.8, APIs: 5, Instructions: 294COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 000002C33ACF5A03
fpos.LIBCPMTD ref: 000002C33ACF5B8E
fpos.LIBCPMTD ref: 000002C33ACF5BC9
fpos.LIBCPMTD ref: 000002C33ACF5C3C

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 3f23ec98ed8d0db8145a29062c11fbcc78a6c96a5bf2dc5e6165215fd931549f
Instruction ID: 32cf1a91c989b8ea13eb80e6a655cc8bebc84245519ed50bd85cec7a0b0f9cc4
Opcode Fuzzy Hash: 3f23ec98ed8d0db8145a29062c11fbcc78a6c96a5bf2dc5e6165215fd931549f
Instruction Fuzzy Hash: 51B12B30258B888FE7A4EB58C458B6EB7E0FBD8701F544E5DE48AC32A5C774D980CB42

Function 000002C33AD399B0 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000002C33AD399F1

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

std::make_error_code.LIBCPMTD ref: 000002C33AD39A94
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD39B96
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD39BBA

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 1851498522-0
Opcode ID: 216af3604e034a8d617a86ff12bb7c94723bc8f844cd3d72ff026fb2d344c1b4
Instruction ID: 2ee03e50778e3fdfbfb3e0892eb8dda2a023349bb33f327068ff62f8e9c4ecd6
Opcode Fuzzy Hash: 216af3604e034a8d617a86ff12bb7c94723bc8f844cd3d72ff026fb2d344c1b4
Instruction Fuzzy Hash: 67A12031198A884BF762EB54C469FEEB3D1FB94740F448E99E08AC31E1DE74DA4587C1

Function 000002C33AD2F260 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000002C33AD2F2A2

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

std::make_error_code.LIBCPMTD ref: 000002C33AD2F373

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 52cd85fabb40296642562d013464caab3b67d2761199756b925dca6721a50769
Instruction ID: 38e292aa7d9103fab8b2bbab1089e1456580a86d05913d49dd0ce5ac42b4569f
Opcode Fuzzy Hash: 52cd85fabb40296642562d013464caab3b67d2761199756b925dca6721a50769
Instruction Fuzzy Hash: 6F91CD311586C88AE365FB64C459FDEB7E1FBD4740F408D59E08AC71A2DE349A45CB82

Function 000002C33AD26EA9 Relevance: 7.7, APIs: 5, Instructions: 198COMMON

Download Yara Rule

APIs

Mailbox.LIBCMTD ref: 000002C33AD26EF2
Mailbox.LIBCMTD ref: 000002C33AD26F2A
Mailbox.LIBCMTD ref: 000002C33AD26F95
Mailbox.LIBCMTD ref: 000002C33AD26FC6
Mailbox.LIBCMTD ref: 000002C33AD26FF0

Part of subcall function 000002C33ACEBC30: Mailbox.LIBCMTD ref: 000002C33ACEBC7E

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Mailbox
String ID:
API String ID: 1763892119-0
Opcode ID: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction ID: 7ae59cdc84099ace41114cbc95256d0be25131f34b81bd558e42953540592190
Opcode Fuzzy Hash: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction Fuzzy Hash: 8361133110CB888FE755EA58C458BEFB7E1FBA8301F444E5EE48AD31A1DA74DA45C742

Function 000002C33ACE26B0 Relevance: 7.7, APIs: 5, Instructions: 190COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 000002C33ACE26D8
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000002C33ACE2767

Part of subcall function 000002C33ACE0B80: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACE0BB2

Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000002C33ACE27FE
std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACE286F
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000002C33ACE28DC

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_SchedulerScheduler::_$std::error_condition::error_condition$std::bad_exception::bad_exception
String ID:
API String ID: 3801495819-0
Opcode ID: 855e9fad3cf8b62679a3ed4dce5103e3daddbb4618be66b587f956b2a1f93412
Instruction ID: ceb5bb512b75eb6b37ff1a5194c53acc6f0151d0a6f0beeef539a1a520048f1b
Opcode Fuzzy Hash: 855e9fad3cf8b62679a3ed4dce5103e3daddbb4618be66b587f956b2a1f93412
Instruction Fuzzy Hash: A1610F34658B888FE7A4EB68C448F9EB7E1FBD8301F50895DE089C32A1DB74D945CB42

Function 000002C33AD5A5E0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000002C33AD5A608

Part of subcall function 000002C33AD5C140: shared_ptr.LIBCPMTD ref: 000002C33AD5C161

__crt_scoped_stack_ptr.LIBCPMTD ref: 000002C33AD5A687
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD5A6E6
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD5A6FD
__crt_scoped_stack_ptr.LIBCPMTD ref: 000002C33AD5A7A6

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction ID: 20d16d5134295e6ad09cb50f4dae38f6ae3e5d46b7b66f76a7844f18e212f63f
Opcode Fuzzy Hash: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction Fuzzy Hash: 5361B870558B888FE7A0EB68C459F9EB7E0FBA8341F50495EE48DC3261DB34D985CB42

Function 000002C33AD5AAA0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000002C33AD5AAC8

Part of subcall function 000002C33AD5C040: shared_ptr.LIBCPMTD ref: 000002C33AD5C061

__crt_scoped_stack_ptr.LIBCPMTD ref: 000002C33AD5AB47
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD5ABA6
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD5ABBD
__crt_scoped_stack_ptr.LIBCPMTD ref: 000002C33AD5AC66

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: 91d403a99b0aa0b9c84ca8b623b580e6659b45cf93c11dcecb02eb8a3e2d9174
Instruction ID: e9dda87a13f1275f199e34cbbf5a1fbef13587f467e938add687903ec74397a3
Opcode Fuzzy Hash: 91d403a99b0aa0b9c84ca8b623b580e6659b45cf93c11dcecb02eb8a3e2d9174
Instruction Fuzzy Hash: 5861D930558B888FE7A0EB68C459F9EB7E0FBA8341F50495EE48DC3261DB34D985CB42

Function 000002C33AD2FF60 Relevance: 7.7, APIs: 5, Instructions: 171COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000002C33AD2FF83
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000002C33AD2FF97
std::make_error_code.LIBCPMTD ref: 000002C33AD2FFB0
std::make_error_code.LIBCPMTD ref: 000002C33AD30003

Part of subcall function 000002C33ACD6020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 000002C33ACD602E

std::make_error_code.LIBCPMTD ref: 000002C33AD30067

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 8fc910353a04408718612e5cf30e4eda843c1b23e99fc2a10d87dd0fa77c1dfc
Instruction ID: 36cd62219ed3be75010375e70bf9a4e8369e34d9fce749d85b6ea0514190fb4b
Opcode Fuzzy Hash: 8fc910353a04408718612e5cf30e4eda843c1b23e99fc2a10d87dd0fa77c1dfc
Instruction Fuzzy Hash: 2751BF301586884FF2A4FB58C859F9EB7E2FBD4700F508D99E08DC32A6DE749945CB46

Function 000002C33AD30D30 Relevance: 7.6, APIs: 5, Instructions: 146COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD30D65

Part of subcall function 000002C33AD342A0: type_info::_name_internal_method.LIBCMTD ref: 000002C33AD342B8

std::make_error_code.LIBCPMTD ref: 000002C33AD30D7E

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD30DA7
std::make_error_code.LIBCPMTD ref: 000002C33AD30DC0

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: 4b51986160a4cd423a99c67445d446e796d3c0d4e65a0d82bc8bd3ca371d903f
Instruction ID: 5e2fe686c158c4a649c4873bfe899a8d637f275984cdc6a4f8376c6b488f4bc1
Opcode Fuzzy Hash: 4b51986160a4cd423a99c67445d446e796d3c0d4e65a0d82bc8bd3ca371d903f
Instruction Fuzzy Hash: 63512F302587C48BF755EBA4D469BAF77E1FBD4704F408E99E0C9D71D2DA24DA048782

Function 00007FF651FE2CA0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF651FE2CE2
MultiByteToWideChar.KERNEL32 ref: 00007FF651FE2D05
MultiByteToWideChar.KERNEL32 ref: 00007FF651FE2D53
MultiByteToWideChar.KERNEL32 ref: 00007FF651FE2D73
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF651FE2DFC

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: ByteCharMultiWide$00007F020
String ID:
API String ID: 2477082939-0
Opcode ID: 6f38d78b5a1f04dc295c27fbc0c8007995e79b69b265c0d250188913823da770
Instruction ID: e4c385f6f34b98d6bdac69f202e0f5ff7725c28461994122d353b559ff8b8322
Opcode Fuzzy Hash: 6f38d78b5a1f04dc295c27fbc0c8007995e79b69b265c0d250188913823da770
Instruction Fuzzy Hash: A341C172609A4186D324EF16B8545A977A2FB48BE8F088236DE5D93BA4DF3CC55A8700

Function 000002C33AD41C70 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41C9E

Part of subcall function 000002C33AD40D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000002C33AD40D48

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41CC0
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41CE2
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41D04
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD41D26

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction ID: 5355ab1c9d80800737b0c6840cad22e8f302cb752e3dba214985f7c7801c1d2a
Opcode Fuzzy Hash: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction Fuzzy Hash: 8621B134658B844FD6D5FB68C459B5EB7E1FBD9340F808D5DE08DC3262DA309945CB82

Function 000002C33AD2FCF0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD2FD17

Part of subcall function 000002C33AD342A0: type_info::_name_internal_method.LIBCMTD ref: 000002C33AD342B8

std::make_error_code.LIBCPMTD ref: 000002C33AD2FD2D

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD2FD50
std::make_error_code.LIBCPMTD ref: 000002C33AD2FD66

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: 18c570fd0deab407a0f837e49046f6b791d582b1a6d6ce112fe98874db57e66e
Instruction ID: fdc462c29f8602d961f4e8dd4cd78a4c6f4f89a8db9c96e5891c30aa34c840da
Opcode Fuzzy Hash: 18c570fd0deab407a0f837e49046f6b791d582b1a6d6ce112fe98874db57e66e
Instruction Fuzzy Hash: E6210330198B884BF645FBA4C469FAE77E2FBD4740F408D99E085C72A2DA24DA41DBD1

Function 000002C33AD0BF60 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD0BF8E

Part of subcall function 000002C33AD176A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000002C33AD176B8

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD0BFB0
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD0BFD2
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD0BFF4
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD0C016

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction ID: b05a1ee379dd97b3a16c26a6945236b260560ef957c6110762abdeec1d1839ec
Opcode Fuzzy Hash: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction Fuzzy Hash: 6221A034658B844FD6D5FB68C459B5EB7E1FBD9340F808D5DE08DC3262DA309941CB82

Function 000002C33AD294F0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD2951A
shared_ptr.LIBCMTD ref: 000002C33AD2952E

Part of subcall function 000002C33AD31B90: shared_ptr.LIBCMTD ref: 000002C33AD31B9E

allocator.LIBCPMTD ref: 000002C33AD29542
shared_ptr.LIBCMTD ref: 000002C33AD29554
allocator.LIBCPMTD ref: 000002C33AD29568

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: shared_ptr$allocator$Affinity::operator!=Concurrency::details::Hardware
String ID:
API String ID: 1053258265-0
Opcode ID: 731d90d100de80035144f11b9cbff0f6121979b4b1cf63ee1738207ad95db791
Instruction ID: 05f48975f2624538e8f7f99bd2b0440debb68de8cd2397381d2adc8d057c262d
Opcode Fuzzy Hash: 731d90d100de80035144f11b9cbff0f6121979b4b1cf63ee1738207ad95db791
Instruction Fuzzy Hash: 8E11FE3055CB884FE6A1EB28C459BAEB7E1FBD8350F408D5DE48DD3291DB349A458782

Function 000002C33ACCE510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000002C33ACCE53C
type_info::_name_internal_method.LIBCMTD ref: 000002C33ACCE5F2
type_info::_name_internal_method.LIBCMTD ref: 000002C33ACCE6BA

Part of subcall function 000002C33ACCA110: char_traits.LIBCPMTD ref: 000002C33ACCA13D

Strings

, xrefs: 000002C33ACCE734

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID:
API String ID: 2432257368-3916222277
Opcode ID: fc3064d62a3cd5194dff096c9fc33b5f2c68b979ee5dc823d586b5ed394c8f21
Instruction ID: cc2b1aca96664f9f4050bf0b717f3c12ddf9b7970d4c127e1ebec754525106c1
Opcode Fuzzy Hash: fc3064d62a3cd5194dff096c9fc33b5f2c68b979ee5dc823d586b5ed394c8f21
Instruction Fuzzy Hash: 38C1DD31558B888FE765EB64C459BDFB7E1FBD8B00F404E69E08AC3191DE34DA458782

Function 00007FF651FE7D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 246COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FE7F8E

Strings

#MOVE, xrefs: 00007FF651FE80C0
Size > 0, xrefs: 00007FF651FE805B
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FE8054

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: #MOVE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 1541411109-319756798
Opcode ID: a9447c703a5c6f419a763ba9b790bfdbb90cf70eb01f7ac6463506faf4b27953
Instruction ID: 7f95f17a0313eca6ec411dd1dacdfec29aaaadadef80ddfe4184da3cb4c77d18
Opcode Fuzzy Hash: a9447c703a5c6f419a763ba9b790bfdbb90cf70eb01f7ac6463506faf4b27953
Instruction Fuzzy Hash: E6D12632606BC19AD354CF29A98879977A9F745B14FAD8339C7A8473A0DF35E0A2C704

Function 000002C33AD13328 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD1374F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD137BB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD13815

Strings

e, xrefs: 000002C33AD1340C

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID: e
API String ID: 1865873047-4024072794
Opcode ID: a5aedeaa2a5e8da9842271219853bb447ad559dd74de6758b306763cffed3ded
Instruction ID: b52aa36f866afebb960b3fa84146a22cf0d55dfefa7e1cdc6c781f850f1267e9
Opcode Fuzzy Hash: a5aedeaa2a5e8da9842271219853bb447ad559dd74de6758b306763cffed3ded
Instruction Fuzzy Hash: 23612A3465CA848FE7D5EBA8C499B5EB7E0FB98301F50496DE04AC72A1D638D941CB82

Function 00007FF652001090 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140(00000000,?,00000000,000002C3364C0960,00007FF652000EC1,?,?,00000000,00007FF651FE9F9A), ref: 00007FF65200114C
00007FFBBBD91310.VCRUNTIME140 ref: 00007FF6520012A7

Strings

g.Initialized, xrefs: 00007FF6520010CA
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6520010C3

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.Initialized
API String ID: 1541411109-1422301356
Opcode ID: 844d1a01e8b4b56630694eac2156529f4390ec6b52c24e8e2dcafa63ceb3fbf5
Instruction ID: 4f4b93421cd5c9c36c63438f9c24124b04f970c98cf819f9aa9b17355953c582
Opcode Fuzzy Hash: 844d1a01e8b4b56630694eac2156529f4390ec6b52c24e8e2dcafa63ceb3fbf5
Instruction Fuzzy Hash: BE61D412B0FA8685FE158E159C082BAA791BB49BD8FCC4531DE5DE7384EEBCE459C700

Function 000002C33ACDC5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

_Subatomic.LIBCONCRTD ref: 000002C33ACDC660
_Subatomic.LIBCONCRTD ref: 000002C33ACDC6FC

Strings

d, xrefs: 000002C33ACDC630

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Subatomic
String ID: d
API String ID: 3648745215-2564639436
Opcode ID: 54bdeb58da35ab94bcf85085278a1c4949db9dfd6b8a7e539e187413d69c00dd
Instruction ID: 1c6ea2fa3e201b60cd99258fccc90bc12e0c1d8385ea382d06c82ecdab52135e
Opcode Fuzzy Hash: 54bdeb58da35ab94bcf85085278a1c4949db9dfd6b8a7e539e187413d69c00dd
Instruction Fuzzy Hash: 1941CE7025DB888FD794FF68C44DBAAB7E2FBD9341F40595EA08AD3260DA74D9408B42

Function 00007FF652031091 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

IsWindowUnicode.USER32 ref: 00007FF652031094
MultiByteToWideChar.KERNEL32 ref: 00007FF65203116F

Strings

Ctx != 0, xrefs: 00007FF65203118F
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF652031188

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: ByteCharMultiUnicodeWideWindow
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 3417139564-3890275027
Opcode ID: d9a610a5f53e9fa10297ec8690aded1cef327910e5f6d708596898dc3a383a64
Instruction ID: e0496aa95d4abc91bbb4321f24af2078908aee1de44a8a9b956698673c44e53e
Opcode Fuzzy Hash: d9a610a5f53e9fa10297ec8690aded1cef327910e5f6d708596898dc3a383a64
Instruction Fuzzy Hash: 7051E522B0964286E765CF24C8407BDB3A1FB58B4CF4C4136DA4DA7A98DFBCD84A8310

Function 00007FF6520041F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652004304
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6520043C6

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF65200421D, 00007FF65200424E
!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF652004224, 00007FF652004255

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 2739980228-3599239301
Opcode ID: 39a94ab1953bdc714ba20a451d15697837532ad35433a4dd319d13373b39f134
Instruction ID: cbf8b273bf1964fd0c723c3c4130999ef645b1ed506f0faa6c39fcf7bd16b182
Opcode Fuzzy Hash: 39a94ab1953bdc714ba20a451d15697837532ad35433a4dd319d13373b39f134
Instruction Fuzzy Hash: 1E51F37270AA9282EB54EF14E8945BC73B4FB58B48F884232CA4D97654DF7CD59AC340

Function 000002C33ACC4AA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC4AD0
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33ACC4B2F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC4B41

Strings

, xrefs: 000002C33ACC4B85

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
String ID:
API String ID: 991905282-3916222277
Opcode ID: 36a22229416e564e8440cefac388c07ecd404f3bbc27db4e377a02a1a41e44dc
Instruction ID: beed62e2101919046df01cfe605f5dcdb3eb53aba529f9b64d24479c675e29f9
Opcode Fuzzy Hash: 36a22229416e564e8440cefac388c07ecd404f3bbc27db4e377a02a1a41e44dc
Instruction Fuzzy Hash: F3411D70158B888FE394EF28C459B5EB7E0FBD4B01F90995DF49AC32A1CB709941CB42

Function 00007FF651FF3110 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF651FF3241

Strings

i >= 0 && i < Size, xrefs: 00007FF651FF319B, 00007FF651FF31DE, 00007FF651FF3212, 00007FF651FF3265
Size > 0, xrefs: 00007FF651FF313F
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FF3138, 00007FF651FF3194, 00007FF651FF31D7, 00007FF651FF320B, 00007FF651FF325E

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$i >= 0 && i < Size
API String ID: 1541411109-3833649686
Opcode ID: 9795f39f3915703e5182b8305a070d8cc95cb5839a0246a7f8836c85aa4fbd7e
Instruction ID: df3d6223b5de88a95a2f3fbc9e143d56e1d343765be3a5f0afa7b10fafc85383
Opcode Fuzzy Hash: 9795f39f3915703e5182b8305a070d8cc95cb5839a0246a7f8836c85aa4fbd7e
Instruction Fuzzy Hash: 8A418735B09B8696EB148F15E8805E973B0FB54B88F484131DAAED3664CFBCF259C340

Function 00007FF652011620 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6520116C6
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652011744

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF652011639
!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF652011640

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 2739980228-3599239301
Opcode ID: 8193d48d8a4ab965047eb9cd85be8e2c2768a0254f95d21a873dfeaeee22ed6b
Instruction ID: 40c3d863864182831267738a69a8d3f7a9df9ff9e0dc8319aeb3a2f031b05ad8
Opcode Fuzzy Hash: 8193d48d8a4ab965047eb9cd85be8e2c2768a0254f95d21a873dfeaeee22ed6b
Instruction Fuzzy Hash: 8631F67360AA5286C749DF14D8955BC73B5FB14B88B588233CA0E83354DF79D5AEC340

Function 000002C33AD32950 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000002C33AD329A7

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

std::make_error_code.LIBCPMTD ref: 000002C33AD329D2
std::make_error_code.LIBCPMTD ref: 000002C33AD329EE

Strings

}, xrefs: 000002C33AD32996

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID: }
API String ID: 2527301759-4239843852
Opcode ID: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
Instruction ID: 45dac6c273adad013cdea37e5f6b8304de28fc16562270116a99aec8d31e22a0
Opcode Fuzzy Hash: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
Instruction Fuzzy Hash: D0211A305986C58BE359EB98C454A2EBBF1FBD9780F508DA9E189C31E1C674CA808782

Function 000002C33AD879A0 Relevance: 6.5, APIs: 4, Instructions: 491COMMON

Download Yara Rule

APIs

Part of subcall function 000002C33ACCA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACCA18D

Part of subcall function 000002C33ACCA110: char_traits.LIBCPMTD ref: 000002C33ACCA13D

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD87A14

Part of subcall function 000002C33ADA9E50: type_info::_name_internal_method.LIBCMTD ref: 000002C33ADA9EF0
Part of subcall function 000002C33ADA9E50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ADA9F56
Part of subcall function 000002C33ADA9E50: CreateFileA.KERNEL32 ref: 000002C33ADA9F82

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD87AE4

Part of subcall function 000002C33ACC5180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC5217

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$type_info::_name_internal_method$Affinity::operator!=CreateFileHardwarechar_traits
String ID:
API String ID: 2370075206-0
Opcode ID: 1ca1f53479ce3256fdcfa652a2f8c0640dff5af6cc40af6253aed29f3ac4abb4
Instruction ID: 7f1f7926b818fc4b25f9b5766c44dbfb002a8385a392a7ddb27c9969b329fca8
Opcode Fuzzy Hash: 1ca1f53479ce3256fdcfa652a2f8c0640dff5af6cc40af6253aed29f3ac4abb4
Instruction Fuzzy Hash: B702AF31159A888AF365FB64C459BEFB3E1FBD4741F508DAEE04AC31A2DE309A45C781

Function 000002C33AD23900 Relevance: 6.4, APIs: 4, Instructions: 439COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000002C33AD23951

Part of subcall function 000002C33ACF2880: _Ptr_base.LIBCMTD ref: 000002C33ACF2893

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Base::ChoresConcurrency::details::GroupPtr_baseScheduleSegmentUnrealized
String ID:
API String ID: 3333744592-0
Opcode ID: 570f11bbdc05f9da95d07b3fdbdb974941727138929f366d8f2bea2d8099bd35
Instruction ID: 4ba4cb2684aed0da505949c67f68d8da0e0f3023369adcda6b8c71847230283f
Opcode Fuzzy Hash: 570f11bbdc05f9da95d07b3fdbdb974941727138929f366d8f2bea2d8099bd35
Instruction Fuzzy Hash: 68F12031158A888FE7A5FB58C459BDEB3E1FBD8300F404D69E48EC3295DE749A45CB82

Function 000002C33AD15890 Relevance: 6.4, APIs: 4, Instructions: 359COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000002C33AD15917
std::make_error_code.LIBCPMTD ref: 000002C33AD15992
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000002C33AD15B1C

Part of subcall function 000002C33AD1F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000002C33AD1F8CD
Part of subcall function 000002C33AD1F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000002C33AD1F8E4

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000002C33AD15CAB

Part of subcall function 000002C33ACF6BC0: char_traits.LIBCPMTD ref: 000002C33ACF6BE0

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::$Concurrency::details::_ProcessorProxyRoot::Scheduler::_Virtual$Base::ChoresGroupScheduleSegmentUnrealizedchar_traitsstd::make_error_code
String ID:
API String ID: 3113402709-0
Opcode ID: 8315beeaeb721658927f8f770d131a9c147b9258a1641d469c0d50eda48e832c
Instruction ID: 62505ce78ba309edbbc239b2388a34c0b5c0234b4ce2a2b9c8bbfbd5ed096877
Opcode Fuzzy Hash: 8315beeaeb721658927f8f770d131a9c147b9258a1641d469c0d50eda48e832c
Instruction Fuzzy Hash: ACC1FE31158B8C8FE7A5FB68C459BDEB7E1FBD8300F40496E948DC3291DE749A458B82

Function 000002C33ACD2C70 Relevance: 6.4, APIs: 4, Instructions: 351COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACD2CA2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACD2E63
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACD2E78

Part of subcall function 000002C33ACCB170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACCB17E
Part of subcall function 000002C33ACCB170: _Max_value.LIBCPMTD ref: 000002C33ACCB1A3
Part of subcall function 000002C33ACCB170: _Min_value.LIBCPMTD ref: 000002C33ACCB1D1

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACD2FB7

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
String ID:
API String ID: 348937374-0
Opcode ID: 9076abe83797b2f5b95f51d9a62a17b5c4646a91e0ea6bac038e2092eb8d8266
Instruction ID: e9a862df47fb353c1b700b0af8a5ce8603312fd20ddc071b56216322d75ec312
Opcode Fuzzy Hash: 9076abe83797b2f5b95f51d9a62a17b5c4646a91e0ea6bac038e2092eb8d8266
Instruction Fuzzy Hash: 52D1773065CB888FE7A4FB68C459F6EB7E1FBE8741F40495DA08DC3261DA70D9818B42

Function 000002C33ACE3390 Relevance: 6.3, APIs: 4, Instructions: 324COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACE352B
std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACE3551

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::error_condition::error_condition
String ID:
API String ID: 246976077-0
Opcode ID: 5f3126eda9a4eb9af231d5239096d653e2129c4e3c35e502a72c1b9b8bd3846d
Instruction ID: 1522b4f28e32312c8a01d991810b98adba128a8b68f6e815242a74efd6c47239
Opcode Fuzzy Hash: 5f3126eda9a4eb9af231d5239096d653e2129c4e3c35e502a72c1b9b8bd3846d
Instruction Fuzzy Hash: 29C12130158A888FE7A5EB68C455FDEB7E1FBD8741F504D6DE049C32A1DA70E941CB82

Function 000002C33AD31370 Relevance: 6.3, APIs: 4, Instructions: 304COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000002C33AD31564

Part of subcall function 000002C33AD050A0: char_traits.LIBCPMTD ref: 000002C33AD050C1

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000002C33AD315C1

Part of subcall function 000002C33AD3A0F0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000002C33AD3A112

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::Concurrency::details::_Decorator::getProcessorProxyRoot::Scheduler::_TableTypeVirtualchar_traits
String ID:
API String ID: 1673230147-0
Opcode ID: 54f13db51325af36e86bb9f0e7cfac0249b4394f15ed719d382bbe191eb23ca8
Instruction ID: 9f097c0345d601a9a57c9a04253d2b3bd1d6c54aed8bcbbc0f3ce3bbba8775d4
Opcode Fuzzy Hash: 54f13db51325af36e86bb9f0e7cfac0249b4394f15ed719d382bbe191eb23ca8
Instruction Fuzzy Hash: 18C1CA70558B888FE7A5EB58C499FDEB7E1FB98301F40496ED18DC3261DB349544CB82

Function 000002C33AD324C0 Relevance: 6.3, APIs: 4, Instructions: 266COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000002C33AD324E3
std::make_error_code.LIBCPMTD ref: 000002C33AD324FC

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

std::make_error_code.LIBCPMTD ref: 000002C33AD3253B

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 1046759889-0
Opcode ID: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction ID: 991e294507e02b3b410bd5c2a74d818f5ef7beef42125767971d6190fe1a9e20
Opcode Fuzzy Hash: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction Fuzzy Hash: 28B19A30158B888EE6A5FB68C459BDEB7E1FBD8700F40895DE08DC3296DA749945CB82

Function 000002C33ACFBF20 Relevance: 6.3, APIs: 4, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34be266543894efc96d51f676f5f1ca7cc37a58dd76303ca975cdefcda27a6da
Instruction ID: 9a864c107c69ba0073a7f6d81fb360cf83903e8c475d1f8342ccd625ccc130ea
Opcode Fuzzy Hash: 34be266543894efc96d51f676f5f1ca7cc37a58dd76303ca975cdefcda27a6da
Instruction Fuzzy Hash: 5691A03015CA888FDB94EB18C095F9AB7E1FBE9344F50495DE08EC7262DB71E945CB42

Function 000002C33AD2DCB0 Relevance: 6.2, APIs: 4, Instructions: 212COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000002C33AD2DCED

Part of subcall function 000002C33ACD8FE0: std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACD8FFE

std::make_error_code.LIBCPMTD ref: 000002C33AD2DD3C

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 58c7311be2cb89b8753877e7c75642fcbb82317ee9f238dba1156d6b4c2a68d4
Instruction ID: 612e915e5ddc0547cc4e5ce6a1637a8470c26458c97bec4137703d25f77d9db2
Opcode Fuzzy Hash: 58c7311be2cb89b8753877e7c75642fcbb82317ee9f238dba1156d6b4c2a68d4
Instruction Fuzzy Hash: AC810130158AC88FE3A5EB58C455FAEB7E1FBD4700F408D6DE08AC31A6DA749945CB82

Function 000002C33ACF5700 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 000002C33ACF579A
fpos.LIBCPMTD ref: 000002C33ACF5863
fpos.LIBCPMTD ref: 000002C33ACF58B2
fpos.LIBCPMTD ref: 000002C33ACF594F

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: a06c74410f647526738439c1d7a2df2a66b16ccba1c99b2313f6c08277eab004
Instruction ID: 1122041a797fbb240b033a95c97b2034ee0d151064b27524081cf51eac26ef6b
Opcode Fuzzy Hash: a06c74410f647526738439c1d7a2df2a66b16ccba1c99b2313f6c08277eab004
Instruction Fuzzy Hash: F7810830658B888FE7A4EB68C449B1EBBE0FBD8700F544E59F599C32A5C774D981CB42

Function 000002C33AD3B610 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD3B6AB
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD3B7D2

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction ID: 5b7946e90549291eefaa8559ebef2db9df05d7efc78d14f02f158c4f2c6e8674
Opcode Fuzzy Hash: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction Fuzzy Hash: F571B330158AC89FE7A6EB58C459FEEB7E1FB98300F408D59E08DC7291DE74DA458782

Function 000002C33AD3B2A0 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33AD3B33B
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD3B462

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction ID: 076952cd8a9c97fdc1be49fcb1658c9a7c8721957be8383a7679d167956c2948
Opcode Fuzzy Hash: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction Fuzzy Hash: A771A23425CB888FF7A6EB68C459BEEB7E1FB98300F804D59E08DC7291DA74D9458742

Function 000002C33ACD8290 Relevance: 6.1, APIs: 4, Instructions: 147COMMON

Download Yara Rule

APIs

Part of subcall function 000002C33ACCA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACCA18D

type_info::_name_internal_method.LIBCMTD ref: 000002C33ACD83B2
type_info::_name_internal_method.LIBCMTD ref: 000002C33ACD83CD
type_info::_name_internal_method.LIBCMTD ref: 000002C33ACD840F
type_info::_name_internal_method.LIBCMTD ref: 000002C33ACD842A

Part of subcall function 000002C33ACCA110: char_traits.LIBCPMTD ref: 000002C33ACCA13D

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
String ID:
API String ID: 1744367693-0
Opcode ID: 30ffffbc32562f55399461986d00f4272352037bfd5b746e90ae5d919702b9bf
Instruction ID: f8061b1fbfa649b0e0cbe660c258eaf39aa72e144b437b97b4e84a305f13c6e9
Opcode Fuzzy Hash: 30ffffbc32562f55399461986d00f4272352037bfd5b746e90ae5d919702b9bf
Instruction Fuzzy Hash: FC51FA301587848FE3A4EB58C449BAEB7E1FBD4744F404E5DE089C72A1DB74DA46CB82

Function 00007FF6520259A0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652025A26
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652025AA3
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652025B20
00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652025B9E

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID:
API String ID: 2739980228-0
Opcode ID: 40a382835e6706dba0aacc8cd3f1290a8d22f5a65d183d6c671a3e35b392f7c0
Instruction ID: 1052769e558a6f2fba5c45a1e55a723f4bb3767edfbb92182101a2696f0db3ae
Opcode Fuzzy Hash: 40a382835e6706dba0aacc8cd3f1290a8d22f5a65d183d6c671a3e35b392f7c0
Instruction Fuzzy Hash: AB51AEB361AA9686CB49DF18D8950BC73B2FB58B48B588223DA0EC3250DF79C55EC740

Function 000002C33ACFC210 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

APIs

shared_ptr.LIBCMTD ref: 000002C33ACFC2E4
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000002C33ACFC2F4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000002C33ACFC305

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Affinity::operator!=Base::ContextHardwareIdentityQueueWorkshared_ptr
String ID:
API String ID: 714649587-0
Opcode ID: 56e7f5989e768847083db759d86a7ebfa7ab74bda9f1653fe54440c5e8e10927
Instruction ID: 26db1afefb4dd9abbedd8e18f09506200833ae29ea94e496c46685c6c923ee0f
Opcode Fuzzy Hash: 56e7f5989e768847083db759d86a7ebfa7ab74bda9f1653fe54440c5e8e10927
Instruction Fuzzy Hash: A241FF3015CE488FE794EB58C099BAAB7E0FBE8345F504A5DF089C3261DA34D945CB42

Function 000002C33AD9FC90 Relevance: 6.1, APIs: 4, Instructions: 120COMMON

Download Yara Rule

APIs

Part of subcall function 000002C33AD9FE90: _Byte_length.LIBCPMTD ref: 000002C33AD9FEFE

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD9FD15
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD9FD3E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD9FD75
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33AD9FD9E

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Byte_length
String ID:
API String ID: 1141060839-0
Opcode ID: a094d049b7394f019bb74d8a9ce6fa8793c3500efc0350374be82258551a5043
Instruction ID: 054d4de47aff1a21b11a846df0fe9dd54b3560424f206f06c9dac9156bdf0072
Opcode Fuzzy Hash: a094d049b7394f019bb74d8a9ce6fa8793c3500efc0350374be82258551a5043
Instruction Fuzzy Hash: 4E410F30158B888FE754FB68C459FAEB7E1FBD8741F50495EE089C3261DE709985CB82

Function 000002C33AD4D460 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD4D48B

Part of subcall function 000002C33AD176A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000002C33AD176B8

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD4D4AA

Part of subcall function 000002C33AD40D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000002C33AD40D48

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD4D4C9
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD4D4E8

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction ID: 61e6605317d97be891c2ac5b24dc274fd2c3d18e67a2624297c59c1e9c0bea5f
Opcode Fuzzy Hash: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction Fuzzy Hash: 87111A30658B888FE694FB68C059B5EBBE1FBD8340F904D5DE088C3262DA30D9408B82

Function 000002C33AD0B130 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD0B15B

Part of subcall function 000002C33AD176A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000002C33AD176B8

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD0B17A
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD0B199
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD0B1B8

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction ID: bfbd5046d30174573752cd5a85aace3758c52725fa1c68b6e7ad52e0722db157
Opcode Fuzzy Hash: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction Fuzzy Hash: F011EA30658B888FE6D5FB68C459B5EBBE1FBD9340F904D5DE089C3262DA30D9418B82

Function 000002C33AD1F060 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD1F08B

Part of subcall function 000002C33AD176A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000002C33AD176B8

type_info::_name_internal_method.LIBCMTD ref: 000002C33AD1F0AA
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD1F0C9
type_info::_name_internal_method.LIBCMTD ref: 000002C33AD1F0E8

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction ID: c34bc353e92f7455fa3bd53ec993dd7f0471fe4543a6003299bb2dd55e63d0a6
Opcode Fuzzy Hash: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction Fuzzy Hash: 0711FE30658B888FE6D5FB6CC459B5EB7E1FBD9340F904D5DE089C3262DA30D9418B82

Function 000002C33AD033B0 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_Func_class.LIBCONCRTD ref: 000002C33AD033C3
_Func_class.LIBCONCRTD ref: 000002C33AD0341D

Part of subcall function 000002C33ACF9830: _Func_class.LIBCONCRTD ref: 000002C33ACF983E
Part of subcall function 000002C33ACF9830: _Func_class.LIBCONCRTD ref: 000002C33ACF989C

_Func_class.LIBCONCRTD ref: 000002C33AD03441
_Func_class.LIBCONCRTD ref: 000002C33AD0344D

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Func_class
String ID:
API String ID: 1670654298-0
Opcode ID: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction ID: 7e323f5ea7a4d71b137de029a883315bd1de198dde7a264c11c610d3c399bf70
Opcode Fuzzy Hash: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction Fuzzy Hash: 91112E30658A484FE684FB5CC458B2EB7E1FBD9741F408D69E089C72B6DA25D941C781

Function 000002C33AD1EF60 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD1EFAA
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD1EFBE

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction ID: 6ed8fd1dc137f316694aeb6eb9adcb2a1c34f6d0d070bd2f4f3c7b31ce302bf4
Opcode Fuzzy Hash: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction Fuzzy Hash: FA012D301B4A994BE3D5DB69D468B6EB5E2FB84340FC44C5CF545C32A1CAB9C5449782

Function 000002C33AD1EEC0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD1EF0A
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33AD1EF1E

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction ID: 4967c488a3800c482c28eb98e6c5af0b0e860250cb0efeba56120f2b98262c34
Opcode Fuzzy Hash: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction Fuzzy Hash: 44011B70178B894BF3D6DB69C4A8B6D75E2FB84300F844D58E449C32D0CEB9DA448682

Function 000002C33ACC3D40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 000002C33ACC5360: _WChar_traits.LIBCPMTD ref: 000002C33ACC538D

Part of subcall function 000002C33ACC4740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC476C
Part of subcall function 000002C33ACC4740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC477E
Part of subcall function 000002C33ACC4740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000002C33ACC47BB

Part of subcall function 000002C33ACC4850: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33ACC48B8

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000002C33ACC412A

Strings

, xrefs: 000002C33ACC41B1
X, xrefs: 000002C33ACC3EE3

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Char_traits
String ID: $X
API String ID: 1626164810-1398056850
Opcode ID: b7fe99cffcf7bd97a9e81d5aad9f532e1525070ba119c050f664d87821b138ec
Instruction ID: ea17dc7b846c262795d4a13c80e18bcaf7bff78f5e192b63a0f03bfc8282ad84
Opcode Fuzzy Hash: b7fe99cffcf7bd97a9e81d5aad9f532e1525070ba119c050f664d87821b138ec
Instruction Fuzzy Hash: A8D1CB70518B888FE7A4EF68C498BDEB7E1FBD8701F50496EA48DC3261DB709585CB42

Function 000002C33AD25560 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON

Download Yara Rule

Strings

", xrefs: 000002C33AD25636
", xrefs: 000002C33AD2574E

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID:
String ID: "$"
API String ID: 0-3758156766
Opcode ID: d9ca275203620766a00d06b5d65ade6f880f8bd0154771a424bc1f8235aa31d6
Instruction ID: b749274049468a1ce67fe9221227f63039010f47906dc9bdedb4ec9ed5b55726
Opcode Fuzzy Hash: d9ca275203620766a00d06b5d65ade6f880f8bd0154771a424bc1f8235aa31d6
Instruction Fuzzy Hash: 44710C31158B888EE795EB54C495FDFB7E1FBA4340F408E99F08AC31A1DA34DA45CB82

Function 000002C33ACE4B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 000002C33ACE4CEA

Part of subcall function 000002C33ACE01A0: Concurrency::details::VirtualProcessor::ClaimTicket::InitializeTicket.LIBCMTD ref: 000002C33ACE01BD

Strings

@, xrefs: 000002C33ACE4BED
@, xrefs: 000002C33ACE4B66

Memory Dump Source

Source File: 00000000.00000002.3887562318.000002C33ACC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000002C33ACC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2c33acc0000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: ClaimConcurrency::details::InitializeProcessor::TicketTicket::Virtualstd::error_condition::error_condition
String ID: @$@
API String ID: 2004282921-149943524
Opcode ID: 5d6c2f79357090950899d93de7d3641f261afb3f4bf2f8be1211dfb2002849bd
Instruction ID: c21fa7c0f88e5f864d1b9c18edc2a42e5b7f461097f0be270731fe42c60026f7
Opcode Fuzzy Hash: 5d6c2f79357090950899d93de7d3641f261afb3f4bf2f8be1211dfb2002849bd
Instruction Fuzzy Hash: D051D570548B848FE7A4EB58C588F9EB7E1FBE5706F108D6DE189C32A0D7319944CB86

Function 00007FF651FE9BC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

00007FFBC92FA0D0.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF651FE9D80

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF651FE9CBF
max_error > 0.0f, xrefs: 00007FF651FE9CC6

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$max_error > 0.0f
API String ID: 3568877910-3636960062
Opcode ID: 2d8c68fd8c5bb8b87b140409164d2f812e6f1a4e4eb9dcfa91aef82d2f7fa76f
Instruction ID: 2206433e4cd274dd3cc8c4f3e9b0582d43baca4818082416551c555d971810a5
Opcode Fuzzy Hash: 2d8c68fd8c5bb8b87b140409164d2f812e6f1a4e4eb9dcfa91aef82d2f7fa76f
Instruction Fuzzy Hash: 9461E432D087CA86E7529B3684412B9B790FF69748F1CC732EA89771A8DF68F4D58610

Function 00007FF652000E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652000F2F

Strings

g.SettingsWindows.empty(), xrefs: 00007FF652000E7A
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF652000E73

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.SettingsWindows.empty()
API String ID: 2739980228-1747592857
Opcode ID: 007d639a8cd7b77cc5edf28a83578d95d254dd57ba70a5d0a04cb8c2922fc2c3
Instruction ID: f970a710469fd0e22b4ebc2fc31b3f3e812ff39703cc3d969ae9256859a18aee
Opcode Fuzzy Hash: 007d639a8cd7b77cc5edf28a83578d95d254dd57ba70a5d0a04cb8c2922fc2c3
Instruction Fuzzy Hash: CB41E932A1AA8686E740DF21E8545B97361FB54B8CF9C4136EE4DA7B45EF7CE04AC700

Function 00007FF652002A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652002BA4

Strings

i >= 0 && i < Size, xrefs: 00007FF652002A96, 00007FF652002AC6
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652002A8F, 00007FF652002ABF

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2739980228-1817040388
Opcode ID: f6f134c6f70e70a5f67602879e6ff25eb996bc56e58a3c119fb5f52a3a42ffc6
Instruction ID: 1f55569ee544c77391bc8aa4399fded2d12c945302bb4faf3d3cb64e7eb4e04e
Opcode Fuzzy Hash: f6f134c6f70e70a5f67602879e6ff25eb996bc56e58a3c119fb5f52a3a42ffc6
Instruction Fuzzy Hash: 6C41C132609A8287EB14DF25E8805A87374FB54788F984232DB4DD77A0DF78E5AAC740

Function 00007FF652002BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF652002D10

Strings

i >= 0 && i < Size, xrefs: 00007FF652002C16, 00007FF652002C46
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652002C0F, 00007FF652002C3F

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2739980228-1817040388
Opcode ID: 096fc74e7037803a42b3bc3964d1e045c6bae19edca2c2f8db86bb480efd3f02
Instruction ID: fc85ec5acb1c3b00c92dc0005d7a799ecfb68bc1dc6701ac5025f61de3075301
Opcode Fuzzy Hash: 096fc74e7037803a42b3bc3964d1e045c6bae19edca2c2f8db86bb480efd3f02
Instruction Fuzzy Hash: 3341E332A0AA8686E704DF14EC945B87374FB54B8CB984132DE4D973A4DF7CE55AC740

Function 00007FF652002810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF65200293C

Strings

i >= 0 && i < Size, xrefs: 00007FF652002858, 00007FF652002887
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652002851, 00007FF652002880

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2739980228-1817040388
Opcode ID: 7d718059540f4397f11364e14e6c0172c7d24b79ff19bcccd19762cda495cffe
Instruction ID: 2a87ab31dfb0932c67e8ec4106a727f8d53d16e92d6b6db1d9c82d64b84e6bc9
Opcode Fuzzy Hash: 7d718059540f4397f11364e14e6c0172c7d24b79ff19bcccd19762cda495cffe
Instruction Fuzzy Hash: F131B172A0AA9687E704DF14E8801B873B0FB54B8CB984136DA4D977A4DF7CE59BC740

Function 00007FF651FEB200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

00007FFBC92E49A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF651FEB28E

Strings

i >= 0 && i < Size, xrefs: 00007FF651FEB2BC
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF651FEB2B5

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 3568877910-1817040388
Opcode ID: 3a94cb1d79306fdc9a050dd449591057f5d3f3fa0e938ade244f3a3a1197444a
Instruction ID: 470830722237ff6a9722c650c688e3f475006e9a0ec9a26cbbed091150043368
Opcode Fuzzy Hash: 3a94cb1d79306fdc9a050dd449591057f5d3f3fa0e938ade244f3a3a1197444a
Instruction Fuzzy Hash: B421B131B1868786EBA58B15E8806AD67A0FF85B84F4C5235DA8E97758CE3CE546C700

Function 00007FF652025F80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140 ref: 00007FF652026070

Part of subcall function 00007FF652003900: 00007FFBBBD91310.VCRUNTIME140 ref: 00007FF65200393C
Part of subcall function 00007FF652003900: 00007FFBC92DF020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6520039BA

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF652026004
state->TextA.Data != 0, xrefs: 00007FF65202600B

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007$D91310$F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$state->TextA.Data != 0
API String ID: 2829325567-1138122324
Opcode ID: 68e42b137ae8442a878239fc68f020be54ccb08d0e866b134796feb8c254f3d3
Instruction ID: 00aef0edf66ecea1da7a221fa90f503fe255957a32963f2855b0b079b46491f8
Opcode Fuzzy Hash: 68e42b137ae8442a878239fc68f020be54ccb08d0e866b134796feb8c254f3d3
Instruction Fuzzy Hash: 29219A72B0664286E719CF35DC952B923A1EB84B4DF4C5036EE4DDB248DFBCE5898710

Function 00007FF652003820 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140(?,?,00000000,00007FF651FED62F), ref: 00007FF6520038C4

Strings

it >= Data && it <= Data + Size, xrefs: 00007FF65200385D
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF652003856

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$it >= Data && it <= Data + Size
API String ID: 1541411109-3870282576
Opcode ID: 84a9b61979137050a1197245c5bdd7e55bba15df666dd3b8409ce5f9d3bc927c
Instruction ID: 60c6f15ccfe6a50ac1be08a13fdc3d90c7a8f8c25e1defce3eb7b87796c5764a
Opcode Fuzzy Hash: 84a9b61979137050a1197245c5bdd7e55bba15df666dd3b8409ce5f9d3bc927c
Instruction Fuzzy Hash: 9D219FB2B16A8182FF18CF1AEA411686321FB54B88B8CD035DB5DA7B45DF6CF5A5C340

Function 00007FF652001E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

00007FFBCA8C2E80.IMM32 ref: 00007FF652001EA2

Strings

@, xrefs: 00007FF652001EF3
, xrefs: 00007FF652001EB5

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007
String ID: $@
API String ID: 3568877910-1077428164
Opcode ID: 4be356fa8e074784c90dbf701479d069685c3cbf6e883b402ec0f34ae6b6c832
Instruction ID: 3b523c627d122bb570ef220e9ed82371037e3861a107aa4c4a02a633b3283f85
Opcode Fuzzy Hash: 4be356fa8e074784c90dbf701479d069685c3cbf6e883b402ec0f34ae6b6c832
Instruction Fuzzy Hash: 31115BB290978187D725CF21F54462AB3A1FB99B88F184225EBC957B18DF7CE895CF00

Function 00007FF652017320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

00007FFBBBD91310.VCRUNTIME140(?,?,00000000,00007FF652017563,?,?,00000000,00007FF652011FCF), ref: 00007FF6520173A6

Strings

stb__dout + length <= stb__barrier_out_e, xrefs: 00007FF652017358
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF652017351

Memory Dump Source

Source File: 00000000.00000002.3892755396.00007FF651FE1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF651FE0000, based on PE: true

Associated: 00000000.00000002.3892722469.00007FF651FE0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF652350000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF65235A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6524E3000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3892755396.00007FF6526B1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893239468.00007FF6526B2000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3893270465.00007FF6526B3000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff651fe0000_WaveExecutor.jbxd

Similarity

API ID: 00007D91310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$stb__dout + length <= stb__barrier_out_e
API String ID: 1541411109-3603624656
Opcode ID: 17ca0878dc678fdc762dde65a4cd07555298fce1ac43a8728e7920541c5b5e5c
Instruction ID: 47d0308b99e71c38cf273a46dc0d2c24500d9b50b6bfe59b46b3cbb4d0a697dd
Opcode Fuzzy Hash: 17ca0878dc678fdc762dde65a4cd07555298fce1ac43a8728e7920541c5b5e5c
Instruction Fuzzy Hash: C9116131B0EA5281EB448B02FC800696361FB88BC8F8C50B1DA5DA3728DFBDE5D5C300

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report WaveExecutor.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\0JUUKU8Y.htm

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
WaveExecutor.exe

Function 00007FF652034320 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 888
windowCOMMON

Function 00007FF65202F7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150
libraryloaderCOMMON

Function 00007FF652030330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182
keyboardCOMMON

Function 00007FF65202F2F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 215
COMMON

Function 00007FF652033B90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126
nativeCOMMON

Function 000002C33ACEF46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Function 000002C33ADD10E0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Function 00007FF65202EA60 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 374
COMMON

Function 00007FF6520326C0 Relevance: 15.5, APIs: 10, Instructions: 516
COMMON

Function 00007FF652033DE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59
registryCOMMON

Function 00007FF652036800 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151
windowCOMMON

Function 000002C33ACC6FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Function 000002C33ADA9E50 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON