Edit tour

Windows Analysis Report
WaveExecutor.exe

Overview

General Information

Sample name:	WaveExecutor.exe
Analysis ID:	1570766
MD5:	20530c9bc61569e79d6ffece7f7e426a
SHA1:	fe3dca7b627e8d3ae49d2e9c9145581f108330f2
SHA256:	76dbac3dc4d2dc8aa1e0e8de0d8f4d57172a8be90fc3ef535159ef649d762dd5
Tags:	exeuser-aachum
Infos:

Detection

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

PE file contains section with special chars

Tries to harvest and steal browser information (history, passwords, etc)

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the clipboard data

Detected potential crypto function

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

WaveExecutor.exe (PID: 5660 cmdline: "C:\Users\user\Desktop\WaveExecutor.exe" MD5: 20530C9BC61569E79D6FFECE7F7E426A)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: WaveExecutor.exe PID: 5660	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.WaveExecutor.exe.23830c8f1d0.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-08T02:20:20.379643+0100	2803274	2	Potentially Bad Traffic	192.168.2.5	49704	104.26.8.59	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: WaveExecutor.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: WaveExecutor.exe	ReversingLabs: Detection: 21%
Source: WaveExecutor.exe	Virustotal: Detection: 22%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: WaveExecutor.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_0000023830C07750 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,

0_2_0000023830C07750

Source: unknown

HTTPS traffic detected: 104.26.8.59:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: WaveExecutor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: WaveExecutor.exe, 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_0000023830B6F46A Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,type_info::_name_internal_method,

0_2_0000023830B6F46A

Source: Joe Sandbox View

IP Address: 104.26.8.59 104.26.8.59

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49704 -> 104.26.8.59:443

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: global traffic

DNS traffic detected: DNS query: api.myip.com

Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://https/:://websocketpp.processorGeneric
Source: WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2092380311.0000023830AF7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2081061687.0000023830AF3000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2098731426.0000023830AFB000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3884734345.0000023830B11000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2239184718.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2245590997.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2227642640.0000023830AFA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2252206172.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2107968318.0000023830B02000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2189487968.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071700097.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2084849656.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2087412868.0000023830AF7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2098472823.0000023830AF7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2216852864.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2116665136.0000023830AF6000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2101038068.0000023830AF6000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2147002085.0000023830ADB000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2105261193.0000023830AF6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/Russia
Source: WaveExecutor.exe, 00000000.00000003.2071700097.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2084849656.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2086876634.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3885062139.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/oZ
Source: WaveExecutor.exe, 00000000.00000003.2092380311.0000023830AF7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2081061687.0000023830AF3000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2098731426.0000023830AFB000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3884734345.0000023830B11000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2239184718.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2245590997.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2227642640.0000023830AFA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2252206172.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2107968318.0000023830B02000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2189487968.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2087412868.0000023830AF7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2098472823.0000023830AF7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2216852864.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2116665136.0000023830AF6000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2101038068.0000023830AF6000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2105261193.0000023830AF6000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2166369796.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2258234006.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2170700818.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2119493614.0000023830AFD000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2126774495.0000023830B06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/qI
Source: WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2050747203.0000023832B02000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071857072.0000023832AFE000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2050368050.0000023832AFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage
Source: WaveExecutor.exe, 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold
Source: WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: WaveExecutor.exe, 00000000.00000003.2079759931.00000238329A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f10
Source: WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 104.26.8.59:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF7AB961C20 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,

0_2_00007FF7AB961C20

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF7AB961D70 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,

0_2_00007FF7AB961D70

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF7AB961C20 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,

0_2_00007FF7AB961C20

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB990330 GetClientRect,QueryPerformanceCounter,GetForegroundWindow,ClientToScreen,SetCursorPos,GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00007FF7AB990330
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB990D02 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00007FF7AB990D02

System Summary

PE file contains section with special chars

Source: WaveExecutor.exe	Static PE information: section name: "aR
Source: WaveExecutor.exe	Static PE information: section name: b@b8

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF7AB993B90 PostQuitMessage,GetWindowRect,SetWindowPos,NtdllDefWindowProc_A,

0_2_00007FF7AB993B90

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB98FCE0	0_2_00007FF7AB98FCE0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB994320	0_2_00007FF7AB994320
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB990330	0_2_00007FF7AB990330
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB98F2F0	0_2_00007FF7AB98F2F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB98EA60	0_2_00007FF7AB98EA60
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB96C270	0_2_00007FF7AB96C270
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB986090	0_2_00007FF7AB986090
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB9725F0	0_2_00007FF7AB9725F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB946CB0	0_2_00007FF7AB946CB0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB990D02	0_2_00007FF7AB990D02
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB96BD10	0_2_00007FF7AB96BD10
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB977CE0	0_2_00007FF7AB977CE0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB9654F0	0_2_00007FF7AB9654F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB966C90	0_2_00007FF7AB966C90
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB976BC0	0_2_00007FF7AB976BC0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB94FBB0	0_2_00007FF7AB94FBB0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB98CB40	0_2_00007FF7AB98CB40
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB96DB50	0_2_00007FF7AB96DB50
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB95038C	0_2_00007FF7AB95038C
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB947390	0_2_00007FF7AB947390
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB98A370	0_2_00007FF7AB98A370
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB950AC1	0_2_00007FF7AB950AC1
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB98C310	0_2_00007FF7AB98C310
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB95C250	0_2_00007FF7AB95C250
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB95F250	0_2_00007FF7AB95F250
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB955A30	0_2_00007FF7AB955A30
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB98BA80	0_2_00007FF7AB98BA80
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB95E1C0	0_2_00007FF7AB95E1C0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB95FA00	0_2_00007FF7AB95FA00
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB982A00	0_2_00007FF7AB982A00
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB97F9E0	0_2_00007FF7AB97F9E0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB9759E0	0_2_00007FF7AB9759E0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB96B1E0	0_2_00007FF7AB96B1E0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB951057	0_2_00007FF7AB951057
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB96BFC0	0_2_00007FF7AB96BFC0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB94DFB0	0_2_00007FF7AB94DFB0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB9797F0	0_2_00007FF7AB9797F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB949730	0_2_00007FF7AB949730
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB951788	0_2_00007FF7AB951788
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB956EC0	0_2_00007FF7AB956EC0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB9696B0	0_2_00007FF7AB9696B0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB967EF0	0_2_00007FF7AB967EF0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB9546F0	0_2_00007FF7AB9546F0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB95D620	0_2_00007FF7AB95D620
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB954620	0_2_00007FF7AB954620
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB97CDD0	0_2_00007FF7AB97CDD0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB950597	0_2_00007FF7AB950597
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB98E5B0	0_2_00007FF7AB98E5B0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB949E10	0_2_00007FF7AB949E10
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB980DE0	0_2_00007FF7AB980DE0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB9515F4	0_2_00007FF7AB9515F4
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB96AD40	0_2_00007FF7AB96AD40
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB97D530	0_2_00007FF7AB97D530
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_00007FF7AB945D90	0_2_00007FF7AB945D90
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_0000023830B93841	0_2_0000023830B93841
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_0000023830B5BA30	0_2_0000023830B5BA30
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: 0_2_0000023830C32720	0_2_0000023830C32720

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: String function: 00007FF7AB99D440 appears 930 times
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: String function: 00007FF7AB961F40 appears 41 times
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: String function: 00007FF7AB9585B0 appears 35 times

Source: WaveExecutor.exe	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM)
Source: WaveExecutor.exe	Static PE information: Resource name: RT_RCDATA type: ARJ archive data, v65, multi-volume, slash-switched, backup, original name: \026)\246\274\303F"\306\005\301\206y\363\207\203X\304\254\227\252iV6\322\006\207\374\3137D\234T"\360;]w\263\233r\361\371\011<\337\274H\\234\220\365,

Source: WaveExecutor.exe

Static PE information: Section: bbbb ZLIB complexity 0.999073478746118

Source: classification engine

Classification label: mal84.spyw.evad.winEXE@1/1@1/1

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_0000023830B46FE0 std::_Fac_node::_Fac_node,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,

0_2_0000023830B46FE0

Source: C:\Users\user\Desktop\WaveExecutor.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\9W4PXN0Z.htm

Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: WaveExecutor.exe, 00000000.00000002.3883600686.000002382C1AC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE context_annotations(visit_id INTEGER PRIMARY KEY,context_annotation_flags INTEGER NOT NULL,duration_since_last_visit INTEGER,page_end_reason INTEGER,total_foreground_duration INTEGER,browser_type INTEGER DEFAULT 0 NOT NULL,window_id INTEGER DEFAULT -1 NOT NULL,tab_id INTEGER DEFAULT -1 NOT NULL,task_id INTEGER DEFAULT -1 NOT NULL,root_task_id INTEGER DEFAULT -1 NOT NULL,parent_task_id INTEGER DEFAULT -1 NOT NULL,response_code INTEGER DEFAULT 0 NOT NULL);
Source: WaveExecutor.exe, 00000000.00000003.2071700097.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2084849656.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2086876634.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3885062139.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE credit_cards (guid VARCHAR PRIMARY KEY, name_on_card VARCHAR, expiration_month INTEGER, expiration_year INTEGER, card_number_encrypted BLOB, date_modified INTEGER NOT NULL DEFAULT 0, origin VARCHAR DEFAULT '', use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0, billing_address_id VARCHAR, nickname VARCHAR);tGc
Source: WaveExecutor.exe, 00000000.00000003.2243930070.00000238329F8000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2049360841.0000023832AFA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: WaveExecutor.exe	ReversingLabs: Detection: 21%
Source: WaveExecutor.exe	Virustotal: Detection: 22%

Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: xinput1_4.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: WaveExecutor.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: WaveExecutor.exe

Static file information: File size 1390123 > 1048576

Source: WaveExecutor.exe

Static PE information: Raw size of bbbb is bigger than: 0x100000 < 0x142000

Source: WaveExecutor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: WaveExecutor.exe, 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\WaveExecutor.exe

Unpacked PE file: 0.2.WaveExecutor.exe.7ff7ab940000.1.unpack "aR:EW;bbbb:EW;Unknown_Section2:W; vs "aR:ER;bbbb:ER;Unknown_Section2:W;

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF7AB98F7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,

0_2_00007FF7AB98F7A0

Source: initial sample

Static PE information: section where entry point is pointing to: bbbb

Source: WaveExecutor.exe	Static PE information: section name: "aR
Source: WaveExecutor.exe	Static PE information: section name: bbbb
Source: WaveExecutor.exe	Static PE information: section name: b@b8

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_0000023830B84970 push es; ret

0_2_0000023830B8497F

Source: WaveExecutor.exe

Static PE information: section name: bbbb entropy: 7.9997575830156915

Source: C:\Users\user\Desktop\WaveExecutor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe	Window / User API: threadDelayed 5629			Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	Window / User API: foregroundWindowGot 1663			Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\WaveExecutor.exe

0_2_0000023830B6F46A

Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsdvboxserviceu
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtrayx64dbgh
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: P}GUqEmuneLbN\
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: WaveExecutor.exe, 00000000.00000003.2252206172.0000023830B24000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2107968318.0000023830B24000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2075216465.0000023830B24000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2101038068.0000023830B24000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2258234006.0000023830B24000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2245590997.0000023830B24000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2170700818.0000023830B24000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2201180760.0000023830B24000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2146951068.0000023830B24000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2166369796.0000023830B24000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-gaVGAuthServicevmwaretrayv
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray
Source: WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: wiresharkvmwareuseri
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: WaveExecutor.exe, 00000000.00000003.2195268760.0000023832A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\WaveExecutor.exe

API call chain: ExitProcess graph end node

graph_0-91497

Source: C:\Users\user\Desktop\WaveExecutor.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF7AB99C0F8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7AB99C0F8

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF7AB98F7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,

0_2_00007FF7AB98F7A0

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF7AB99C0F8 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7AB99C0F8

Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,		0_2_00007FF7AB98F7A0
Source: C:\Users\user\Desktop\WaveExecutor.exe	Code function: GetKeyboardLayout,GetLocaleInfoA,		0_2_00007FF7AB99105B

Source: C:\Users\user\Desktop\WaveExecutor.exe

Code function: 0_2_00007FF7AB99C388 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7AB99C388

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: WaveExecutor.exe	String found in binary or memory: Electrum
Source: WaveExecutor.exe	String found in binary or memory: \ElectronCash\wallets
Source: WaveExecutor.exe	String found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: WaveExecutor.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: WaveExecutor.exe	String found in binary or memory: \Ethereum\keystore
Source: WaveExecutor.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: WaveExecutor.exe	String found in binary or memory: Ethereum
Source: WaveExecutor.exe	String found in binary or memory: \Coinomi\Coinomi\wallets
Source: WaveExecutor.exe	String found in binary or memory: \Ethereum\keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\WaveExecutor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Source: Yara match	File source: 0.2.WaveExecutor.exe.23830c8f1d0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: WaveExecutor.exe PID: 5660, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Input Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	1 Input Capture	1 Query Registry	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	11 Security Software Discovery	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	2 Process Discovery	Distributed Component Object Model	3 Clipboard Data	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	12 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
WaveExecutor.exe	21%	ReversingLabs
WaveExecutor.exe	23%	Virustotal		Browse
WaveExecutor.exe	100%	Avira	HEUR/AGEN.1314582
WaveExecutor.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://https://https/:://websocketpp.processorGeneric	0%	Avira URL Cloud	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	Avira URL Cloud	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.myip.com	104.26.8.59	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.myip.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://https://https/:://websocketpp.processorGeneric	WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f10	WaveExecutor.exe, 00000000.00000003.2079759931.00000238329A2000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage	WaveExecutor.exe, WaveExecutor.exe, 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2050747203.0000023832B02000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071857072.0000023832AFE000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2050368050.0000023832AFF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/Russia	WaveExecutor.exe, 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp	false		high
https://api.myip.com/oZ	WaveExecutor.exe, 00000000.00000003.2071700097.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2084849656.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2086876634.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3885062139.0000023830FFC000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold	WaveExecutor.exe, 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp	false		high
https://www.ecosia.org/newtab/	WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/qI	WaveExecutor.exe, 00000000.00000003.2092380311.0000023830AF7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2081061687.0000023830AF3000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2098731426.0000023830AFB000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000002.3884734345.0000023830B11000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2239184718.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2245590997.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2227642640.0000023830AFA000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2252206172.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2107968318.0000023830B02000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2189487968.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2087412868.0000023830AF7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2098472823.0000023830AF7000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2216852864.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2116665136.0000023830AF6000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2101038068.0000023830AF6000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2105261193.0000023830AF6000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2166369796.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2258234006.0000023830B06000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2170700818.0000023830AFC000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2119493614.0000023830AFD000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2126774495.0000023830B06000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	WaveExecutor.exe, 00000000.00000003.2071857072.00000238329A5000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2071413592.0000023833B5F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	WaveExecutor.exe, 00000000.00000003.2117129718.0000023832B1C000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2085191353.0000023832B3D000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2193600154.000002383299B000.00000004.00000020.00020000.00000000.sdmp, WaveExecutor.exe, 00000000.00000003.2115574047.0000023833B0D000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.8.59	api.myip.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1570766
Start date and time:	2024-12-08 02:19:28 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	WaveExecutor.exe
Detection:	MAL
Classification:	mal84.spyw.evad.winEXE@1/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 88% Number of executed functions: 36 Number of non-executed functions: 122
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.8.59	http://jquery0.com/jWXxbH	Get hash	malicious	GRQ Scam	Browse	trk.adtrk18.com/aff_c?offer_id=15108&aff_id=1850&url_id=14904&aff_sub=3f757dd3-a86d-4368-82fc-2285b4d19731&aff_sub5=cm3l130515

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.myip.com	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	Amadey, Cryptbot	Browse	172.67.75.163
	file.exe	Get hash	malicious	Amadey, XWorm	Browse	172.67.75.163
	file.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	file.exe	Get hash	malicious	LummaC, Ailurophile Stealer, Amadey, LummaC Stealer, Stealc	Browse	104.26.9.59

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Xeno Executor.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.13.205
	Delta.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	file.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.165.166
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.36.51
	'Set-up.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.185.163
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.24.90
	Setup.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.185.163

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	Xeno Executor.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.8.59
	file.exe	Get hash	malicious	Amadey, CredGrabber, LummaC Stealer, Meduza Stealer, Stealc, Vidar	Browse	104.26.8.59
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.8.59
	malware.exe	Get hash	malicious	Targeted Ransomware, TrojanRansom	Browse	104.26.8.59
	INQUIRY REQUEST AND PRICES_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.8.59
	Bank Swift and SOA PRN00720031415453_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.8.59
	RFQ Order list #2667747.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.26.8.59

Process:	C:\Users\user\Desktop\WaveExecutor.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.3585198384225
Encrypted:	false
SSDEEP:	3:YMb1gXMlJ9eMfQxaNmGGL4:YMeX6uxaNmRL4
MD5:	E86153F34E01C5AED461F812D7472D86
SHA1:	CB4491FAC004B18059BA1BDDFE2CD5696CD94F87
SHA-256:	D174A4EFD5E9EAC12E0161D4C4A1D5C26122C4C5EA6A1BE49D7A277B535CB2DF
SHA-512:	CA8A07D9515808AC4331D1790F75C2A05672E299366DE0A0EE55698F8679B366428DFB18E8390FF034B58E3D0D05165F4C9EE8F7481B7509B51A18A84DF5F51B
Malicious:	false
Reputation:	low
Preview:	{"ip":"8.46.123.228","country":"United States","cc":"US"}

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.942431434635199
TrID:	Win64 Executable GUI (202006/5) 93.52% Win64 Executable (generic) (12005/4) 5.56% DOS Executable Generic (2002/1) 0.93%
File name:	WaveExecutor.exe
File size:	1'390'123 bytes
MD5:	20530c9bc61569e79d6ffece7f7e426a
SHA1:	fe3dca7b627e8d3ae49d2e9c9145581f108330f2
SHA256:	76dbac3dc4d2dc8aa1e0e8de0d8f4d57172a8be90fc3ef535159ef649d762dd5
SHA512:	b082c75d0cd5ce6249b06d814457352bf8f49d36fa2a9c697833ff0802e286f03b6bcf9edb2f3084fbfef876a6be37cec1ddd1747d90b1f772dee6b92cb23cce
SSDEEP:	24576:Ji25ZYwRgccqI/ZtjnftODZkIox/qLgzAlpe5Jwyytys4+/u9UkzVTMoxwz:BXmIdkf/qLg0Sf1duuBGUa
TLSH:	5855122FB3D42725D974D5B38AE7C30AB730A1A1D676CB6B09C14E5FA16A0026B47F1C
File Content Preview:	MZ......................@.2.92.UPX!._0x0023603..........................!..L.!This program cannot be run in DOS mode....$........z...............c.......................................c................................t.............Rich...................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x1406d2210
Entrypoint Section:	bbbb
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6753058D [Fri Dec 6 14:09:17 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	bd2500bb87e3a94d2777b94c3c55a684

Entrypoint Preview

Instruction
push ebx
push esi
push edi
push ebp
dec eax
lea esi, dword ptr [FFEBEDE5h]
dec eax
lea edi, dword ptr [esi-00590000h]
push edi
mov eax, 006D0D9Dh
push eax
dec eax
mov ecx, esp
dec eax
mov edx, edi
dec eax
mov edi, esi
mov esi, 00141201h
push ebp
dec eax
mov ebp, esp
inc esp
mov ecx, dword ptr [ecx]
dec ecx
mov eax, edx
dec eax
mov edx, esi
dec eax
lea esi, dword ptr [edi+02h]
push esi
mov al, byte ptr [edi]
dec edx
mov cl, al
and al, 07h
shr cl, 00000003h
dec eax
mov ebx, FFFFFD00h
dec eax
shl ebx, cl
mov cl, al
dec eax
lea ebx, dword ptr [esp+ebx*2-00000E78h]
dec eax
and ebx, FFFFFFC0h
push 00000000h
dec eax
cmp esp, ebx
jne 00007F57B8FC7EFBh
push ebx
dec eax
lea edi, dword ptr [ebx+08h]
mov cl, byte ptr [esi-01h]
dec edx
mov byte ptr [edi+02h], al
mov al, cl
shr cl, 00000004h
mov byte ptr [edi+01h], cl
and al, 0Fh
mov byte ptr [edi], al
dec eax
lea ecx, dword ptr [edi-04h]
push eax
inc ecx
push edi
dec eax
lea eax, dword ptr [edi+04h]
inc ebp
xor edi, edi
inc ecx
push esi
inc ecx
mov esi, 00000001h
inc ecx
push ebp
inc ebp
xor ebp, ebp
inc ecx
push esp
push ebp
push ebx
dec eax
sub esp, 48h
dec eax
mov dword ptr [esp+38h], ecx
dec eax
mov dword ptr [esp+20h], eax
mov eax, 00000001h
dec eax
mov dword ptr [esp+40h], esi
dec esp
mov dword ptr [esp+30h], eax
mov ebx, eax
inc esp
mov dword ptr [esp+2Ch], ecx
movzx ecx, byte ptr [edi+02h]
shl ebx, cl
mov ecx, ebx

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[IMP] VS2005 build 50727

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6e3c94	0x4c0	b@b8
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x6d3000	0x10c94	b@b8
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x371000	0x43bc	"aR
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6e4154	0x20	b@b8
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x6d2df0	0x28	bbbb
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x6d2e20	0x140	bbbb
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
"aR	0x1000	0x590000	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bbbb	0x591000	0x142000	0x142000	9cb2738f30eee3b9289923700fa0b1c5	False	0.999073478746118	data	7.9997575830156915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
b@b8	0x6d3000	0x12000	0x11200	7203ffef5d1e7538bd4a499cb093a19b	False	0.2558308622262774	data	3.946927594863314	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
None	0x6e3ad0	0x2e	data			1.108695652173913
RT_RCDATA	0x386afc	0x3201	empty			0
RT_RCDATA	0x389d00	0x3201	empty			0
RT_RCDATA	0x38cf04	0x3201	empty			0
RT_RCDATA	0x390108	0x3201	empty			0
RT_RCDATA	0x39330c	0x3201	empty			0
RT_RCDATA	0x396510	0x3201	empty			0
RT_RCDATA	0x399714	0x3201	empty			0
RT_RCDATA	0x39c918	0x3201	empty			0
RT_RCDATA	0x39fb1c	0x3201	empty			0
RT_RCDATA	0x3a2d20	0x3201	empty			0
RT_RCDATA	0x3a5f24	0x3201	empty			0
RT_RCDATA	0x3a9128	0x3201	empty			0
RT_RCDATA	0x3ac32c	0x3201	empty			0
RT_RCDATA	0x3af530	0x3201	empty			0
RT_RCDATA	0x3b2734	0x3201	empty			0
RT_RCDATA	0x3b5938	0x3201	empty			0
RT_RCDATA	0x3b8b3c	0x3201	empty			0
RT_RCDATA	0x3bbd40	0x3201	empty			0
RT_RCDATA	0x3bef44	0x3201	empty			0
RT_RCDATA	0x3c2148	0x3201	empty			0
RT_RCDATA	0x3c534c	0x3201	empty			0
RT_RCDATA	0x3c8550	0x3201	empty			0
RT_RCDATA	0x3cb754	0x3201	empty			0
RT_RCDATA	0x3ce958	0x3201	empty			0
RT_RCDATA	0x3d1b5c	0x3201	empty			0
RT_RCDATA	0x3d4d60	0x3201	empty			0
RT_RCDATA	0x3d7f64	0x3201	empty			0
RT_RCDATA	0x3db168	0x3201	empty			0
RT_RCDATA	0x3de36c	0x3201	empty			0
RT_RCDATA	0x3e1570	0x3201	empty			0
RT_RCDATA	0x3e4774	0x3201	empty			0
RT_RCDATA	0x3e7978	0x76	empty			0
RT_RCDATA	0x3e79f0	0x22	empty			0
RT_RCDATA	0x3e7a14	0x3201	empty			0
RT_RCDATA	0x3eac18	0x3201	empty			0
RT_RCDATA	0x3ede1c	0x3201	empty			0
RT_RCDATA	0x3f1020	0x3201	empty			0
RT_RCDATA	0x3f4224	0x3201	empty			0
RT_RCDATA	0x3f7428	0x3201	empty			0
RT_RCDATA	0x3fa62c	0x3201	empty			0
RT_RCDATA	0x3fd830	0x3201	empty			0
RT_RCDATA	0x400a34	0x3201	empty			0
RT_RCDATA	0x403c38	0x3201	empty			0
RT_RCDATA	0x406e3c	0x3201	empty			0
RT_RCDATA	0x40a040	0x3201	empty			0
RT_RCDATA	0x40d244	0x740	empty			0
RT_RCDATA	0x40d984	0xf	empty			0
RT_RCDATA	0x40d994	0x3201	empty			0
RT_RCDATA	0x410b98	0x3201	empty			0
RT_RCDATA	0x413d9c	0x3201	empty			0
RT_RCDATA	0x416fa0	0x3201	empty			0
RT_RCDATA	0x41a1a4	0xe96ce	empty			0
RT_RCDATA	0x503874	0x3201	empty			0
RT_RCDATA	0x506a78	0x90ed	empty			0
RT_RCDATA	0x50fb68	0x3201	empty			0
RT_RCDATA	0x512d6c	0x3201	empty			0
RT_RCDATA	0x515f70	0x3201	empty			0
RT_RCDATA	0x519174	0x3201	empty			0
RT_RCDATA	0x51c378	0x3201	empty			0
RT_RCDATA	0x51f57c	0x55	empty			0
RT_RCDATA	0x51f5d4	0x3201	empty			0
RT_RCDATA	0x5227d8	0x3201	empty			0
RT_RCDATA	0x5259dc	0x3201	empty			0
RT_RCDATA	0x528be0	0x9e	empty			0
RT_RCDATA	0x528c80	0x1f2	empty			0
RT_RCDATA	0x528e74	0x3201	empty			0
RT_RCDATA	0x52c078	0x3201	empty			0
RT_RCDATA	0x52f27c	0x3201	empty			0
RT_RCDATA	0x532480	0x3201	empty			0
RT_RCDATA	0x535684	0x3201	empty			0
RT_RCDATA	0x538888	0x3201	empty			0
RT_RCDATA	0x53ba8c	0x3201	empty			0
RT_RCDATA	0x53ec90	0x7d	empty			0
RT_RCDATA	0x53ed10	0x7d	empty			0
RT_RCDATA	0x53ed90	0x7d	empty			0
RT_RCDATA	0x53ee10	0x7d	empty			0
RT_RCDATA	0x53ee90	0x7d	empty			0
RT_RCDATA	0x53ef10	0x7d	empty			0
RT_RCDATA	0x53ef90	0x7d	empty			0
RT_RCDATA	0x53f010	0x7d	empty			0
RT_RCDATA	0x53f090	0x7d	empty			0
RT_RCDATA	0x53f110	0x7d	empty			0
RT_RCDATA	0x53f190	0x7d	empty			0
RT_RCDATA	0x53f210	0x7d	empty			0
RT_RCDATA	0x53f290	0x7d	empty			0
RT_RCDATA	0x53f310	0x7d	empty			0
RT_RCDATA	0x53f390	0x7d	empty			0
RT_RCDATA	0x53f410	0x3201	empty			0
RT_RCDATA	0x542614	0x3201	empty			0
RT_RCDATA	0x545818	0x3201	empty			0
RT_RCDATA	0x548a1c	0x3201	empty			0
RT_RCDATA	0x54bc20	0x3201	empty			0
RT_RCDATA	0x54ee24	0x3201	empty			0
RT_RCDATA	0x552028	0x3201	empty			0
RT_RCDATA	0x55522c	0x3201	empty			0
RT_RCDATA	0x558430	0x3201	empty			0
RT_RCDATA	0x55b634	0x3201	empty			0
RT_RCDATA	0x55e838	0x3201	empty			0
RT_RCDATA	0x561a3c	0x3201	empty			0
RT_RCDATA	0x564c40	0x3201	empty			0
RT_RCDATA	0x567e44	0x3201	empty			0
RT_RCDATA	0x56b048	0x3201	empty			0
RT_RCDATA	0x56e24c	0x3201	empty			0
RT_RCDATA	0x571450	0x3201	empty			0
RT_RCDATA	0x574654	0x3201	empty			0
RT_RCDATA	0x577858	0x3201	empty			0
RT_RCDATA	0x57aa5c	0x3201	empty			0
RT_RCDATA	0x57dc60	0x3201	empty			0
RT_RCDATA	0x580e64	0x3201	empty			0
RT_RCDATA	0x584068	0x3201	empty			0
RT_RCDATA	0x58726c	0x3201	empty			0
RT_RCDATA	0x58a470	0x3201	empty			0
RT_RCDATA	0x58d674	0x3201	empty			0
RT_RCDATA	0x590878	0x3201	empty			0
RT_RCDATA	0x593a7c	0x3201	data			1.0008593078665728
RT_RCDATA	0x596c80	0x3201	data			1.0008593078665728
RT_RCDATA	0x599e84	0x3201	data			1.0008593078665728
RT_RCDATA	0x59d088	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a028c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a3490	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a6694	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a9898	0x3201	data			1.0008593078665728
RT_RCDATA	0x5aca9c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5afca0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b2ea4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b60a8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b92ac	0x3201	data			1.0008593078665728
RT_RCDATA	0x5bc4b0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5bf6b4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c28b8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c5abc	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c8cc0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5cbec4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5cf0c8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d22cc	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d54d0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d86d4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5db8d8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5deadc	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e1ce0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e4ee4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e80e8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5eb2ec	0x3201	data			1.0008593078665728
RT_RCDATA	0x5ee4f0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f16f4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f48f8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f7afc	0x3201	DOS executable (COM)			1.0008593078665728
RT_RCDATA	0x5fad00	0x3201	data			1.0008593078665728
RT_RCDATA	0x5fdf04	0x3201	data			1.0008593078665728
RT_RCDATA	0x601108	0x3201	data			1.0008593078665728
RT_RCDATA	0x60430c	0x3201	data			1.0008593078665728
RT_RCDATA	0x607510	0x3201	data			1.0008593078665728
RT_RCDATA	0x60a714	0x3201	data			1.0008593078665728
RT_RCDATA	0x60d918	0x3201	data			1.0008593078665728
RT_RCDATA	0x610b1c	0x3201	data			1.0008593078665728
RT_RCDATA	0x613d20	0x3201	data			1.0008593078665728
RT_RCDATA	0x616f24	0x3201	data			1.0008593078665728
RT_RCDATA	0x61a128	0x3201	data			1.0008593078665728
RT_RCDATA	0x61d32c	0x3201	data			1.0008593078665728
RT_RCDATA	0x620530	0x3201	data			1.0008593078665728
RT_RCDATA	0x623734	0x3201	data			1.0008593078665728
RT_RCDATA	0x626938	0x3201	data			1.0008593078665728
RT_RCDATA	0x629b3c	0x3201	data			1.0008593078665728
RT_RCDATA	0x62cd40	0x3201	data			1.0008593078665728
RT_RCDATA	0x62ff44	0x3201	data			1.0008593078665728
RT_RCDATA	0x633148	0x3201	data			1.0008593078665728
RT_RCDATA	0x63634c	0x3201	data			1.0008593078665728
RT_RCDATA	0x639550	0x3201	data			1.0008593078665728
RT_RCDATA	0x63c754	0x3201	data			1.0008593078665728
RT_RCDATA	0x63f958	0x3201	data			1.0008593078665728
RT_RCDATA	0x642b5c	0x3201	data			1.0008593078665728
RT_RCDATA	0x645d60	0x3201	data			1.0008593078665728
RT_RCDATA	0x648f64	0x3201	data			1.0008593078665728
RT_RCDATA	0x64c168	0x3201	data			1.0008593078665728
RT_RCDATA	0x64f36c	0x3201	data			1.0008593078665728
RT_RCDATA	0x652570	0x3201	data			1.0008593078665728
RT_RCDATA	0x655774	0x3201	data			1.0008593078665728
RT_RCDATA	0x658978	0x3201	data			1.0008593078665728
RT_RCDATA	0x65bb7c	0x3201	data			1.0008593078665728
RT_RCDATA	0x65ed80	0x3201	data			1.0008593078665728
RT_RCDATA	0x661f84	0x3201	data			1.0008593078665728
RT_RCDATA	0x665188	0x3201	data			1.0008593078665728
RT_RCDATA	0x66838c	0x3201	data			1.0008593078665728
RT_RCDATA	0x66b590	0x3201	data			1.0008593078665728
RT_RCDATA	0x66e794	0x3201	data			1.0008593078665728
RT_RCDATA	0x671998	0x3201	data			1.0008593078665728
RT_RCDATA	0x674b9c	0x3201	ARJ archive data, v65, multi-volume, slash-switched, backup, original name: \026)\246\274\303F"\306\005\301\206y\363\207\203X\304\254\227\252iV6\322\006\207\374\3137D\234T"\360;]w\263\233r\361\371\011<\337\274H\\234\220\365,			1.0008593078665728
RT_RCDATA	0x677da0	0x3201	data			1.0008593078665728
RT_RCDATA	0x67afa4	0x3201	data			1.0008593078665728
RT_RCDATA	0x67e1a8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6813ac	0x3201	data			1.0008593078665728
RT_RCDATA	0x6845b0	0x3201	data			1.0008593078665728
RT_RCDATA	0x6877b4	0x3201	data			1.0008593078665728
RT_RCDATA	0x68a9b8	0x3201	data			1.0008593078665728
RT_RCDATA	0x68dbbc	0x3201	data			1.0008593078665728
RT_RCDATA	0x690dc0	0x3201	data			1.0008593078665728
RT_RCDATA	0x693fc4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6971c8	0x3201	data			1.0008593078665728
RT_RCDATA	0x69a3cc	0x3201	data			1.0008593078665728
RT_RCDATA	0x69d5d0	0x3201	data			1.0008593078665728
RT_RCDATA	0x6a07d4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6a39d8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6a6bdc	0x3201	data			1.0008593078665728
RT_RCDATA	0x6a9de0	0x3201	data			1.0008593078665728
RT_RCDATA	0x6acfe4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6b01e8	0x3201	OpenPGP Secret Key			1.0008593078665728
RT_RCDATA	0x6b33ec	0x3201	data			1.0008593078665728
RT_RCDATA	0x6b65f0	0x3201	OpenPGP Secret Key			1.0008593078665728
RT_RCDATA	0x6b97f4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6bc9f8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6bfbfc	0x3201	data			1.0008593078665728
RT_RCDATA	0x6c2e00	0x3201	data			1.0008593078665728
RT_RCDATA	0x6c6004	0x3201	data			1.0008593078665728
RT_MANIFEST	0x6e3b04	0x2	data			5.0
RT_MANIFEST	0x6e3b0c	0x188	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5892857142857143
None	0x6c9394	0x110	data			1.0404411764705883
None	0x6c94a4	0xd6	data			1.0514018691588785
None	0x6c957c	0xd2	data			1.0523809523809524
None	0x6c9650	0x88	data			1.0808823529411764
None	0x6c96d8	0x9c	data			1.0705128205128205
None	0x6c9774	0x15a	data			1.0317919075144508
None	0x6c98d0	0x9c	data			1.0705128205128205
None	0x6c996c	0x11a	data			1.0390070921985815
None	0x6c9a88	0x96	data			1.0733333333333333
None	0x6c9b20	0xbe	data			1.0578947368421052
None	0x6c9be0	0xa2	data			1.0679012345679013
None	0x6c9c84	0xdc	OpenPGP Secret Key			1.05
None	0x6c9d60	0xd0	data			1.0528846153846154
None	0x6c9e30	0xf4	data			1.0450819672131149
None	0x6c9f24	0x114	OpenPGP Public Key			1.039855072463768
None	0x6ca038	0x9c	data			1.0705128205128205
None	0x6ca0d4	0x98	data			1.0723684210526316
None	0x6ca16c	0xa6	data			1.0662650602409638
None	0x6ca214	0xf6	data			1.0447154471544715
None	0x6ca30c	0xcc	data			1.053921568627451
None	0x6ca3d8	0x158	data			1.0319767441860466
None	0x6ca530	0xe0	data			1.0491071428571428
None	0x6ca610	0xa2	data			1.0679012345679013
None	0x6ca6b4	0xbc	data			1.0585106382978724
None	0x6ca770	0xd8	data			1.0509259259259258
None	0x6ca848	0xa6	data			1.0662650602409638
None	0x6ca8f0	0xea	data			1.047008547008547
None	0x6ca9dc	0xe0	data			1.0491071428571428
None	0x6caabc	0xba	data			1.0591397849462365
None	0x6cab78	0xbe	data			1.0578947368421052
None	0x6cac38	0x94	data			1.0743243243243243
None	0x6caccc	0x13e	OpenPGP Public Key Version 5, Created Sun Dec 7 14:05:53 2014, Unknown Algorithm (0x31)			1.0345911949685536
None	0x6cae0c	0xe8	data			1.0474137931034482
None	0x6caef4	0xc4	data			1.0561224489795917
None	0x6cafb8	0xca	data			1.0544554455445545
None	0x6cb084	0x16a	data			1.0303867403314917
None	0x6cb1f0	0xe4	data			1.0482456140350878
None	0x6cb2d4	0x12c	data			1.0366666666666666
None	0x6cb400	0xfe	data			1.0433070866141732
None	0x6cb500	0x158	data			1.0319767441860466
None	0x6cb658	0x116	data			1.039568345323741
None	0x6cb770	0x10a	data			1.0413533834586466
None	0x6cb87c	0x178	data			1.0292553191489362
None	0x6cb9f4	0x70	data			1.0982142857142858
None	0x6cba64	0x66	data			1.107843137254902
None	0x6cbacc	0x9c	data			1.0705128205128205
None	0x6cbb68	0x142	data			1.0341614906832297
None	0x6cbcac	0x15a	data			1.0317919075144508
None	0x6cbe08	0x132	data			1.0359477124183007
None	0x6cbf3c	0x96	data			1.0733333333333333
None	0x6cbfd4	0x160	data			1.03125
None	0x6cc134	0xba	data			1.0591397849462365
None	0x6cc1f0	0x182	data			1.028497409326425
None	0x6cc374	0xbc	data			1.0585106382978724
None	0x6cc430	0xfc	data			1.0436507936507937
None	0x6cc52c	0xd4	data			1.0518867924528301
None	0x6cc600	0x13c	data			1.0348101265822784
None	0x6cc73c	0x13a	data			1.035031847133758
None	0x6cc878	0x86	data			1.0820895522388059
None	0x6cc900	0xb2	data			1.0617977528089888
None	0x6cc9b4	0xe0	data			1.0491071428571428
None	0x6cca94	0x17e	data			1.0287958115183247
None	0x6ccc14	0xc0	data			1.0572916666666667
None	0x6cccd4	0xc6	data			1.0555555555555556
None	0x6ccd9c	0xae	data			1.0632183908045978
None	0x6cce4c	0xd8	data			1.0509259259259258
None	0x6ccf24	0x9e	data			1.0696202531645569
None	0x6ccfc4	0xc6	data			1.0555555555555556
None	0x6cd08c	0xa6	data			1.0662650602409638
None	0x6cd134	0x88	data			1.0808823529411764
None	0x6cd1bc	0x118	data			1.0392857142857144
None	0x6cd2d4	0xda	data			1.0504587155963303
None	0x6cd3b0	0xe2	data			1.0486725663716814
None	0x6cd494	0xcc	OpenPGP Secret Key			1.053921568627451
None	0x6cd560	0x146	data			1.0337423312883436
None	0x6cd6a8	0xdc	data			1.05
None	0x6cd784	0x156	data			1.0321637426900585
None	0x6cd8dc	0xfc	data			1.0436507936507937
None	0x6cd9d8	0xf0	data			1.0458333333333334
None	0x6cdac8	0xde	data			1.0495495495495495
None	0x6cdba8	0x7c	OpenPGP Public Key			1.0887096774193548
None	0x6cdc24	0xd8	data			1.0509259259259258
None	0x6cdcfc	0xac	data			1.063953488372093
None	0x6cdda8	0x102	data			1.0426356589147288
None	0x6cdeac	0x9a	data			1.0714285714285714
None	0x6cdf48	0xc2	data			1.056701030927835
None	0x6ce00c	0xa2	data			1.0679012345679013
None	0x6ce0b0	0xce	data			1.0533980582524272
None	0x6ce180	0x9c	data			1.0705128205128205
None	0x6ce21c	0x144	data			1.0339506172839505
None	0x6ce360	0xb6	data			1.0604395604395604
None	0x6ce418	0x150	data			1.0327380952380953
None	0x6ce568	0x126	data			1.0374149659863945
None	0x6ce690	0xea	data			1.047008547008547
None	0x6ce77c	0x160	data			1.03125
None	0x6ce8dc	0x14a	data			1.0333333333333334
None	0x6cea28	0xaa	data			1.0647058823529412
None	0x6cead4	0xaa	data			1.0647058823529412
None	0x6ceb80	0xb6	data			1.0604395604395604
None	0x6cec38	0x11c	data			1.0387323943661972
None	0x6ced54	0xe4	data			1.0482456140350878
None	0x6cee38	0xba	data			1.0591397849462365
None	0x6ceef4	0x192	data			1.027363184079602
None	0x6cf088	0x102	data			1.0426356589147288
None	0x6cf18c	0xd0	data			1.0528846153846154
None	0x6cf25c	0xa0	data			1.06875
None	0x6cf2fc	0x1b6	data			1.0251141552511416
None	0x6cf4b4	0x134	data			1.0357142857142858
None	0x6cf5e8	0xc6	data			1.0555555555555556
None	0x6cf6b0	0xd8	data			1.0509259259259258

Imports

DLL	Import
api-ms-win-crt-heap-l1-1-0.dll	free
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale
api-ms-win-crt-math-l1-1-0.dll	cosf
api-ms-win-crt-runtime-l1-1-0.dll	exit
api-ms-win-crt-stdio-l1-1-0.dll	fseek
api-ms-win-crt-string-l1-1-0.dll	strcmp
api-ms-win-crt-utility-l1-1-0.dll	qsort
d3d9.dll	Direct3DCreate9
IMM32.dll	ImmGetContext
kernEl32.dll	LoadLibraryA, DeleteAtom, GetProcAddress, VirtualProtect
MSVCP140.dll	_Query_perf_counter
Ole32.dll	CoTaskMemFree
SHELL32.dll	ShellExecuteA
USER32.dll	SetCursor
VCRUNTIME140.dll	memcpy
VCRUNTIME140_1.dll	__CxxFrameHandler4

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-08T02:20:20.379643+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.5	49704	104.26.8.59	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 8, 2024 02:20:18.244252920 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:18.244306087 CET	443	49704	104.26.8.59	192.168.2.5
Dec 8, 2024 02:20:18.244396925 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:18.253577948 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:18.253597021 CET	443	49704	104.26.8.59	192.168.2.5
Dec 8, 2024 02:20:19.473164082 CET	443	49704	104.26.8.59	192.168.2.5
Dec 8, 2024 02:20:19.473269939 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:20.000283003 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:20.000313997 CET	443	49704	104.26.8.59	192.168.2.5
Dec 8, 2024 02:20:20.000705957 CET	443	49704	104.26.8.59	192.168.2.5
Dec 8, 2024 02:20:20.000768900 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:20.015613079 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:20.063338995 CET	443	49704	104.26.8.59	192.168.2.5
Dec 8, 2024 02:20:20.379677057 CET	443	49704	104.26.8.59	192.168.2.5
Dec 8, 2024 02:20:20.379766941 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:20.379776955 CET	443	49704	104.26.8.59	192.168.2.5
Dec 8, 2024 02:20:20.379822969 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:20.381392956 CET	49704	443	192.168.2.5	104.26.8.59
Dec 8, 2024 02:20:20.381409883 CET	443	49704	104.26.8.59	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 8, 2024 02:20:18.099711895 CET	55875	53	192.168.2.5	1.1.1.1
Dec 8, 2024 02:20:18.238132000 CET	53	55875	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 8, 2024 02:20:18.099711895 CET	192.168.2.5	1.1.1.1	0xf63e	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 8, 2024 02:20:18.238132000 CET	1.1.1.1	192.168.2.5	0xf63e	No error (0)	api.myip.com	104.26.8.59	A (IP address)	IN (0x0001)	false
Dec 8, 2024 02:20:18.238132000 CET	1.1.1.1	192.168.2.5	0xf63e	No error (0)	api.myip.com	104.26.9.59	A (IP address)	IN (0x0001)	false
Dec 8, 2024 02:20:18.238132000 CET	1.1.1.1	192.168.2.5	0xf63e	No error (0)	api.myip.com	172.67.75.163	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.myip.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.26.8.59	443	5660	C:\Users\user\Desktop\WaveExecutor.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-08 01:20:20 UTC	182	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43 Host: api.myip.com
2024-12-08 01:20:20 UTC	782	IN	HTTP/1.1 200 OK Date: Sun, 08 Dec 2024 01:20:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wRLOaoU8%2FMYUKxsta62QgXGRlj51kFp4AkatnbLrxr9pRZ7WUIeP1%2FsSI%2FmhLsjCCJ3iEXMtcKrv6HnFMQODhXxwpde2sb7t8t2zKCK7Upchae%2Bha9%2BMrRX3Agm8TQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ee8eeae183a42c0-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2085&min_rtt=2084&rtt_var=784&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2817&recv_bytes=820&delivery_rate=1393794&cwnd=208&unsent_bytes=0&cid=0b6241fdc0a0b258&ts=920&x=0"
2024-12-08 01:20:20 UTC	63	IN	Data Raw: 33 39 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 39{"ip":"8.46.123.228","country":"United States","cc":"US"}
2024-12-08 01:20:20 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	20:20:16
Start date:	07/12/2024
Path:	C:\Users\user\Desktop\WaveExecutor.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\WaveExecutor.exe"
Imagebase:	0x7ff7ab940000
File size:	1'390'123 bytes
MD5 hash:	20530C9BC61569E79D6FFECE7F7E426A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.3%
Dynamic/Decrypted Code Coverage:	6.7%
Signature Coverage:	32.9%
Total number of Nodes:	960
Total number of Limit Nodes:	22

Executed Functions

Function 00007FF7AB986090 Relevance: 58.2, APIs: 5, Strings: 26, Instructions: 3919COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7AB94CB20: __swprintf_l.LIBCMT ref: 00007FF7AB94CC55

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB986942
00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB9869E9
00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB988B07

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB987134, 00007FF7AB987227, 00007FF7AB987546
apply_new_text_length >= 0, xrefs: 00007FF7AB988E9B
font->ContainerAtlas->TexID == _CmdHeader.TextureId, xrefs: 00007FF7AB9892A9, 00007FF7AB989B64
buf[0] != 0, xrefs: 00007FF7AB9888BC
%*s%.*s, xrefs: 00007FF7AB989FA0
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB9892A2, 00007FF7AB989B5D
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF7AB986126, 00007FF7AB98614E, 00007FF7AB986176, 00007FF7AB986746, 00007FF7AB986B98, 00007FF7AB986F3E, 00007FF7AB986FC5, 00007FF7AB987109, 00007FF7AB9871FC, 00007FF7AB987615, 00007FF7AB988877, 00007FF7AB9888B5, 00007FF7AB9889A4, 00007FF7AB988B7C, 00007FF7AB988B9F, 00007FF7AB988BC2, 00007FF7AB988C69, 00007FF7AB988E94, 00007FF7AB988F51, 00007FF7AB98934E
!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline)), xrefs: 00007FF7AB986155
callback_data.Flags == flags, xrefs: 00007FF7AB988BC9
buf != 0 && buf_size >= 0, xrefs: 00007FF7AB98612D
state && state->ID == id, xrefs: 00007FF7AB986B9F
idx <= obj->TextLen, xrefs: 00007FF7AB987110, 00007FF7AB987203
callback != 0, xrefs: 00007FF7AB98674D, 00007FF7AB9889AB
state != 0, xrefs: 00007FF7AB986FCC, 00007FF7AB98761C, 00007FF7AB98887E, 00007FF7AB989355
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF7AB986C39, 00007FF7AB986CA8, 00007FF7AB986CE5, 00007FF7AB986D27, 00007FF7AB986D64, 00007FF7AB986DAF, 00007FF7AB987714, 00007FF7AB9877AA, 00007FF7AB9878C8, 00007FF7AB987976, 00007FF7AB987A08, 00007FF7AB987AA4, 00007FF7AB987B4B, 00007FF7AB987BF2, 00007FF7AB987C2C, 00007FF7AB987CDA
@, xrefs: 00007FF7AB98A0BA
callback_data.BufSize == state->BufCapacity, xrefs: 00007FF7AB988BA6
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB98712D, 00007FF7AB987220, 00007FF7AB98753F
!((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput)), xrefs: 00007FF7AB98617D
#SCROLLY, xrefs: 00007FF7AB9867C1, 00007FF7AB9867F0, 00007FF7AB989E36
apply_new_text_length <= buf_size, xrefs: 00007FF7AB988F58
g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel, xrefs: 00007FF7AB98A0A6
callback_data.BufTextLen == (int)strlen(callback_data.Buf), xrefs: 00007FF7AB988C70
callback_data.Buf == callback_buf, xrefs: 00007FF7AB988B83
password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty(), xrefs: 00007FF7AB986F45
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB986C32, 00007FF7AB986CA1, 00007FF7AB986CDE, 00007FF7AB986D20, 00007FF7AB986D5D, 00007FF7AB986DA8, 00007FF7AB98770D, 00007FF7AB9877A3, 00007FF7AB9878C1, 00007FF7AB98796F, 00007FF7AB987A01, 00007FF7AB987A9D, 00007FF7AB987B44, 00007FF7AB987BEB, 00007FF7AB987C25, 00007FF7AB987CD3, 00007FF7AB98A09F

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310$__swprintf_l
String ID: !((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput))$!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline))$#SCROLLY$%*s%.*s$@$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$apply_new_text_length <= buf_size$apply_new_text_length >= 0$buf != 0 && buf_size >= 0$buf[0] != 0$callback != 0$callback_data.Buf == callback_buf$callback_data.BufSize == state->BufCapacity$callback_data.BufTextLen == (int)strlen(callback_data.Buf)$callback_data.Flags == flags$font->ContainerAtlas->TexID == _CmdHeader.TextureId$g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel$i >= 0 && i < Size$idx <= obj->TextLen$password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty()$state != 0$state && state->ID == id
API String ID: 2185106832-4266151527
Opcode ID: e9260e5b6a7379f04309f7b429d0ce31edeedb39023aba041657266198cd44f5
Instruction ID: bfa0d1d0ebe5e11e62d4fe926a65e9d6d60073bddce0f4d8076c567dc4640622
Opcode Fuzzy Hash: e9260e5b6a7379f04309f7b429d0ce31edeedb39023aba041657266198cd44f5
Instruction Fuzzy Hash: CC930872A0A681CAE710EF79C0846B9B7A1FF49749F868235DA4C576B5CF3CE445C720

Function 00007FF7AB9725F0 Relevance: 41.9, APIs: 9, Strings: 14, Instructions: 1603COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB973F7F
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB974005

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB9727C0, 00007FF7AB9727E5, 00007FF7AB97286B, 00007FF7AB972911, 00007FF7AB972A19, 00007FF7AB972F65, 00007FF7AB972FA8, 00007FF7AB972FED, 00007FF7AB97312F, 00007FF7AB9736A4, 00007FF7AB9739E4, 00007FF7AB973B3F
src_tmp.DstIndex != -1, xrefs: 00007FF7AB972A79
font->ConfigData == font_config, xrefs: 00007FF7AB973AC1
atlas->ConfigData.Size > 0, xrefs: 00007FF7AB972635
src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?", xrefs: 00007FF7AB972961
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB9727B9, 00007FF7AB9727DE, 00007FF7AB972864, 00007FF7AB97290A, 00007FF7AB972A12, 00007FF7AB972F5E, 00007FF7AB972FA1, 00007FF7AB972FE6, 00007FF7AB973128, 00007FF7AB97369D, 00007FF7AB9739DD, 00007FF7AB973B38
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB97262E, 00007FF7AB97281A, 00007FF7AB9728C5, 00007FF7AB97295A, 00007FF7AB972A5F, 00007FF7AB972A80, 00007FF7AB972D4C, 00007FF7AB97315C, 00007FF7AB973ABA
font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found.", xrefs: 00007FF7AB9728CC
n < (Storage.Size << 5), xrefs: 00007FF7AB972B57, 00007FF7AB972BB3, 00007FF7AB972BE5
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB972B50, 00007FF7AB972BAC, 00007FF7AB972BDE
0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize.", xrefs: 00007FF7AB972A58
cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas), xrefs: 00007FF7AB972821
glyph_index_in_font != 0, xrefs: 00007FF7AB973163
src_tmp.GlyphsList.Size == src_tmp.GlyphsCount, xrefs: 00007FF7AB972D53

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: 0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize."$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$atlas->ConfigData.Size > 0$cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas)$font->ConfigData == font_config$font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found."$glyph_index_in_font != 0$i >= 0 && i < Size$n < (Storage.Size << 5)$src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?"$src_tmp.DstIndex != -1$src_tmp.GlyphsList.Size == src_tmp.GlyphsCount
API String ID: 1173767890-2192739418
Opcode ID: e9dc0b8f47df948713d908b5eff208b3bba6724865e17dd3c4ce55733dc4e7e8
Instruction ID: cb2c9582e8b7a94c6a1fa60e5c0b1dc4d1521a1d98607053bbd068dd80252e01
Opcode Fuzzy Hash: e9dc0b8f47df948713d908b5eff208b3bba6724865e17dd3c4ce55733dc4e7e8
Instruction Fuzzy Hash: E0F20232B19686C6E714EF39D4842BCB7A4FB48744F968236DA4D536B0DF38E496CB10

Function 00007FF7AB994320 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 888
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHBrowseForFolder.SHELL32 ref: 00007FF7AB994705
SHGetPathFromIDList.SHELL32 ref: 00007FF7AB994732
CoTaskMemFree.OLE32 ref: 00007FF7AB994806
RemoveDirectoryA.KERNEL32 ref: 00007FF7AB994E7E
CreateDirectoryA.KERNEL32 ref: 00007FF7AB994E8E
MessageBoxA.USER32 ref: 00007FF7AB994EB3
ExitProcess.KERNEL32 ref: 00007FF7AB99562A

Strings

destinatinal folder, xrefs: 00007FF7AB994D51
choose install folder, xrefs: 00007FF7AB9946E3
Loader, xrefs: 00007FF7AB994843, 00007FF7AB994FB2
Install, xrefs: 00007FF7AB994E60
f, xrefs: 00007FF7AB9943FE
..., xrefs: 00007FF7AB9946A9
installation..., xrefs: 00007FF7AB99547A
WaveExecutor, xrefs: 00007FF7AB9947A8
C:\Users\user\Desktop\WaveExecutor, xrefs: 00007FF7AB994740, 00007FF7AB994753, 00007FF7AB99476F, 00007FF7AB9947C7, 00007FF7AB994DB9, 00007FF7AB994E77, 00007FF7AB994E87
continue, xrefs: 00007FF7AB995604
Failed to create setup directory, xrefs: 00007FF7AB994EA5
WaveExecutor, xrefs: 00007FF7AB994817, 00007FF7AB994F86
P, xrefs: 00007FF7AB9946F2
Fail, xrefs: 00007FF7AB994E9E

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: Directory$BrowseCreateExitFolderFreeFromListMessagePathProcessRemoveTask
String ID: Loader$...$C:\Users\user\Desktop\WaveExecutor$Fail$Failed to create setup directory$Install$P$WaveExecutor$WaveExecutor$choose install folder$continue$destinatinal folder$f$installation...
API String ID: 3810817069-2185672700
Opcode ID: 51fc8bbfeb8501b6a537f10b0e54d742b14c96df09f219560161b5057a3fde4b
Instruction ID: ed303d95b4a2d8e07d859759043a900162bf1ff95dc1351fa934f37f6bc88ecd
Opcode Fuzzy Hash: 51fc8bbfeb8501b6a537f10b0e54d742b14c96df09f219560161b5057a3fde4b
Instruction Fuzzy Hash: 8AA2633190E686D5E661EB2AE8913AAF360FFC9340F814235E98D576B6DF3CE145CB10

Function 00007FF7AB98F7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FF7AB98F803
QueryPerformanceCounter.KERNEL32 ref: 00007FF7AB98F819
GetKeyboardLayout.USER32 ref: 00007FF7AB98F910
GetLocaleInfoA.KERNEL32 ref: 00007FF7AB98F92C
LoadLibraryA.KERNEL32 ref: 00007FF7AB98F9C5
GetProcAddress.KERNEL32 ref: 00007FF7AB98F9FD
GetProcAddress.KERNEL32 ref: 00007FF7AB98FA11

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB98F955
XInputGetCapabilities, xrefs: 00007FF7AB98F9EF
xinput1_2.dll, xrefs: 00007FF7AB98F99B
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB98F94E
xinput9_1_0.dll, xrefs: 00007FF7AB98F98F
xinput1_4.dll, xrefs: 00007FF7AB98F977
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF7AB98F7C3
C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF7AB98F7E7
XInputGetState, xrefs: 00007FF7AB98FA03
imgui_impl_win32, xrefs: 00007FF7AB98F8D0
xinput1_1.dll, xrefs: 00007FF7AB98F9A7
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB98F7BC
xinput1_3.dll, xrefs: 00007FF7AB98F983
io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!", xrefs: 00007FF7AB98F7EE

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: AddressPerformanceProcQuery$CounterFrequencyInfoKeyboardLayoutLibraryLoadLocale
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$XInputGetCapabilities$XInputGetState$i >= 0 && i < Size$imgui_impl_win32$io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!"$xinput1_1.dll$xinput1_2.dll$xinput1_3.dll$xinput1_4.dll$xinput9_1_0.dll
API String ID: 2839060773-805143068
Opcode ID: 260d99728c683016137ac75114b4de807555a0406b12ed98fa5fd299fab68a23
Instruction ID: e0fa3bcd564d844332bcb2a4155c56e897ede5d6540ee734d2f7239875cabed6
Opcode Fuzzy Hash: 260d99728c683016137ac75114b4de807555a0406b12ed98fa5fd299fab68a23
Instruction Fuzzy Hash: CF718132A0AF86C6E7549F29E9802A9B7B4FB49B44F855136DA8D43770EF3CE065C710

Function 00007FF7AB990330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182
keyboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClientRect.USER32 ref: 00007FF7AB9903B0
QueryPerformanceCounter.KERNEL32 ref: 00007FF7AB9903EC
GetForegroundWindow.USER32 ref: 00007FF7AB990445
ClientToScreen.USER32 ref: 00007FF7AB99047D
SetCursorPos.USER32 ref: 00007FF7AB99048F
GetCursorPos.USER32 ref: 00007FF7AB9904A9
ScreenToClient.USER32 ref: 00007FF7AB9904BB
GetKeyState.USER32 ref: 00007FF7AB9904FD
GetKeyState.USER32 ref: 00007FF7AB990544
GetKeyState.USER32 ref: 00007FF7AB99058B
GetKeyState.USER32 ref: 00007FF7AB9905D2

Strings

bd->hWnd != 0, xrefs: 00007FF7AB990438
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF7AB990387
C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF7AB99035A, 00007FF7AB990431
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB990380
bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?", xrefs: 00007FF7AB990361

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: State$Client$CursorScreen$CounterForegroundPerformanceQueryRectWindow
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?"$bd->hWnd != 0
API String ID: 1576454153-990843061
Opcode ID: b15be0b44c692230b85c4defaefc4a5a4583acdefd80d0cc3f04028913e3d836
Instruction ID: a7ab4527a4b171bed2eff79c5119e537e6aa44b8f6335806b7f84ea4b015e9b0
Opcode Fuzzy Hash: b15be0b44c692230b85c4defaefc4a5a4583acdefd80d0cc3f04028913e3d836
Instruction Fuzzy Hash: C591D521E0A686C6FBA1EB3DD444379A795EF81B84F898131E95D065B5DF3CE480CB20

Function 00007FF7AB98F2F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB98F4C2
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB98F57D

Strings

GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF7AB98F320
, xrefs: 00007FF7AB98F3DD
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB98F319

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C610F020F61310
String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"
API String ID: 310658293-1764846569
Opcode ID: 894d359a0e7901a4302d43cd48edf3ca94111f99abde4d05c0332fa0652f584f
Instruction ID: 3e5deefa51d0b0073d104ae549aa1cb98599ef0cfd2c50b40e2155be7c284e61
Opcode Fuzzy Hash: 894d359a0e7901a4302d43cd48edf3ca94111f99abde4d05c0332fa0652f584f
Instruction Fuzzy Hash: FB917B72706A85CAEB509F69D4803ADBBA4FB88B89F859136DE0E43B74DF38D445C710

Function 00007FF7AB993B90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtdllDefWindowProc_A.NTDLL ref: 00007FF7AB993DD0

Strings

E, xrefs: 00007FF7AB993D76

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: NtdllProc_Window
String ID: E
API String ID: 4255912815-3568589458
Opcode ID: d9f9fd3d91a60987a5f48f68ece85a5dcac14300b8f46c6e9c972fc7a4a4e4b9
Instruction ID: 9ad49504d5fc2206c3c80660d48f355f04f093beb8f684d53434fef1a69b33f9
Opcode Fuzzy Hash: d9f9fd3d91a60987a5f48f68ece85a5dcac14300b8f46c6e9c972fc7a4a4e4b9
Instruction Fuzzy Hash: 0A515E3160D682DAE7A4AF2CE45437AF6A8FB85750F914135EA9D82BB4DF3CD444CB20

Function 0000023830B6F46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B6F47B
FindFirstFileA.KERNEL32 ref: 0000023830B6F48B

Part of subcall function 0000023830B45180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B45217

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$FileFindFirst
String ID:
API String ID: 2113789597-0
Opcode ID: cfa9f5777d2db9ce4048483391da668259afc2d594878e3b9cda18768d7dc9b0
Instruction ID: 3bbed11dfd79e8d486e2e6f278655b2983c05107f691d6cbe755e799e154db8c
Opcode Fuzzy Hash: cfa9f5777d2db9ce4048483391da668259afc2d594878e3b9cda18768d7dc9b0
Instruction Fuzzy Hash: F912F071518B488FE765EB18C499BDBB3E1FB98704F40496DE08FC7292DE349645CB42

Function 0000023830B46FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000023830B4A110: char_traits.LIBCPMTD ref: 0000023830B4A13D

std::_Fac_node::_Fac_node.LIBCPMTD ref: 0000023830B4754F
CreateToolhelp32Snapshot.KERNEL32 ref: 0000023830B475C4
Process32FirstW.KERNEL32 ref: 0000023830B4764B
Process32NextW.KERNEL32 ref: 0000023830B477AB

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Process32$CreateFac_nodeFac_node::_FirstNextSnapshotToolhelp32char_traitsstd::_
String ID:
API String ID: 4114415025-0
Opcode ID: 2cf1e73a0f9107235ddbfb485c3595bfcba21e3825775f53e0b531762a104419
Instruction ID: b78cae3cee4f4676708d6f9dcee2c0ca841ec3f3350a26fdcd66f76061ae90cd
Opcode Fuzzy Hash: 2cf1e73a0f9107235ddbfb485c3595bfcba21e3825775f53e0b531762a104419
Instruction Fuzzy Hash: CB323171A18B484BE755FB28C4697EBB2D1FB98704F9009BAF04BCB292ED359B44C741

Function 00007FF7AB98EA60 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 374
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB98ED6F

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB98ECA9, 00007FF7AB98EE48, 00007FF7AB98EE96
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB98ECA2, 00007FF7AB98EE41, 00007FF7AB98EE8F

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2490902527-1817040388
Opcode ID: 7f0815f646b9be6a47ebf33997fd40430ce2371def073614a23dc5631ded96a8
Instruction ID: a827edaccb4996f1853f083394e953a99d45164a9a3e8793c12ac1e70483891c
Opcode Fuzzy Hash: 7f0815f646b9be6a47ebf33997fd40430ce2371def073614a23dc5631ded96a8
Instruction Fuzzy Hash: DE028976605B85C6DB20DF2AD4946AE7BB4FB88B89F428526DF4D47B64CF38D444CB00

Function 0000023830C07750 Relevance: 4.7, APIs: 3, Instructions: 164encryptionCOMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830C077E6
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830C07864
CryptUnprotectData.CRYPT32 ref: 0000023830C078BD

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$CryptDataUnprotect
String ID:
API String ID: 3418212865-0
Opcode ID: 972225a936fa3d2b3db204c5816dedc41ad24ac798caad545d5d4e6199c50a6b
Instruction ID: e776a8118bf13c824b9013fb9c1b65ed51508f6e3efce488543a95f48a58b6cd
Opcode Fuzzy Hash: 972225a936fa3d2b3db204c5816dedc41ad24ac798caad545d5d4e6199c50a6b
Instruction Fuzzy Hash: 8E51BE70918B888FE7A4EB28C4597AEB7E1FB98301F50496DE08EC7361DF749585CB42

Function 00007FF7AB98FCE0 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 547d032ff03bed76e8d98501336aec72c7838b5fcf6afd06ef48b4c17f1abeb4
Instruction ID: b349168e024649afb8973732a47ccdad10385d631b2c180c5802de6cb1a3c72a
Opcode Fuzzy Hash: 547d032ff03bed76e8d98501336aec72c7838b5fcf6afd06ef48b4c17f1abeb4
Instruction Fuzzy Hash: 4A025C02E296BAC5F752A67944413FDA385CF6B345F5D8732ED58339F6EB2C74828220

Function 00007FF7AB96C270 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba1e848a4c6536b73392d338e6aa0417a76d75594373d4295ff7020395ab56e6
Instruction ID: 630969d470c3ba9ed85fc2ac5727e44588f2bfcf7f0e1e4f5e6f0125ac9f9c8d
Opcode Fuzzy Hash: ba1e848a4c6536b73392d338e6aa0417a76d75594373d4295ff7020395ab56e6
Instruction Fuzzy Hash: A5021432A186C4CAD325CB3A90416B9F7B0FF5D784F158326EB8963665EB3CE591CB10

Function 0000023830B44850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0000023830B45360: _WChar_traits.LIBCPMTD ref: 0000023830B4538D

Part of subcall function 0000023830B44AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B44AD0
Part of subcall function 0000023830B44AA0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830B44B2F
Part of subcall function 0000023830B44AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B44B41

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830B448B8

Strings

KDBM, xrefs: 0000023830B449A9
K, xrefs: 0000023830B4490F
l, xrefs: 0000023830B44941
a, xrefs: 0000023830B44932
, xrefs: 0000023830B4491E
, xrefs: 0000023830B4490A
a, xrefs: 0000023830B448F6
e, xrefs: 0000023830B44914
t, xrefs: 0000023830B4492D
M, xrefs: 0000023830B448F1
b, xrefs: 0000023830B4494B
B, xrefs: 0000023830B4493C
i, xrefs: 0000023830B44900
y, xrefs: 0000023830B44919
c, xrefs: 0000023830B44905
g, xrefs: 0000023830B448FB
o, xrefs: 0000023830B44946
, xrefs: 0000023830B44937
a, xrefs: 0000023830B44928
D, xrefs: 0000023830B44923

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork$Char_traits
String ID: $ $ $B$D$K$KDBM$M$a$a$a$b$c$e$g$i$l$o$t$y
API String ID: 1777712374-1292890139
Opcode ID: c02a726d3c2bd88a4534588b83aa4fca235328903684469cf21292f4d99c4a12
Instruction ID: 4dda1ccb03ea861585b48127c7baf272c6af53b2ed9c31943130efc48b69862b
Opcode Fuzzy Hash: c02a726d3c2bd88a4534588b83aa4fca235328903684469cf21292f4d99c4a12
Instruction Fuzzy Hash: 4161F87050CB848FE760EB68C448B9ABBE1FBA9704F04495DE0C9C7361DBB99488CB53

Function 00007FF7AB9926C0 Relevance: 15.5, APIs: 10, Instructions: 516
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF7AB992818

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a3eeb29371fb47a965077e410e082878baaf3524c6b8feef568940cf3953f533
Instruction ID: f2c364d42e23bcfee3444e74c771e141cbe4ea2d4cbb2640f99a728939e3951d
Opcode Fuzzy Hash: a3eeb29371fb47a965077e410e082878baaf3524c6b8feef568940cf3953f533
Instruction Fuzzy Hash: 7C42B53260ABC585DAB0EB29E4943AAB3A4F7C9780F514535EA8D83B79DF3CD0548B50

Function 00007FF7AB993DE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF7AB993E21
RegisterClassExA.USER32 ref: 00007FF7AB993E7A
GetSystemMetrics.USER32 ref: 00007FF7AB993E82
GetSystemMetrics.USER32 ref: 00007FF7AB993E9B
CreateWindowExA.USER32 ref: 00007FF7AB993F0D
ShowWindow.USER32 ref: 00007FF7AB993F26
UpdateWindow.USER32 ref: 00007FF7AB993F33

Strings

class001, xrefs: 00007FF7AB993E5A, 00007FF7AB993F04

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: Window$MetricsSystem$ClassCreateHandleModuleRegisterShowUpdate
String ID: class001
API String ID: 3666473625-3656631403
Opcode ID: c65b6a3a3c5298f372adfd29b74c1c22faed9294b5240e563b4d02c16027923c
Instruction ID: cd201eb840268b2eeaddae75c8da773049322c971ef227e68a5b129cc12348f6
Opcode Fuzzy Hash: c65b6a3a3c5298f372adfd29b74c1c22faed9294b5240e563b4d02c16027923c
Instruction Fuzzy Hash: DE312E7190AB42DAE380AF28F954B6DB7A4FB44304F928139D58D86774DF7DE048CB64

Function 00007FF7AB996800 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32 ref: 00007FF7AB996A5D

Strings

Welcome to , xrefs: 00007FF7AB9969DA
A, xrefs: 00007FF7AB9968E6
WaveExecutor, xrefs: 00007FF7AB9969D3, 00007FF7AB996A1A
v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed, xrefs: 00007FF7AB9969EE
v2.1.1 Setup, xrefs: 00007FF7AB996A13
FrghcZrah, xrefs: 00007FF7AB99681B

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: Message
String ID: v2.1.1 Setup$ v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed$A$FrghcZrah$WaveExecutor$Welcome to
API String ID: 2030045667-1564511172
Opcode ID: 578fb85d05ac807efce2f1816e923275f42c98e49a4d3e3cb657846628bf40dd
Instruction ID: 61addcdc333ff492eb2ad41917e21d8026987adbbf028abb9ee10131cafe869b
Opcode Fuzzy Hash: 578fb85d05ac807efce2f1816e923275f42c98e49a4d3e3cb657846628bf40dd
Instruction Fuzzy Hash: 0271222150EB82D1E7A0FB69E4912BEA768EB85784F914035F6CD83776DF2CD145CB20

Function 0000023830C510E0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0000023830C5110D
Process32NextW.KERNEL32 ref: 0000023830C5118F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830C511FC
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830C51235
Process32NextW.KERNEL32 ref: 0000023830C512DE

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyNextProcess32Queue::StructuredWork$CreateSnapshotToolhelp32
String ID:
API String ID: 2993956496-0
Opcode ID: e5cb6cc2a9d3f2d857daf4add4d4784c79b02a268af29c56eed9b1a154788f6c
Instruction ID: 4dc29dc57ef226301297c6aba3aad436edff5fcd433940a576ffd23348b94190
Opcode Fuzzy Hash: e5cb6cc2a9d3f2d857daf4add4d4784c79b02a268af29c56eed9b1a154788f6c
Instruction Fuzzy Hash: 86512170518B488FE3A5EB28C459BDAB3E1FBD4704F504A5DF48AC7291DE349A05CB42

Function 0000023830C29E50 Relevance: 4.7, APIs: 3, Instructions: 233fileCOMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000023830C29EF0

Part of subcall function 0000023830B76A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B76AAB
Part of subcall function 0000023830B76A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B76ABA

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830C29F56
CreateFileA.KERNEL32 ref: 0000023830C29F82

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFiletype_info::_name_internal_method
String ID:
API String ID: 645652700-0
Opcode ID: f64b6eb87d80957077a350099af48cbfcdfbf435f0acf51f21d504348669a5e4
Instruction ID: f1fd6e3bdb70f787e48393ce0d3bb91f5ffa9f9d532a96718189399188adfbea
Opcode Fuzzy Hash: f64b6eb87d80957077a350099af48cbfcdfbf435f0acf51f21d504348669a5e4
Instruction Fuzzy Hash: 96814370618B488FE794EB28C859B9AB7E1FB98714F404AADF04AC73D1DE39D945C701

Function 0000023830C2A470 Relevance: 4.6, APIs: 3, Instructions: 80fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830C2A4B6
CreateFileA.KERNEL32 ref: 0000023830C2A4E5
ReadFile.KERNEL32 ref: 0000023830C2A514

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 72057f2b81a371b71a98754698cc4969553e8e85e18c100de287d621669e3ca5
Instruction ID: fbee927534cd5e80d0005386ae146e5fec4f7d468fb0a0ea21e866e07b18fe2b
Opcode Fuzzy Hash: 72057f2b81a371b71a98754698cc4969553e8e85e18c100de287d621669e3ca5
Instruction Fuzzy Hash: 6821CF70618B888FDB94EF2CC498B5ABBE0FB99304F50495DF48AC3361DB79D9458B42

Function 0000023830B44740 Relevance: 4.6, APIs: 3, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B4476C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B4477E

Part of subcall function 0000023830B453C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B453DD

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B447BB

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 2bd40488f3e532a51d24b491183ad7726d9c7802e0b56b6519047ab1d83811bb
Instruction ID: 8771d31d0bb4b92391406213bb2d67320620fc1e28e35c79bbb565dd1a31085e
Opcode Fuzzy Hash: 2bd40488f3e532a51d24b491183ad7726d9c7802e0b56b6519047ab1d83811bb
Instruction Fuzzy Hash: 4931EC70528B988FD794EF28C449BAAF7E1FB94744F80495DF08AC72A2DF749644CB42

Function 0000023830C2A3D0 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830C2A3F7
CreateFileA.KERNEL32 ref: 0000023830C2A426
ReadFile.KERNEL32 ref: 0000023830C2A44E

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 58da95cd914e928df27caef5f136864f76f7d90ee48b638eaa7250070e662160
Instruction ID: 1f412b10f1b9aa2f964427ec261cd583f704f5ebfefa6540964ac9d5656d2984
Opcode Fuzzy Hash: 58da95cd914e928df27caef5f136864f76f7d90ee48b638eaa7250070e662160
Instruction Fuzzy Hash: 7901D374618B888FD744EF28C49971ABBE1FB99305F50091DF48AC33A0DB79D945CB42

Function 00007FF7AB994140 Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32 ref: 00007FF7AB994159
TranslateMessage.USER32 ref: 00007FF7AB994168
DispatchMessageA.USER32 ref: 00007FF7AB994173

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: Message$DispatchPeekTranslate
String ID:
API String ID: 4217535847-0
Opcode ID: 592db406a15101d98d1bfc7a93d39be7e429bab12ec8d4365a76516f4c6005f4
Instruction ID: f73350920519f1807332c1b4a0e828b924fb993362806a70088592a4ab5d4af9
Opcode Fuzzy Hash: 592db406a15101d98d1bfc7a93d39be7e429bab12ec8d4365a76516f4c6005f4
Instruction Fuzzy Hash: 2001842192E192C6F7B17B38A85677EEA64AFA1345FD15031F14E425B5CF2CD045CB70

Function 00007FF7AB9721B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB97236B

Strings

gfff, xrefs: 00007FF7AB9721F0

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: gfff
API String ID: 1173767890-1553575800
Opcode ID: 043a7b960f3446d2684c2c3b0fe0bb0750dda5e28bddd77339876f917e370d22
Instruction ID: 1a446760029644443b73e72ffbd36499a5c6bffed35c9063da1a3565a2548bd9
Opcode Fuzzy Hash: 043a7b960f3446d2684c2c3b0fe0bb0750dda5e28bddd77339876f917e370d22
Instruction Fuzzy Hash: F3515963709AC587D7099F2C99112ADFBB1FB49B40F8A8235DA48977A9CB3CD155C700

Function 00007FF7AB993F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

00007FF8A8DA5F50.D3D9 ref: 00007FF7AB993F7B

Strings

@, xrefs: 00007FF7AB99400A

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007
String ID: @
API String ID: 3568877910-2766056989
Opcode ID: 25b0d2ce2a38a7156871d754f39201a56fb4b69c342f7591e255e8e05feafcfc
Instruction ID: 486fa775206be6f031cc8526e4b1f09029b35f1aaaf0f98d04d7c2e93b817219
Opcode Fuzzy Hash: 25b0d2ce2a38a7156871d754f39201a56fb4b69c342f7591e255e8e05feafcfc
Instruction Fuzzy Hash: 28111F7090A746A6F790AF59E844B79B7A4BB84798FC28139D90D473B0DF7DE0488F20

Function 00007FF7AB96B620 Relevance: 3.1, APIs: 2, Instructions: 107COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB96B765
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB96B7DA

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID:
API String ID: 1173767890-0
Opcode ID: 351bfda824813d4db151244fcd6c34f384deae106e59415b7f5bed6d622aea53
Instruction ID: e6ccd682c78a4fe7d059d6bceadbc403d0bef90b6df585ed8265180ba506a83c
Opcode Fuzzy Hash: 351bfda824813d4db151244fcd6c34f384deae106e59415b7f5bed6d622aea53
Instruction Fuzzy Hash: 9951DD73609BC5C6C754DF29E4816ADB3B0FB58B80F548226DA4D53670EF39D49ACB00

Function 00007FF7AB963730 Relevance: 3.1, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140(?,?,00000000,00007FF7AB96D11D), ref: 00007FF7AB963779
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9637F7

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C610F020F61310
String ID:
API String ID: 310658293-0
Opcode ID: 19ff4af40776e3342b9658c01a05b29c7fb88fa77e0c8c2bd13613068ffdcf0b
Instruction ID: d4524ca5fad85a1bba5e76335700f36cba9293a65b7cf47a1029cdbdc6818fe8
Opcode Fuzzy Hash: 19ff4af40776e3342b9658c01a05b29c7fb88fa77e0c8c2bd13613068ffdcf0b
Instruction Fuzzy Hash: DA21B07260AAD1C2CB48EF2CE1950B8F3B4FB48B88B998136DA0D87274DF38D056C740

Function 00007FF7AB9639E0 Relevance: 3.1, APIs: 2, Instructions: 58COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB963A22
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB963AA0

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C610F020F61310
String ID:
API String ID: 310658293-0
Opcode ID: cc081eae8d4f3b26d14c961ece47efa70da8d3bf07c2d03f9a872298b21684b1
Instruction ID: 3142b71b30dc3a22be64fcde64d9a3d84716f90bea417d05808d358fa5a64467
Opcode Fuzzy Hash: cc081eae8d4f3b26d14c961ece47efa70da8d3bf07c2d03f9a872298b21684b1
Instruction Fuzzy Hash: CC21807261AA92C6CB48EF2CD5950B8B3B5FB58F88B558132DA0E87374EF38D456C740

Function 0000023830C2A2F0 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830C2A310
CreateFileA.KERNEL32 ref: 0000023830C2A33F

Part of subcall function 0000023830B4A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B4A18D

Part of subcall function 0000023830C29E50: type_info::_name_internal_method.LIBCMTD ref: 0000023830C29EF0
Part of subcall function 0000023830C29E50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830C29F56
Part of subcall function 0000023830C29E50: CreateFileA.KERNEL32 ref: 0000023830C29F82

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFile$type_info::_name_internal_method
String ID:
API String ID: 2627539804-0
Opcode ID: 98ea87f00965d57ac3efe53a622e5d3c7e907a059cd269744f0d00fbdf9eee7f
Instruction ID: fcb52ab279df3709ce652df608d0d968c73d6232d6f4a981949ba35ad0280f4e
Opcode Fuzzy Hash: 98ea87f00965d57ac3efe53a622e5d3c7e907a059cd269744f0d00fbdf9eee7f
Instruction Fuzzy Hash: D5113970618B888FE794EF28C44976AB7E1FB99301F40492DE08DC7361DF78C9458B42

Function 00007FF7AB99BB9C Relevance: 3.1, APIs: 2, Instructions: 55COMMON

Download Yara Rule

APIs

_RTC_Initialize.LIBCMT ref: 00007FF7AB99BBD4
00007FF8C6121B20.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF7AB99BC20

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C6121Initialize
String ID:
API String ID: 2978892875-0
Opcode ID: d68fa1dd1f25c5d9833bb5b41399011af0f0bca26c4982c59452d0f3d9cb9bed
Instruction ID: af97f34d6e6b9216ab848ba501808c8fc5153e5f3308ebb5a9df9cb34e718e82
Opcode Fuzzy Hash: d68fa1dd1f25c5d9833bb5b41399011af0f0bca26c4982c59452d0f3d9cb9bed
Instruction Fuzzy Hash: 3B115544E4E143C2FAD877BC4A622B882AD4F95344FC60830F91D962F7AD1EB8814672

Function 00007FF7AB99BB34 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7AB99BB64

Part of subcall function 00007FF7AB99C368: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7AB99C371

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7AB99BB6A

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: f263315650486d802dc5ceafc5012ad1b5bad17f869d85328af45017b7dfee40
Instruction ID: 0b5737c7a68b976387ec22e2d3fc6819b6f456cd16b0ac3eb7fa7f6e66d88082
Opcode Fuzzy Hash: f263315650486d802dc5ceafc5012ad1b5bad17f869d85328af45017b7dfee40
Instruction Fuzzy Hash: A6F03A10E1B20BC1F9A9367E69561B881588F08770E9A0A30FD7C053F6EE1EA4958231

Function 00007FF7AB96A7A0 Relevance: 1.7, APIs: 1, Instructions: 234COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB96AB2D

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID:
API String ID: 1173767890-0
Opcode ID: e69c9a9c49d4ee6c3f798fa87d3c6569f90dea24380c60c0f089c9dce256e6e2
Instruction ID: 5617080ed245aedefee77394ce3e4618b5dafe733d4e471e1f25fe6cfc9cc99a
Opcode Fuzzy Hash: e69c9a9c49d4ee6c3f798fa87d3c6569f90dea24380c60c0f089c9dce256e6e2
Instruction Fuzzy Hash: 87A11332A16AC586DB12DB3D94116F9B760FF99789F568322DA0953772EF38E086C700

Function 00007FF7AB991B90 Relevance: 1.7, APIs: 1, Instructions: 199libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF7AB991DDE

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
Instruction ID: 515986f3d9523e0a5565f0f7a8f82575779862bbbaa360251e12571bf4d36ac1
Opcode Fuzzy Hash: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
Instruction Fuzzy Hash: 13A19636619B84C6DBA0DB5EE49032AB7A4F7C8B94F504125EA8E83B78DF3CD450CB10

Function 00007FF7AB96B800 Relevance: 1.7, APIs: 1, Instructions: 169COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB96BADE

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID:
API String ID: 1173767890-0
Opcode ID: de21e7c5d31184b69471703d2a4184fbe4103fe4db7ead91abe33dffa64577bf
Instruction ID: 10cacf0bbaf2b8a7191e970e28dfb65747b8b5d29d9da1b36a73172b690d1ed1
Opcode Fuzzy Hash: de21e7c5d31184b69471703d2a4184fbe4103fe4db7ead91abe33dffa64577bf
Instruction Fuzzy Hash: DB810533918BC4C6D3629B2994423E9F3A0FF9D744F558326EA8963675EF39E491CB00

Function 0000023830C6F2BC Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0000023830C6F2EC

Part of subcall function 0000023830C6FD70: std::bad_alloc::bad_alloc.LIBCMTD ref: 0000023830C6FD79

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: 6b617ec2180372ffccc889888c4318af6079f51c42d92b87c56cb71e91508389
Instruction ID: 7cfe0bf9987acf0070402e23aabec0b583292ff29ea33632cd411e22a7a4c31b
Opcode Fuzzy Hash: 6b617ec2180372ffccc889888c4318af6079f51c42d92b87c56cb71e91508389
Instruction Fuzzy Hash: 3F016DD0E25B0D0AFAB8B775489D3B922C4AB45B41FAC14A5F817CF3D3ED1C8A838610

Function 00007FF7AB99B780 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7AB99B7A3

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 68dcdc5df13b1305609106057423c5647b76bdd97cd7c73a0b3a13548c0169f4
Instruction ID: 38019a71536c70a1c46d4fa9c148cba3e1dd01ed3e284ebf2e2b07b8c63cd7d1
Opcode Fuzzy Hash: 68dcdc5df13b1305609106057423c5647b76bdd97cd7c73a0b3a13548c0169f4
Instruction Fuzzy Hash: 6B01406161AF41C1DAA0AB3CE44032AE3A8FF88798F810734F69D82BF4DF2CD5108B14

Non-executed Functions

Function 00007FF7AB949E10 Relevance: 50.0, APIs: 3, Strings: 25, Instructions: 1049COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB949F42
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB94AA84
00007FF8C612A0D0.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF7AB94AEDF

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB949E96, 00007FF7AB949ECA, 00007FF7AB94A121, 00007FF7AB94A241, 00007FF7AB94A8F5, 00007FF7AB94A92C, 00007FF7AB94A95F, 00007FF7AB94AAFA
Middle, xrefs: 00007FF7AB94AD27
333?, xrefs: 00007FF7AB94ACDE
GImGui != 0, xrefs: 00007FF7AB94A715
HoveredId: 0x%08X, xrefs: 00007FF7AB94ACF7
g.Viewports.Size == 1, xrefs: 00007FF7AB94A0FE
gfff, xrefs: 00007FF7AB94B114
Right, xrefs: 00007FF7AB94AD1B
Remap w/ Ctrl+Shift: click anywhere to select new mouse button., xrefs: 00007FF7AB94AD3B
Debug##Default, xrefs: 00007FF7AB94AFCA
Left, xrefs: 00007FF7AB94AD0F
it >= Data && it < Data + Size, xrefs: 00007FF7AB949F07
Click %s Button to break in debugger! (remap w/ Ctrl+Shift), xrefs: 00007FF7AB94AD51
GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip, xrefs: 00007FF7AB94AD9C
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB949E8F, 00007FF7AB949EC3, 00007FF7AB949F00, 00007FF7AB94A11A, 00007FF7AB94A23A, 00007FF7AB94A8EE, 00007FF7AB94A925, 00007FF7AB94A958, 00007FF7AB94AAF3, 00007FF7AB94ABD7
Size > 0, xrefs: 00007FF7AB94ABDE
(Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames), xrefs: 00007FF7AB94AFA2
g.Font->IsLoaded(), xrefs: 00007FF7AB94A274
NewFrame(): ClearActiveID() because it isn't marked alive anymore!, xrefs: 00007FF7AB94A3C3
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF7AB949E54
g.MovingWindow && g.MovingWindow->RootWindow, xrefs: 00007FF7AB94A6D0
Press ESC to abort picking., xrefs: 00007FF7AB94AD03
g.WindowsFocusOrder.Size <= g.Windows.Size, xrefs: 00007FF7AB94A584
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB949E4D, 00007FF7AB94A0F7, 00007FF7AB94A26D, 00007FF7AB94A57D, 00007FF7AB94A6C9, 00007FF7AB94A70E, 00007FF7AB94AD95, 00007FF7AB94B01F
g.CurrentWindow->IsFallbackWindow == true, xrefs: 00007FF7AB94B026

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C610C612F020F61310
String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$333?$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Click %s Button to break in debugger! (remap w/ Ctrl+Shift)$Debug##Default$GImGui != 0$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip$HoveredId: 0x%08X$Left$Middle$NewFrame(): ClearActiveID() because it isn't marked alive anymore!$Press ESC to abort picking.$Remap w/ Ctrl+Shift: click anywhere to select new mouse button.$Right$Size > 0$g.CurrentWindow->IsFallbackWindow == true$g.Font->IsLoaded()$g.MovingWindow && g.MovingWindow->RootWindow$g.Viewports.Size == 1$g.WindowsFocusOrder.Size <= g.Windows.Size$gfff$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 2611590445-8291574
Opcode ID: d2b33133f733bc17b24e0179995df112248694f3bb075976cf1320d2884aa1a2
Instruction ID: a7d2a7544934bb05ca262ba4e01f3fcb5e0f550e7d7360eddf91607c0b48075e
Opcode Fuzzy Hash: d2b33133f733bc17b24e0179995df112248694f3bb075976cf1320d2884aa1a2
Instruction Fuzzy Hash: F9C2B532A0A6C2C9E721EF39C8441F8B7A5FF54748F868235DA0D5B6B5DF38A585C720

Function 00007FF7AB95038C Relevance: 31.8, APIs: 2, Strings: 15, Instructions: 2085COMMON

Download Yara Rule

Strings

g.CurrentItemFlags & ImGuiItemFlags_Disabled, xrefs: 00007FF7AB950C45
i >= 0 && i < Size, xrefs: 00007FF7AB9504B8, 00007FF7AB9508DA, 00007FF7AB95101A, 00007FF7AB951EE5
g.FrameCountEnded != g.FrameCount, xrefs: 00007FF7AB9503E7
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF7AB95263C
parent_window != 0 || !(flags & ImGuiWindowFlags_ChildWindow), xrefs: 00007FF7AB950600
I9, xrefs: 00007FF7AB9508A2
window->RootWindowForNav->ParentWindow != 0, xrefs: 00007FF7AB950847
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB9504B1, 00007FF7AB95065A, 00007FF7AB9508D3, 00007FF7AB951013, 00007FF7AB95148F, 00007FF7AB951E43, 00007FF7AB951EDE, 00007FF7AB951F72
Size > 0, xrefs: 00007FF7AB950661, 00007FF7AB951496, 00007FF7AB951E4A, 00007FF7AB951F79
name != 0 && name[0] != '\0', xrefs: 00007FF7AB95039C
g.WithinFrameScope, xrefs: 00007FF7AB9503BF
window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF7AB951DD1
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF7AB952839
parent_window && parent_window->Active, xrefs: 00007FF7AB9514EB
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB950395, 00007FF7AB9503B8, 00007FF7AB9503E0, 00007FF7AB9505F9, 00007FF7AB950840, 00007FF7AB950C3E, 00007FF7AB9514E4, 00007FF7AB951DCA, 00007FF7AB952635, 00007FF7AB952832

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$Size > 0$g.CurrentItemFlags & ImGuiItemFlags_Disabled$g.FrameCountEnded != g.FrameCount$g.WithinFrameScope$i >= 0 && i < Size$name != 0 && name[0] != '\0'$parent_window != 0 || !(flags & ImGuiWindowFlags_ChildWindow)$parent_window && parent_window->Active$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0$window->RootWindowForNav->ParentWindow != 0$I9
API String ID: 0-2388451983
Opcode ID: c29060331ace846331e20e66a9d1f5e39d7db7b8322c727f0a345247015b0d45
Instruction ID: aaa9b2627654beb843f9a44fda999a8c090c736c2a3a7182e8f89821e57421b6
Opcode Fuzzy Hash: c29060331ace846331e20e66a9d1f5e39d7db7b8322c727f0a345247015b0d45
Instruction Fuzzy Hash: DE33E232A09685D7E759DB3A81803B9F7A0FF59344F498335DB59235B1DB38B0A8DB10

Function 00007FF7AB947390 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 530COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9475A9
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB94767F
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB947776
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB947807
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9478BC
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB947965
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9479F6
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB947AB5
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB947B84
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB947C89

Strings

Forgot to shutdown Renderer backend?, xrefs: 00007FF7AB9473E7
(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?", xrefs: 00007FF7AB94740E
(g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?", xrefs: 00007FF7AB9473D0
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB9473C9, 00007FF7AB947407
Forgot to shutdown Platform backend?, xrefs: 00007FF7AB9473A9

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: (g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?"$(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Forgot to shutdown Platform backend?$Forgot to shutdown Renderer backend?
API String ID: 1173767890-2716422499
Opcode ID: 8631f41f780fcb6922e1570db1d0de5d2e5d582f4444700ffc315402fe0eb1ef
Instruction ID: 07f136515e77b3f19ed91543c4f4a537ad8fe95a71cca93ff46942567c05aeba
Opcode Fuzzy Hash: 8631f41f780fcb6922e1570db1d0de5d2e5d582f4444700ffc315402fe0eb1ef
Instruction Fuzzy Hash: 2E429C3260AA96D2D709EF28C6941FCB3B5FB54B88F894131DA0D472B5DF38E566C320

Function 00007FF7AB950597 Relevance: 26.4, APIs: 2, Strings: 12, Instructions: 1858COMMON

Download Yara Rule

Strings

window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF7AB951DD1
g.CurrentItemFlags & ImGuiItemFlags_Disabled, xrefs: 00007FF7AB950C45
i >= 0 && i < Size, xrefs: 00007FF7AB9508DA, 00007FF7AB95101A, 00007FF7AB951EE5
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF7AB95263C
parent_window != 0 || !(flags & ImGuiWindowFlags_ChildWindow), xrefs: 00007FF7AB950600
I9, xrefs: 00007FF7AB9508A2
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF7AB952839
parent_window && parent_window->Active, xrefs: 00007FF7AB9514EB
window->RootWindowForNav->ParentWindow != 0, xrefs: 00007FF7AB950847
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB95059D, 00007FF7AB95065A, 00007FF7AB9508D3, 00007FF7AB951013, 00007FF7AB95148F, 00007FF7AB951E43, 00007FF7AB951EDE, 00007FF7AB951F72
Size > 0, xrefs: 00007FF7AB9505A4, 00007FF7AB950661, 00007FF7AB951496, 00007FF7AB951E4A, 00007FF7AB951F79
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB9505F9, 00007FF7AB950840, 00007FF7AB950C3E, 00007FF7AB9514E4, 00007FF7AB951DCA, 00007FF7AB952635, 00007FF7AB952832

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$Size > 0$g.CurrentItemFlags & ImGuiItemFlags_Disabled$i >= 0 && i < Size$parent_window != 0 || !(flags & ImGuiWindowFlags_ChildWindow)$parent_window && parent_window->Active$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0$window->RootWindowForNav->ParentWindow != 0$I9
API String ID: 0-1399954118
Opcode ID: 2366ae1ffdddb15ae9c2369d0337967145d3a235c4a996f97e259f8e22bda170
Instruction ID: 7fffd37e10a8a7451c3d7039add770c209107b299ca7011aea92297d69324460
Opcode Fuzzy Hash: 2366ae1ffdddb15ae9c2369d0337967145d3a235c4a996f97e259f8e22bda170
Instruction Fuzzy Hash: A423D232A09785D7E75ADB3A81803A9F7A0FF59344F498336DB59235B1DB38B0A8D710

Function 00007FF7AB9797F0 Relevance: 23.1, Strings: 18, Instructions: 617COMMON

Download Yara Rule

Strings

outer_window == inner_window || outer_window == inner_window->ParentWindow, xrefs: 00007FF7AB9798C7
table != 0 && "Only call EndTable() if BeginTable() returns true!", xrefs: 00007FF7AB97984D
i >= 0 && i < Size, xrefs: 00007FF7AB97995E, 00007FF7AB97A27F, 00007FF7AB97A2C5
Too many PopItemWidth!, xrefs: 00007FF7AB979F83
(inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!", xrefs: 00007FF7AB979F65
p >= Buf.Data && p < Buf.Data + Buf.Size, xrefs: 00007FF7AB97A347
Mismatching PushID/PopID!, xrefs: 00007FF7AB979F0F
table->RowPosY2 == inner_window->DC.CursorPos.y, xrefs: 00007FF7AB9799D4
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB979957, 00007FF7AB979B22, 00007FF7AB979EDD, 00007FF7AB979F2E, 00007FF7AB97A278, 00007FF7AB97A2BE
Size > 0, xrefs: 00007FF7AB979B29, 00007FF7AB979EE4, 00007FF7AB979F35
g.TablesTempDataStacked > 0, xrefs: 00007FF7AB97A247
inner_window == g.CurrentWindow, xrefs: 00007FF7AB97989F
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF7AB979846, 00007FF7AB979898, 00007FF7AB9798C0, 00007FF7AB9799CD, 00007FF7AB979F5E, 00007FF7AB979FAA, 00007FF7AB97A0E5, 00007FF7AB97A21D, 00007FF7AB97A240
(table->Flags & ImGuiTableFlags_ScrollX) == 0, xrefs: 00007FF7AB97A0EC
(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!", xrefs: 00007FF7AB979FB1
g.CurrentWindow == outer_window && g.CurrentTable == table, xrefs: 00007FF7AB97A224
p >= Data && p < DataEnd, xrefs: 00007FF7AB979AA5, 00007FF7AB979C25, 00007FF7AB979DBA, 00007FF7AB979E44
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB979A9E, 00007FF7AB979C1E, 00007FF7AB979DB3, 00007FF7AB979E3D, 00007FF7AB97A340

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!"$(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!"$(table->Flags & ImGuiTableFlags_ScrollX) == 0$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$Mismatching PushID/PopID!$Size > 0$Too many PopItemWidth!$g.CurrentWindow == outer_window && g.CurrentTable == table$g.TablesTempDataStacked > 0$i >= 0 && i < Size$inner_window == g.CurrentWindow$outer_window == inner_window || outer_window == inner_window->ParentWindow$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table != 0 && "Only call EndTable() if BeginTable() returns true!"$table->RowPosY2 == inner_window->DC.CursorPos.y
API String ID: 0-29353104
Opcode ID: d27b88a7b84d60060f1d43e547a95b6d442e419a7e3b281061a1875b2de5c0e7
Instruction ID: 9a1fd11a742434a9474621e7b02b98d351c30b757b179cc174ddb87bfca74e54
Opcode Fuzzy Hash: d27b88a7b84d60060f1d43e547a95b6d442e419a7e3b281061a1875b2de5c0e7
Instruction Fuzzy Hash: 7572D432A0A686D6E755EB3AC5843F8B3A0FF59744F868231DA4D121B1DF38B5D5CB20

Function 00007FF7AB990D02 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 232keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 00007FF7AB990D24
GetKeyState.USER32 ref: 00007FF7AB990D62
GetKeyState.USER32 ref: 00007FF7AB990D98
GetKeyState.USER32 ref: 00007FF7AB990DCE
GetKeyState.USER32 ref: 00007FF7AB990DE0
GetKeyState.USER32 ref: 00007FF7AB990EB1
GetKeyState.USER32 ref: 00007FF7AB990EED
GetKeyState.USER32 ref: 00007FF7AB990F3D
GetKeyState.USER32 ref: 00007FF7AB990F79
GetKeyState.USER32 ref: 00007FF7AB990FC9
GetKeyState.USER32 ref: 00007FF7AB991005

Strings

ImGui::IsNamedKey(key), xrefs: 00007FF7AB990E96
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB990E8F

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: State
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$ImGui::IsNamedKey(key)
API String ID: 1649606143-1336968070
Opcode ID: 320e79d58a395caa32967525c0a4eeebff8b16c0838ad5b5bb5afecf55618b72
Instruction ID: d87884b679490f69ddfcb52e214a03053fce6c3bb58fa3ba6236466cc4f6a35e
Opcode Fuzzy Hash: 320e79d58a395caa32967525c0a4eeebff8b16c0838ad5b5bb5afecf55618b72
Instruction Fuzzy Hash: EB912411E9E266C5FBF5B67C54013B9AA899F61748FDB0231FC6E061F5CF2C68829230

Function 00007FF7AB98CB40 Relevance: 22.0, APIs: 4, Strings: 8, Instructions: 1043COMMON

Download Yara Rule

APIs

00007FF8C61149A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF7AB98CE46
00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB98CF53
00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB98D049
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB98D0CA

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB98CC07, 00007FF7AB98CC52, 00007FF7AB98CC85, 00007FF7AB98CCD8, 00007FF7AB98CD37, 00007FF7AB98D12C, 00007FF7AB98D283, 00007FF7AB98D450, 00007FF7AB98D47E, 00007FF7AB98D4AE, 00007FF7AB98D5D3
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF7AB98D9D7
N/A, xrefs: 00007FF7AB98D1B2
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF7AB98D14E, 00007FF7AB98D1C9
tab->NameOffset < tab_bar->TabsNames.Buf.Size, xrefs: 00007FF7AB98D1D0
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB98CC00, 00007FF7AB98CC4B, 00007FF7AB98CC7E, 00007FF7AB98CCD1, 00007FF7AB98CD30, 00007FF7AB98D125, 00007FF7AB98D27C, 00007FF7AB98D449, 00007FF7AB98D477, 00007FF7AB98D4A7, 00007FF7AB98D5CC
tab->LastFrameVisible >= tab_bar->PrevFrameVisible, xrefs: 00007FF7AB98D155
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB98D9D0

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$F61310$C610C61149F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$N/A$i >= 0 && i < Size$tab->LastFrameVisible >= tab_bar->PrevFrameVisible$tab->NameOffset < tab_bar->TabsNames.Buf.Size
API String ID: 1871915874-1788247872
Opcode ID: 5820abf3aa6e2a9a6435a52d051bc92cb930e41dc594480a9ee2bd64a6871ad2
Instruction ID: cceccd0b3f322e0c8a7457cb8a3242cfb049269882646f207a74026c57a82fdd
Opcode Fuzzy Hash: 5820abf3aa6e2a9a6435a52d051bc92cb930e41dc594480a9ee2bd64a6871ad2
Instruction Fuzzy Hash: 9DB2E272A0A685CAE751EF7AC040178B7A0FF58789F968736DA4D632B4DF38E491C710

Function 00007FF7AB956EC0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 524COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB957633

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB956F7B, 00007FF7AB957345, 00007FF7AB957515
0 && "Unknown event!", xrefs: 00007FF7AB95746A
Processed, xrefs: 00007FF7AB9574F9
n >= 0 && n < BITCOUNT, xrefs: 00007FF7AB957193, 00007FF7AB957277
key != ImGuiKey_None, xrefs: 00007FF7AB95713B
Remaining, xrefs: 00007FF7AB957525
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB956F74, 00007FF7AB95733E, 00007FF7AB95750E, 00007FF7AB9575C1
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB95718C, 00007FF7AB957270
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB957043, 00007FF7AB957134, 00007FF7AB957463
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF7AB95704A
it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size, xrefs: 00007FF7AB9575C8

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: 0 && "Unknown event!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Processed$Remaining$button >= 0 && button < ImGuiMouseButton_COUNT$i >= 0 && i < Size$it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size$key != ImGuiKey_None$n >= 0 && n < BITCOUNT
API String ID: 2490902527-1923509833
Opcode ID: 9d7122f77f4900601a9ab4d39e2c51fd7ef0a40f690763102c54c3d4c4e04866
Instruction ID: 36274bf21f1779ec772152d26d2e48c574e9a273905fe713e4bc09024ce320be
Opcode Fuzzy Hash: 9d7122f77f4900601a9ab4d39e2c51fd7ef0a40f690763102c54c3d4c4e04866
Instruction Fuzzy Hash: E242F772B092C2C7EB28AB3996903B9BB90FB41744F854235DA9D476B5CF3CE558C720

Function 00007FF7AB950AC1 Relevance: 20.9, APIs: 2, Strings: 9, Instructions: 1604COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB950F1B
00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB950F38

Strings

window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF7AB951DD1
g.CurrentItemFlags & ImGuiItemFlags_Disabled, xrefs: 00007FF7AB950C45
i >= 0 && i < Size, xrefs: 00007FF7AB95101A, 00007FF7AB951EE5
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF7AB95263C
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF7AB952839
parent_window && parent_window->Active, xrefs: 00007FF7AB9514EB
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB951013, 00007FF7AB95148F, 00007FF7AB951E43, 00007FF7AB951EDE, 00007FF7AB951F72
Size > 0, xrefs: 00007FF7AB951496, 00007FF7AB951E4A, 00007FF7AB951F79
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB950C3E, 00007FF7AB9514E4, 00007FF7AB951DCA, 00007FF7AB952635, 00007FF7AB952832

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C610F020F61310
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$Size > 0$g.CurrentItemFlags & ImGuiItemFlags_Disabled$i >= 0 && i < Size$parent_window && parent_window->Active$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0
API String ID: 310658293-724765148
Opcode ID: b3f1eb45414ba6ca7e6f33ea2a8bd9fa96ac1de2a171c15e36db0dbd62f6233c
Instruction ID: fb107803c410fca0cf36f8c54d5f9b9a01ee323205099f9712aa9a9456cee65c
Opcode Fuzzy Hash: b3f1eb45414ba6ca7e6f33ea2a8bd9fa96ac1de2a171c15e36db0dbd62f6233c
Instruction Fuzzy Hash: FD03F532A09685D7E71ADB3A81803A9F7A0FF59344F498735DB59235B1DB38B0B8DB10

Function 00007FF7AB946CB0 Relevance: 16.1, APIs: 2, Strings: 7, Instructions: 396COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7AB945CA0), ref: 00007FF7AB9471A7
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB947227

Strings

!g.Initialized && !g.SettingsLoaded, xrefs: 00007FF7AB946CF0
Window, xrefs: 00007FF7AB946D06
n >= 0 && n < BITCOUNT, xrefs: 00007FF7AB947330
FindSettingsHandler(handler->TypeName) == 0, xrefs: 00007FF7AB946E20, 00007FF7AB946F4E
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB947329
Table, xrefs: 00007FF7AB946E3E
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB946CE9, 00007FF7AB946E19, 00007FF7AB946F47

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C610F020F61310
String ID: !g.Initialized && !g.SettingsLoaded$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$FindSettingsHandler(handler->TypeName) == 0$Table$Window$n >= 0 && n < BITCOUNT
API String ID: 310658293-416841283
Opcode ID: b9b3de01245e37adca7394df7974af3e1a3ec5f9ef583498da9b1ef0e776df8a
Instruction ID: 0b9b6aae08ced7ca1c728b9dee6b89388b86acaeb9a2f0f76a6d28386944feb6
Opcode Fuzzy Hash: b9b3de01245e37adca7394df7974af3e1a3ec5f9ef583498da9b1ef0e776df8a
Instruction Fuzzy Hash: 74128E72A0AB86C6EB54DF28E8942A9B7E4FB58744F854236DA8D433B5DF3CE055C310

Function 00007FF7AB961D70 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00007FF7AB961D7B
MultiByteToWideChar.KERNEL32 ref: 00007FF7AB961DAE
GlobalAlloc.KERNEL32 ref: 00007FF7AB961DC2
GlobalLock.KERNEL32 ref: 00007FF7AB961DD3
MultiByteToWideChar.KERNEL32 ref: 00007FF7AB961DF2
GlobalUnlock.KERNEL32 ref: 00007FF7AB961DFB
EmptyClipboard.USER32 ref: 00007FF7AB961E01
SetClipboardData.USER32 ref: 00007FF7AB961E0F
GlobalFree.KERNEL32 ref: 00007FF7AB961E1D
CloseClipboard.USER32 ref: 00007FF7AB961E23

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: ClipboardGlobal$ByteCharMultiWide$AllocCloseDataEmptyFreeLockOpenUnlock
String ID:
API String ID: 1965520120-0
Opcode ID: ebbd9d8b24dcedb596b0ca59058d4c86985b5e6383d3a38eef27f5b3966815bd
Instruction ID: e476598d7d598cd96bab23a4343e3def56de6f50366837f848c0663cc171f140
Opcode Fuzzy Hash: ebbd9d8b24dcedb596b0ca59058d4c86985b5e6383d3a38eef27f5b3966815bd
Instruction Fuzzy Hash: AC11B621B0AA02C2F7A4BB39B854239EAA5AF49BD1F454235EA4D437B4DF3CD0504710

Function 00007FF7AB977CE0 Relevance: 13.8, Strings: 10, Instructions: 1289COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF7AB977D54, 00007FF7AB978008, 00007FF7AB978161, 00007FF7AB978CC2
i >= 0 && i < Size, xrefs: 00007FF7AB9786E4
!is_visible, xrefs: 00007FF7AB978CC9
table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0, xrefs: 00007FF7AB978168
column->IndexWithinEnabledSet <= column->DisplayOrder, xrefs: 00007FF7AB97800F
#ContextMenu, xrefs: 00007FF7AB979129
p >= Data && p < DataEnd, xrefs: 00007FF7AB977E50, 00007FF7AB977E91, 00007FF7AB977F8F, 00007FF7AB978220, 00007FF7AB97833B, 00007FF7AB978388, 00007FF7AB978524, 00007FF7AB978646, 00007FF7AB978678, 00007FF7AB978900, 00007FF7AB978938, 00007FF7AB978A6C, 00007FF7AB978E47, 00007FF7AB978E81, 00007FF7AB978F16, 00007FF7AB9791DB, 00007FF7AB97920D
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB9786DD
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB977E49, 00007FF7AB977E8A, 00007FF7AB977F88, 00007FF7AB978219, 00007FF7AB978334, 00007FF7AB978381, 00007FF7AB97851D, 00007FF7AB97863F, 00007FF7AB978671, 00007FF7AB9788F9, 00007FF7AB978931, 00007FF7AB978A65, 00007FF7AB978E40, 00007FF7AB978E7A, 00007FF7AB978F0F, 00007FF7AB9791D4, 00007FF7AB979206
table->IsLayoutLocked == false, xrefs: 00007FF7AB977D5B

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: !is_visible$#ContextMenu$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->IndexWithinEnabledSet <= column->DisplayOrder$i >= 0 && i < Size$p >= Data && p < DataEnd$table->IsLayoutLocked == false$table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0
API String ID: 0-1387518580
Opcode ID: 19ad48cc859dbbf9d7e2c9b3bb525ef016caea7ee0b204106524b712a34c540f
Instruction ID: d6400dc893f517c8909f3cd0d02556258334189fe4056531d4355f5c7e62d0e2
Opcode Fuzzy Hash: 19ad48cc859dbbf9d7e2c9b3bb525ef016caea7ee0b204106524b712a34c540f
Instruction Fuzzy Hash: 67E2E232A09685E6E755EB3AC1803B8BBA0FF59744F898325DB48135B1DB38F4E5CB11

Function 00007FF7AB966C90 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 830COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF7AB9671E5

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2705777111
Opcode ID: 7387cb7062473289dbeb18ad4c2dbe16db4f777bf50c27aa19cab214a4cdd61b
Instruction ID: b7dc31ff9f4e4330a4d566bb90531b02c35f3a808dd48bbcb082a67ca91f379c
Opcode Fuzzy Hash: 7387cb7062473289dbeb18ad4c2dbe16db4f777bf50c27aa19cab214a4cdd61b
Instruction Fuzzy Hash: 7A728023A19BE885D343DB3A90411B9B7A1EF6E784F5AC323ED44A6672EB3CD551C700

Function 00007FF7AB961C20 Relevance: 12.1, APIs: 8, Instructions: 87clipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7AB9410A0: 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB94112E

OpenClipboard.USER32 ref: 00007FF7AB961C38
GetClipboardData.USER32 ref: 00007FF7AB961C55
CloseClipboard.USER32 ref: 00007FF7AB961C63

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: Clipboard$00007C610CloseDataF020Open
String ID:
API String ID: 330523670-0
Opcode ID: 26d566c6706ed3b603c2ca6413b7fcc995dc930fd5e624c9433e805aea778b59
Instruction ID: 5f5584ed59e0c84e8d1a6b08fb38231fb4b6c514305471e08ff77a736a3a2519
Opcode Fuzzy Hash: 26d566c6706ed3b603c2ca6413b7fcc995dc930fd5e624c9433e805aea778b59
Instruction Fuzzy Hash: A931A33270AB81C3E754AF3AB95416EA6A4FF88B90F954134EE8D437B4DF3CD4619620

Function 00007FF7AB951057 Relevance: 11.3, Strings: 8, Instructions: 1301COMMON

Download Yara Rule

Strings

window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF7AB951DD1
i >= 0 && i < Size, xrefs: 00007FF7AB951EE5
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF7AB95263C
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF7AB952839
parent_window && parent_window->Active, xrefs: 00007FF7AB9514EB
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB95148F, 00007FF7AB951E43, 00007FF7AB951EDE, 00007FF7AB951F72
Size > 0, xrefs: 00007FF7AB951496, 00007FF7AB951E4A, 00007FF7AB951F79
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB9514E4, 00007FF7AB951DCA, 00007FF7AB952635, 00007FF7AB952832

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$Size > 0$i >= 0 && i < Size$parent_window && parent_window->Active$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0
API String ID: 0-3978694688
Opcode ID: 3f237e97552aa75c3248c785fd912f95460ea14028f4fd3e92683d1cb82a74cd
Instruction ID: 175d1ac45f647fc721ded8cc78d502f7cf5d9973a873d27cc0eb8298c5ec48e5
Opcode Fuzzy Hash: 3f237e97552aa75c3248c785fd912f95460ea14028f4fd3e92683d1cb82a74cd
Instruction Fuzzy Hash: 9EE2D332A05789DBE71ADB3B81803A9F360FF59344F498725DB59235B1DB38B0B89B10

Function 00007FF7AB99C0F8 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7AB99C114
RtlCaptureContext.KERNEL32 ref: 00007FF7AB99C141
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7AB99C15B
RtlVirtualUnwind.KERNEL32 ref: 00007FF7AB99C19C
IsDebuggerPresent.KERNEL32 ref: 00007FF7AB99C1F0
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7AB99C20D
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7AB99C218

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 8964dd5a87bbd0479f9b080791705f60ec265abbfbc2f45a2eb81db15352648c
Instruction ID: 1462cfe55a3bdeda790e1371d867c1cb6dd003890bd16d8244aca7be324ebc4f
Opcode Fuzzy Hash: 8964dd5a87bbd0479f9b080791705f60ec265abbfbc2f45a2eb81db15352648c
Instruction Fuzzy Hash: DF313D72609A81CAEBA0AF64E8803EDB374FB45744F85403AEA4D47BB5DF38D558C720

Function 00007FF7AB95E1C0 Relevance: 10.5, Strings: 8, Instructions: 475COMMON

Download Yara Rule

Strings

g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None, xrefs: 00007FF7AB95E264
[nav] NavMoveRequest: clamp NavRectRel for gamepad move, xrefs: 00007FF7AB95E6AF
<NULL>, xrefs: 00007FF7AB95E522
!scoring_rect.IsInverted(), xrefs: 00007FF7AB95E9E4
[nav] NavInitRequest: from move, window "%s", layer=%d, xrefs: 00007FF7AB95E530
[nav] NavMoveRequestForward %d, xrefs: 00007FF7AB95E2A9
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB95E25D, 00007FF7AB95E286, 00007FF7AB95E9DD
g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded, xrefs: 00007FF7AB95E28D

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: !scoring_rect.IsInverted()$<NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: from move, window "%s", layer=%d$[nav] NavMoveRequest: clamp NavRectRel for gamepad move$[nav] NavMoveRequestForward %d$g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None$g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded
API String ID: 0-1751011103
Opcode ID: ad27c87af09b4b14593f7e486a964ee187bae4ca7698edc377c855b789bca920
Instruction ID: d733269e21e59511ec487348edb65d49ac526a9f80b28a1fc5888338d74cf271
Opcode Fuzzy Hash: ad27c87af09b4b14593f7e486a964ee187bae4ca7698edc377c855b789bca920
Instruction Fuzzy Hash: 29321A32D19FCAC2E352AB3A81812F8F350EF69794F598332DE58361F5DF2975858620

Function 00007FF7AB9696B0 Relevance: 10.4, Strings: 8, Instructions: 438COMMON

Download Yara Rule

Strings

dx >= 0, xrefs: 00007FF7AB96999A
dy >= 0, xrefs: 00007FF7AB969977
fabsf(area) <= 1.01f, xrefs: 00007FF7AB969B4A
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF7AB969742, 00007FF7AB969808, 00007FF7AB9698C7, 00007FF7AB969970, 00007FF7AB969993, 00007FF7AB969B43, 00007FF7AB969B6F
e->sy <= y_bottom && e->ey >= y_top, xrefs: 00007FF7AB96980F
x >= 0 && x < len, xrefs: 00007FF7AB9698CE
e->ey >= y_top, xrefs: 00007FF7AB969749
sy1 > y_final-0.01f, xrefs: 00007FF7AB969B76

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$dx >= 0$dy >= 0$e->ey >= y_top$e->sy <= y_bottom && e->ey >= y_top$fabsf(area) <= 1.01f$sy1 > y_final-0.01f$x >= 0 && x < len
API String ID: 0-3568222241
Opcode ID: 790997296c3ace0f49b917fc0f4bb1bfed2a2440f2ab62fef7e3b804057f5052
Instruction ID: 75c64b67b0be7fd2c5ccfbf63aa0c0fec0baa009780d80a55a6d7aa1599323e6
Opcode Fuzzy Hash: 790997296c3ace0f49b917fc0f4bb1bfed2a2440f2ab62fef7e3b804057f5052
Instruction Fuzzy Hash: D312E922D19B8DC2E212AB3B54820B5F350AFBF3C4F5A9732F948765B2DF2C71919611

Function 00007FF7AB9515F4 Relevance: 9.8, Strings: 7, Instructions: 1059COMMON

Download Yara Rule

Strings

window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF7AB951DD1
i >= 0 && i < Size, xrefs: 00007FF7AB951EE5
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF7AB95263C
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF7AB952839
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB951E43, 00007FF7AB951EDE, 00007FF7AB951F72
Size > 0, xrefs: 00007FF7AB951E4A, 00007FF7AB951F79
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB951DCA, 00007FF7AB952635, 00007FF7AB952832

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$Size > 0$i >= 0 && i < Size$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0
API String ID: 0-2721633926
Opcode ID: 3a8582e69ec41eebc354e7f3caa078da1806b86749e4762b78b60ad9c07f036c
Instruction ID: a38b5ff3558253dfc49e227695a13ad7581007a7b886caea4d6e084c4fd161b3
Opcode Fuzzy Hash: 3a8582e69ec41eebc354e7f3caa078da1806b86749e4762b78b60ad9c07f036c
Instruction Fuzzy Hash: C7C2D633A05789DBE71ADB3B81803A9F760FF59344F458726DB59231B1DB28B4B89B10

Function 00007FF7AB951788 Relevance: 9.7, Strings: 7, Instructions: 975COMMON

Download Yara Rule

Strings

window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0, xrefs: 00007FF7AB951DD1
i >= 0 && i < Size, xrefs: 00007FF7AB951EE5
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF7AB95263C
(flags & ImGuiWindowFlags_NoTitleBar) != 0, xrefs: 00007FF7AB952839
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB951E43, 00007FF7AB951EDE, 00007FF7AB951F72
Size > 0, xrefs: 00007FF7AB951E4A, 00007FF7AB951F79
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB951DCA, 00007FF7AB952635, 00007FF7AB952832

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (flags & ImGuiWindowFlags_NoTitleBar) != 0$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$Size > 0$i >= 0 && i < Size$window->DrawList->CmdBuffer.Size == 1 && window->DrawList->CmdBuffer[0].ElemCount == 0
API String ID: 0-2721633926
Opcode ID: 41937ffa5ad39c361a51778d9266a22bdb3efdcbd2e22226a5c421d51cc7aa34
Instruction ID: 3041236ec147840cb4850b93b3b89224ef23899047a0f0635fd3532353cdb2ef
Opcode Fuzzy Hash: 41937ffa5ad39c361a51778d9266a22bdb3efdcbd2e22226a5c421d51cc7aa34
Instruction Fuzzy Hash: 6DB2D532A05789DBE75ADB3A81803E9F360FF59344F458726DB59231B1DB38B0B89B10

Function 00007FF7AB97CDD0 Relevance: 9.0, Strings: 7, Instructions: 237COMMON

Download Yara Rule

Strings

(0) && "Calling PopItemFlag() too many times!", xrefs: 00007FF7AB97D13A
*Missing Text*, xrefs: 00007FF7AB97CE76
<Unknown>, xrefs: 00007FF7AB97D0B9
p >= Data && p < DataEnd, xrefs: 00007FF7AB97CE53, 00007FF7AB97CEE5, 00007FF7AB97CF83, 00007FF7AB97D090
Calling PopItemFlag() too many times!, xrefs: 00007FF7AB97D11D
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB97CE4C, 00007FF7AB97CEDE, 00007FF7AB97CF7C, 00007FF7AB97D089
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB97D133

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopItemFlag() too many times!"$*Missing Text*$<Unknown>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Calling PopItemFlag() too many times!$p >= Data && p < DataEnd
API String ID: 0-3275063505
Opcode ID: 3f237b405e67921bd9baae32f9dd3e624540f6d79c49b90a67d27e0e418c0d1c
Instruction ID: 7056fe7d5ec4b18217b2ed1e64652b640b73b92ab856e0f83c8d27a5145ac9b9
Opcode Fuzzy Hash: 3f237b405e67921bd9baae32f9dd3e624540f6d79c49b90a67d27e0e418c0d1c
Instruction Fuzzy Hash: 2CB10972A0E642D2EB54AB2CD5442B8A7E1FF45B88F964035DE4C036B5DF3CE8A5C760

Function 00007FF7AB95D620 Relevance: 8.1, Strings: 6, Instructions: 635COMMON

Download Yara Rule

Strings

g.NavActivateDownId == g.NavActivateId, xrefs: 00007FF7AB95DD3B
[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s", xrefs: 00007FF7AB95D837
g.NavWindow != 0, xrefs: 00007FF7AB95DF11
g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu, xrefs: 00007FF7AB95D94C
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB95D945, 00007FF7AB95DD34, 00007FF7AB95DDD9, 00007FF7AB95DF0A
g.NavMoveDir == ImGuiDir_None, xrefs: 00007FF7AB95DDE0

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s"$g.NavActivateDownId == g.NavActivateId$g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu$g.NavMoveDir == ImGuiDir_None$g.NavWindow != 0
API String ID: 0-2167808928
Opcode ID: 7671274bc0dd26eb4ebbe6ea0c97f13e0fad0c97d3858c6814ea3660373551da
Instruction ID: c771f5f4a1d4a9086502476e088ef2e36a66e93c537d12dd863300c8282585e1
Opcode Fuzzy Hash: 7671274bc0dd26eb4ebbe6ea0c97f13e0fad0c97d3858c6814ea3660373551da
Instruction Fuzzy Hash: 4172C032D0A6C2C9F765AB3DC0847B9A791EF45B48F8A4335DA5C072F1CB7864A9C721

Function 00007FF7AB97F9E0 Relevance: 8.0, Strings: 6, Instructions: 493COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF7AB97FB94
id != 0, xrefs: 00007FF7AB97FB9B
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB97FCFF, 00007FF7AB980051, 00007FF7AB9800F9
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB980028
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF7AB97FD06, 00007FF7AB980058, 00007FF7AB980100
button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown)))), xrefs: 00007FF7AB98002F

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown))))$button >= 0 && button < ImGuiMouseButton_COUNT$id != 0
API String ID: 2490902527-2768765550
Opcode ID: 4c5858ae4fe6bd66d00e95a885ed09769b91269d42ad093b2d2eebc05ab20f39
Instruction ID: 1ca4b995b53f8be1a0a0bc4530622c67015a1b77980be51a9d66671c51e6700e
Opcode Fuzzy Hash: 4c5858ae4fe6bd66d00e95a885ed09769b91269d42ad093b2d2eebc05ab20f39
Instruction Fuzzy Hash: 3E22E932E0E2C6C6EB69AA3D91403B9E6D1AF45344F964235DE5D272F1CF3CB4948B20

Function 00007FF7AB94DFB0 Relevance: 7.2, Strings: 5, Instructions: 977COMMON

Download Yara Rule

Strings

6, xrefs: 00007FF7AB94E607
#RESIZE, xrefs: 00007FF7AB94E142
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB94E70D, 00007FF7AB94E77B, 00007FF7AB94E903, 00007FF7AB94E944, 00007FF7AB94E986, 00007FF7AB94E9C0, 00007FF7AB94EA27, 00007FF7AB94EA5C, 00007FF7AB94EA87, 00007FF7AB94EAB9
5, xrefs: 00007FF7AB94E62E
idx == 0 || idx == 1, xrefs: 00007FF7AB94E714, 00007FF7AB94E782, 00007FF7AB94E90A, 00007FF7AB94E94B, 00007FF7AB94E98D, 00007FF7AB94E9C7, 00007FF7AB94EA2E, 00007FF7AB94EA63, 00007FF7AB94EA8E, 00007FF7AB94EAC0

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: #RESIZE$5$6$C:\Users\55yar\Desktop\imgui-master\imgui.h$idx == 0 || idx == 1
API String ID: 0-650503096
Opcode ID: d6c8c0afbd8b1871df6ce445ef2f1cba41de2b837bf73b3bb49d2c8bf29cc9b7
Instruction ID: fa69f7f9d8d6be658b952678e61cc548b1fe25b4ec01571d3c04a971b3e2efac
Opcode Fuzzy Hash: d6c8c0afbd8b1871df6ce445ef2f1cba41de2b837bf73b3bb49d2c8bf29cc9b7
Instruction Fuzzy Hash: 4AB24832D09A89C6E356EB3AD4412B9F760EF5A344F5A8731EA4C275B1DF38B485CB10

Function 00007FF7AB97D530 Relevance: 6.4, Strings: 5, Instructions: 140COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF7AB97D5E7, 00007FF7AB97D610
p >= begin() && p < end(), xrefs: 00007FF7AB97D5B6
settings->ID == table->ID, xrefs: 00007FF7AB97D5EE
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB97D5AF
settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount, xrefs: 00007FF7AB97D617

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$p >= begin() && p < end()$settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount$settings->ID == table->ID
API String ID: 0-2168725360
Opcode ID: 81fdfe0895e2e1dec32a2632009a5933e542f692bb517f10a4627c86eb4c6a01
Instruction ID: 047b171ce5701f48d8c746c4512060ed9cd0b0d2ae9b0f4598b5068dacdb3e5a
Opcode Fuzzy Hash: 81fdfe0895e2e1dec32a2632009a5933e542f692bb517f10a4627c86eb4c6a01
Instruction Fuzzy Hash: ED61D17390A681CADB50DF29E4842A9BBE0FF41744F85C436DA8D472B5DB3CE595CB20

Function 00007FF7AB99C388 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7AB99C3B4
GetCurrentThreadId.KERNEL32 ref: 00007FF7AB99C3C2
GetCurrentProcessId.KERNEL32 ref: 00007FF7AB99C3CE
QueryPerformanceCounter.KERNEL32 ref: 00007FF7AB99C3DE

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 68b080e5c74ecdc989d9497fb427bfec2812cf223949a70a0905cf8ba2b6c893
Instruction ID: 5808f8c912b0745533ae7b0ac4baa810991b4f6f24ba14ced7aa0ae9173c2a55
Opcode Fuzzy Hash: 68b080e5c74ecdc989d9497fb427bfec2812cf223949a70a0905cf8ba2b6c893
Instruction Fuzzy Hash: 2D118832B05B05CAFB009F74E8542B873A4FB1A758F800E31EA2D867B4DF38D0698390

Function 00007FF7AB95FA00 Relevance: 5.6, Strings: 4, Instructions: 628COMMON

Download Yara Rule

Strings

##NavUpdateWindowing, xrefs: 00007FF7AB95FAE6
shared_mods != 0, xrefs: 00007FF7AB95FEB3
GImGui != 0, xrefs: 00007FF7AB9600D7, 00007FF7AB960133
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB95FEAC, 00007FF7AB9600D0, 00007FF7AB96012C

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: ##NavUpdateWindowing$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0$shared_mods != 0
API String ID: 0-1670481530
Opcode ID: b7e2bca78996d73e6df91f3e007b39354a8ddc98e3e5df1b4a813864c6d28128
Instruction ID: ae16604191cb50dc19864eea906a8fb3f07a1c73b0ca0f89410292002e7d2371
Opcode Fuzzy Hash: b7e2bca78996d73e6df91f3e007b39354a8ddc98e3e5df1b4a813864c6d28128
Instruction Fuzzy Hash: 6F62E732E0A686D6E759AB3981D43B9A390FF45754F868235CA5C132F2DF3CB498C721

Function 00007FF7AB94FBB0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON

Download Yara Rule

Strings

#COLLAPSE, xrefs: 00007FF7AB94FDAE
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB94FD32, 00007FF7AB94FF5F
#CLOSE, xrefs: 00007FF7AB94FFDA
Size > 0, xrefs: 00007FF7AB94FD39, 00007FF7AB94FF66

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: #CLOSE$#COLLAPSE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-766050946
Opcode ID: a67e50b83d592246443fcd8d3d152a588ef8dd5db0c3927b8a3e062520e6a67e
Instruction ID: 5149a548888c46c9427a417597e9dca9da193e57ebd8d7eff4dc35554ed516a1
Opcode Fuzzy Hash: a67e50b83d592246443fcd8d3d152a588ef8dd5db0c3927b8a3e062520e6a67e
Instruction Fuzzy Hash: 35122C32E09B89C5E711DB3A90416F9F760EF6A344F569732EE4C236B1DF29A085C710

Function 00007FF7AB980DE0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF7AB980FF9
ImMax(size_contents_v, size_visible_v) > 0.0f, xrefs: 00007FF7AB981000
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB98111A, 00007FF7AB981152
idx == 0 || idx == 1, xrefs: 00007FF7AB981121, 00007FF7AB981159

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImMax(size_contents_v, size_visible_v) > 0.0f$idx == 0 || idx == 1
API String ID: 0-3128625980
Opcode ID: d744e562028f4b66b108c56f552990e2abd130176bffe4103f61c6c0364d74d3
Instruction ID: 8458790f3701dc36212c68ad4faa2bf914acd31f497c57f353493593a6815d01
Opcode Fuzzy Hash: d744e562028f4b66b108c56f552990e2abd130176bffe4103f61c6c0364d74d3
Instruction Fuzzy Hash: 0C123722D19BDDC6E213A67B94412B9E350AF6E385F5DCB32FD48325B1DF28B0C19650

Function 00007FF7AB982A00 Relevance: 5.3, Strings: 4, Instructions: 302COMMON

Download Yara Rule

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB982CAA
#ComboPopup, xrefs: 00007FF7AB982C31
##v, xrefs: 00007FF7AB982A6E, 00007FF7AB982ECF
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB982CA3

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: ##v$#ComboPopup$C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 0-2429816084
Opcode ID: 8d46a56935c2483b85baddb845902eca00119b29638dba1ede19879076b754c5
Instruction ID: 18d76e5bbfcc90a36640b13c26bf8fdc7cba0180fd7bfcb368c085d223cb1665
Opcode Fuzzy Hash: 8d46a56935c2483b85baddb845902eca00119b29638dba1ede19879076b754c5
Instruction Fuzzy Hash: 2DE10532E19B89CAE311DB7A84402F9B360FF69348F969726EE08375B5DF28A055D710

Function 00007FF7AB98C310 Relevance: 4.1, Strings: 3, Instructions: 301COMMON

Download Yara Rule

Strings

(0) && "Calling PopItemFlag() too many times!", xrefs: 00007FF7AB98C8CB
Calling PopItemFlag() too many times!, xrefs: 00007FF7AB98C8AE
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB98C8C4

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopItemFlag() too many times!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Calling PopItemFlag() too many times!
API String ID: 0-102052167
Opcode ID: 115397381942e15198dfb801fe7992c76b0b96dc602557bbf8e8a78697b33bdd
Instruction ID: 100efbd7569160c230831a5d559226be7d874485079cd53e0a3c91f7f3e4a86e
Opcode Fuzzy Hash: 115397381942e15198dfb801fe7992c76b0b96dc602557bbf8e8a78697b33bdd
Instruction Fuzzy Hash: 51E1E572919AC9C5E326AB3A94413F9F3A0FF59744F498332EE89271B1DF29A0D5C710

Function 00007FF7AB96B1E0 Relevance: 3.3, APIs: 2, Instructions: 255COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB96B53F
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB96B5C0

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID:
API String ID: 1173767890-0
Opcode ID: 643325f106a4015a9651018ec23825aa08e0a3e246b7ab18464e5e75462acc61
Instruction ID: 574457a0e148aaff62e661b6d24b6b9657e63be607deb34ce97ba0409f7262a3
Opcode Fuzzy Hash: 643325f106a4015a9651018ec23825aa08e0a3e246b7ab18464e5e75462acc61
Instruction Fuzzy Hash: FAB12733A15AD5C6D321EF3994552BEF7A4FF58B84F458322EB8512674EB39E082C710

Function 00007FF7AB99105B Relevance: 3.0, APIs: 2, Instructions: 26COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 00007FF7AB99105D
GetLocaleInfoA.KERNEL32 ref: 00007FF7AB991079

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: InfoKeyboardLayoutLocale
String ID:
API String ID: 1218629382-0
Opcode ID: 9e33f65f36021c76e3ce5085f13d9bf961fb33b85001965e3fe80dccfd441406
Instruction ID: 82bd28c9236dd5cfef8bf22ae346986516595f14276829e2daa26d73d918349a
Opcode Fuzzy Hash: 9e33f65f36021c76e3ce5085f13d9bf961fb33b85001965e3fe80dccfd441406
Instruction Fuzzy Hash: 46F0EC22A11A81C2E7A28B3AA0006AEA398FB08750F564037CF8D43230CE38D4C3C700

Function 00007FF7AB95C250 Relevance: 2.8, Strings: 2, Instructions: 281COMMON

Download Yara Rule

Strings

(window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened, xrefs: 00007FF7AB95C2E4
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB95C2DD

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: (window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened$C:\Users\55yar\Desktop\imgui-master\imgui.cpp
API String ID: 0-3836044477
Opcode ID: fd5fe447b9d7518a35cc5895bd672c193580b2feb93a140ec6dd6fc64d8195f5
Instruction ID: 501e89b442b48d0ec9ec00d388eb1e50f85a7aa55180090699c43a457d558646
Opcode Fuzzy Hash: fd5fe447b9d7518a35cc5895bd672c193580b2feb93a140ec6dd6fc64d8195f5
Instruction Fuzzy Hash: 16D1C823D4EA8EC1F222763F40821B9E3A09F7E385F5A9732FD5C765B1DB2876894510

Function 00007FF7AB967EF0 Relevance: 2.7, Strings: 2, Instructions: 225COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF7AB968FAD
!(o > b->size || o < 0), xrefs: 00007FF7AB968FB4

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: !(o > b->size || o < 0)$C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2013812653
Opcode ID: fdb839840d1717f9b44b9ca140c23bba9e5d56527fed56afe8963279d5580143
Instruction ID: a7c406c68ad71d80434e776c9fa878899a21d381ef2993fee3ca8bbaa8f94ac1
Opcode Fuzzy Hash: fdb839840d1717f9b44b9ca140c23bba9e5d56527fed56afe8963279d5580143
Instruction Fuzzy Hash: A3B1BE32A08AC4CAE701DF7E94811BDBBB0FB8D385F555325EF8922675DB78A585CB00

Function 00007FF7AB96BFC0 Relevance: 2.7, Strings: 2, Instructions: 203COMMON

Download Yara Rule

Strings

pixels[i*stride_in_bytes] == 0, xrefs: 00007FF7AB96C1F5
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF7AB96C1EE

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i*stride_in_bytes] == 0
API String ID: 0-15633718
Opcode ID: 32ad749d566af6c39d93c85aa81a55f15b3c0c613e78de5831523cd2df5458f3
Instruction ID: 7931128112de4f7ca80933810be8d4fb244d224949887ff5f3de35bbb9d5612c
Opcode Fuzzy Hash: 32ad749d566af6c39d93c85aa81a55f15b3c0c613e78de5831523cd2df5458f3
Instruction Fuzzy Hash: 4F712773A0D2E287D326572CA85036EFEE1B78D344F5E8235FAC9C2B65C93CD5118A51

Function 00007FF7AB96BD10 Relevance: 2.7, Strings: 2, Instructions: 196COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF7AB96BF4D
pixels[i] == 0, xrefs: 00007FF7AB96BF54

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i] == 0
API String ID: 0-2060079458
Opcode ID: 4e2adfccef81c1e3fbce711a22a967c822f26381485c6c60a2143650ecba5023
Instruction ID: 0a294fbde6999c4736188fb1822af06497f856bc90fd55cfe99816d69187caf5
Opcode Fuzzy Hash: 4e2adfccef81c1e3fbce711a22a967c822f26381485c6c60a2143650ecba5023
Instruction Fuzzy Hash: D271256362D6E186C3119B3D981167AFFE1E789304F594235EACC83B74DA3ED104CB11

Function 00007FF7AB9759E0 Relevance: 2.6, Strings: 2, Instructions: 124COMMON

Download Yara Rule

Strings

text_end != 0, xrefs: 00007FF7AB975A2F
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB975A28

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$text_end != 0
API String ID: 0-48455972
Opcode ID: a09c2614e3254487966167fc92d77515f9d689761ec6439a3a093dfee68bc64c
Instruction ID: a251bd7607742e17f18f40c783aeed5747b1f1364d22eb23831796b99ea03128
Opcode Fuzzy Hash: a09c2614e3254487966167fc92d77515f9d689761ec6439a3a093dfee68bc64c
Instruction Fuzzy Hash: 4341A731A0A659C6F9A1A93B5480179E691EF59780FDA8733DD08166B49B38E4C18A10

Function 00007FF7AB9546F0 Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB95470F
Size > 0, xrefs: 00007FF7AB954716

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-1180621679
Opcode ID: 6ed20166e65553b91257ace29f513335ab454b8572dbed2f61cfc2601968656f
Instruction ID: 11ec839a4ceb9f8892cac7176b7b49b3f745981a2bf9c8c01d1e9beaecc11041
Opcode Fuzzy Hash: 6ed20166e65553b91257ace29f513335ab454b8572dbed2f61cfc2601968656f
Instruction Fuzzy Hash: AC31AE72B141E58FEB94CB76A860F797B60E3D5782B8A6121EF8417A58C73CD111CB60

Function 00007FF7AB954620 Relevance: 2.6, Strings: 2, Instructions: 52COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB954648
Size > 0, xrefs: 00007FF7AB95464F

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-1180621679
Opcode ID: 41e8903e6fabd6bbd9ecf70a232ba5207c90942fc97139b669773e5e4f2473b7
Instruction ID: a68e881c62efc097623e31a1de3c4bdaeccef829143df1f81e2546980b4ceafe
Opcode Fuzzy Hash: 41e8903e6fabd6bbd9ecf70a232ba5207c90942fc97139b669773e5e4f2473b7
Instruction Fuzzy Hash: 2A110AB1609691C6DB44CB65D4F0079B7A0F788781F82103BEBCE07669DE3CD195C760

Function 0000023830B5BA30 Relevance: 1.7, Strings: 1, Instructions: 479COMMON

Download Yara Rule

Strings

P, xrefs: 0000023830B5BE43

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction ID: fdaff0e9fc7219f08d39f51520c1baee09abd8824fa571b517c8a1210c9afaa7
Opcode Fuzzy Hash: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction Fuzzy Hash: 8E12E1706187448FD348DF28C490A6AB7E2FBCD308F504AADF58AD7765DA34EA41CB42

Function 0000023830C32720 Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

@, xrefs: 0000023830C32AA8

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: af22b2a64cd9b34464c746f31960b8c553625a99857650b96e506a8a1dbf1dca
Instruction ID: ec1a7112c401c5248942de613be487937b399c49e7538149e9f979c49f6cfe31
Opcode Fuzzy Hash: af22b2a64cd9b34464c746f31960b8c553625a99857650b96e506a8a1dbf1dca
Instruction Fuzzy Hash: 40E12B7421CB888FEBA4DF18D45876AB7E1FB99305F10595DE08EC32A0DB78D885DB06

Function 00007FF7AB9654F0 Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF7AB965726

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2705777111
Opcode ID: 64546066472ca3b8349dd8d249968d4cd0d82be6d00cd49db611cd94df8f4d3b
Instruction ID: 4eed2ecab0f294bf22c8eb7f67524078f35b43f16577ea3c2363a38727f695c9
Opcode Fuzzy Hash: 64546066472ca3b8349dd8d249968d4cd0d82be6d00cd49db611cd94df8f4d3b
Instruction Fuzzy Hash: AB5115B6A250B583EA609F2AC8D15BC77D1E74E742FD48076D25882EB1C52DC14A9F21

Function 00007FF7AB96DB50 Relevance: .9, Instructions: 868COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cec9f3207f90c17bf83e7f319c363e9946d9f7723929caf69ceb34e99a9d0ca
Instruction ID: e39814cb6df9727f798bc50a60ee1a3ba099fd6d137dacb3d2fd957af55e06be
Opcode Fuzzy Hash: 4cec9f3207f90c17bf83e7f319c363e9946d9f7723929caf69ceb34e99a9d0ca
Instruction Fuzzy Hash: E5925F33925B8886C716CF3B9481169BB60FFADB84B16D716EE0823775EB35E494DB00

Function 00007FF7AB945D90 Relevance: .6, Instructions: 579COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C612
String ID:
API String ID: 1428191659-0
Opcode ID: fe0cf0a24c23df17e732a26cca348952e46e2a57f34f0cc16e213b989c523f67
Instruction ID: 6d5d7a83527668166e1bf52c0dfc980297d15a8bffbd890f6c4fb520d0b1a258
Opcode Fuzzy Hash: fe0cf0a24c23df17e732a26cca348952e46e2a57f34f0cc16e213b989c523f67
Instruction Fuzzy Hash: FD829E73805BC187D328CF34B9981DAB7A8FB55340F115219DBF623A61DB78E1A6E708

Function 00007FF7AB98A370 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bbb6e06cd0572142406bc8820cf09fa7d9373683b7a630237fee7807b62f422
Instruction ID: 3e6df2a5a2391efff9aeabd6dd66d0a1f2db03d2f3df4108a17f92255402a5a2
Opcode Fuzzy Hash: 6bbb6e06cd0572142406bc8820cf09fa7d9373683b7a630237fee7807b62f422
Instruction Fuzzy Hash: F822D172E096C5CAE7119BBA90403FEF7B0EB59349F494335EE48265B5DB38A494CB20

Function 00007FF7AB976BC0 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9cecffe5e39252dc6b37e68d711e718fe0b460a9a36639389aa25d1d7f6c5b7
Instruction ID: 7fe8a463c132f55784e5b2819f07dde2770581723b20a67324ec8291625cbad7
Opcode Fuzzy Hash: c9cecffe5e39252dc6b37e68d711e718fe0b460a9a36639389aa25d1d7f6c5b7
Instruction Fuzzy Hash: 4E020C23E19B89C7D211A63A94421B9F360FFAF384F655721FE44229B2DF29F0919B10

Function 00007FF7AB98BA80 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9ad75ff6661641dfb7484e34b5a95549a9178d9c6d9aff604fea6769ac66a9f
Instruction ID: 0f209f325bf8e4889621508c648ae9b7b17854edc4fae3b63bd5430c6a290c5e
Opcode Fuzzy Hash: e9ad75ff6661641dfb7484e34b5a95549a9178d9c6d9aff604fea6769ac66a9f
Instruction Fuzzy Hash: 67F1C2B290A682CAE771AA6D91403BEB7A0EB45745F9E4134DE99072F5CF3FE444C720

Function 00007FF7AB949730 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f2afc71bcb6e60fe6b48f1fd428c52dd563754f62c92c5580ba7913ac805761
Instruction ID: 9052f5af9320973ec0e7e6cfb25c7e89bbf79c1f9a12379c1c20baf19d809282
Opcode Fuzzy Hash: 2f2afc71bcb6e60fe6b48f1fd428c52dd563754f62c92c5580ba7913ac805761
Instruction Fuzzy Hash: 9CD1A36290F6C2DDEB65AE3D40003B9A7D0AF1A748F9E8135ED491A5F6CF3CA8459331

Function 00007FF7AB98E5B0 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 921d0129446da77aaddaa4aa987365c8784144cb00f78a1ee875d2a03e3975c2
Instruction ID: 5cfabf095afd8dd7c591e78f6067ccaa675d2baae6cacf325a58fa847bf6ff3f
Opcode Fuzzy Hash: 921d0129446da77aaddaa4aa987365c8784144cb00f78a1ee875d2a03e3975c2
Instruction Fuzzy Hash: 15C12A36750B8982EB148F3BD454BAD6771EB9AF89F09D235CE0A17B68DF3AC1458700

Function 00007FF7AB96AD40 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 562b7d3f91c9f74b619fe1397834ae2ab76450cf0a24359a5ff58522b0b22631
Instruction ID: 3c83afebc23a68b59caec114f128465548c64d0e6ffbb656212fa965dc41208d
Opcode Fuzzy Hash: 562b7d3f91c9f74b619fe1397834ae2ab76450cf0a24359a5ff58522b0b22631
Instruction Fuzzy Hash: 48B18722E28FCC81E223A63754821F9E650AF7F3C5F2EDB23FD84756B2AB2561D15510

Function 00007FF7AB955A30 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a80b03f7bc89fefc7a1c72021f62cde799e707efb33d253c2770a742c07cca4
Instruction ID: 116632f423921f2b9a854e25e3459c011d824e415750250ffda8e1523d4a9c73
Opcode Fuzzy Hash: 4a80b03f7bc89fefc7a1c72021f62cde799e707efb33d253c2770a742c07cca4
Instruction Fuzzy Hash: 2BD1C132D4A3C1DAE3519F3984807F87B94FB66B08F4E837ADB8817666CB2954549B30

Function 00007FF7AB95F250 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3416371920b2550550669ab83c2473f1f835fb7ea68a55657360c14b7f5196a9
Instruction ID: 9d611ea7753f18ae71fd43546439a64d695fadd02fb2f041f87939b6ea1afab5
Opcode Fuzzy Hash: 3416371920b2550550669ab83c2473f1f835fb7ea68a55657360c14b7f5196a9
Instruction Fuzzy Hash: EE912432959685C7E356AF3A90803FEB3A0FF04768F598335CB59161F5DB38B5898B20

Function 0000023830B93841 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction ID: 8f60a195d6f7ff8a9d00f3ef039faeb7920a6cf85c5f7e98934ea5b2fa68ee25
Opcode Fuzzy Hash: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction Fuzzy Hash: 48410DDFC0DAC51BC7428664ACAA6827F709A2324EBCF58DBD498CA587F048D409D712

Function 00007FF7AB957C60 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 76COMMON

Download Yara Rule

APIs

00007FF8C6125630.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7AB957C8F
00007FF8C6125630.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7AB957CA4

Strings

sz_vec2 == sizeof(ImVec2) && "Mismatched struct layout!", xrefs: 00007FF7AB957D24
strcmp(version, "1.91.6 WIP") == 0 && "Mismatched version string!", xrefs: 00007FF7AB957CBA
sz_style == sizeof(ImGuiStyle) && "Mismatched struct layout!", xrefs: 00007FF7AB957D02
sz_vec4 == sizeof(ImVec4) && "Mismatched struct layout!", xrefs: 00007FF7AB957D48
sz_io == sizeof(ImGuiIO) && "Mismatched struct layout!", xrefs: 00007FF7AB957CDD
sz_vert == sizeof(ImDrawVert) && "Mismatched struct layout!", xrefs: 00007FF7AB957D6C
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB957CB3, 00007FF7AB957CD6, 00007FF7AB957CFB, 00007FF7AB957D1D, 00007FF7AB957D41, 00007FF7AB957D65, 00007FF7AB957D89
1.91.6 WIP, xrefs: 00007FF7AB957C80, 00007FF7AB957C98
sz_idx == sizeof(ImDrawIdx) && "Mismatched struct layout!", xrefs: 00007FF7AB957D90

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C6125630
String ID: 1.91.6 WIP$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$strcmp(version, "1.91.6 WIP") == 0 && "Mismatched version string!"$sz_idx == sizeof(ImDrawIdx) && "Mismatched struct layout!"$sz_io == sizeof(ImGuiIO) && "Mismatched struct layout!"$sz_style == sizeof(ImGuiStyle) && "Mismatched struct layout!"$sz_vec2 == sizeof(ImVec2) && "Mismatched struct layout!"$sz_vec4 == sizeof(ImVec4) && "Mismatched struct layout!"$sz_vert == sizeof(ImDrawVert) && "Mismatched struct layout!"
API String ID: 1529501491-1295771896
Opcode ID: 81d2e9201c58c4257a11a08258dd765dc5fa7c07bb397093847fbf6462c9f984
Instruction ID: 837c4e150791539ed2e6ccd178cbcc1d0bd30bcf0b9d11d730a4eeb3a1154bb2
Opcode Fuzzy Hash: 81d2e9201c58c4257a11a08258dd765dc5fa7c07bb397093847fbf6462c9f984
Instruction Fuzzy Hash: 7F317A20A1BA02C4F750BB2DE984170A7A5FF59784FC64035E94E036B6DF2DE259C7A0

Function 0000023830BC6FF0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000023830BC722D
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830BC72AA
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830BC72C3
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000023830BC7303
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830BC7362
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830BC737B
_Min_value.LIBCPMTD ref: 0000023830BC73B2
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830BC73CE
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023830BC73E7
_Max_value.LIBCPMTD ref: 0000023830BC741E
_Min_value.LIBCPMTD ref: 0000023830BC743B

Part of subcall function 0000023830BCF190: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000023830BCF1B5

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction ID: 83e1edbbd997c43d9c0409a9272b82ebe3b5ac476cb006ddf5f9add327aa148e
Opcode Fuzzy Hash: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction Fuzzy Hash: 5602EBB0518B888FD7B5EB18C498BDBB3E5FBA8305F40095EE58EC7291DE349545CB42

Function 00007FF7AB94C240 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 313COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB94C5B2

Strings

##Foreground, xrefs: 00007FF7AB94C5E0
g.Initialized, xrefs: 00007FF7AB94C261
draw_data->CmdLists.Size == draw_data->CmdListsCount, xrefs: 00007FF7AB94C61C
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF7AB94C339
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB94C672
Size > 0, xrefs: 00007FF7AB94C679
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB94C25A, 00007FF7AB94C332, 00007FF7AB94C615
##Background, xrefs: 00007FF7AB94C3E3

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: ##Background$##Foreground$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$Size > 0$draw_data->CmdLists.Size == draw_data->CmdListsCount$g.Initialized
API String ID: 2490902527-3285338674
Opcode ID: 1f975bc8c4991e73a3ff96bd07aa82c4641d671dcbcfc2fcd8acd1bc283286ba
Instruction ID: b7ce316d72f45c3b5a404b60bfa3ceea0cdfd4870fcea222552a96723e7fb9c3
Opcode Fuzzy Hash: 1f975bc8c4991e73a3ff96bd07aa82c4641d671dcbcfc2fcd8acd1bc283286ba
Instruction Fuzzy Hash: CAE1A332B0AA86CAEB50EF29D5446B9B7B5FB44B84F8A4135DA0D43775DF38E851C310

Function 00007FF7AB9852B0 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 211COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB9853CB
00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB985498

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB98552C
idx <= obj->TextLen, xrefs: 00007FF7AB985508
((char*)(state->undo_rec + state->redo_point + 1) + move_size) <= buf_end, xrefs: 00007FF7AB985475
C:\Users\55yar\Desktop\imgui-master\imstb_textedit.h, xrefs: 00007FF7AB98543A, 00007FF7AB98546E
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF7AB985501
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB985525
((char*)(state->undo_rec + state->redo_point)) >= buf_begin, xrefs: 00007FF7AB985441

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: ((char*)(state->undo_rec + state->redo_point + 1) + move_size) <= buf_end$((char*)(state->undo_rec + state->redo_point)) >= buf_begin$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$C:\Users\55yar\Desktop\imgui-master\imstb_textedit.h$i >= 0 && i < Size$idx <= obj->TextLen
API String ID: 2490902527-1648308927
Opcode ID: 2120b2c391bdda5362f8aeb3731c43fd56754891b27e07fc2895b1452c4541ea
Instruction ID: 68f4bb8686e46a63be503177aed72c292daef91560a443dd2e8f318602040830
Opcode Fuzzy Hash: 2120b2c391bdda5362f8aeb3731c43fd56754891b27e07fc2895b1452c4541ea
Instruction Fuzzy Hash: 0691FDB2B1678582EB00DF28D4443BCA762FB95B8AF8A4135CA4D07675DB3CE546C720

Function 00007FF7AB9719E0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 180COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140(00000000,?,00000000,?,00007FF7AB971E8F), ref: 00007FF7AB971C6E

Strings

font_cfg->FontData != 0 && font_cfg->FontDataSize > 0, xrefs: 00007FF7AB971A39
font_cfg->OversampleH > 0 && font_cfg->OversampleV > 0 && "Is ImFontConfig struct correctly initialized?", xrefs: 00007FF7AB971A86
!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF7AB971A13
font_cfg->SizePixels > 0.0f && "Is ImFontConfig struct correctly initialized?", xrefs: 00007FF7AB971A60
Fonts.Size > 0 && "Cannot use MergeMode for the first font", xrefs: 00007FF7AB971BB2
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB971BD7, 00007FF7AB971C0F
Size > 0, xrefs: 00007FF7AB971BDE, 00007FF7AB971C16
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB971A0C, 00007FF7AB971A32, 00007FF7AB971A59, 00007FF7AB971A7F, 00007FF7AB971BAB

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$Fonts.Size > 0 && "Cannot use MergeMode for the first font"$Size > 0$font_cfg->FontData != 0 && font_cfg->FontDataSize > 0$font_cfg->OversampleH > 0 && font_cfg->OversampleV > 0 && "Is ImFontConfig struct correctly initialized?"$font_cfg->SizePixels > 0.0f && "Is ImFontConfig struct correctly initialized?"
API String ID: 2490902527-1408190167
Opcode ID: 5bb6bdf7373f25fdb8eced6fed7d171249a11ccea3e327e4bfe4a3ffe85ec404
Instruction ID: 71fac287b1de8de93243c8b61a269869efe01a8c90c197250d192b2dd099b326
Opcode Fuzzy Hash: 5bb6bdf7373f25fdb8eced6fed7d171249a11ccea3e327e4bfe4a3ffe85ec404
Instruction Fuzzy Hash: C691D532A09B92D6EB50EF28D88066CB7E4FB44B84F824136CA4D43275EF3CD5A5D751

Function 00007FF7AB970850 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 322COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF7AB96D0B7), ref: 00007FF7AB970A83
00007FF8B9F61310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF7AB96D0B7), ref: 00007FF7AB970C0C
00007FF8B9F61310.VCRUNTIME140(?,?,?,?,?,?,?,?,?,00000000,00007FF7AB96D0B7), ref: 00007FF7AB970C2C

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB970968, 00007FF7AB9709D1, 00007FF7AB970BDE
, xrefs: 00007FF7AB970C34
it >= Data && it < Data + Size, xrefs: 00007FF7AB970A45
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB9708C7, 00007FF7AB970961, 00007FF7AB9709CA, 00007FF7AB970A3E, 00007FF7AB970BD7, 00007FF7AB970C75
Size > 0, xrefs: 00007FF7AB9708CE, 00007FF7AB970C7C

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 2490902527-669993125
Opcode ID: 139c92e6413d571b4237a587376405bdbf8947d78c653c0cc41edb8b151480ff
Instruction ID: 35d52230e776939b36b72e05ea6dd72cd29967a103e3d064d70fe0749a63795d
Opcode Fuzzy Hash: 139c92e6413d571b4237a587376405bdbf8947d78c653c0cc41edb8b151480ff
Instruction Fuzzy Hash: 9EE10172B09A86C6EB54EF29D444369B3A4FB84B84F868135DA4D877B4DF3CE481CB50

Function 00007FF7AB953320 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 206COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB9534DD
00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB95353A

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB9534FB, 00007FF7AB953558
<NULL>, xrefs: 00007FF7AB953456
[focus] FocusWindow("%s", UnlessBelowModal): prevented by "%s"., xrefs: 00007FF7AB953461
window == 0 || window->RootWindow != 0, xrefs: 00007FF7AB953615
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB9534F4, 00007FF7AB953551
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB95360E

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: <NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$[focus] FocusWindow("%s", UnlessBelowModal): prevented by "%s".$i >= 0 && i < Size$window == 0 || window->RootWindow != 0
API String ID: 2490902527-1613245857
Opcode ID: 42d04fc1f4cad6f53fa495d4ca8975db62a9802276fde1973ed8bd153aecd329
Instruction ID: 04fc3e04424576ee59be38c4440c36ba54e84888635bbd5ce0e35c3c1ea1720e
Opcode Fuzzy Hash: 42d04fc1f4cad6f53fa495d4ca8975db62a9802276fde1973ed8bd153aecd329
Instruction Fuzzy Hash: FFA19431A4F682D6EB59AF29D1802B9E794BF00784FCA0235DA5E076B5DF3CF4598321

Function 00007FF7AB97DF40 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 114COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB97E006

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF7AB97DF68
i >= 0 && i < Size, xrefs: 00007FF7AB97E11C
table->MemoryCompacted == false, xrefs: 00007FF7AB97DF6F
p >= Buf.Data && p < Buf.Data + Buf.Size, xrefs: 00007FF7AB97E0D1
p >= Data && p < DataEnd, xrefs: 00007FF7AB97E070
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB97E115
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB97E069, 00007FF7AB97E0CA

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$i >= 0 && i < Size$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table->MemoryCompacted == false
API String ID: 1173767890-1783795845
Opcode ID: fc0a72d210a41ad6fc96d4dd79000ba97f4ed6267a4d297a9d124af00df6f25a
Instruction ID: 5a60f78d40f601ec53f10749db642e56ae94856ba7674034bde47622fa404b5d
Opcode Fuzzy Hash: fc0a72d210a41ad6fc96d4dd79000ba97f4ed6267a4d297a9d124af00df6f25a
Instruction Fuzzy Hash: DB51D772A0AA82C6DB10EF28E8542E8B7A4FB55B48F850136CA4C477B4DF7DD196C750

Function 0000023830B8AB60 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000023830B8AC65
shared_ptr.LIBCMTD ref: 0000023830B8ACD3

Strings

d, xrefs: 0000023830B8AC6C

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 1a6a6722034d945976169db871c6d8bc4f2ed9e348582280147d843b730620fb
Instruction ID: 88b33efed4749b027dba1d13c2253fa4bdcb413f0dc35da46936d9f2a8ea77ef
Opcode Fuzzy Hash: 1a6a6722034d945976169db871c6d8bc4f2ed9e348582280147d843b730620fb
Instruction Fuzzy Hash: 2F9110705187888FE794EB28C058B5ABBE1FFD9744F54099DF08AC73A2DE389945DB02

Function 0000023830B8A540 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000023830B8A647
shared_ptr.LIBCMTD ref: 0000023830B8A6B5

Strings

d, xrefs: 0000023830B8A64E

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 2612a0b920fc091130e9c3c3613e0ec6eef3206baac283914f1a5a83fc148c58
Instruction ID: 97805cfae5117e3073604161728dae854a3363113e31d231302d7e4dca1287d3
Opcode Fuzzy Hash: 2612a0b920fc091130e9c3c3613e0ec6eef3206baac283914f1a5a83fc148c58
Instruction Fuzzy Hash: 239110705187848FE795EB28C05876ABBE1FFD9744F44099DF08AC73A2DE389A45DB02

Function 00007FF7AB974020 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 216COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7AB9650E0: 00007FF8C61149A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF7AB965139

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9743A0

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB974107, 00007FF7AB97412F, 00007FF7AB97415D, 00007FF7AB974185, 00007FF7AB9741CD, 00007FF7AB974221, 00007FF7AB97424C, 00007FF7AB974287, 00007FF7AB9742B3
pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height, xrefs: 00007FF7AB9742DB
user_rects.Size >= 1, xrefs: 00007FF7AB974074
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB974100, 00007FF7AB974128, 00007FF7AB974156, 00007FF7AB97417E, 00007FF7AB9741C6, 00007FF7AB97421A, 00007FF7AB974245, 00007FF7AB974280, 00007FF7AB9742AC
pack_context != 0, xrefs: 00007FF7AB974054
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB97404D, 00007FF7AB97406D, 00007FF7AB9742D4

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C610C61149F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$i >= 0 && i < Size$pack_context != 0$pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height$user_rects.Size >= 1
API String ID: 3027678408-766226355
Opcode ID: 1be515aab2f97efa54ded198e99e4bd38972ef172aaa4d59dcabceeb4d2ab22d
Instruction ID: b575e89d41078ede1874b28e4206c768d67aaa697393f85663924c698f15f7c1
Opcode Fuzzy Hash: 1be515aab2f97efa54ded198e99e4bd38972ef172aaa4d59dcabceeb4d2ab22d
Instruction Fuzzy Hash: A3A1AE32A0AA52C6EB00EF28D590178B7A4FF44B88F828135DA4D477B5DF3CE596C760

Function 00007FF7AB94D070 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 172COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB94D2E0

Strings

!g.WindowsFocusOrder.contains(window), xrefs: 00007FF7AB94D110
i >= 0 && i < Size, xrefs: 00007FF7AB94D1CF, 00007FF7AB94D246
g.WindowsFocusOrder[window->FocusOrder] == window, xrefs: 00007FF7AB94D205
it >= Data && it < Data + Size, xrefs: 00007FF7AB94D2AB
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB94D1C8, 00007FF7AB94D23F, 00007FF7AB94D2A4
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB94D109, 00007FF7AB94D1FE

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: !g.WindowsFocusOrder.contains(window)$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$g.WindowsFocusOrder[window->FocusOrder] == window$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 2490902527-3130785268
Opcode ID: 21505a3354f30d3a84cbb2dd9f79a5e3063b41b8cb196f85d431d279ccb124c5
Instruction ID: 8fa00c52f06cbedbebd8f08e768b6719253fa1b6d48829634372635a3eaeec61
Opcode Fuzzy Hash: 21505a3354f30d3a84cbb2dd9f79a5e3063b41b8cb196f85d431d279ccb124c5
Instruction Fuzzy Hash: 4171B43670A682D5DB24AF19D5402F8A761FF45B84FC54032DA0D476B4DF79E9A6C320

Function 00007FF7AB94B560 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 159COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB94B7D7

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB94B5B3
cmd.ElemCount == 6, xrefs: 00007FF7AB94B70A
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB94B5AC, 00007FF7AB94B6A9, 00007FF7AB94B722, 00007FF7AB94B769
Size > 0, xrefs: 00007FF7AB94B6B0, 00007FF7AB94B729
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB94B703
it >= Data && it <= Data + Size, xrefs: 00007FF7AB94B770

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$cmd.ElemCount == 6$i >= 0 && i < Size$it >= Data && it <= Data + Size
API String ID: 2490902527-3684587188
Opcode ID: ca0d3001d9fa1ebf385f7065992a6b66dff6230fb7e6af56692c7815167da3ab
Instruction ID: 35338d6f76d40d264578e96d0a86d40ade455e79675ee7436922837471f45bea
Opcode Fuzzy Hash: ca0d3001d9fa1ebf385f7065992a6b66dff6230fb7e6af56692c7815167da3ab
Instruction Fuzzy Hash: 8181C222A19AC5C2E7109B2DD5403B9F360FF98748F859331EA8D176B4DF39E596C710

Function 00007FF7AB990C30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

TrackMouseEvent.USER32 ref: 00007FF7AB990CCE
GetMessageExtraInfo.USER32 ref: 00007FF7AB99126A
TrackMouseEvent.USER32 ref: 00007FF7AB9912FB
TrackMouseEvent.USER32 ref: 00007FF7AB991305
ScreenToClient.USER32 ref: 00007FF7AB991331

Strings

Ctx != 0, xrefs: 00007FF7AB991355
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB99134E

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: EventMouseTrack$ClientExtraInfoMessageScreen
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 3561655495-3890275027
Opcode ID: a2318c1dd2bf4b7b1a3e05d31482f341a3f2fcce7c417795e5c45deee69884fe
Instruction ID: 193833fbbbd7a167b6ad5fc574cb757e638a9c750dbe49afdb6f70bc7e9a5336
Opcode Fuzzy Hash: a2318c1dd2bf4b7b1a3e05d31482f341a3f2fcce7c417795e5c45deee69884fe
Instruction Fuzzy Hash: 8261F032A09602DBF794EB79D4402BCB7B8FB44744F894036EA4A53AB4CF38E481C710

Function 00007FF7AB94CB20 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 130COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7AB94CC55
__swprintf_l.LIBCMT ref: 00007FF7AB94CC67

Strings

%s/%s_%08X, xrefs: 00007FF7AB94CC49
%s/%08X, xrefs: 00007FF7AB94CC5C
id != 0, xrefs: 00007FF7AB94CB61
#Child, xrefs: 00007FF7AB94CCB9
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB94CB5A

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: __swprintf_l
String ID: #Child$%s/%08X$%s/%s_%08X$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$id != 0
API String ID: 1488884202-1586801193
Opcode ID: 364a9aa14de91c2b89fbfb7ae7e465da2b37ec99689f6f257b78b0f03dd2e383
Instruction ID: 8f6ac6770b923ff9896e416e086175300cc136a49ca92f2a97e5d76dfc12b7f3
Opcode Fuzzy Hash: 364a9aa14de91c2b89fbfb7ae7e465da2b37ec99689f6f257b78b0f03dd2e383
Instruction Fuzzy Hash: E751A132A09A85DAE758EF2AD4802F9F7A0FF98744F858136DA4D032B1DF38A095C750

Function 00007FF7AB9643E0 Relevance: 12.4, APIs: 8, Instructions: 350COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB96446E
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB96455A
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9645DA
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9646F6
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB964806
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9648E6
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB964966
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9649E7

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID:
API String ID: 1173767890-0
Opcode ID: 57775b08057a0cb686b1252a14b079b2badbfb1439e6d4f1093d26c913e37d6c
Instruction ID: 1e9ef41c9aa2934e0c00fde0871a20136f026a7f5c08e584519b3cacd6d0b99a
Opcode Fuzzy Hash: 57775b08057a0cb686b1252a14b079b2badbfb1439e6d4f1093d26c913e37d6c
Instruction Fuzzy Hash: 67025B3261A992D2D749FF68C5A50FCB774FB54B44B914232D60E832B1EF38E5AAC350

Function 00007FF7AB969E40 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 426COMMON

Download Yara Rule

Strings

z->direction, xrefs: 00007FF7AB96A008
z != 0, xrefs: 00007FF7AB96A0E8
z->ey >= scan_y_top, xrefs: 00007FF7AB96A185
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF7AB96A001, 00007FF7AB96A0E1, 00007FF7AB96A17E

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$z != 0$z->direction$z->ey >= scan_y_top
API String ID: 0-479673919
Opcode ID: 6cea98a25611d8d332c81fd29b357c662dc5309cdf7c2bec323427f02e0d1f18
Instruction ID: 643373043918dd7bc697340141a14a7986f1fba7ec25eb02b97ad05759c4ae08
Opcode Fuzzy Hash: 6cea98a25611d8d332c81fd29b357c662dc5309cdf7c2bec323427f02e0d1f18
Instruction Fuzzy Hash: DF12F332909AC5C6D752DF3AD0412A9F3A0FF5DB84F598322DA4963674EF38E195CB01

Function 00007FF7AB94D4F0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 218COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB94D7AB

Strings

p >= begin() && p < end(), xrefs: 00007FF7AB94D6CE
off >= 4 && off < Buf.Size, xrefs: 00007FF7AB94D670
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB94D73D
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB94D669, 00007FF7AB94D6C7
it >= Data && it <= Data + Size, xrefs: 00007FF7AB94D744

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$it >= Data && it <= Data + Size$off >= 4 && off < Buf.Size$p >= begin() && p < end()
API String ID: 2490902527-15920025
Opcode ID: f146da49762cb8cd1275c042e6d03367f461630165a1e30583ec68414f4dae0a
Instruction ID: 600aa24828b3647fe50218be057c2c261bc514e46979f491494608dc2f75e296
Opcode Fuzzy Hash: f146da49762cb8cd1275c042e6d03367f461630165a1e30583ec68414f4dae0a
Instruction Fuzzy Hash: 2A91CF76B1AA46C6EB14AF29D4441B8B3A0FF44B88F858135DA1E477B4DF3CE861C720

Function 00007FF7AB948380 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 164COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB948442
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9484FA
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB94858A

Part of subcall function 00007FF7AB9481E0: 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB948269
Part of subcall function 00007FF7AB9481E0: 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9482E9
Part of subcall function 00007FF7AB9481E0: 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB94836A

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB948624

Strings

DrawList == &DrawListInst, xrefs: 00007FF7AB9483BA
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB9483B3

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$DrawList == &DrawListInst
API String ID: 1173767890-20161693
Opcode ID: c8be5354a01ef17ca92d8d4e428b236ce82e9f2ba0a2a98cb91df7b37cfa96f1
Instruction ID: fe7f1e0ad5d606e509a3e9979a89eea97bb2b72518a3c3672257443ce1fb5ee1
Opcode Fuzzy Hash: c8be5354a01ef17ca92d8d4e428b236ce82e9f2ba0a2a98cb91df7b37cfa96f1
Instruction Fuzzy Hash: 2071C37260AA92C6C745EF28D4951FCB7B5FB04B48F984236DA0E87270DF38D59AC341

Function 00007FF7AB97CA90 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 147COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB97CB41
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB97CBC0

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF7AB97CC78
p >= Data && p < DataEnd, xrefs: 00007FF7AB97CC55
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB97CC4E
column->SortOrder < table->SortSpecsCount, xrefs: 00007FF7AB97CC7F

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C610F020F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->SortOrder < table->SortSpecsCount$p >= Data && p < DataEnd
API String ID: 310658293-2291414753
Opcode ID: 641654e56ec08bab50e2c861daeedfc856a8fa85ea2999065e45f12bcbe7211b
Instruction ID: 61277c5072408311fac65084a6c6120756d26194c37890c085b2eccca8b92bc8
Opcode Fuzzy Hash: 641654e56ec08bab50e2c861daeedfc856a8fa85ea2999065e45f12bcbe7211b
Instruction Fuzzy Hash: 1361CF3260AA92D6DB08EF28D1841BCB7B0FB44B45F864136DB5D83274EF38E1A6C710

Function 00007FF7AB9838D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 117COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB9839CD
00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB9839E0

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB983A0C
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF7AB983902
pos <= text_len, xrefs: 00007FF7AB983909
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB983A05

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$i >= 0 && i < Size$pos <= text_len
API String ID: 2490902527-3124524525
Opcode ID: 43148d90905608da133ba6f2dc9b7995a38c7d11a5028563e3b51f33180f49da
Instruction ID: 66cb40a8a0e25a374fa5b5d5768effb0820b4afc23e02fe4a425afc809b539e2
Opcode Fuzzy Hash: 43148d90905608da133ba6f2dc9b7995a38c7d11a5028563e3b51f33180f49da
Instruction Fuzzy Hash: FE411672B0D645C6E720AF5DE94027AF795FB44784F850035EE8D436B2DE7DE4428350

Function 0000023830BAE080 Relevance: 9.4, APIs: 6, Instructions: 408COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023830BAE0A3
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023830BAE0B7
std::make_error_code.LIBCPMTD ref: 0000023830BAE0D0
std::make_error_code.LIBCPMTD ref: 0000023830BAE132
std::make_error_code.LIBCPMTD ref: 0000023830BAE300

Part of subcall function 0000023830B56020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 0000023830B5602E

std::make_error_code.LIBCPMTD ref: 0000023830BAE1B7

Part of subcall function 0000023830B58FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000023830B58FFE

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction ID: 0553df4a209bf1b9b178d1c8272f2a769002c10cd61e99c17dbe1cd9273171f1
Opcode Fuzzy Hash: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction Fuzzy Hash: 5CF1FF7091C7888FD6A4EB28C455BEAB7E1FFD9B04F40489DF09AC7392DE749A448702

Function 00007FF7AB97E150 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB97E2FB
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB97E432

Strings

p >= begin() && p < end(), xrefs: 00007FF7AB97E1CC, 00007FF7AB97E339
p < end(), xrefs: 00007FF7AB97E209, 00007FF7AB97E376
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF7AB97E1C5, 00007FF7AB97E202, 00007FF7AB97E332, 00007FF7AB97E36F

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C610F020F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$p < end()$p >= begin() && p < end()
API String ID: 310658293-1901453082
Opcode ID: 89c2f9746f56774cf18f660d37daa8c8023ea24d726d88c761ed5e41b9daf93e
Instruction ID: c089c21762ae2057d15463d9e6ef815cef4c9c3b61400a85c8524ff87b3f1588
Opcode Fuzzy Hash: 89c2f9746f56774cf18f660d37daa8c8023ea24d726d88c761ed5e41b9daf93e
Instruction Fuzzy Hash: E681C07270AA41D7EE14AF18D9482A8F7A9FF04B85F858135DA0D472B0EF3CE5A5C714

Function 00007FF7AB9713B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB971484
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB971567
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9715F0

Strings

!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF7AB9713DA
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB9713D3

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 1173767890-3599239301
Opcode ID: a27dbbe3b8e8369e739a25ded0ea2982dee22f6b7ac45c46d309ae0859b59bb8
Instruction ID: f05350c3e4c2b79e5a90b25a735e7dd98680c7999d53f37d42bd9e629df601ad
Opcode Fuzzy Hash: a27dbbe3b8e8369e739a25ded0ea2982dee22f6b7ac45c46d309ae0859b59bb8
Instruction Fuzzy Hash: 5361AF72A0AA51D7DB49EF28D1442BCB3B1FB04B84B948226C60E43370EF38D5AAC700

Function 00007FF7AB942E30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON

Download Yara Rule

APIs

00007FF8C6118950.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7AB942EC1
00007FF8C6118950.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7AB942EEC
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB942FA9

Strings

filename && mode, xrefs: 00007FF7AB942E58
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB942E51

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$C6118950$C610F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$filename && mode
API String ID: 3653100989-1878659873
Opcode ID: bba858d7dafffe5a3fc5dd742a7e7c40657499637fe3358c359ad359ca6b4ca3
Instruction ID: 9fa9e333edae102db707cc6af11d0eb0482d22c05f9724c3263b0adc66d295fa
Opcode Fuzzy Hash: bba858d7dafffe5a3fc5dd742a7e7c40657499637fe3358c359ad359ca6b4ca3
Instruction Fuzzy Hash: 3741B221A1AA42C2EA94BF2EA594179F7A4FF44B94FD90231E90E437F4DF3CE4568310

Function 00007FF7AB9913F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetMessageExtraInfo.USER32 ref: 00007FF7AB9913F9
GetCapture.USER32 ref: 00007FF7AB991491
SetCapture.USER32 ref: 00007FF7AB99149F

Strings

Ctx != 0, xrefs: 00007FF7AB9914C5
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB9914BE

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: Capture$ExtraInfoMessage
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 2172523684-3890275027
Opcode ID: 923c053ce066281c7ac671ef25c172f5d6b9f676048f14a3257d116d11b5ca04
Instruction ID: 89f155215d323ed295eecb9c1ffc554d4ee3e88ed359dac77e522bb35cbbaca0
Opcode Fuzzy Hash: 923c053ce066281c7ac671ef25c172f5d6b9f676048f14a3257d116d11b5ca04
Instruction Fuzzy Hash: D121F866616642C2E791DB39D5402ADB3A8FF48BA8FC10132EE2D473B4DF38E5568760

Function 00007FF7AB961F40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

printf.MSPDB140-MSVCRT ref: 00007FF7AB96203E

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB962019
[%05d] , xrefs: 00007FF7AB961FAF
[%s] [%05d] , xrefs: 00007FF7AB961F9A
Size > 0, xrefs: 00007FF7AB962020

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: printf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$[%05d] $[%s] [%05d]
API String ID: 3524737521-3476604433
Opcode ID: 5a48e0f4dea9b8b2cafaac37201f2cdc183bbd5d905bebb22584e034e64cb9f7
Instruction ID: 62106d41fdf855f387e6db7a14207942c2bc8fa9d779c81b7bbbee5055e164cb
Opcode Fuzzy Hash: 5a48e0f4dea9b8b2cafaac37201f2cdc183bbd5d905bebb22584e034e64cb9f7
Instruction Fuzzy Hash: 8721C072B0AA42D6EA20AF29F8445EAF7A4FB44B84F854035EE4D57274CF3CE495C710

Function 00007FF7AB98FA50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF7AB98FAD2

Strings

bd != nullptr && "No platform backend to shutdown, or already shutdown?", xrefs: 00007FF7AB98FA8B
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF7AB98FAB1
C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF7AB98FA84
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB98FAAA

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: FreeLibrary
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "No platform backend to shutdown, or already shutdown?"
API String ID: 3664257935-1332676508
Opcode ID: a88f10e153ff5662c3eda2797c9295a1957fe6c79fdca9ae89574122b0fd71b3
Instruction ID: e711dbadb622dc00610a6544add5ef588c46ce596d5822983c876c4978a46d15
Opcode Fuzzy Hash: a88f10e153ff5662c3eda2797c9295a1957fe6c79fdca9ae89574122b0fd71b3
Instruction Fuzzy Hash: 9331617160AA42C6EB44AF28E980678B7A4FB54B89F868536DA0D47370DF3CE465C750

Function 00007FF7AB9914F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetMessageExtraInfo.USER32 ref: 00007FF7AB9914F3
GetCapture.USER32 ref: 00007FF7AB991573
ReleaseCapture.USER32 ref: 00007FF7AB99157E

Strings

Ctx != 0, xrefs: 00007FF7AB99159A
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB991593

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: Capture$ExtraInfoMessageRelease
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 1767768705-3890275027
Opcode ID: cb19a9e6c1605ae45a3bbd78077dd2cfbef91a2a50fb1b9c956a217acb42d625
Instruction ID: 9a093413a84f6a6a707760d619c33804a19baf6f0f5017397ffad494b0e83c5c
Opcode Fuzzy Hash: cb19a9e6c1605ae45a3bbd78077dd2cfbef91a2a50fb1b9c956a217acb42d625
Instruction Fuzzy Hash: 5121F561A26652C2F791AB7DD4002B9A295FF44BD4FC30031E90E473B4CF3DE5868760

Function 0000023830B95F20 Relevance: 8.0, APIs: 5, Instructions: 479COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 0000023830B96127

Part of subcall function 0000023830B6AB90: std::error_condition::error_condition.LIBCPMTD ref: 0000023830B6ABAE

Part of subcall function 0000023830B755D0: _Func_class.LIBCONCRTD ref: 0000023830B755E3

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023830B9615A
std::make_error_code.LIBCPMTD ref: 0000023830B961A5

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::Func_classGroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 831135708-0
Opcode ID: 63f4ccc0c719f990fd2cecc369a8989cbc0d16d11778b62a075870b531d386af
Instruction ID: e58138d6db801a1f2a8092f7d7ac28e0f1c5aabbeb2c9277b85af58ab248a560
Opcode Fuzzy Hash: 63f4ccc0c719f990fd2cecc369a8989cbc0d16d11778b62a075870b531d386af
Instruction Fuzzy Hash: 3BF15470618B488FE7A5FB28C459BDAB2D1FF94704F9049A9F04EC7392DE3C9A458742

Function 0000023830BAF260 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 0000023830BAF2A2

Part of subcall function 0000023830B58FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000023830B58FFE

std::make_error_code.LIBCPMTD ref: 0000023830BAF373

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 52cd85fabb40296642562d013464caab3b67d2761199756b925dca6721a50769
Instruction ID: 72c881ca8d69b0110ad012c8b049b7970a5eec13982930ffc3ee6b80cbc54297
Opcode Fuzzy Hash: 52cd85fabb40296642562d013464caab3b67d2761199756b925dca6721a50769
Instruction Fuzzy Hash: E991E07191C7888BE365EB14C459BDBB7E1FB94744F40499EF08BCB292DE349A44CB42

Function 0000023830BA6EA9 Relevance: 7.7, APIs: 5, Instructions: 198COMMON

Download Yara Rule

APIs

Mailbox.LIBCMTD ref: 0000023830BA6EF2
Mailbox.LIBCMTD ref: 0000023830BA6F2A
Mailbox.LIBCMTD ref: 0000023830BA6F95
Mailbox.LIBCMTD ref: 0000023830BA6FC6
Mailbox.LIBCMTD ref: 0000023830BA6FF0

Part of subcall function 0000023830B6BC30: Mailbox.LIBCMTD ref: 0000023830B6BC7E

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Mailbox
String ID:
API String ID: 1763892119-0
Opcode ID: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction ID: b8898f116d8b040ff5eae72597206429ca93dc95a6c0e86e3d08ead1e679d39c
Opcode Fuzzy Hash: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction Fuzzy Hash: 6861407150CB8C8FD765EA18C058BEBB7E1FBA8305F440A5EF48AD7291DE74DA848742

Function 0000023830B626B0 Relevance: 7.7, APIs: 5, Instructions: 190COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 0000023830B626D8
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000023830B62767

Part of subcall function 0000023830B60B80: std::error_condition::error_condition.LIBCPMTD ref: 0000023830B60BB2

Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000023830B627FE
std::error_condition::error_condition.LIBCPMTD ref: 0000023830B6286F
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000023830B628DC

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_SchedulerScheduler::_$std::error_condition::error_condition$std::bad_exception::bad_exception
String ID:
API String ID: 3801495819-0
Opcode ID: 855e9fad3cf8b62679a3ed4dce5103e3daddbb4618be66b587f956b2a1f93412
Instruction ID: b520526ee55a9777ef74ce3fbd752c15df48ecddc56da11e163caf2d686dbf01
Opcode Fuzzy Hash: 855e9fad3cf8b62679a3ed4dce5103e3daddbb4618be66b587f956b2a1f93412
Instruction Fuzzy Hash: 7361FB74A18B488FD7A4EB28C449B9AB7E1FB98704F44499DE0CAC7391DF78D945CB02

Function 0000023830BDA5E0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 0000023830BDA608

Part of subcall function 0000023830BDC140: shared_ptr.LIBCPMTD ref: 0000023830BDC161

__crt_scoped_stack_ptr.LIBCPMTD ref: 0000023830BDA687
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830BDA6E6
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830BDA6FD
__crt_scoped_stack_ptr.LIBCPMTD ref: 0000023830BDA7A6

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction ID: 647839ad30fc44c509b5e2e5d5bdfa217f3db80d1fecd358a7c3966e1cb43d71
Opcode Fuzzy Hash: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction Fuzzy Hash: BF61D870918B888FE7A0EF28C449B9AB7E0FB98744F50495EE48DC7261DF74D985CB42

Function 00007FF7AB942CA0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF7AB942CE2
MultiByteToWideChar.KERNEL32 ref: 00007FF7AB942D05
MultiByteToWideChar.KERNEL32 ref: 00007FF7AB942D53
MultiByteToWideChar.KERNEL32 ref: 00007FF7AB942D73
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB942DFC

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: ByteCharMultiWide$00007C610F020
String ID:
API String ID: 1061835773-0
Opcode ID: f164728aac4359f31988e45f3ad8a9c4c692c35e4defae706483efbee8af422e
Instruction ID: f2944d45757761b6cec21ad4330242073ba77f84c71a975ea031440f8b9ffed1
Opcode Fuzzy Hash: f164728aac4359f31988e45f3ad8a9c4c692c35e4defae706483efbee8af422e
Instruction Fuzzy Hash: A141D176609A4186D324EF2AB8400A9BBA5FB48BE4F458236DE4D47BB4DF3CC55AC700

Function 0000023830BC1C70 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000023830BC1C9E

Part of subcall function 0000023830BC0D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000023830BC0D48

type_info::_name_internal_method.LIBCMTD ref: 0000023830BC1CC0
type_info::_name_internal_method.LIBCMTD ref: 0000023830BC1CE2
type_info::_name_internal_method.LIBCMTD ref: 0000023830BC1D04
type_info::_name_internal_method.LIBCMTD ref: 0000023830BC1D26

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction ID: 84f394a9942e3ab4486174b43c43fbb652153f00a1d661c39702799c31c25a5b
Opcode Fuzzy Hash: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction Fuzzy Hash: 1D21D870A18B888FDAA4FB68C05975BB7E1FBD8744F80495DF08EC73A2DE3499408742

Function 0000023830B4E510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000023830B4E53C
type_info::_name_internal_method.LIBCMTD ref: 0000023830B4E5F2
type_info::_name_internal_method.LIBCMTD ref: 0000023830B4E6BA

Part of subcall function 0000023830B4A110: char_traits.LIBCPMTD ref: 0000023830B4A13D

Strings

, xrefs: 0000023830B4E734

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID:
API String ID: 2432257368-3916222277
Opcode ID: fc3064d62a3cd5194dff096c9fc33b5f2c68b979ee5dc823d586b5ed394c8f21
Instruction ID: 0d418144d275b52394931205ca4a3cc8ff0a788ce72bb644b2ecebfe8112087c
Opcode Fuzzy Hash: fc3064d62a3cd5194dff096c9fc33b5f2c68b979ee5dc823d586b5ed394c8f21
Instruction Fuzzy Hash: 45C1EE71518B488FE765EB28C459BDBB7E1FB98704F400A69F08ACB291DF34DA44CB42

Function 00007FF7AB947D10 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 246COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB947F8E

Strings

#MOVE, xrefs: 00007FF7AB9480C0
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB948054
Size > 0, xrefs: 00007FF7AB94805B

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: #MOVE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 2490902527-319756798
Opcode ID: 8b44fbaeddb07144472a5adb75ac7a8cf491f6c0f3de25d86cc6ff873731802c
Instruction ID: da4c8c0bb2008b50fcf0fa1a745ae1be32960ad1a4a5cd7ac55c7e1825fc6961
Opcode Fuzzy Hash: 8b44fbaeddb07144472a5adb75ac7a8cf491f6c0f3de25d86cc6ff873731802c
Instruction Fuzzy Hash: DFD13832606BC1DAD354DF29E98879DB7A8F705B14FAA4239C7A8073A0DF35E062C704

Function 0000023830B93328 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B9374F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B937BB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B93815

Strings

e, xrefs: 0000023830B9340C

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID: e
API String ID: 1865873047-4024072794
Opcode ID: a5aedeaa2a5e8da9842271219853bb447ad559dd74de6758b306763cffed3ded
Instruction ID: 7ec1059dd732e38ae598cbf024b43031be6ee0752a04c046127a0e12ee73a78c
Opcode Fuzzy Hash: a5aedeaa2a5e8da9842271219853bb447ad559dd74de6758b306763cffed3ded
Instruction Fuzzy Hash: 3A611D7091CB448FE794EFA8C489B5AB7E0FB98B05F50095DF14ACB3A1DA38D941CB06

Function 00007FF7AB961090 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 184COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140(00000000,?,00000000,000002382C2933D0,00007FF7AB960EC1,?,?,00000000,00007FF7AB949F9A), ref: 00007FF7AB96114C
00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB9612A7

Strings

g.Initialized, xrefs: 00007FF7AB9610CA
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB9610C3

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.Initialized
API String ID: 2490902527-1422301356
Opcode ID: d6bbdb4219d3e0fdddece71820f1c59eca024687e428ec205e5c3619ae4abcbe
Instruction ID: c978255c85fa7a86f340a2b4fc6f7bbf19cd85ae9d01309c6c99b03b3af05432
Opcode Fuzzy Hash: d6bbdb4219d3e0fdddece71820f1c59eca024687e428ec205e5c3619ae4abcbe
Instruction Fuzzy Hash: 2E610C11B0F6A2C5EE11AB2998283BA9791EB49BC4FCA5131DE5C873B4EF3CD445D311

Function 00007FF7AB991091 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

IsWindowUnicode.USER32 ref: 00007FF7AB991094
MultiByteToWideChar.KERNEL32 ref: 00007FF7AB99116F

Strings

Ctx != 0, xrefs: 00007FF7AB99118F
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB991188

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: ByteCharMultiUnicodeWideWindow
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 3417139564-3890275027
Opcode ID: d9a610a5f53e9fa10297ec8690aded1cef327910e5f6d708596898dc3a383a64
Instruction ID: 04d929edade670aefdd9b6bfe291840c0fc23a6283abc5c24233120ff5dd205a
Opcode Fuzzy Hash: d9a610a5f53e9fa10297ec8690aded1cef327910e5f6d708596898dc3a383a64
Instruction Fuzzy Hash: AE51D622E19662D6E7A5EF3CC4402BDA7A5FF44B48F894035EA4D47AB4DF3CD8429320

Function 00007FF7AB9641F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB964304
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9643C6

Strings

!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF7AB964224, 00007FF7AB964255
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB96421D, 00007FF7AB96424E

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 1173767890-3599239301
Opcode ID: 39a94ab1953bdc714ba20a451d15697837532ad35433a4dd319d13373b39f134
Instruction ID: 0a15e3ddc9a06b2059c4e6f2dc26810cf99ee0b147a2cb9302162c420ba68d76
Opcode Fuzzy Hash: 39a94ab1953bdc714ba20a451d15697837532ad35433a4dd319d13373b39f134
Instruction Fuzzy Hash: 8451D072A0AA52C2DB00EF18E4945BCB7B4FB58B84B964236DA4D43770EF38D196C751

Function 00007FF7AB953110 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB953241

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB95319B, 00007FF7AB9531DE, 00007FF7AB953212, 00007FF7AB953265
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB953138, 00007FF7AB953194, 00007FF7AB9531D7, 00007FF7AB95320B, 00007FF7AB95325E
Size > 0, xrefs: 00007FF7AB95313F

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$i >= 0 && i < Size
API String ID: 2490902527-3833649686
Opcode ID: 9795f39f3915703e5182b8305a070d8cc95cb5839a0246a7f8836c85aa4fbd7e
Instruction ID: b524b8587cb55bf0c3d21629112323f104f921923e72fe3507b001a061371bf5
Opcode Fuzzy Hash: 9795f39f3915703e5182b8305a070d8cc95cb5839a0246a7f8836c85aa4fbd7e
Instruction Fuzzy Hash: 1F416231B0DB46D5EB14AF29E5D01E9A768FB44B84F864235DA9E436B4CF2CF259C320

Function 00007FF7AB971620 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9716C6
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB971744

Strings

!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF7AB971640
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB971639

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 1173767890-3599239301
Opcode ID: 8193d48d8a4ab965047eb9cd85be8e2c2768a0254f95d21a873dfeaeee22ed6b
Instruction ID: cc3c5259e655fe9007e66d01438f2e96c6cd23e297b78e654b0dae7520113c9c
Opcode Fuzzy Hash: 8193d48d8a4ab965047eb9cd85be8e2c2768a0254f95d21a873dfeaeee22ed6b
Instruction Fuzzy Hash: 5331C27360AA52C7D745EF28D4951BCB3B5FB14B84B958236CA0E43270EF38D5AAC740

Function 0000023830C079A0 Relevance: 6.5, APIs: 4, Instructions: 491COMMON

Download Yara Rule

APIs

Part of subcall function 0000023830B4A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B4A18D

Part of subcall function 0000023830B4A110: char_traits.LIBCPMTD ref: 0000023830B4A13D

type_info::_name_internal_method.LIBCMTD ref: 0000023830C07A14

Part of subcall function 0000023830C29E50: type_info::_name_internal_method.LIBCMTD ref: 0000023830C29EF0
Part of subcall function 0000023830C29E50: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830C29F56
Part of subcall function 0000023830C29E50: CreateFileA.KERNEL32 ref: 0000023830C29F82

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000023830C07AE4

Part of subcall function 0000023830B45180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B45217

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$type_info::_name_internal_method$Affinity::operator!=CreateFileHardwarechar_traits
String ID:
API String ID: 2370075206-0
Opcode ID: 1ca1f53479ce3256fdcfa652a2f8c0640dff5af6cc40af6253aed29f3ac4abb4
Instruction ID: 4ef8a7fad776db5a128dd091696de74de425ac72d332c1765bd70e3d76baf8a2
Opcode Fuzzy Hash: 1ca1f53479ce3256fdcfa652a2f8c0640dff5af6cc40af6253aed29f3ac4abb4
Instruction Fuzzy Hash: 44020371518B488BE365EB24C459BEBB3E1FB94704F5049AEF08BC72A2DE349B45CB41

Function 0000023830BA3900 Relevance: 6.4, APIs: 4, Instructions: 439COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023830BA3951

Part of subcall function 0000023830B72880: _Ptr_base.LIBCMTD ref: 0000023830B72893

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Base::ChoresConcurrency::details::GroupPtr_baseScheduleSegmentUnrealized
String ID:
API String ID: 3333744592-0
Opcode ID: 570f11bbdc05f9da95d07b3fdbdb974941727138929f366d8f2bea2d8099bd35
Instruction ID: 6643a6cc139b01e2e03e6f4034ce4661746631b2152a1886d0befd2e175878ff
Opcode Fuzzy Hash: 570f11bbdc05f9da95d07b3fdbdb974941727138929f366d8f2bea2d8099bd35
Instruction Fuzzy Hash: 35F12271518B8C8FE7A5EB18C459BDBB3E1FB98704F40096AF48EC7291DE789644CB42

Function 0000023830B52C70 Relevance: 6.4, APIs: 4, Instructions: 351COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B52CA2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B52E63
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B52E78

Part of subcall function 0000023830B4B170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B4B17E
Part of subcall function 0000023830B4B170: _Max_value.LIBCPMTD ref: 0000023830B4B1A3
Part of subcall function 0000023830B4B170: _Min_value.LIBCPMTD ref: 0000023830B4B1D1

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B52FB7

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
String ID:
API String ID: 348937374-0
Opcode ID: 9076abe83797b2f5b95f51d9a62a17b5c4646a91e0ea6bac038e2092eb8d8266
Instruction ID: 199a4e6dc30a0f4a909f510adac33ef04e5dc351905a2e78cc7c62f0cd30063c
Opcode Fuzzy Hash: 9076abe83797b2f5b95f51d9a62a17b5c4646a91e0ea6bac038e2092eb8d8266
Instruction Fuzzy Hash: F1D1CD7061CB888FD7A4EB28C459B6AB7E1FBA9745F40095DF08DC7361DA74DA80CB42

Function 0000023830B63390 Relevance: 6.3, APIs: 4, Instructions: 324COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 0000023830B6352B
std::error_condition::error_condition.LIBCPMTD ref: 0000023830B63551

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::error_condition::error_condition
String ID:
API String ID: 246976077-0
Opcode ID: 5f3126eda9a4eb9af231d5239096d653e2129c4e3c35e502a72c1b9b8bd3846d
Instruction ID: 6f5f08ce3fdc42735572b608b1e6a68e7e8c6203c5caaaf1ad1cc524bd8bacb2
Opcode Fuzzy Hash: 5f3126eda9a4eb9af231d5239096d653e2129c4e3c35e502a72c1b9b8bd3846d
Instruction Fuzzy Hash: 40C11D70918B488FD7A5EB28C459B9AB7E1FB98704F50096DF08AC7391DF78DA41CB42

Function 0000023830BB24C0 Relevance: 6.3, APIs: 4, Instructions: 266COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023830BB24E3
std::make_error_code.LIBCPMTD ref: 0000023830BB24FC

Part of subcall function 0000023830B58FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000023830B58FFE

std::make_error_code.LIBCPMTD ref: 0000023830BB253B

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 1046759889-0
Opcode ID: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction ID: 0dddcbd0910d182467b4c40a6e3b24fee59b2272ae98b4db7116c60b5830f1e7
Opcode Fuzzy Hash: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction Fuzzy Hash: B6B1EB70518B888FD2A4EB28C459BDAB7E1FFD8704F40499DE08ECB392DE759945CB42

Function 0000023830BADCB0 Relevance: 6.2, APIs: 4, Instructions: 212COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 0000023830BADCED

Part of subcall function 0000023830B58FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000023830B58FFE

std::make_error_code.LIBCPMTD ref: 0000023830BADD3C

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 58c7311be2cb89b8753877e7c75642fcbb82317ee9f238dba1156d6b4c2a68d4
Instruction ID: 14d0ba59a5473e91d373d192c6ec4c61f96c94f5970ec663871bd2c1bea377fe
Opcode Fuzzy Hash: 58c7311be2cb89b8753877e7c75642fcbb82317ee9f238dba1156d6b4c2a68d4
Instruction Fuzzy Hash: E1810E70518B888FE3A4EB18C455BAEB7E1FF94744F4049A9F0DBC72A2DE349945CB42

Function 0000023830BBB2A0 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000023830BBB33B
type_info::_name_internal_method.LIBCMTD ref: 0000023830BBB462

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction ID: 02ae57dffed21b2b173538a264baee269f520b669bc85f5212a0e59ada5e1840
Opcode Fuzzy Hash: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction Fuzzy Hash: 7D71C57055DB488FE6A5EB28C459BEAB3E1FB98704F800959F08EC7392DE78D941C742

Function 0000023830BBB610 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000023830BBB6AB
type_info::_name_internal_method.LIBCMTD ref: 0000023830BBB7D2

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction ID: 524c0494a6fbd542e6a01f2550203971aa4f89d469255e1bad2e156397aad032
Opcode Fuzzy Hash: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction Fuzzy Hash: A8714070518B889FD7A1EB18C499BEAB3E5FB98704F404859F08EC7391CE78DA418B42

Function 00007FF7AB9859A0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB985A26
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB985AA3
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB985B20
00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB985B9E

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID:
API String ID: 1173767890-0
Opcode ID: 40a382835e6706dba0aacc8cd3f1290a8d22f5a65d183d6c671a3e35b392f7c0
Instruction ID: c251254ed98f0843c878d5f36ce0a221e5a69dab3cd5e5f276ff53f91d785de0
Opcode Fuzzy Hash: 40a382835e6706dba0aacc8cd3f1290a8d22f5a65d183d6c671a3e35b392f7c0
Instruction Fuzzy Hash: E7519FB361A992C7CB49EF68D1954BCB3B1FB54B45B948223DA0E83270EF38D55AC340

Function 0000023830B8B130 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000023830B8B15B

Part of subcall function 0000023830B976A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000023830B976B8

type_info::_name_internal_method.LIBCMTD ref: 0000023830B8B17A
type_info::_name_internal_method.LIBCMTD ref: 0000023830B8B199
type_info::_name_internal_method.LIBCMTD ref: 0000023830B8B1B8

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction ID: 83325aeadd8e626f78b43abfdf1e669d4c6d7e7dc787633f52f8380d59f1e13c
Opcode Fuzzy Hash: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction Fuzzy Hash: 0B111A70A18F888FEA94EB68C04975BBBE1FBD8744F50095DF089C7362DE34D9408B42

Function 0000023830B9F060 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 0000023830B9F08B

Part of subcall function 0000023830B976A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000023830B976B8

type_info::_name_internal_method.LIBCMTD ref: 0000023830B9F0AA
type_info::_name_internal_method.LIBCMTD ref: 0000023830B9F0C9
type_info::_name_internal_method.LIBCMTD ref: 0000023830B9F0E8

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction ID: 11517a25621aa9872b3fbf198ddb406ec58c76c27d75b2f05c123fcd2cf4c925
Opcode Fuzzy Hash: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction Fuzzy Hash: 79110870A18F888FEA94EB68C04975ABBE1FBD8744F50095DF089C7362DE3499408B42

Function 0000023830B833B0 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_Func_class.LIBCONCRTD ref: 0000023830B833C3
_Func_class.LIBCONCRTD ref: 0000023830B8341D

Part of subcall function 0000023830B79830: _Func_class.LIBCONCRTD ref: 0000023830B7983E
Part of subcall function 0000023830B79830: _Func_class.LIBCONCRTD ref: 0000023830B7989C

_Func_class.LIBCONCRTD ref: 0000023830B83441
_Func_class.LIBCONCRTD ref: 0000023830B8344D

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Func_class
String ID:
API String ID: 1670654298-0
Opcode ID: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction ID: 053654f59d266ac3483e987c552c48ae5f3e877529e983484cea70bdb437e4dd
Opcode Fuzzy Hash: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction Fuzzy Hash: 7E11C970A18A488FD684FB18C44972AB7E1FF99B49F404869F48AC73B2DE35D941CB41

Function 0000023830B9EEC0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B9EF0A
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B9EF1E

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction ID: d89c2384d5749ceefa7448a19bad3aa0942de44106a655de77a0ef7d4a6ab5bb
Opcode Fuzzy Hash: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction Fuzzy Hash: 52012DB0934B894BE3D4DB29C49876975D2FB84708F80099DF05AC63E0DEB9DA408603

Function 0000023830B9EF60 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B9EFAA
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023830B9EFBE

Memory Dump Source

Source File: 00000000.00000002.3884790620.0000023830B40000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023830B40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_23830b40000_WaveExecutor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction ID: 6cf5cf3f05a132532505dbf20b5fc8c9123a6711fe214078c4e7c22e5ffefbe3
Opcode Fuzzy Hash: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction Fuzzy Hash: 700129B0534B594BE3D4DB29C458B6AB6D2FB88748FD00CADF15ACA3A1CAB9C5409603

Function 00007FF7AB949BC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

00007FF8C612A0D0.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF7AB949D80

Strings

max_error > 0.0f, xrefs: 00007FF7AB949CC6
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB949CBF

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C612
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$max_error > 0.0f
API String ID: 1428191659-3636960062
Opcode ID: 2d8c68fd8c5bb8b87b140409164d2f812e6f1a4e4eb9dcfa91aef82d2f7fa76f
Instruction ID: 3e7d8d2bfafdfa97fa158b332b8cae2e8473a9b7b606286a14a476043720be0d
Opcode Fuzzy Hash: 2d8c68fd8c5bb8b87b140409164d2f812e6f1a4e4eb9dcfa91aef82d2f7fa76f
Instruction Fuzzy Hash: 4261C432D197C9C9E312AB3A84412B9B7A0EF6D744F4DC736EA49361B5DF28B4C18720

Function 00007FF7AB960E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB960F2F

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7AB960E73
g.SettingsWindows.empty(), xrefs: 00007FF7AB960E7A

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.SettingsWindows.empty()
API String ID: 1173767890-1747592857
Opcode ID: 007d639a8cd7b77cc5edf28a83578d95d254dd57ba70a5d0a04cb8c2922fc2c3
Instruction ID: bf4bd34576e8a2de06fee0db91432be40190ba257eb42d115b5c8473442a7ec0
Opcode Fuzzy Hash: 007d639a8cd7b77cc5edf28a83578d95d254dd57ba70a5d0a04cb8c2922fc2c3
Instruction Fuzzy Hash: B341E432A1AA82C6EB44EF29E4A45B8B760FF48B84F994136EA4D03775DF3CE045C710

Function 00007FF7AB962A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB962BA4

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB962A96, 00007FF7AB962AC6
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB962A8F, 00007FF7AB962ABF

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 1173767890-1817040388
Opcode ID: f6f134c6f70e70a5f67602879e6ff25eb996bc56e58a3c119fb5f52a3a42ffc6
Instruction ID: 170de1d63ef9098703442875ca67fe7fe3f04014da96674f4a72748715bcb158
Opcode Fuzzy Hash: f6f134c6f70e70a5f67602879e6ff25eb996bc56e58a3c119fb5f52a3a42ffc6
Instruction Fuzzy Hash: CB41D332609A82C2DB14EF28E5901B8F774FB48784F954236DA4D837B0DF38E5A6C750

Function 00007FF7AB962BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB962D10

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB962C16, 00007FF7AB962C46
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB962C0F, 00007FF7AB962C3F

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 1173767890-1817040388
Opcode ID: 096fc74e7037803a42b3bc3964d1e045c6bae19edca2c2f8db86bb480efd3f02
Instruction ID: d1da96b8eb945eff383284ab34d0e02748aa85341e53a020c261e0ec8e948729
Opcode Fuzzy Hash: 096fc74e7037803a42b3bc3964d1e045c6bae19edca2c2f8db86bb480efd3f02
Instruction Fuzzy Hash: 8541D132A0AA82C2D704AF28E4A01B8F774FB48B88B954132DA4D437B4EF3DE556C751

Function 00007FF7AB962810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB96293C

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB962858, 00007FF7AB962887
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB962851, 00007FF7AB962880

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C610F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 1173767890-1817040388
Opcode ID: 54c5adaa5e58a39c7ac90b9f1cc2bbe7df99a80503262dc85276a365a363dc12
Instruction ID: b5e52d08287524c2e76c909ba8eb6aeb2ab6d17d3c4c5508e61aa5563790d023
Opcode Fuzzy Hash: 54c5adaa5e58a39c7ac90b9f1cc2bbe7df99a80503262dc85276a365a363dc12
Instruction Fuzzy Hash: 80319272A0AA56C6D704EF28D8900B8F3B4FB88B88B954136DA4D477B4DF3CD556C711

Function 00007FF7AB94B200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

00007FF8C61149A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF7AB94B28E

Strings

i >= 0 && i < Size, xrefs: 00007FF7AB94B2BC
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB94B2B5

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007C61149
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 3281661635-1817040388
Opcode ID: 3a94cb1d79306fdc9a050dd449591057f5d3f3fa0e938ade244f3a3a1197444a
Instruction ID: d041f58b17aa33c81b26e2fc1108e11fddf9ee48cabc4ece3c7e2798dc0e26c0
Opcode Fuzzy Hash: 3a94cb1d79306fdc9a050dd449591057f5d3f3fa0e938ade244f3a3a1197444a
Instruction Fuzzy Hash: E521D13171A686C5EB64EB19E4403BDB760FB89B84F8A5134DA8E43774CE3EE442C710

Function 00007FF7AB985F80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB986070

Part of subcall function 00007FF7AB963900: 00007FF8B9F61310.VCRUNTIME140 ref: 00007FF7AB96393C
Part of subcall function 00007FF7AB963900: 00007FF8C610F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7AB9639BA

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF7AB986004
state->TextA.Data != 0, xrefs: 00007FF7AB98600B

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007$F61310$C610F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$state->TextA.Data != 0
API String ID: 4093856333-1138122324
Opcode ID: 68e42b137ae8442a878239fc68f020be54ccb08d0e866b134796feb8c254f3d3
Instruction ID: 39238b39d07c6e38b554feb02a6b6095f51f4f5d3a8fdd9808267c66a6fb11c5
Opcode Fuzzy Hash: 68e42b137ae8442a878239fc68f020be54ccb08d0e866b134796feb8c254f3d3
Instruction Fuzzy Hash: 0F21D872B06642C2E708DF39D4542A86391EB84B49F894039EE4DCF2B8DF3CE5858720

Function 00007FF7AB963820 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140(?,?,00000000,00007FF7AB94D62F), ref: 00007FF7AB9638C4

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF7AB963856
it >= Data && it <= Data + Size, xrefs: 00007FF7AB96385D

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$it >= Data && it <= Data + Size
API String ID: 2490902527-3870282576
Opcode ID: 84a9b61979137050a1197245c5bdd7e55bba15df666dd3b8409ce5f9d3bc927c
Instruction ID: 0cb0852bbd43d49263c6fa0533e51242697a85a89762f6974fa07b3adfc3bcbc
Opcode Fuzzy Hash: 84a9b61979137050a1197245c5bdd7e55bba15df666dd3b8409ce5f9d3bc927c
Instruction Fuzzy Hash: FE21CFB1B1A6C1C2EF149B1EE6401A8A325FB48B80B89D039DB5D47B74DF2CF5A1C300

Function 00007FF7AB961E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

00007FF8C87E2E80.IMM32 ref: 00007FF7AB961EA2

Strings

, xrefs: 00007FF7AB961EB5
@, xrefs: 00007FF7AB961EF3

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007
String ID: $@
API String ID: 3568877910-1077428164
Opcode ID: 4be356fa8e074784c90dbf701479d069685c3cbf6e883b402ec0f34ae6b6c832
Instruction ID: 52d4e468229489f8599f5ab3c442a90467b9af691edda8e3d6eed6b8333255c1
Opcode Fuzzy Hash: 4be356fa8e074784c90dbf701479d069685c3cbf6e883b402ec0f34ae6b6c832
Instruction Fuzzy Hash: B21149B290978187E725DF25F14412AF7A1FB8AB84F554225EB8907B28DB3CE895CF00

Function 00007FF7AB977320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON

Download Yara Rule

APIs

00007FF8B9F61310.VCRUNTIME140(?,?,00000000,00007FF7AB977563,?,?,00000000,00007FF7AB971FCF), ref: 00007FF7AB9773A6

Strings

stb__dout + length <= stb__barrier_out_e, xrefs: 00007FF7AB977358
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7AB977351

Memory Dump Source

Source File: 00000000.00000002.3887781116.00007FF7AB941000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7AB940000, based on PE: true

Associated: 00000000.00000002.3887752600.00007FF7AB940000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCB0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABCBA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7ABE43000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3887781116.00007FF7AC011000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888153274.00007FF7AC012000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.3888177712.00007FF7AC013000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7ab940000_WaveExecutor.jbxd

Similarity

API ID: 00007F61310
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$stb__dout + length <= stb__barrier_out_e
API String ID: 2490902527-3603624656
Opcode ID: 17ca0878dc678fdc762dde65a4cd07555298fce1ac43a8728e7920541c5b5e5c
Instruction ID: 3422b70ba828be1278c1c7e42f91dafaa00f103853b995a8da87db3c60fcc5c2
Opcode Fuzzy Hash: 17ca0878dc678fdc762dde65a4cd07555298fce1ac43a8728e7920541c5b5e5c
Instruction Fuzzy Hash: AC113C31B1EA42D6EA80AB09F88046DA365FB88BC0BC69035EE5D03775DF2CE592C710

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report WaveExecutor.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\9W4PXN0Z.htm

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
WaveExecutor.exe

Function 00007FF7AB994320 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 888
windowCOMMON

Function 00007FF7AB98F7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150
libraryloaderCOMMON

Function 00007FF7AB990330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182
keyboardCOMMON

Function 00007FF7AB98F2F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 215
COMMON

Function 00007FF7AB993B90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126
nativeCOMMON

Function 0000023830B6F46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Function 0000023830B46FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Function 00007FF7AB98EA60 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 374
COMMON

Function 0000023830B44850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159
COMMON

Function 00007FF7AB9926C0 Relevance: 15.5, APIs: 10, Instructions: 516
COMMON

Function 00007FF7AB993DE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59
registryCOMMON

Function 00007FF7AB996800 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151
windowCOMMON

Function 0000023830C510E0 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON