Edit tour

Windows Analysis Report
LgendPremium.exe

Overview

General Information

Sample name:	LgendPremium.exe
Analysis ID:	1577570
MD5:	c84baaa0b67d15dbc989ca2eb55a9b1c
SHA1:	20231d1285e4de0916cc71e7d590313296f9d539
SHA256:	9f8b8bd90df6a73c3fbd5eb730ca6866f2de8f09ba273d73e7a91731ca90ae79
Tags:	18521511316185215113209bulletproofexeLummaStealersigneduser-abus3reports
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

LummaC encrypted strings found

Sample uses string decryption to hide its real strings

Switches to a custom stack to bypass stack traces

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

LgendPremium.exe (PID: 7840 cmdline: "C:\Users\user\Desktop\LgendPremium.exe" MD5: C84BAAA0B67D15DBC989CA2EB55A9B1C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["absorptioniw.site", "questionsmw.store", "abnomalrkmu.site", "snarlypagowo.site", "chorusarorp.site", "treatynreit.site", "soldiefieop.site", "wrappyskmwio.store", "mysterisop.site"], "Build id": "4SD0y4--LgendPremium"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:08.648653+0100	2028371	3	Unknown Traffic	192.168.2.7	49703	104.102.49.254	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:05.072264+0100	2056392	1	Domain Observed Used for C2 Detected	192.168.2.7	53230	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:06.673526+0100	2056394	1	Domain Observed Used for C2 Detected	192.168.2.7	63000	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:05.381219+0100	2056396	1	Domain Observed Used for C2 Detected	192.168.2.7	50153	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:06.408677+0100	2056400	1	Domain Observed Used for C2 Detected	192.168.2.7	52080	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:04.592142+0100	2056402	1	Domain Observed Used for C2 Detected	192.168.2.7	64167	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:06.161557+0100	2056406	1	Domain Observed Used for C2 Detected	192.168.2.7	59241	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:04.817373+0100	2056408	1	Domain Observed Used for C2 Detected	192.168.2.7	57615	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:05.929666+0100	2056410	1	Domain Observed Used for C2 Detected	192.168.2.7	56209	1.1.1.1	53	UDP

ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T15:38:09.660633+0100	2858666	1	Domain Observed Used for C2 Detected	192.168.2.7	49703	104.102.49.254	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: LgendPremium.exe

Avira: detected

Antivirus detection for URL or domain

Source: questionsmw.store	Avira URL Cloud: Label: malware
Source: wrappyskmwio.store	Avira URL Cloud: Label: malware

Found malware configuration

Source: 0.2.LgendPremium.exe.8e0000.0.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["absorptioniw.site", "questionsmw.store", "abnomalrkmu.site", "snarlypagowo.site", "chorusarorp.site", "treatynreit.site", "soldiefieop.site", "wrappyskmwio.store", "mysterisop.site"], "Build id": "4SD0y4--LgendPremium"}

Multi AV Scanner detection for submitted file

Source: LgendPremium.exe

ReversingLabs: Detection: 63%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: absorptioniw.site
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: mysterisop.site
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: snarlypagowo.site
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: treatynreit.site
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: chorusarorp.site
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: abnomalrkmu.site
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: soldiefieop.site
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: questionsmw.store
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: wrappyskmwio.store
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--LgendPremium

Source: LgendPremium.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49703 version: TLS 1.2

Source: LgendPremium.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [ebp-18h]	0_2_009261CE
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_008F0BA5
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008ED472
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00929A10
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_009100B0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_009280A0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 64567875h	0_2_00924040
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000688h]	0_2_00900123
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_0090A280
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then movzx esi, byte ptr [edx+eax-01h]	0_2_008EC210
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then movzx edx, word ptr [esp+eax*4+000000ACh]	0_2_008EC210
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+30h]	0_2_008F63AC
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then movzx ecx, word ptr [edi]	0_2_0090A3A8
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+14h]	0_2_0090A3A8
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000688h]	0_2_00900304
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+20h]	0_2_008F6319
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+24h]	0_2_0090C510
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov ebx, eax	0_2_008EA680
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp al, 2Eh	0_2_0090C6E1
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00926630
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000688h]	0_2_00900708
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000688h]	0_2_00900708
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov word ptr [edi], ax	0_2_0090E8B2
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then jmp eax	0_2_0090A8A0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00928840
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+30h]	0_2_008F6866
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then jmp dword ptr [00931A70h]	0_2_0090E927
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_008F2A60
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_008F2A60
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_008F2A60
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00928BE0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov esi, ebx	0_2_00928BE0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then jmp edx	0_2_00926B07
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_0090AC00
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00904D40
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00904D40
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_008F0D7F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then movzx eax, byte ptr [ebx+edx-06h]	0_2_008E6E30
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then movzx esi, byte ptr [edx+ebp]	0_2_008E6E30
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00906FF0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp word ptr [ebx+eax+02h], 0000h	0_2_00906FF0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00906FF0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00906FF0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov esi, ebx	0_2_00928F50
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_008F508C
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_008F508C
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then movzx eax, al	0_2_008E1000
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov dword ptr [esp+08h], ecx	0_2_008E1000
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+10h]	0_2_008E1000
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_008FB000
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_0092518B
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov dword ptr [esp+18h], 3602043Ah	0_2_0090F1B0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000688h]	0_2_008FD1D0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00909140
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00907250
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_009253B7
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then dec ebx	0_2_0091F3F0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], D518DBA1h	0_2_0091F4E0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], D1A85EEEh	0_2_0091F4E0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00923540
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_009216A0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00927630
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esi+000001B8h]	0_2_00911670
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000088h]	0_2_00911670
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00911670
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000088h]	0_2_00911670
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000088h]	0_2_00911670
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00911670
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00911670
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00923890
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000088h]	0_2_009138B4
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+54h]	0_2_008FD82F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 07E776F1h	0_2_008FD82F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then xor eax, eax	0_2_0090B830
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+68h]	0_2_00927820
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00907850
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_0091B9F0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [ebp-000000C0h]	0_2_008EF917
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000688h]	0_2_008FFA92
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000088h]	0_2_00913A28
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00901A70
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00929BA0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+54h]	0_2_008FFBB1
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000088h]	0_2_00913BFE
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esi+00000088h]	0_2_00913BFE
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp byte ptr [ebp+ebx+00h], 00000000h	0_2_0090DB4B
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00923B60
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then jmp dword ptr [0093042Ch]	0_2_008FFB73
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_008E5C00
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_008EDC20
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00923DA0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp eax, C0000004h	0_2_008FDDFF
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+00000688h]	0_2_008FFD04
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp word ptr [ecx+edx+02h], 0000h	0_2_00929D20
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00929D20
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then jmp eax	0_2_008F5E11
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_008EDFC0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 4x nop then mov eax, dword ptr [esp+10h]	0_2_008EDFC0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056410 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site) : 192.168.2.7:56209 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056400 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site) : 192.168.2.7:52080 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056402 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store) : 192.168.2.7:64167 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056408 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site) : 192.168.2.7:57615 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056406 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site) : 192.168.2.7:59241 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056394 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site) : 192.168.2.7:63000 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056392 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site) : 192.168.2.7:53230 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056396 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site) : 192.168.2.7:50153 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49703 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: absorptioniw.site
Source: Malware configuration extractor	URLs: questionsmw.store
Source: Malware configuration extractor	URLs: abnomalrkmu.site
Source: Malware configuration extractor	URLs: snarlypagowo.site
Source: Malware configuration extractor	URLs: chorusarorp.site
Source: Malware configuration extractor	URLs: treatynreit.site
Source: Malware configuration extractor	URLs: soldiefieop.site
Source: Malware configuration extractor	URLs: wrappyskmwio.store
Source: Malware configuration extractor	URLs: mysterisop.site

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic

Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49703 -> 104.102.49.254:443

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=1801fa73639986a1341122cf; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveWed, 18 Dec 2024 14:38:09 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control*o equals www.youtube.com (Youtube)
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: LgendPremium.exe, 00000000.00000003.1395807812.000000000175F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ttps://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: LgendPremium.exe, 00000000.00000003.1395807812.000000000175F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ttps://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=1801fa73639986a1341122cf; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveWed, 18 Dec 2024 14:38:09 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control*o equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: wrappyskmwio.store
Source: global traffic	DNS traffic detected: DNS query: questionsmw.store
Source: global traffic	DNS traffic detected: DNS query: soldiefieop.site
Source: global traffic	DNS traffic detected: DNS query: abnomalrkmu.site
Source: global traffic	DNS traffic detected: DNS query: chorusarorp.site
Source: global traffic	DNS traffic detected: DNS query: treatynreit.site
Source: global traffic	DNS traffic detected: DNS query: snarlypagowo.site
Source: global traffic	DNS traffic detected: DNS query: mysterisop.site
Source: global traffic	DNS traffic detected: DNS query: absorptioniw.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: LgendPremium.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: LgendPremium.exe	String found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: LgendPremium.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: LgendPremium.exe	String found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: LgendPremium.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/
Source: LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=THDq-gsQ
Source: LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=0Xxx
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: LgendPremium.exe	String found in binary or memory: https://sectigo.com/CPS0
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: LgendPremium.exe, 00000000.00000003.1395737591.0000000001736000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397264336.0000000001736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/3
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: LgendPremium.exe, 00000000.00000002.1397264336.0000000001736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: LgendPremium.exe, 00000000.00000003.1395737591.0000000001736000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397264336.0000000001736000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900tJ
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: LgendPremium.exe, 00000000.00000003.1395807812.000000000175F000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shopJ
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49703 version: TLS 1.2

Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008F01A0	0_2_008F01A0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00926DCB	0_2_00926DCB
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009280A0	0_2_009280A0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009440A7	0_2_009440A7
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0093E0A9	0_2_0093E0A9
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009FA195	0_2_009FA195
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00F041E2	0_2_00F041E2
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009021A0	0_2_009021A0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A68179	0_2_00A68179
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AD62B9	0_2_00AD62B9
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00918210	0_2_00918210
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A0823E	0_2_00A0823E
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008EC210	0_2_008EC210
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AFC208	0_2_00AFC208
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00942254	0_2_00942254
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B043A3	0_2_00B043A3
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0090A3A8	0_2_0090A3A8
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AF4481	0_2_00AF4481
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00F0042F	0_2_00F0042F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00910590	0_2_00910590
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B445FE	0_2_00B445FE
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009165E0	0_2_009165E0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0090C510	0_2_0090C510
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A42524	0_2_00A42524
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B8652B	0_2_00B8652B
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B1C513	0_2_00B1C513
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B3257D	0_2_00B3257D
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00BCA566	0_2_00BCA566
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009F857E	0_2_009F857E
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008EA680	0_2_008EA680
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00BC0698	0_2_00BC0698
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A526FA	0_2_00A526FA
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0090C6E1	0_2_0090C6E1
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009286E0	0_2_009286E0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AEA60B	0_2_00AEA60B
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009E2754	0_2_009E2754
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B62755	0_2_00B62755
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E8770	0_2_008E8770
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B66898	0_2_00B66898
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00BC28F3	0_2_00BC28F3
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AEC8F1	0_2_00AEC8F1
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A168D2	0_2_00A168D2
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009FC8E8	0_2_009FC8E8
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009FE835	0_2_009FE835
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00916820	0_2_00916820
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0095684D	0_2_0095684D
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AD4859	0_2_00AD4859
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AFE9BB	0_2_00AFE9BB
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A3E99B	0_2_00A3E99B
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0090E927	0_2_0090E927
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A4EA8B	0_2_00A4EA8B
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00BB0A78	0_2_00BB0A78
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AA8A77	0_2_00AA8A77
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008EABD0	0_2_008EABD0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00928BE0	0_2_00928BE0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00ABAB6E	0_2_00ABAB6E
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B0ECBE	0_2_00B0ECBE
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009ECC8F	0_2_009ECC8F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A26CED	0_2_00A26CED
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AA8C79	0_2_00AA8C79
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00946C7C	0_2_00946C7C
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009ECC6E	0_2_009ECC6E
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0091EC60	0_2_0091EC60
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A16D81	0_2_00A16D81
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A72D89	0_2_00A72D89
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B20D8F	0_2_00B20D8F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009ACD50	0_2_009ACD50
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00968D7B	0_2_00968D7B
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A4CE94	0_2_00A4CE94
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009E4EA5	0_2_009E4EA5
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009B2EE3	0_2_009B2EE3
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B30E04	0_2_00B30E04
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B2CE0B	0_2_00B2CE0B
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AE8E56	0_2_00AE8E56
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AC2FA4	0_2_00AC2FA4
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AC4FBF	0_2_00AC4FBF
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A3EFBA	0_2_00A3EFBA
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008ECF10	0_2_008ECF10
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008F508C	0_2_008F508C
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B8D0C9	0_2_00B8D0C9
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E1000	0_2_008E1000
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A3B038	0_2_00A3B038
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0093F039	0_2_0093F039
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E7020	0_2_008E7020
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A9B1C8	0_2_00A9B1C8
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A11115	0_2_00A11115
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0094B12F	0_2_0094B12F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0093F16E	0_2_0093F16E
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0090D299	0_2_0090D299
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A0B28A	0_2_00A0B28A
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B9B2D3	0_2_00B9B2D3
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009232E0	0_2_009232E0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B39225	0_2_00B39225
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008EB270	0_2_008EB270
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E73D0	0_2_008E73D0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00ADD3C6	0_2_00ADD3C6
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AE3327	0_2_00AE3327
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00FA7353	0_2_00FA7353
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E5320	0_2_008E5320
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E937E	0_2_008E937E
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E14A0	0_2_008E14A0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0090D4D4	0_2_0090D4D4
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A0F426	0_2_00A0F426
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A8158F	0_2_00A8158F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A6F59E	0_2_00A6F59E
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009DB5A4	0_2_009DB5A4
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A575CD	0_2_00A575CD
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A6F523	0_2_00A6F523
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B2B555	0_2_00B2B555
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E16BB	0_2_008E16BB
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00ACD634	0_2_00ACD634
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E1639	0_2_008E1639
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00911670	0_2_00911670
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E3780	0_2_008E3780
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B21789	0_2_00B21789
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008EB700	0_2_008EB700
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0098D73F	0_2_0098D73F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A29740	0_2_00A29740
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A27752	0_2_00A27752
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0095188F	0_2_0095188F
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A978FA	0_2_00A978FA
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A0B8CC	0_2_00A0B8CC
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0091F8E0	0_2_0091F8E0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0090B830	0_2_0090B830
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00BD99A0	0_2_00BD99A0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009FF9B1	0_2_009FF9B1
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AFB9E1	0_2_00AFB9E1
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B21930	0_2_00B21930
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A6996E	0_2_00A6996E
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00913A28	0_2_00913A28
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00981A48	0_2_00981A48
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00927BE0	0_2_00927BE0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00BC1BCA	0_2_00BC1BCA
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B65B03	0_2_00B65B03
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0090DB4B	0_2_0090DB4B
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008F1B50	0_2_008F1B50
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A19B4E	0_2_00A19B4E
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009FBC54	0_2_009FBC54
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A41DA6	0_2_00A41DA6
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AE3D85	0_2_00AE3D85
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009B7DDA	0_2_009B7DDA
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B63DE4	0_2_00B63DE4
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E7DD0	0_2_008E7DD0
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008FDDFF	0_2_008FDDFF
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A1FDD5	0_2_00A1FDD5
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A85D3A	0_2_00A85D3A
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009DFD03	0_2_009DFD03
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A3DD10	0_2_00A3DD10
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00989D24	0_2_00989D24
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009BBD74	0_2_009BBD74
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A55EAF	0_2_00A55EAF
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_010ADF1C	0_2_010ADF1C
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00989EFF	0_2_00989EFF
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A79E27	0_2_00A79E27
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0093E0A9	0_2_0093E0A9
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AA5E51	0_2_00AA5E51
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B39FBE	0_2_00B39FBE
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B47F80	0_2_00B47F80
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AD3F95	0_2_00AD3F95
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00967F1C	0_2_00967F1C
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00985F15	0_2_00985F15
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00AFBF64	0_2_00AFBF64
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A01F79	0_2_00A01F79

Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: String function: 008EEBD0 appears 173 times
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: String function: 008ECCF0 appears 52 times

Source: LgendPremium.exe

Static PE information: invalid certificate

Source: LgendPremium.exe, 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameinstrumentmainupdate_wave.exeT4 vs LgendPremium.exe
Source: LgendPremium.exe	Binary or memory string: OriginalFilenameinstrumentmainupdate_wave.exeT4 vs LgendPremium.exe

Source: LgendPremium.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\LgendPremium.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: LgendPremium.exe

ReversingLabs: Detection: 63%

Source: LgendPremium.exe	String found in binary or memory: @import url(../installer.css);
Source: LgendPremium.exe	String found in binary or memory: background:url("../images/Installer_body_bg.png") #e3e4e8;
Source: LgendPremium.exe	String found in binary or memory: @import url(../installer.css);
Source: LgendPremium.exe	String found in binary or memory: include "./InstallCustomizationProductListGrid.tis";
Source: LgendPremium.exe	String found in binary or memory: <td><button type="checkbox" checked style="foreground-image:url(../images/Install_Antivirus_small.png);"></button>Install COMODO Antivirus</td>
Source: LgendPremium.exe	String found in binary or memory: <td><button type="checkbox" checked style="../images/Install_Antivirus_small.png);"></button>
Source: LgendPremium.exe	String found in binary or memory: <td><button type="checkbox" checked style="foreground-image:url(../images/installer_min_ui_icon.png);"></button>
Source: LgendPremium.exe	String found in binary or memory: <td><button type="checkbox" checked style="foreground-image:url(../images/installer_min_ui_icon.png);"></button>2. I want PrivDog block</td>
Source: LgendPremium.exe	String found in binary or memory: foreground-image:url("../images/installer_min_ui_icon.png");
Source: LgendPremium.exe	String found in binary or memory: <body class="SingleFrameBase" caption="Post-install call offer">

Source: C:\Users\user\Desktop\LgendPremium.exe

File read: C:\Users\user\Desktop\LgendPremium.exe

Jump to behavior

Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\LgendPremium.exe	Section loaded: dpapi.dll	Jump to behavior

Source: LgendPremium.exe

Static file information: File size 5992432 > 1048576

Source: LgendPremium.exe

Static PE information: Raw size of .vmp is bigger than: 0x100000 < 0x56cc00

Source: LgendPremium.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: initial sample

Static PE information: section where entry point is pointing to: .vmp

Source: LgendPremium.exe	Static PE information: section name: .vmp
Source: LgendPremium.exe	Static PE information: section name: .vmp
Source: LgendPremium.exe	Static PE information: section name: .vmp

Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0093E2DF pushfd ; iretd	0_2_0093E2EE
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0093E304 pushfd ; iretd	0_2_0093E30C
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_0093E367 pushfd ; iretd	0_2_0093E306
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00B9E4ED push ebx; iretd	0_2_00B9E5AD
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_00A487CE push ebx; retf	0_2_00A48870
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E2AE1 push esi; ret	0_2_008E2AE3
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_009BDCD0 push ds; ret	0_2_009BDD07
Source: C:\Users\user\Desktop\LgendPremium.exe	Code function: 0_2_008E1EA6 push esi; ret	0_2_008E1EA8

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\LgendPremium.exe	API/Special instruction interceptor: Address: FD0BF0
Source: C:\Users\user\Desktop\LgendPremium.exe	API/Special instruction interceptor: Address: 10546AD
Source: C:\Users\user\Desktop\LgendPremium.exe	API/Special instruction interceptor: Address: FB7FFC
Source: C:\Users\user\Desktop\LgendPremium.exe	API/Special instruction interceptor: Address: 114ADD1
Source: C:\Users\user\Desktop\LgendPremium.exe	API/Special instruction interceptor: Address: F47A0B
Source: C:\Users\user\Desktop\LgendPremium.exe	API/Special instruction interceptor: Address: 1044BE2

Source: C:\Users\user\Desktop\LgendPremium.exe

Code function: 0_2_009400CB rdtsc

0_2_009400CB

Source: C:\Users\user\Desktop\LgendPremium.exe TID: 7896

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW+
Source: LgendPremium.exe, 00000000.00000002.1397171629.000000000170C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(ru

Source: C:\Users\user\Desktop\LgendPremium.exe

Code function: 0_2_009400CB rdtsc

0_2_009400CB

Source: C:\Users\user\Desktop\LgendPremium.exe

Code function: 0_2_00926170 LdrInitializeThunk,

0_2_00926170

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: LgendPremium.exe, 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: absorptioniw.site
Source: LgendPremium.exe, 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: mysterisop.site
Source: LgendPremium.exe, 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: snarlypagowo.site
Source: LgendPremium.exe, 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: treatynreit.site
Source: LgendPremium.exe, 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: chorusarorp.site
Source: LgendPremium.exe, 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: abnomalrkmu.site
Source: LgendPremium.exe, 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: soldiefieop.site
Source: LgendPremium.exe, 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: questionsmw.store
Source: LgendPremium.exe, 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: wrappyskmwio.store

Source: C:\Users\user\Desktop\LgendPremium.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Virtualization/Sandbox Evasion	OS Credential Dumping	111 Security Software Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 PowerShell	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	11 Deobfuscate/Decode Files or Information	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	12 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	113 Application Layer Protocol	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
LgendPremium.exe	63%	ReversingLabs	Win32.Worm.DorkBot
LgendPremium.exe	100%	Avira	TR/AVI.PWS.Agent.ibtge

Source	Detection	Scanner	Label	Link
questionsmw.store	100%	Avira URL Cloud	malware
wrappyskmwio.store	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
steamcommunity.com	104.102.49.254	true	false	high
chorusarorp.site	unknown	unknown	true	unknown
treatynreit.site	unknown	unknown	true	unknown
snarlypagowo.site	unknown	unknown	true	unknown
questionsmw.store	unknown	unknown	true	unknown
mysterisop.site	unknown	unknown	true	unknown
absorptioniw.site	unknown	unknown	true	unknown
abnomalrkmu.site	unknown	unknown	true	unknown
wrappyskmwio.store	unknown	unknown	true	unknown
soldiefieop.site	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
wrappyskmwio.store	true	Avira URL Cloud: malware	unknown
questionsmw.store	true	Avira URL Cloud: malware	unknown
abnomalrkmu.site	false		high
snarlypagowo.site	false		high
chorusarorp.site	false		high
absorptioniw.site	false		high
soldiefieop.site	false		high
treatynreit.site	false		high
https://steamcommunity.com/profiles/76561199724331900	false		high
mysterisop.site	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://steamcommunity.com/my/wishlist/	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://player.vimeo.com	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#	LgendPremium.exe	false	high
https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/3	LgendPremium.exe, 00000000.00000003.1395737591.0000000001736000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397264336.0000000001736000.00000004.00000020.00020000.00000000.sdmp	false	high
http://ocsp.sectigo.com0	LgendPremium.exe	false	high
https://steamcommunity.com/?subsection=broadcasts	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://help.steampowered.com/en/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/market/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/news/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/subscriber_agreement/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.gstatic.cn/recaptcha/	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/subscriber_agreement/	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://recaptcha.net/recaptcha/;	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
http://www.valvesoftware.com/legal.htm	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/discussions/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0	LgendPremium.exe	false	high
https://store.steampowered.com/points/shopJ	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/stats/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://medal.tv	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://broadcast.st.dl.eccdnx.com	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/steam_refunds/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a	LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/profiles/76561199724331900tJ	LgendPremium.exe, 00000000.00000003.1395737591.0000000001736000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397264336.0000000001736000.00000004.00000020.00020000.00000000.sdmp	false	high
https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/	LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://s.ytimg.com;	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/workshop/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=0Xxx	LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://login.steampowered.com/	LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb	LgendPremium.exe, 00000000.00000003.1395807812.000000000175F000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/legal/	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/	LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steam.tv/	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#	LgendPremium.exe	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://sectigo.com/CPS0	LgendPremium.exe	false	high
http://store.steampowered.com/privacy_agreement/	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/points/shop/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://recaptcha.net	LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/	LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com	LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://sketchfab.com	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://lv.queniujq.cn	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.youtube.com/	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
http://127.0.0.1:27060	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/privacy_agreement/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z	LgendPremium.exe	false	high
https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com/recaptcha/	LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	false	high
https://checkout.steampowered.com/	LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://help.steampowered.com/	LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.steampowered.com/	LgendPremium.exe, 00000000.00000002.1397340592.0000000001756000.00000004.00000020.00020000.00000000.sdmp	false	high
http://store.steampowered.com/account/cookiepreferences/	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395737591.000000000171D000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/mobile	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://steamcommunity.com/	LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=THDq-gsQ	LgendPremium.exe, 00000000.00000002.1397171629.000000000171A000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/;	LgendPremium.exe, 00000000.00000003.1395685490.0000000001756000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000002.1397376541.0000000001760000.00000004.00000020.00020000.00000000.sdmp	false	high
https://store.steampowered.com/about/	LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high
https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l	LgendPremium.exe, 00000000.00000003.1395651675.0000000001796000.00000004.00000020.00020000.00000000.sdmp, LgendPremium.exe, 00000000.00000003.1395651675.000000000179C000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1577570
Start date and time:	2024-12-18 15:36:59 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	LgendPremium.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@1/0@10/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 77% Number of executed functions: 12 Number of non-executed functions: 215
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, glb.sls.prod.dcat.dsp.trafficmanager.net
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: LgendPremium.exe

Simulations

Behavior and APIs

Time	Type	Description
09:38:04	API Interceptor	3x Sleep call for process: LgendPremium.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.102.49.254	http://gtm-cn-j4g3qqvf603.steamproxy1.com/	Get hash	malicious	Unknown	Browse	www.valvesoftware.com/legal.htm

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
steamcommunity.com	ji2xlo1f.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	f86nrrc6.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Armanivenntii_crypted_EASY.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	aqbjn3fl.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	aqbjn3fl.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	zq6a1iqg.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106
	v_dolg.exe	Get hash	malicious	LummaC Stealer	Browse	23.55.153.106
	cccc2.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	CompleteStudio.exe	Get hash	malicious	LummaC	Browse	23.55.153.106
	random.exe.6.exe	Get hash	malicious	LummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, Vidar	Browse	23.55.153.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	f86nrrc6.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	ko.ps1.2.ps1	Get hash	malicious	Unknown	Browse	23.57.90.154
	http://www.mynylgbs.com	Get hash	malicious	Unknown	Browse	104.121.2.245
	loligang.arm7.elf	Get hash	malicious	Mirai	Browse	23.203.88.6
	loligang.sh4.elf	Get hash	malicious	Mirai	Browse	96.24.75.93
	EXTERNALRe.msg	Get hash	malicious	Unknown	Browse	95.100.135.24
	mips.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	104.82.71.158
	arm.nn-20241218-0633.elf	Get hash	malicious	Mirai, Okiru	Browse	104.89.110.164
	jew.ppc.elf	Get hash	malicious	Unknown	Browse	23.199.141.123
	jew.sh4.elf	Get hash	malicious	Unknown	Browse	2.16.80.27

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	random.exe.7.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, Stealc, Vidar	Browse	104.102.49.254
	ji2xlo1f.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	f86nrrc6.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	Armanivenntii_crypted_EASY.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	random.exe.2.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	aqbjn3fl.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	aqbjn3fl.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	goldlummaa.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Xmrig	Browse	104.102.49.254
	InstallSetup.exe	Get hash	malicious	LummaC	Browse	104.102.49.254

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.908011753478672
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	LgendPremium.exe
File size:	5'992'432 bytes
MD5:	c84baaa0b67d15dbc989ca2eb55a9b1c
SHA1:	20231d1285e4de0916cc71e7d590313296f9d539
SHA256:	9f8b8bd90df6a73c3fbd5eb730ca6866f2de8f09ba273d73e7a91731ca90ae79
SHA512:	3decb9123dccef7da39cb2c51ba44b30fc79d68b9192b1e9fec95d3b19d2e77de593bfd6c2601718dc975148608ec21bfe047d103db1ba12fb1f2f954ea3de3f
SSDEEP:	98304:pXnW8kAUw7PG+CO9Qkq/fGBcFeZuvJhqJXVt2W395FBbjWX1URQZFquX4QCU:5W8kA4+COeGKM8+Jlt2W3THjm15F5IQD
TLSH:	6A5623092885C15AD8DB01F892336BE576F29383CF524476BACC63EF6B73D79612B406
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...q..f.....................R......*.x...........@..........................`........[...@..................................kX....

File Icon


Icon Hash:	0bf393a3e3318823

Static PE Info

General

Entrypoint:	0xb80c2a
Entrypoint Section:	.vmp
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FA9271 [Mon Sep 30 11:58:41 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	567040e23b638fd749fdb81638258d46

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Ultra namer product
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	13/09/2024 21:48:33 14/09/2034 21:48:33
Subject Chain	CN=Ultra namer product
Version:	3
Thumbprint MD5:	DE6258A0EF81D0C66314A7D316FD9F7E
Thumbprint SHA-1:	74B7753F4C5D458587B70850523305B954936873
Thumbprint SHA-256:	B8681665EABAF2C87EE257F7AE7B99667371FD566814EC66C67ABD9EF2866A20
Serial:	23751426D92517B948A131CC0CD4FFCE

Entrypoint Preview

Instruction
push edi
pushfd
mov edi, 0A28DC82h
and edi, 5AA34D0Bh
lea edi, dword ptr [6D009B36h+edi*4]
mov edi, dword ptr [esp+04h]
mov dword ptr [esp+04h], D4D9BAECh
push dword ptr [esp+00h]
popfd
lea esp, dword ptr [esp+04h]
call 00007F84483A6B4Ch
mov ecx, dword ptr [edi]
and eax, eax
xor ecx, ebx
and ax, 00009110h
mov edx, eax
inc ecx
inc edx
jl 00007F84486D62E7h
dec eax
mov dword ptr [esp+00h], 0823F3AFh
call 00007F844860BE32h
mov ecx, 27AE518Fh
mov ecx, dword ptr [ecx+esi-27AE518Fh]
mov edx, 55804E10h
movzx edx, byte ptr [ebp+edx-55804E11h]
mov eax, C3047F8Ch
jmp 00007F8448695E49h
xor edx, ebx
ror edx, 03h
or ecx, eax
xor edx, 0236BC0Ah
dec cl
push eax
shl ecx, FFFFFFF1h
sbb edx, F00C9F9Ah
push ecx
pop ecx
inc ecx
not edx
btc ecx, eax
rol eax, FFFFFF83h
xor ebx, edx
or eax, dword ptr [esp+ecx-7FD61001h]
and ecx, dword ptr [esp+ecx-7FD61001h]
shl eax, FFFFFFD5h
add edi, edx
pop eax
jmp 00007F84485F8884h
and dx, word ptr [esp+07h]
dec dword ptr [esp+05h]
pop eax
pop edx
pop edx
jp 00007F84486CA91Eh
call 00007F844882BD9Ch

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x586bf0	0xa0	.vmp
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x86e000	0x47586	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x5b5200	0x1df0	.vmp
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x86d000	0x66c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2ff000	0x4c	.vmp
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x49f81	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x4b000	0x2a0f	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x4e000	0xf798	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.vmp	0x5e000	0x2a04b3	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.vmp	0x2ff000	0x258	0x400	3e76352fb406be74171e1557f4737a9e	False	0.0673828125	data	0.3843958818937885	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.vmp	0x300000	0x56caa0	0x56cc00	6f9e9ebd540643c3c65e371b023dbb7d	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0x86d000	0x66c	0x800	82e207bf27869c518a16b504cd885c47	False	0.42041015625	data	3.635663252988446	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x86e000	0x47586	0x47600	a4186a136b8decaf334c828bf3bd882a	False	0.3563991352889667	data	6.678867293448852	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x86f310	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024			0.7668439716312057
RT_ICON	0x86f778	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096			0.6121013133208255
RT_ICON	0x870820	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384			0.5082073689182806
RT_ICON	0x874a48	0xe978	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced			1.0004015526703252
RT_GROUP_ICON	0x8833c0	0x3e	data			0.8064516129032258
RT_VERSION	0x883400	0x3a4	data			0.3894849785407725
RT_HTML	0x8837a4	0x1921	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.3342142079900513
RT_HTML	0x8850c8	0xaa7	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.39053905390539057
RT_HTML	0x885b70	0x60b	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.45701357466063347
RT_HTML	0x88617c	0x850	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.43139097744360905
RT_HTML	0x8869cc	0x609	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.4414239482200647
RT_HTML	0x886fd8	0x5fa	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.44248366013071894
RT_HTML	0x8875d4	0x98c	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.3248772504091653
RT_HTML	0x887f60	0x5a6	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.43084370677731676
RT_HTML	0x888508	0xaab	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.40388136213841086
RT_HTML	0x888fb4	0x657	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.39063462723351816
RT_HTML	0x88960c	0xa5f	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.40451977401129946
RT_HTML	0x88a06c	0x6b0	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.4322429906542056
RT_HTML	0x88a71c	0x15f2	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.30758276966892134
RT_HTML	0x88bd10	0x7b3	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.4140030441400304
RT_HTML	0x88c4c4	0x703e	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.147038351778381
RT_HTML	0x893504	0x6c8	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.4274193548387097
RT_HTML	0x893bcc	0x666	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.4365079365079365
RT_HTML	0x894234	0x767	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.41055408970976254
RT_HTML	0x89499c	0x852	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.4103286384976526
RT_HTML	0x8951f0	0xb09	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.400353982300885
RT_HTML	0x895cfc	0x9ca	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.41101356743814843
RT_HTML	0x8966c8	0xf44	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.38996929375639716
RT_HTML	0x89760c	0x1bad	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.3340860973888497
RT_HTML	0x8991bc	0xecb	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.30895167678901503
RT_HTML	0x89a088	0xf84	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.3230110775427996
RT_HTML	0x89b00c	0xbe9	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.3604460478845523
RT_HTML	0x89bbf8	0xc1b	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.3607615359793482
RT_HTML	0x89c814	0xe11	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.3140794223826715
RT_HTML	0x89d628	0x1094	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.3124410933081998
RT_HTML	0x89e6bc	0x4d5	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.44543249797898143
RT_HTML	0x89eb94	0x6f0e	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.14403798804080198
RT_HTML	0x8a5aa4	0xca1	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.4002474481905351
RT_HTML	0x8a6748	0x198d	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.332365081791775
RT_HTML	0x8a80d8	0x893	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.40865603644646925
RT_HTML	0x8a896c	0x9da	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.39413164155432195
RT_HTML	0x8a9348	0x6f0e	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.14403798804080198
RT_HTML	0x8b0258	0x172d	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.32782740603404686
RT_HTML	0x8b1988	0x84a	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.410933081998115
RT_HTML	0x8b21d4	0x8d8	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.4218197879858657
RT_HTML	0x8b2aac	0xf2c	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.345005149330587
RT_HTML	0x8b39d8	0x69e	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.43506493506493504
RT_HTML	0x8b4078	0x701	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.40936977133296154
RT_HTML	0x8b477c	0x580	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.43110795454545453
RT_HTML	0x8b4cfc	0x459	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	English	United States	0.4384546271338724
RT_MANIFEST	0x8b5158	0x42e	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1010), with CRLF line terminators			0.5037383177570094

Imports

DLL	Import
USER32.dll	CloseClipboard
KERNEL32.dll	CopyFileW
SHELL32.dll	ShellExecuteW
ole32.dll	CoCreateInstance
OLEAUT32.dll	SysAllocString
GDI32.dll	BitBlt
KERNEL32.dll	HeapAlloc, HeapFree, ExitProcess, GetModuleHandleA, LoadLibraryA, GetProcAddress

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-18T15:38:04.592142+0100	2056402	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (questionsmw .store)	1	192.168.2.7	64167	1.1.1.1	53	UDP
2024-12-18T15:38:04.817373+0100	2056408	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (soldiefieop .site)	1	192.168.2.7	57615	1.1.1.1	53	UDP
2024-12-18T15:38:05.072264+0100	2056392	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (abnomalrkmu .site)	1	192.168.2.7	53230	1.1.1.1	53	UDP
2024-12-18T15:38:05.381219+0100	2056396	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (chorusarorp .site)	1	192.168.2.7	50153	1.1.1.1	53	UDP
2024-12-18T15:38:05.929666+0100	2056410	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (treatynreit .site)	1	192.168.2.7	56209	1.1.1.1	53	UDP
2024-12-18T15:38:06.161557+0100	2056406	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (snarlypagowo .site)	1	192.168.2.7	59241	1.1.1.1	53	UDP
2024-12-18T15:38:06.408677+0100	2056400	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mysterisop .site)	1	192.168.2.7	52080	1.1.1.1	53	UDP
2024-12-18T15:38:06.673526+0100	2056394	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (absorptioniw .site)	1	192.168.2.7	63000	1.1.1.1	53	UDP
2024-12-18T15:38:08.648653+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.7	49703	104.102.49.254	443	TCP
2024-12-18T15:38:09.660633+0100	2858666	ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup	1	192.168.2.7	49703	104.102.49.254	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 15:38:07.190059900 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:07.190124035 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:07.190243006 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:07.193721056 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:07.193739891 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:08.648478985 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:08.648653030 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:08.651602030 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:08.651614904 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:08.652040005 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:08.704898119 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:08.916307926 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:08.959340096 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:09.660339117 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:09.660375118 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:09.660387039 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:09.660434961 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:09.660468102 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:09.660490036 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:09.660532951 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:09.660552979 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:09.660583019 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:09.753115892 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:09.753205061 CET	443	49703	104.102.49.254	192.168.2.7
Dec 18, 2024 15:38:09.753220081 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:09.753266096 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:10.000968933 CET	49703	443	192.168.2.7	104.102.49.254
Dec 18, 2024 15:38:10.001002073 CET	443	49703	104.102.49.254	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 15:38:04.357587099 CET	60236	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:04.587508917 CET	53	60236	1.1.1.1	192.168.2.7
Dec 18, 2024 15:38:04.592142105 CET	64167	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:04.814235926 CET	53	64167	1.1.1.1	192.168.2.7
Dec 18, 2024 15:38:04.817373037 CET	57615	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:05.043999910 CET	53	57615	1.1.1.1	192.168.2.7
Dec 18, 2024 15:38:05.072263956 CET	53230	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:05.377464056 CET	53	53230	1.1.1.1	192.168.2.7
Dec 18, 2024 15:38:05.381218910 CET	50153	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:05.926094055 CET	53	50153	1.1.1.1	192.168.2.7
Dec 18, 2024 15:38:05.929666042 CET	56209	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:06.159007072 CET	53	56209	1.1.1.1	192.168.2.7
Dec 18, 2024 15:38:06.161556959 CET	59241	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:06.394644022 CET	53	59241	1.1.1.1	192.168.2.7
Dec 18, 2024 15:38:06.408677101 CET	52080	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:06.636617899 CET	53	52080	1.1.1.1	192.168.2.7
Dec 18, 2024 15:38:06.673526049 CET	63000	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:06.896155119 CET	53	63000	1.1.1.1	192.168.2.7
Dec 18, 2024 15:38:06.953362942 CET	58132	53	192.168.2.7	1.1.1.1
Dec 18, 2024 15:38:07.183659077 CET	53	58132	1.1.1.1	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 18, 2024 15:38:04.357587099 CET	192.168.2.7	1.1.1.1	0xc45b	Standard query (0)	wrappyskmwio.store	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:04.592142105 CET	192.168.2.7	1.1.1.1	0x6dd8	Standard query (0)	questionsmw.store	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:04.817373037 CET	192.168.2.7	1.1.1.1	0xccbf	Standard query (0)	soldiefieop.site	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:05.072263956 CET	192.168.2.7	1.1.1.1	0x7774	Standard query (0)	abnomalrkmu.site	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:05.381218910 CET	192.168.2.7	1.1.1.1	0x8c89	Standard query (0)	chorusarorp.site	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:05.929666042 CET	192.168.2.7	1.1.1.1	0x3290	Standard query (0)	treatynreit.site	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:06.161556959 CET	192.168.2.7	1.1.1.1	0xc570	Standard query (0)	snarlypagowo.site	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:06.408677101 CET	192.168.2.7	1.1.1.1	0xc442	Standard query (0)	mysterisop.site	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:06.673526049 CET	192.168.2.7	1.1.1.1	0x3dd5	Standard query (0)	absorptioniw.site	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:06.953362942 CET	192.168.2.7	1.1.1.1	0x4af0	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 18, 2024 15:38:04.587508917 CET	1.1.1.1	192.168.2.7	0xc45b	Name error (3)	wrappyskmwio.store	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:04.814235926 CET	1.1.1.1	192.168.2.7	0x6dd8	Name error (3)	questionsmw.store	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:05.043999910 CET	1.1.1.1	192.168.2.7	0xccbf	Name error (3)	soldiefieop.site	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:05.377464056 CET	1.1.1.1	192.168.2.7	0x7774	Name error (3)	abnomalrkmu.site	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:05.926094055 CET	1.1.1.1	192.168.2.7	0x8c89	Name error (3)	chorusarorp.site	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:06.159007072 CET	1.1.1.1	192.168.2.7	0x3290	Name error (3)	treatynreit.site	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:06.394644022 CET	1.1.1.1	192.168.2.7	0xc570	Name error (3)	snarlypagowo.site	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:06.636617899 CET	1.1.1.1	192.168.2.7	0xc442	Name error (3)	mysterisop.site	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:06.896155119 CET	1.1.1.1	192.168.2.7	0x3dd5	Name error (3)	absorptioniw.site	none	none	A (IP address)	IN (0x0001)	false
Dec 18, 2024 15:38:07.183659077 CET	1.1.1.1	192.168.2.7	0x4af0	No error (0)	steamcommunity.com		104.102.49.254	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

steamcommunity.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49703	104.102.49.254	443	7840	C:\Users\user\Desktop\LgendPremium.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 14:38:08 UTC	219	OUT	GET /profiles/76561199724331900 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: steamcommunity.com
2024-12-18 14:38:09 UTC	1905	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED] Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Wed, 18 Dec 2024 14:38:09 GMT Content-Length: 25665 Connection: close Set-Cookie: sessionid=1801fa73639986a1341122cf; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
2024-12-18 14:38:09 UTC	14479	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
2024-12-18 14:38:09 UTC	11186	IN	Data Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>

Target ID:	0
Start time:	09:38:03
Start date:	18/12/2024
Path:	C:\Users\user\Desktop\LgendPremium.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\LgendPremium.exe"
Imagebase:	0x8e0000
File size:	5'992'432 bytes
MD5 hash:	C84BAAA0B67D15DBC989CA2EB55A9B1C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	38.9%
Total number of Nodes:	54
Total number of Limit Nodes:	3

Executed Functions

Function 008ED472 Relevance: 3.9, Strings: 3, Instructions: 132
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1032, xrefs: 008ED5F3, 008ED5FB
=<?>, xrefs: 008ED5BE
,!, xrefs: 008ED630

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 1032$=<?>$,!
API String ID: 0-2584799865
Opcode ID: c5dfba8ea5a811a1b6f128f5e86941510544304eaebccb126e61e55077e4f66e
Instruction ID: 30be61c1c956c6fbd78703ed396a1e322585f893a76a7f4b2bd6d5f2487bc74c
Opcode Fuzzy Hash: c5dfba8ea5a811a1b6f128f5e86941510544304eaebccb126e61e55077e4f66e
Instruction Fuzzy Hash: A341027440D380ABD701AF59D594A1EFBE5FFA2705F548C0CE5C4CB262D23AD8588BA7

Function 00926170 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL(0092975D,005C003F,00000006,?,?,00000018,=:;8,?,?), ref: 0092619E

Strings

=:;8, xrefs: 00926170, 0092618C, 0092619A

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: InitializeThunk
String ID: =:;8
API String ID: 2994545307-508151936
Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

Function 008F01A0 Relevance: 1.7, Strings: 1, Instructions: 403
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

5{1y, xrefs: 008F05EC

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 5{1y
API String ID: 0-1368497684
Opcode ID: 89eab8cfcfeaae7f332d17a16714edd1bf42d5a11b80ed4c4507e096fe8be168
Instruction ID: 0ca3504c6b0660dc70e0bf1eb9f027133965d2ce505501976bc5bb6a44b83287
Opcode Fuzzy Hash: 89eab8cfcfeaae7f332d17a16714edd1bf42d5a11b80ed4c4507e096fe8be168
Instruction Fuzzy Hash: 3FF100B1114B00DFE3208F25D884BABBBF5FB45704F118A1CE5AA8BAA1D775B845DF90

Function 009261CE Relevance: 1.4, Strings: 1, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=:;8, xrefs: 00926203, 0092620B

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: =:;8
API String ID: 0-508151936
Opcode ID: 398cd1ae3add7c24d3ebd667c2382a6d45699bd06ddeaabbd7af60826ecde86e
Instruction ID: 0990cdc1636abbe21db18601bb9c5215a5d4675bafeb6844e753972bae4cdf05
Opcode Fuzzy Hash: 398cd1ae3add7c24d3ebd667c2382a6d45699bd06ddeaabbd7af60826ecde86e
Instruction Fuzzy Hash: 1741E374A14266DBCB04CF98EC81A7EBB76FB4A301F684414E511E7B69D330A960DFA1

Function 00929A10 Relevance: 1.4, Strings: 1, Instructions: 139
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=:;8, xrefs: 00929A44, 00929A4D

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: =:;8
API String ID: 0-508151936
Opcode ID: 265f92e8cfe22feb969bb048438e3b936e2652520b36939893de9d99ffaba769
Instruction ID: 92a03b87f71f28f1f84f1bf8984ce5fe9a7e80a9a3a0a2f0302c6fd085d3d191
Opcode Fuzzy Hash: 265f92e8cfe22feb969bb048438e3b936e2652520b36939893de9d99ffaba769
Instruction Fuzzy Hash: AF418B74608320ABD7149F15FD90B2FB7EAEB85B14F24881CF58A9B255D331EC10DB56

Function 00926DCB Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db365616f463a0a6484099dfd28ecba6cb4ce9ba502459bd895b6892a42ab628
Instruction ID: 1407d6e13377d4749da8675910ded350d2b7c8093d099f2cd22650f7cf0c84ea
Opcode Fuzzy Hash: db365616f463a0a6484099dfd28ecba6cb4ce9ba502459bd895b6892a42ab628
Instruction Fuzzy Hash: 4DD1E032A2C251CFC714CF28E89051AB7E2FB89315F1A8A6DE8A1D7391C734DA45DF81

Function 008F0BA5 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ad1a7197ec4ffdc5466d5d955580e13d24d95f0c21dc30f41259d31cccea1a
Instruction ID: be4290e56d419b5e6f66f8bfa6ee381596c63b274f91e2993d5a497e0530c7c2
Opcode Fuzzy Hash: 86ad1a7197ec4ffdc5466d5d955580e13d24d95f0c21dc30f41259d31cccea1a
Instruction Fuzzy Hash: 5C21233451D384AFD350DB64D880B2FFBF5EB86704F50A82CF69097262C2B1E8009B1A

Function 008EEBE0 Relevance: 1.6, APIs: 1, Instructions: 101
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(D7BFC9B3,00000000,F10E070C), ref: 008EED26

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 6914532a79d82df6e56befdc934b8aa5165172096c6526be1bedb2bffc7af345
Instruction ID: 69694693be7a62247ba7adfedf55c20d2f37a27380f60b68b501d5034c1cb065
Opcode Fuzzy Hash: 6914532a79d82df6e56befdc934b8aa5165172096c6526be1bedb2bffc7af345
Instruction Fuzzy Hash: 9A3149B0D11268DBEF20DFA9DC45BAEBBB5FB45300F104299E444A7281D7345E45CFA2

Function 0092505A Relevance: 1.6, APIs: 1, Instructions: 70
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 009250CC

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: e77a24c4a80aee3fcc7dcc923a6ceb5446a4c38e684fe6cb558f59c16f9ea0fd
Instruction ID: b8ceda463d260515d62de49228a7c5af9a2900973e6fecb9eb1077d31b2e59ae
Opcode Fuzzy Hash: e77a24c4a80aee3fcc7dcc923a6ceb5446a4c38e684fe6cb558f59c16f9ea0fd
Instruction Fuzzy Hash: 6621E174954296DFCB05CFA8E9906ADFBB4BF09301F58444CD442B7382C334AA12CFA5

Function 00925D00 Relevance: 1.6, APIs: 1, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11096fdaa7f6c95cdb5fb861a34f61c99aaa1bab872d7663bc165a98133e1bf9
Instruction ID: 4e9e6bc7560066eefa2654879432ab90debbdd8c9730a34c8491bb95ce291e1d
Opcode Fuzzy Hash: 11096fdaa7f6c95cdb5fb861a34f61c99aaa1bab872d7663bc165a98133e1bf9
Instruction Fuzzy Hash: CD01807551C2609BC301AF28FC05A1ABBF4EF96711F458C28F4C49B259D739E910DBA2

Function 009234C0 Relevance: 1.5, APIs: 1, Instructions: 45
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(?,00000000), ref: 00923533

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: ced717914ec952d20775edc75c5667dd66dd0c9c3837069b24e6b7f1e05b45e0
Instruction ID: 6b16b15bdaaabf9c9ffa2b39f0d949b2a4d2354257f6b62bd9e1db55b0812668
Opcode Fuzzy Hash: ced717914ec952d20775edc75c5667dd66dd0c9c3837069b24e6b7f1e05b45e0
Instruction Fuzzy Hash: 79F0197450D250ABC301AF18E955B0EBBE5EF96700F058C1CE4C89B261D235DD64DB92

Function 00923498 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,00000000), ref: 009234A2

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 89689781faeba3a45c463bb2b421ca2a601d4c3b2b42fdc711aa8888cf7430d2
Instruction ID: 267219ac0fd2b8beb9ad63dfdcbd6b3101673b0e1ba5f433fed67c9e16e9101e
Opcode Fuzzy Hash: 89689781faeba3a45c463bb2b421ca2a601d4c3b2b42fdc711aa8888cf7430d2
Instruction Fuzzy Hash: D5B00230295115B9E17217115CD9F7F1D6CDF43E95F104054B204150E146545541E57D

Non-executed Functions

Function 008FDDFF Relevance: 23.7, Strings: 18, Instructions: 1214COMMON

Download Yara Rule

Strings

twvq, xrefs: 008FE617
hkje, xrefs: 008FE5E0
x{zu, xrefs: 008FE60C
%*+(, xrefs: 008FE080
\_^Y, xrefs: 008FE767
%*+(, xrefs: 008FEB17, 008FEB23
`cb}, xrefs: 008FE5F6
OA, xrefs: 008FED17
Nz{, xrefs: 008FE805
X[ZU, xrefs: 008FE5B4
@C, xrefs: 008FED1F
pqrs, xrefs: 008FE81B
efg`, xrefs: 008FE727
L, xrefs: 008FE71F
defg, xrefs: 008FE7C3
TWVQX[ZU\_^Y, xrefs: 008FEA73, 008FEA7A
YZ[D, xrefs: 008FE64E
IK, xrefs: 008FDF5D

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+($%*+($@C$L$TWVQX[ZU\_^Y$X[ZU$YZ[D$\_^Y$`cb}$defg$efg`$hkje$pqrs$twvq$x{zu$IK$Nz{$OA
API String ID: 0-1295941102
Opcode ID: bd8ade1ac6d54accd3c95b8ea19879ecffe613ff955a3a871e98d010a81e4c3e
Instruction ID: 54bd2700524da4882406af38a91abcaaea606388782cfc1ab5d22a2c0ebb9178
Opcode Fuzzy Hash: bd8ade1ac6d54accd3c95b8ea19879ecffe613ff955a3a871e98d010a81e4c3e
Instruction Fuzzy Hash: A3A289B15083849BD730CF24C840BAFBBE2FFC5704F54892DEA899B291EB759945CB52

Function 00911670 Relevance: 19.8, APIs: 2, Strings: 8, Instructions: 2304COMMON

Download Yara Rule

Strings

:\Bz, xrefs: 00911FF4
*&- , xrefs: 00911C11
*XJe, xrefs: 00912947
avqy, xrefs: 00911E1A
w[Nc, xrefs: 0091169A
WXM,, xrefs: 00911861
]h>l, xrefs: 009134AF
JX`b, xrefs: 00912ACE

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: *&- $*XJe$:\Bz$JX`b$WXM,$]h>l$avqy$w[Nc
API String ID: 0-3536549935
Opcode ID: e3ef7224ced2005b0c265fa8fd2469e388f40e4eb7dcb095b9406cea895b183b
Instruction ID: 208e2d7f537139cd21b8df4d4f01b1ed20e9783cd63a51257146ccf2b4517ce8
Opcode Fuzzy Hash: e3ef7224ced2005b0c265fa8fd2469e388f40e4eb7dcb095b9406cea895b183b
Instruction Fuzzy Hash: 9A13AE70108B808ED7668F35C8907E7BBF5AF16305F58889DD4EB8B292DB35A589CF50

Function 008E1000 Relevance: 10.6, Strings: 7, Instructions: 1898COMMON

Download Yara Rule

Strings

0123456789abcdefxp, xrefs: 008E14C4, 008E1536
A, xrefs: 008E204B
gfff, xrefs: 008E217F
-, xrefs: 008E2083
gfff, xrefs: 008E2132
0123456789ABCDEFXP, xrefs: 008E14BA, 008E1529
gfff, xrefs: 008E20C3

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$A$gfff$gfff$gfff
API String ID: 0-947532036
Opcode ID: 3d006d272b6c2894496ca34031376700a42124f4b6b0e48b7a61ca8f24926fe3
Instruction ID: 5edcacfec10c15d3346480f844db25e3a275418c9e535b377930c5738f455a4a
Opcode Fuzzy Hash: 3d006d272b6c2894496ca34031376700a42124f4b6b0e48b7a61ca8f24926fe3
Instruction Fuzzy Hash: 41D2C1716083958FD714CE2AC88466ABBE2FFDA314F188A2DE995C7391D734DD05CB82

Function 0090C510 Relevance: 9.3, Strings: 7, Instructions: 556COMMON

Download Yara Rule

Strings

DE, xrefs: 0090CDCF
H-X#, xrefs: 0090D1FD
!, xrefs: 0090D205
S~Dw, xrefs: 0090D3F6, 0090D3D3, 0090D3DB, 0090D3FE
sDtB, xrefs: 0090D387
DtsN, xrefs: 0090D39F
W\T_, xrefs: 0090D3AF

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !$DE$DtsN$H-X#$S~Dw$W\T_$sDtB
API String ID: 0-425027836
Opcode ID: 92fa90da39f65fccf07716a756875a62710ca82120d79290b3319ed722abebe5
Instruction ID: 54bbfcd165db23e9f37fbb1cc998529e0348448e50b6c71f9a3f0680c115ee2a
Opcode Fuzzy Hash: 92fa90da39f65fccf07716a756875a62710ca82120d79290b3319ed722abebe5
Instruction Fuzzy Hash: 3712A7B090D340DFD720AF29E841A2ABBE5FB8A344F144A2CF5C89B2A1D735D951CF56

Function 00B63DE4 Relevance: 9.2, Strings: 7, Instructions: 485COMMON

Download Yara Rule

Strings

', xrefs: 00B63E57
J, xrefs: 00B3688E
$, xrefs: 00B9F4DF
[, xrefs: 00A677D6
S, xrefs: 0099B03C
!, xrefs: 00B9F4BC
4, xrefs: 00B63E3D

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !$$$'$4$J$S$[
API String ID: 0-2747769939
Opcode ID: e81a71f3039fc0db956294356ecbc748ece4b8a9d3f0965e1bb5b8c4bb48cbac
Instruction ID: 5c84e44ad15ad4ddf6393abdc93e9238e46977073f3bdf5b31a7eb733106d2b5
Opcode Fuzzy Hash: e81a71f3039fc0db956294356ecbc748ece4b8a9d3f0965e1bb5b8c4bb48cbac
Instruction Fuzzy Hash: C6F1A7365087128BD70CEB28E8548FBB3E1EBC1325F608A7ED086C75D5EB39501ACB85

Function 008E16BB Relevance: 9.2, Strings: 7, Instructions: 466COMMON

Download Yara Rule

Strings

0123456789abcdefxp, xrefs: 008E14C4, 008E1536
A, xrefs: 008E204B
gfff, xrefs: 008E217F
gfff, xrefs: 008E2132
0123456789ABCDEFXP, xrefs: 008E14BA, 008E1529
+, xrefs: 008E2060
gfff, xrefs: 008E20C3

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$A$gfff$gfff$gfff
API String ID: 0-1963219446
Opcode ID: a36cef0a2f680f8e88cefcb4f4f153c809143c52eeb7b7ad820e70b2bc0bc1fc
Instruction ID: 510662540973d2e4d94ada8f0acaa89fc8a58abe454ec06ca9e9cd8fcb4e09a8
Opcode Fuzzy Hash: a36cef0a2f680f8e88cefcb4f4f153c809143c52eeb7b7ad820e70b2bc0bc1fc
Instruction Fuzzy Hash: 5D02C171A083958FD718CE1AC88436EBBE2FBCA714F188A2DE499C7391D634DD05CB42

Function 008EDC20 Relevance: 9.0, Strings: 7, Instructions: 253COMMON

Download Yara Rule

Strings

1KKL, xrefs: 008EDD6B
>793, xrefs: 008EDD5B
ZXZ^, xrefs: 008EDDA3
GKAL, xrefs: 008EDD73
4!)<, xrefs: 008EDF0E
!<(), xrefs: 008EDF16
gceo, xrefs: 008EDDB3

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !<()$1KKL$4!)<$>793$GKAL$ZXZ^$gceo
API String ID: 0-919412222
Opcode ID: bed2a20dc0b1f9ca7972488b0ddab0cbd5af127cfe3bcbec56b1d18ace26c62a
Instruction ID: 48f7969aa3c014165f148cb5f95440f4eddb59f616abe6d7f84cb80d64f7ff00
Opcode Fuzzy Hash: bed2a20dc0b1f9ca7972488b0ddab0cbd5af127cfe3bcbec56b1d18ace26c62a
Instruction Fuzzy Hash: 1DA144B04083908FD7258F1A9494A2BFBE1FF96754F14895CE8E98B352C335C909CB93

Function 008F2A60 Relevance: 8.5, Strings: 6, Instructions: 976COMMON

Download Yara Rule

Strings

C@rH, xrefs: 008F3255
Nyvw, xrefs: 008F345B
}O{, xrefs: 008F3454
E|IH, xrefs: 008F325C
US, xrefs: 008F2C18
YW, xrefs: 008F2C0E

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: C@rH$E|IH$Nyvw$US$YW$}O{
API String ID: 0-2937083641
Opcode ID: eba46252e78239e40d54b92d3266daa6da091f1d34693cff45fa0ed0b0188625
Instruction ID: 7c009d0bd05d147949efff6c0326fc5a9d91b8a7412910c1ec0d24de595a0949
Opcode Fuzzy Hash: eba46252e78239e40d54b92d3266daa6da091f1d34693cff45fa0ed0b0188625
Instruction Fuzzy Hash: 9472AAB0500B809FD7219F35D890B66BBF1FF56304F18885CE4EACB652DB35A909CB92

Function 008E14A0 Relevance: 7.9, Strings: 6, Instructions: 392COMMON

Download Yara Rule

Strings

0123456789abcdefxp, xrefs: 008E14C4
A, xrefs: 008E204B
gfff, xrefs: 008E217F
gfff, xrefs: 008E2132
gfff, xrefs: 008E20C3
+, xrefs: 008E2060

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: +$0123456789abcdefxp$A$gfff$gfff$gfff
API String ID: 0-4082256945
Opcode ID: 3156979094318c24b0d5075dcbe8d28ecc877c2b40c58c8528b05b83785d23b9
Instruction ID: 936d1c3dc2fcc7222e14a63584536add4589e07dd1b38cd870182dcc5f6f7d4d
Opcode Fuzzy Hash: 3156979094318c24b0d5075dcbe8d28ecc877c2b40c58c8528b05b83785d23b9
Instruction Fuzzy Hash: 75E1C171A087958FD718CE2EC88475EBBE6FBC9314F188A2DE899C7391D634DD058B42

Function 008EDFC0 Relevance: 7.8, Strings: 6, Instructions: 304COMMON

Download Yara Rule

Strings

#e, xrefs: 008EE282
, xrefs: 008EE213, 008EE21B
Xf, xrefs: 008EE28A
[l, xrefs: 008EE29A
_V, xrefs: 008EE292
D, xrefs: 008EE1EC

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: #e$D$Xf$[l$_V$
API String ID: 0-3536235331
Opcode ID: 0740200c69827b673b367a936aa768ebf0562cb84e208c642d299f2dca395a75
Instruction ID: 73d65d3d0628d32e600479302e84eaf0efb96c2e29c731ab80a25f64daa25c75
Opcode Fuzzy Hash: 0740200c69827b673b367a936aa768ebf0562cb84e208c642d299f2dca395a75
Instruction Fuzzy Hash: 93C10DB450C3809BD721EF29E884A2FBBE9FB96744F140D1CE1D49B252C73599088BA7

Function 008E1639 Relevance: 6.6, Strings: 5, Instructions: 365COMMON

Download Yara Rule

Strings

A, xrefs: 008E204B
gfff, xrefs: 008E217F
gfff, xrefs: 008E2132
gfff, xrefs: 008E20C3
+, xrefs: 008E2060

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: +$A$gfff$gfff$gfff
API String ID: 0-937497226
Opcode ID: 0911c06c9907416278a0b4e63e8d0f035be38d8447bcbc98781b5290cfc41f97
Instruction ID: 6ae711ee250fcf3dafab5000d9fd6f475e73249d4042da164097bf72074f51d1
Opcode Fuzzy Hash: 0911c06c9907416278a0b4e63e8d0f035be38d8447bcbc98781b5290cfc41f97
Instruction Fuzzy Hash: C7D1A072A087958FD718CE2EC89075EBBE6FBC9314F188A3DE895C7391D634D9058B42

Function 008FFD04 Relevance: 6.6, Strings: 5, Instructions: 353COMMON

Download Yara Rule

Strings

z, xrefs: 00900157
%*+(, xrefs: 008FFE19
2, xrefs: 00900141
jdrw, xrefs: 00900136
v80<, xrefs: 008FFE80

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+($2$jdrw$v80<$z
API String ID: 0-1402733035
Opcode ID: bc0fb51d1036fae9370493c215f0170cab7342fba517ab8cdca01695191a2e14
Instruction ID: d395aa853e37b54e0bf6adab230ffc6bfbe5870b59c3ea22752d0882107abce8
Opcode Fuzzy Hash: bc0fb51d1036fae9370493c215f0170cab7342fba517ab8cdca01695191a2e14
Instruction Fuzzy Hash: 92C18DB15083819FC720CF24D845BABBBE2FFC6304F58892DE689D7252EB319955CB52

Function 00A6F59E Relevance: 6.6, Strings: 5, Instructions: 350COMMON

Download Yara Rule

Strings

B, xrefs: 009EEC80
B, xrefs: 00B35B84
$//, xrefs: 009EEC67
), xrefs: 009EEB89
N, xrefs: 009EEBC5

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: $//$)$B$B$N
API String ID: 0-1479865434
Opcode ID: 54212790d7eebb7852698f30fbb166b2e3037405dc671396d41e12af5d3ad210
Instruction ID: adb7a95324b6a145c9827bd5ce5b04f6a54a676fc4faeb2b84767c794805d671
Opcode Fuzzy Hash: 54212790d7eebb7852698f30fbb166b2e3037405dc671396d41e12af5d3ad210
Instruction Fuzzy Hash: AFC1D035508B568BD718EF28F8411EBB7E1EBC5301F648A3DC986C7485D7355917CB82

Function 00B0ECBE Relevance: 6.5, Strings: 5, Instructions: 203COMMON

Download Yara Rule

Strings

)09I, xrefs: 00A21582
D, xrefs: 00B658D3
., xrefs: 00A3EAD4
o, xrefs: 00A3EA91
B, xrefs: 00A3E9A2

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: )09I$.$B$D$o
API String ID: 0-409375434
Opcode ID: 1a16d6211e14e1827947543c9d1b117bd0ea43c4a48c70d57f59f9486982b66c
Instruction ID: e4577b1f27bf0f74370502ffeb1270b48fc1cb580f0d31677a177f7afd0d5e09
Opcode Fuzzy Hash: 1a16d6211e14e1827947543c9d1b117bd0ea43c4a48c70d57f59f9486982b66c
Instruction Fuzzy Hash: 3971773111875A4BC718EF2CE4404EABBE6EBD2320F64C63DD096C75D9EB36510ACB45

Function 00913BFE Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 434libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(C15BC75B,00000000,00000800), ref: 00913F39

Strings

u}|, xrefs: 009140BC

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: LibraryLoad
String ID: u}|
API String ID: 1029625771-2851992303
Opcode ID: b81e11ef652219eba7aa5ec47ddd7e8a2490026c5d088d0a6ae2534b9269e68e
Instruction ID: a1a4f964df58d8545e006797935733d9336f641815b34a23c9788cec0edfec3f
Opcode Fuzzy Hash: b81e11ef652219eba7aa5ec47ddd7e8a2490026c5d088d0a6ae2534b9269e68e
Instruction Fuzzy Hash: 98026D70504B808AE7B18B358494BE3BBF4BF16704F94885CE4EF9B282DB35A489CB55

Function 0090C6E1 Relevance: 5.4, Strings: 4, Instructions: 422COMMON

Download Yara Rule

Strings

,[, xrefs: 0090CC08
1>%;, xrefs: 0090CBF8
KVQA, xrefs: 0090CBD8
OFH<, xrefs: 0090CBE0

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: ,[$1>%;$KVQA$OFH<
API String ID: 0-4269818227
Opcode ID: 466350a050479de15a591e3aef5fc96aab36d5802b319dbeee861761312ef087
Instruction ID: ade0770ca152dc8e6610eaa47b395b742208c92853f862d3ddb8b3755b87ff4d
Opcode Fuzzy Hash: 466350a050479de15a591e3aef5fc96aab36d5802b319dbeee861761312ef087
Instruction Fuzzy Hash: 91E1DBB150C3818FD700DF28D88162BBBE6AF96344F184A5CF9D18B292D339D945CBA2

Function 00A0F426 Relevance: 5.3, Strings: 4, Instructions: 332COMMON

Download Yara Rule

Strings

=;:0, xrefs: 00AB71B9
A, xrefs: 00A0EA2C
g4Re, xrefs: 00A0E9A7
!, xrefs: 00A0EA36

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !$=;:0$A$g4Re
API String ID: 0-3437574117
Opcode ID: 88124b90097539aef0692afe7d63acc69b78fd36ce85c26c8abc06ffaa7350af
Instruction ID: 69bedbec7a50edd3455cd9146f14a24ba5a330a3ccfcbaccadcd0eb8522330e0
Opcode Fuzzy Hash: 88124b90097539aef0692afe7d63acc69b78fd36ce85c26c8abc06ffaa7350af
Instruction Fuzzy Hash: E5C1CA324183668FC719EF28E4921EAB7E1FFD1314F258A6DD4D687182D734561ACB82

Function 00B39FBE Relevance: 5.2, Strings: 4, Instructions: 152COMMON

Download Yara Rule

Strings

&, xrefs: 00B3A0D9
H, xrefs: 00B3A051
O, xrefs: 00B3A0BF
$i=k, xrefs: 00B3A0A2, 00B3A152, 00B3A0B8

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: $i=k$&$H$O
API String ID: 0-1449879202
Opcode ID: 008c6a5c1ef6c5df37fa5fea79e9db4ead7ea30277a34116d40f65a3722293f1
Instruction ID: 7d9cd0bd6a98008123253c3b108f933f56c2136a3beebbfb2b02d44282177a40
Opcode Fuzzy Hash: 008c6a5c1ef6c5df37fa5fea79e9db4ead7ea30277a34116d40f65a3722293f1
Instruction Fuzzy Hash: 5B51B8766083528FC319EF38E84489BBBD2EFC1320F54CA6DD0AA875E1DB748119CB81

Function 00A8158F Relevance: 5.1, Strings: 4, Instructions: 133COMMON

Download Yara Rule

Strings

y, xrefs: 00BACBE4
A, xrefs: 00BACC51
+, xrefs: 00BACBC9
$, xrefs: 00BACC80

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: $$+$A$y
API String ID: 0-176909412
Opcode ID: 53d7dcbae66c821dee5f32408ca78edc5ff2d1a06e25730e96e44182857da7ee
Instruction ID: eb9cb79d235c070896b56b626726114f15dca43d7cf5713c57b028ca881b8e3b
Opcode Fuzzy Hash: 53d7dcbae66c821dee5f32408ca78edc5ff2d1a06e25730e96e44182857da7ee
Instruction Fuzzy Hash: 39411A30018B118BC71CEF2DE8588A6F3E8EBD9325F648B2D85D7C61D1D7319956CB82

Function 00A6996E Relevance: 5.1, Strings: 4, Instructions: 121COMMON

Download Yara Rule

Strings

E, xrefs: 00B12F19
a, xrefs: 00B12F2F
8, xrefs: 00A699D5
A, xrefs: 00B12F28

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 8$A$E$a
API String ID: 0-1829946808
Opcode ID: 8db0907d3df1e93573c4088b2e755c422b24b2416ff8861ac7a3219003bf1399
Instruction ID: 6d17c81b24d162aa05a3c09114b55a6dc0ffe0e323acbc4c2642ea3d2f9cc184
Opcode Fuzzy Hash: 8db0907d3df1e93573c4088b2e755c422b24b2416ff8861ac7a3219003bf1399
Instruction Fuzzy Hash: 714121311087878BD304EB29C8945EB77E2EBC1324F60CFADE0968B595E778910AD742

Function 0090D299 Relevance: 4.5, Strings: 3, Instructions: 720COMMON

Download Yara Rule

Strings

", xrefs: 0090DF71
['r!, xrefs: 0090D6C3, 0090D6CB
hk, xrefs: 0090D6A4

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: "$['r!$hk
API String ID: 0-3755316819
Opcode ID: db0d1486df56435c2846533be20774596041cb3eefddfc7fe70b4cf08b1d9092
Instruction ID: fbeb89bb81edcfe7b448616af2275aa0a260e9acf09e2900334ae00b88ecde2a
Opcode Fuzzy Hash: db0d1486df56435c2846533be20774596041cb3eefddfc7fe70b4cf08b1d9092
Instruction Fuzzy Hash: 4742DEB161D381CFD3108F68D89072ABBE6BFCA310F144A6CE5999B3A1C775D945CB82

Function 0090D4D4 Relevance: 4.4, Strings: 3, Instructions: 669COMMON

Download Yara Rule

Strings

", xrefs: 0090DF71
['r!, xrefs: 0090D6C3, 0090D6CB
hk, xrefs: 0090D6A4

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: "$['r!$hk
API String ID: 0-3755316819
Opcode ID: 5e263627fad170967c796fdc947b612f0dd775554427f158b923ca752e78722e
Instruction ID: 32c53129db15a141ffebb2e7172e43770dbe40d5565972d28779ae09aa5b75bb
Opcode Fuzzy Hash: 5e263627fad170967c796fdc947b612f0dd775554427f158b923ca752e78722e
Instruction Fuzzy Hash: 5A32DCB161D381CFD3108F68D89072ABBE6BFCA324F144A6CE5999B3A1C775D905CB42

Function 0091F8E0 Relevance: 4.3, Strings: 3, Instructions: 590COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0091FF34
%*+(, xrefs: 0091FFF2
XY, xrefs: 0091F9A5

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+($%*+($XY
API String ID: 0-3681054843
Opcode ID: 9d655bf6930b75182fffead9fea3ba2f29bc73b4f31c860c9c4543399c0731f0
Instruction ID: c0a508803cc7ef6ffd90d87636a500004d34b1ac91d5708d57d67dfa14c96ced
Opcode Fuzzy Hash: 9d655bf6930b75182fffead9fea3ba2f29bc73b4f31c860c9c4543399c0731f0
Instruction Fuzzy Hash: 4C22DC75A08309DFDB04CF24D891BAEBBE6FF89314F14892CE489972A1D738D945CB52

Function 008E8770 Relevance: 4.2, Strings: 3, Instructions: 434COMMON

Download Yara Rule

Strings

), xrefs: 008E87F6
IEND, xrefs: 008E8BEC
), xrefs: 008E87EC

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: )$)$IEND
API String ID: 0-588110143
Opcode ID: c1de7102bd4689bad04031069c2903d7393059cd39c79c8e7b174d5dd3eb399b
Instruction ID: c044d71b0991c16634425fa1848cb59f97ef2f0ebd12dedc2a40dc05e2defce0
Opcode Fuzzy Hash: c1de7102bd4689bad04031069c2903d7393059cd39c79c8e7b174d5dd3eb399b
Instruction Fuzzy Hash: 11F1EEB1A08795DBD310CF29C84571ABBE0FB96314F14462DE9A9EB381DB74E815CBC2

Function 008FD82F Relevance: 4.2, Strings: 3, Instructions: 427COMMON

Download Yara Rule

Strings

Z;:5, xrefs: 008FD9B6
D, xrefs: 008FDB4C
%*+(, xrefs: 008FDC2A

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+($D$Z;:5
API String ID: 0-2330609441
Opcode ID: 52638d6cc9813c67e68b25461016adc488bfcd92f747357471e3ad284e31e3fc
Instruction ID: df53fc4fe03adaae150c64aba19f99584cba08d635493b7cb20fed8c01e1664b
Opcode Fuzzy Hash: 52638d6cc9813c67e68b25461016adc488bfcd92f747357471e3ad284e31e3fc
Instruction Fuzzy Hash: CDE1ACB05183848FD730DF64D890BBBB7E2FF85304F15891CE6899B281E3759858DB92

Function 0090E927 Relevance: 4.2, Strings: 3, Instructions: 410COMMON

Download Yara Rule

Strings

db, xrefs: 0090EC26
h, xrefs: 0090EC2E
|8, xrefs: 0090EC1E

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: db$h$|8
API String ID: 0-3213467957
Opcode ID: 260f4d7bfa462d671d025e8ca488596d69155c01db12dd3c892118a29f7096eb
Instruction ID: f25abeb8a8f4e896dc0117d521f2b27c483c3b313d0655f3b000c3ff7555ac06
Opcode Fuzzy Hash: 260f4d7bfa462d671d025e8ca488596d69155c01db12dd3c892118a29f7096eb
Instruction Fuzzy Hash: 17D199B4608381DFD7209F28D88166ABBE6FF9A344F044D2CF49A872A2D335D845DB42

Function 00BB0A78 Relevance: 4.1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

E, xrefs: 00BB0B2E
d, xrefs: 009D46DC
>, xrefs: 00A4B1DC

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: >$E$d
API String ID: 0-973455967
Opcode ID: ffd5e959a401c82c4251ef6c3fca16df7a1156f26372097615d24ae50500eaf9
Instruction ID: 5013c43c465ffccfddb29f569c7ca43fee5968c12f09a8680a720f55600d0e92
Opcode Fuzzy Hash: ffd5e959a401c82c4251ef6c3fca16df7a1156f26372097615d24ae50500eaf9
Instruction Fuzzy Hash: ADD1C631118B124BD318EF28D8819BAB3E2FFD5320FA08B7DE596871D5DB35A416CB81

Function 00AA8A77 Relevance: 4.1, Strings: 3, Instructions: 332COMMON

Download Yara Rule

Strings

a, xrefs: 00A65D28
!, xrefs: 00A88186
E, xrefs: 00A65D53

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !$E$a
API String ID: 0-2833200771
Opcode ID: 63ef3cad0274a3615581e36d12c22bae34a7e4c9a2c23444d7c59034b7c00f02
Instruction ID: fc79fd3e15ba1b03336573bf490ce161799bdaaadd75f97d9231a1450e1618f0
Opcode Fuzzy Hash: 63ef3cad0274a3615581e36d12c22bae34a7e4c9a2c23444d7c59034b7c00f02
Instruction Fuzzy Hash: 5AB1B93250C7068BC71DEF28E8461AAB3E6FFD5310F508A3ED49787686DB34840AC786

Function 008FD1D0 Relevance: 4.1, Strings: 3, Instructions: 329COMMON

Download Yara Rule

Strings

%*+(, xrefs: 008FD5D7, 008FD5E6
rw, xrefs: 008FD45C
Ow, xrefs: 008FD467

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+($Ow$rw
API String ID: 0-1519177400
Opcode ID: ad57ce8dd1295b0a57d75608110a78951648ae752ee87bee11b415efcfb80b2c
Instruction ID: aef6f7b750c83bf46c16d500f3e4795fc031bf78098bf2e073422cc0efabcf58
Opcode Fuzzy Hash: ad57ce8dd1295b0a57d75608110a78951648ae752ee87bee11b415efcfb80b2c
Instruction Fuzzy Hash: E4B1CDB05083848FD730DF64D881BABB7E6FF96314F044918F689DB292EB359854DB62

Function 00ABAB6E Relevance: 4.1, Strings: 3, Instructions: 306COMMON

Download Yara Rule

Strings

e, xrefs: 00ABAB76
a, xrefs: 00B4215F
$, xrefs: 00BC549E

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: $$a$e
API String ID: 0-1477874646
Opcode ID: 881c8654cff332ff636db1be91d0b155f98e7c37241c0d12a9b508c2345a1ff4
Instruction ID: 8f29aee93cbeabcf5272be6e8ab1f9761ea05301f0c6314a9b86b17251cc24de
Opcode Fuzzy Hash: 881c8654cff332ff636db1be91d0b155f98e7c37241c0d12a9b508c2345a1ff4
Instruction Fuzzy Hash: A2B1B7315086568FC718EF3CD4915AAB7E2EBC6310F68C77CA5A6C72E6E7359009CB42

Function 00AFBF64 Relevance: 4.0, Strings: 3, Instructions: 229COMMON

Download Yara Rule

Strings

c, xrefs: 00AFC01C
38 ~, xrefs: 009D34FD
c, xrefs: 00AFBF79

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 38 ~$c$c
API String ID: 0-4096829198
Opcode ID: 9e5f0a19d7a9bf7c6cdae3e2f6e777666953d739e19368cd92bf8ebd614d0d51
Instruction ID: 06c703af2ccf133aa94b576e1ce8524a6d8e4be7aefe9e49278e09e0c32bf8bd
Opcode Fuzzy Hash: 9e5f0a19d7a9bf7c6cdae3e2f6e777666953d739e19368cd92bf8ebd614d0d51
Instruction Fuzzy Hash: 82716432909B164BC318EF2DE9421A7B3E5FBC5325F61CA3ED4DB872D5DA3454028682

Function 00923DA0 Relevance: 4.0, Strings: 3, Instructions: 202COMMON

Download Yara Rule

Strings

%*(6, xrefs: 00923E60
0, xrefs: 00923F06
%*+(, xrefs: 00923F83, 00923F8B

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: InitializeThunk
String ID: %*(6$%*+($0
API String ID: 2994545307-3473288163
Opcode ID: f316dac24275f28a187cbcccb6c6b85b536ef15084496ec7aad26c5e9ca67994
Instruction ID: dadda606d0ff7e72559d5e203a6ab4c3f8f8cf1861d422d15adc5d55f1d33974
Opcode Fuzzy Hash: f316dac24275f28a187cbcccb6c6b85b536ef15084496ec7aad26c5e9ca67994
Instruction Fuzzy Hash: CA7133B4619341ABD714DF08E990B2BBBF9FB89300F54881DF89597395C33AE914CB92

Function 009DB5A4 Relevance: 3.9, Strings: 3, Instructions: 197COMMON

Download Yara Rule

Strings

6C, xrefs: 009DB5B2
!, xrefs: 00AA633B
I, xrefs: 00B90EBC

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !$6C$I
API String ID: 0-268923522
Opcode ID: bfd84532e7e0edb01cabdb76efbb520ec80c943b22558146f59150f08e6536c9
Instruction ID: 9be5894eb7ca24ec92d204c3364503b4f70f87006dae546707591b1ff1baf599
Opcode Fuzzy Hash: bfd84532e7e0edb01cabdb76efbb520ec80c943b22558146f59150f08e6536c9
Instruction Fuzzy Hash: 44618A31508B518BD72CDF29E8814AB73E1FBD5320F10CB3DD997C7585EB3594168A82

Function 00A3E99B Relevance: 3.9, Strings: 3, Instructions: 175COMMON

Download Yara Rule

Strings

., xrefs: 00A3EAD4
o, xrefs: 00A3EA91
B, xrefs: 00A3E9A2

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: .$B$o
API String ID: 0-3363347152
Opcode ID: 7e5247dc89897673112955b13f65848999d4585d01a315713a52b631959975cd
Instruction ID: dce28ba1028a57b24693e9b770286a5cc301d59b28c3bf4cd6bf247c9c730b50
Opcode Fuzzy Hash: 7e5247dc89897673112955b13f65848999d4585d01a315713a52b631959975cd
Instruction Fuzzy Hash: 1671323111875A8BC728EF28D8414EBB7E6EFD1320F64CA7DD5E287199E735610ACB02

Function 00B21789 Relevance: 3.9, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

*, xrefs: 00B2182D
p, xrefs: 00B70694
e, xrefs: 00B218F8

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: *$e$p
API String ID: 0-2381472128
Opcode ID: 13089b7d2002d99165b8adef9974ccb00eaaae4487a66baebd94e0c3c0e032ed
Instruction ID: 54fc533db5f74d50130b9507f3caff039eb9da538567d742a1586f4f3ade5f92
Opcode Fuzzy Hash: 13089b7d2002d99165b8adef9974ccb00eaaae4487a66baebd94e0c3c0e032ed
Instruction Fuzzy Hash: B3519B315086164BC71DDF2CD9819ABB7D2FBD6310F14C63CD496C7586E735640ACB86

Function 00A9B1C8 Relevance: 3.9, Strings: 3, Instructions: 138COMMON

Download Yara Rule

Strings

I, xrefs: 00BB552D
f, xrefs: 00BB549F
m, xrefs: 00BB554A

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: I$f$m
API String ID: 0-841006749
Opcode ID: dfd046f32085c7ef81b55f86fa1680b6325eb92b83fcd60ec61d17bc078fd320
Instruction ID: da9b3b915f96f9e10ca827b292e3429c34ff2412f7dfe0ad6f9f16282c88b578
Opcode Fuzzy Hash: dfd046f32085c7ef81b55f86fa1680b6325eb92b83fcd60ec61d17bc078fd320
Instruction Fuzzy Hash: 2651563250471A8BD724EF6DC8416EBB3E2FFD0310F60887DD499CB294EB3995088B05

Function 00A16D81 Relevance: 3.9, Strings: 3, Instructions: 137COMMON

Download Yara Rule

Strings

V, xrefs: 00A16ECA
H, xrefs: 00A16F05
Q)+V, xrefs: 00A16EF0, 00A16EF6

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: H$Q)+V$V
API String ID: 0-2923009497
Opcode ID: 7e83fba8d99a48662965ec6a7560d56dc66b04611a04f5ab90fd42fc9d57a36e
Instruction ID: 1f6ea516297c356d70c79ffb8d40ab9c03f235765a90d1c613071e77c9c0085e
Opcode Fuzzy Hash: 7e83fba8d99a48662965ec6a7560d56dc66b04611a04f5ab90fd42fc9d57a36e
Instruction Fuzzy Hash: 315167326046438FCB1AEF39D4914EAB3E2FFE2314F19867EE0858B596D7355019CB81

Function 00B1C513 Relevance: 3.8, Strings: 3, Instructions: 94COMMON

Download Yara Rule

Strings

V, xrefs: 00A16ECA
H, xrefs: 00A16F05
Q)+V, xrefs: 00A16EF0, 00A16EF6

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: H$Q)+V$V
API String ID: 0-2923009497
Opcode ID: d8f2e2775fb81a5535d8b34e1ce74d788f1fc1f7dd69fba559bc9c39f4fc81f6
Instruction ID: 062cddbc4104858f63659717119123dd0760bc8da2b074e45ef77af51e1e8074
Opcode Fuzzy Hash: d8f2e2775fb81a5535d8b34e1ce74d788f1fc1f7dd69fba559bc9c39f4fc81f6
Instruction Fuzzy Hash: BA316A726047034BC324EF39D8415DAB3D7EBE1324F58CB3DA161875E9DB369018C681

Function 00900123 Relevance: 3.8, Strings: 3, Instructions: 46COMMON

Download Yara Rule

Strings

z, xrefs: 00900157
2, xrefs: 00900141
jdrw, xrefs: 00900136

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 2$jdrw$z
API String ID: 0-3228267687
Opcode ID: 3f37972a90ad02624b0998425c81e10c77708e260669467aba5a582b15c67bb2
Instruction ID: 983988134f6604d7aed10d091906f4a21244cd8bdd66c151e22e4d5776e6d6ea
Opcode Fuzzy Hash: 3f37972a90ad02624b0998425c81e10c77708e260669467aba5a582b15c67bb2
Instruction Fuzzy Hash: 361116B04093C08EC270CF44D448BAEBAE5BBC6208F548E2DE48D67652DB3244948B26

Function 008FFA92 Relevance: 3.8, Strings: 3, Instructions: 42COMMON

Download Yara Rule

Strings

uys9, xrefs: 008FFA9D
`cem, xrefs: 008FFB07, 008FFB16
x|, xrefs: 008FFABE

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: `cem$uys9$x|
API String ID: 0-1565667665
Opcode ID: 04a0320d38280b84a87eac651e8f7a01c7a39772372f336de2b0628c9a89e5d2
Instruction ID: 145f04998dc8a090d274337a5dbe343f3136a7be4f7479f1b040ddd054880721
Opcode Fuzzy Hash: 04a0320d38280b84a87eac651e8f7a01c7a39772372f336de2b0628c9a89e5d2
Instruction Fuzzy Hash: 95113A7040D3C08ED3309F64D454BAFBAE5AFC2344F55495DE4C8A7252DB314594CB67

Function 00B8652B Relevance: 3.0, Strings: 2, Instructions: 525COMMON

Download Yara Rule

Strings

B, xrefs: 00B985A7
!, xrefs: 00ABFF80

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !$B
API String ID: 0-2952017119
Opcode ID: 441ac29008b3cbc1f1d78084533c9af5ec465645241f1e3ad6c0dc435df03a88
Instruction ID: 73da4ded8f8e865b5f953bdad284648029e65e4dca8d970ee84fcc98dc64c5c9
Opcode Fuzzy Hash: 441ac29008b3cbc1f1d78084533c9af5ec465645241f1e3ad6c0dc435df03a88
Instruction Fuzzy Hash: 2402B932118B168BC71CEB3CE8515EBB3E2EBC5320F648A3DE59A875D5EB35540ACB41

Function 00901A70 Relevance: 3.0, Strings: 2, Instructions: 496COMMON

Download Yara Rule

Strings

P, xrefs: 00901AE1
T, xrefs: 00901CB1

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: P$T
API String ID: 0-236159977
Opcode ID: b00a649fadb7e65f191a9041f19e733db8f2d65e9def71d5df9d990260627b53
Instruction ID: e69b33bf9631fb987643cdd8596ae9de142738274300cd7330ecd5893d2dac45
Opcode Fuzzy Hash: b00a649fadb7e65f191a9041f19e733db8f2d65e9def71d5df9d990260627b53
Instruction Fuzzy Hash: E2027AB1908380AFD711AF15D845B2FBBE9EF96744F14482CF9C897292E335D9148B93

Function 00A3EFBA Relevance: 3.0, Strings: 2, Instructions: 480COMMON

Download Yara Rule

Strings

a, xrefs: 0095C48A
C, xrefs: 00B7DFBD

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: C$a
API String ID: 0-1187011299
Opcode ID: dc5187cb8b1c81c13aac0f7e1dd264e5336d86ebaa1ba1be1605f9229d3e20a9
Instruction ID: 13da5d58c8c033a7ec231f811b0fb4b527d6e0f21abeebcc61df09c8c0a17d4b
Opcode Fuzzy Hash: dc5187cb8b1c81c13aac0f7e1dd264e5336d86ebaa1ba1be1605f9229d3e20a9
Instruction Fuzzy Hash: F1F1C7350186564BC708EF38E8904EBB7E2EBD6310FA4CA7CD096C75D6EB39911ACB41

Function 008E3780 Relevance: 2.9, Strings: 2, Instructions: 417COMMON

Download Yara Rule

Strings

Inf, xrefs: 008E37D7
NaN, xrefs: 008E37DE

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: Inf$NaN
API String ID: 0-3500518849
Opcode ID: 432e9860649cbdca587564fc5ebed279ce1081179ef7ad013d7ea27a5c01db63
Instruction ID: c2592ad5cef051292fb4bd3aa332029f865cc51fc0f8d463d086e6fbccbb178e
Opcode Fuzzy Hash: 432e9860649cbdca587564fc5ebed279ce1081179ef7ad013d7ea27a5c01db63
Instruction Fuzzy Hash: 26D1E272A083519BC704CF2AC88461ABBE5FBC9750F258A3DF899D7390E771DD458B82

Function 009280A0 Relevance: 2.9, Strings: 2, Instructions: 398COMMON

Download Yara Rule

Strings

P, xrefs: 00928246
=:;8, xrefs: 009283B3, 009283BB

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: =:;8$P
API String ID: 0-1969647149
Opcode ID: 9108a1ea593800159b50124132140f3ef16faf4114feae200427b1c159b7a4d8
Instruction ID: 45370ca1b8307e63d8e11a696c63d4f72b278a676fbf2d802edca9a5c13b2bd6
Opcode Fuzzy Hash: 9108a1ea593800159b50124132140f3ef16faf4114feae200427b1c159b7a4d8
Instruction Fuzzy Hash: ADD1F4729083754BC725CE18A85072FB6E1EB84718F158A2CE8B6AB399DB75DC06C7C1

Function 00989EFF Relevance: 2.9, Strings: 2, Instructions: 396COMMON

Download Yara Rule

Strings

.'+), xrefs: 00989FB3
g4Re, xrefs: 00B7A94B

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: .'+)$g4Re
API String ID: 0-3055009403
Opcode ID: 57c5a2d3481f42075a2e21c3488e9473e032ad2329bead0524e97dca1abfab34
Instruction ID: 49adae476155dc7e60556240aa4405927b77e5c1d59c4ce5290334012bc515e1
Opcode Fuzzy Hash: 57c5a2d3481f42075a2e21c3488e9473e032ad2329bead0524e97dca1abfab34
Instruction Fuzzy Hash: D3E198716086518BDB1CEF28E8815EBB3E2FBD1310F60CA3ED596875C9EB35650ACB41

Function 00913A28 Relevance: 2.8, Strings: 2, Instructions: 346COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00913822
%*+(, xrefs: 0091398F

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+($%*+(
API String ID: 0-3039692684
Opcode ID: 69880482630090b512266fa9c4e11bd7d29decbd701f6be719808d350b83c318
Instruction ID: f3e41d7efdee7f97332505334b6c287e2ce5996a1c8a6abc43a227b07bce3a05
Opcode Fuzzy Hash: 69880482630090b512266fa9c4e11bd7d29decbd701f6be719808d350b83c318
Instruction Fuzzy Hash: E1B1AF702187418FE7698F35C8507A7BBE1AF06310F54C8ADD4EBC7691DB39E5858B10

Function 009ECC8F Relevance: 2.8, Strings: 2, Instructions: 324COMMON

Download Yara Rule

Strings

%, xrefs: 009ECD77
!', xrefs: 00AC529D

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !'$%
API String ID: 0-3190059715
Opcode ID: 98367028371534441b9187d10d6282c3565d64c7f671b7325ab69c0902299cfe
Instruction ID: ea42cc962c984d5e78e9f72f7fdde9a40a4b181c4c22798585301eb9dee672b4
Opcode Fuzzy Hash: 98367028371534441b9187d10d6282c3565d64c7f671b7325ab69c0902299cfe
Instruction Fuzzy Hash: 7AC153315187668BC718EF28D8514BAB3E1FFC5310F60863ED4AA875C9EB78990ACB45

Function 00927820 Relevance: 2.8, Strings: 2, Instructions: 292COMMON

Download Yara Rule

Strings

=:;8, xrefs: 009279F4, 009279FD
=:;8, xrefs: 00927864, 00927870

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: InitializeThunk
String ID: =:;8$=:;8
API String ID: 2994545307-1685821102
Opcode ID: 63813a4c2a0bb7f579096c73a36a422d4fe4f93c1ff8a17d402e27e71aa83edb
Instruction ID: 8c93a53e2138d2b191ce07bc6233cf56028d0bc68f1e733209c84c0201fea2f9
Opcode Fuzzy Hash: 63813a4c2a0bb7f579096c73a36a422d4fe4f93c1ff8a17d402e27e71aa83edb
Instruction Fuzzy Hash: F9A1AD7560C320ABD720DA94EC81B6BF7E5EB89350F548C1CF985A7395E730E950CB92

Function 00B445FE Relevance: 2.8, Strings: 2, Instructions: 281COMMON

Download Yara Rule

Strings

I, xrefs: 00AE5EBD
H, xrefs: 00AE5E9D

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: H$I
API String ID: 0-2132811256
Opcode ID: 79ae1d0442c519e8ef2d334e6b29dda56f37c33d644f3fda63ebe8a90323fb4b
Instruction ID: fd935ca8c7bbc19e1f5d933a2059e424d89598db46b01c1b65f818b36d06ed57
Opcode Fuzzy Hash: 79ae1d0442c519e8ef2d334e6b29dda56f37c33d644f3fda63ebe8a90323fb4b
Instruction Fuzzy Hash: BE91A832218B1A8BC72CEF69D8815F633D2EBD5310F149B3DC487D7595EB39A50A8B81

Function 00AD3F95 Relevance: 2.8, Strings: 2, Instructions: 268COMMON

Download Yara Rule

Strings

", xrefs: 00AB1EB5
A, xrefs: 00AB1EFF

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: "$A
API String ID: 0-884726588
Opcode ID: 9cc107556b7271709b30c6cdf79646356e43bc8614a832eea1d32ece596fd820
Instruction ID: 547f01441c141a5bb7bf5270c9bc0992c6bd207cf130399227c170d6a8476bac
Opcode Fuzzy Hash: 9cc107556b7271709b30c6cdf79646356e43bc8614a832eea1d32ece596fd820
Instruction Fuzzy Hash: D891B8726082168BC708EB79EC911EB77E3E7C8320F65CA3ED656C7985D738950A8B40

Function 00ACD634 Relevance: 2.7, Strings: 2, Instructions: 242COMMON

Download Yara Rule

Strings

I, xrefs: 00B99A9A
f, xrefs: 00ACD6F9

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: I$f
API String ID: 0-3576908438
Opcode ID: ad5db0048d5f3571935f9a6d67f1a00f5a06bbc1435e1b6ef3a1a40a936c42d8
Instruction ID: 63605f76597206566c2c6e112a2ef4010a8113701bad3f6b7d57411a22cd5aa2
Opcode Fuzzy Hash: ad5db0048d5f3571935f9a6d67f1a00f5a06bbc1435e1b6ef3a1a40a936c42d8
Instruction Fuzzy Hash: 83818471418B164BD318EA28D8958B7B7E4EFD9320F208A7DD9C7C39A1D379A817C781

Function 00B21930 Relevance: 2.7, Strings: 2, Instructions: 241COMMON

Download Yara Rule

Strings

!, xrefs: 00B8D17A
_, xrefs: 00B2198E

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !$_
API String ID: 0-3438434310
Opcode ID: 29e7c100414f49e2c24747de86c1be7ca9229981f20a784ecb96539be5c70c57
Instruction ID: 30297c1a6a6bd2cf3a01dc444ddeb77c6ef2fece755912e33f2f95d1895fc513
Opcode Fuzzy Hash: 29e7c100414f49e2c24747de86c1be7ca9229981f20a784ecb96539be5c70c57
Instruction Fuzzy Hash: 9071CB3621862A4BC71CEF2CAC461F673D6EBC5321F51922ED9C3CB6E2E6385507C685

Function 009138B4 Relevance: 2.7, Strings: 2, Instructions: 220COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00913822
%*+(, xrefs: 0091398F

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+($%*+(
API String ID: 0-3039692684
Opcode ID: c7d9fb01974d7696b54a47d36061c60d4ac7fec1c741bf110ecc60628fc86c7c
Instruction ID: 39bf88c4a4f3cff6351c2c572d16facaea9592d564c7d6efc112b4396bba1f20
Opcode Fuzzy Hash: c7d9fb01974d7696b54a47d36061c60d4ac7fec1c741bf110ecc60628fc86c7c
Instruction Fuzzy Hash: 2B717270209B848FD766CB25C4907E7BBF5BF06304F98C89CD4DA8B342DB25A989CB50

Function 00AE3327 Relevance: 2.7, Strings: 2, Instructions: 217COMMON

Download Yara Rule

Strings

&, xrefs: 00AE332B
(, xrefs: 00AE337D

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: &$(
API String ID: 0-131901980
Opcode ID: 2e23a37105f6053c2f5a675a854143e21ceca02f74a565e92b380f6a95237618
Instruction ID: 095bc61f5804c9d3f82e03c2cda7310abd85ac7f4cb1c112c5b3fbdff46308c6
Opcode Fuzzy Hash: 2e23a37105f6053c2f5a675a854143e21ceca02f74a565e92b380f6a95237618
Instruction Fuzzy Hash: 4D71A8315186224BD319EB34D8415EB73E3EFE5360F50D63DE496C7688EB3A840ACB55

Function 009FE835 Relevance: 2.7, Strings: 2, Instructions: 183COMMON

Download Yara Rule

Strings

1, xrefs: 00AC8AF6
H, xrefs: 009E3BB9

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 1$H
API String ID: 0-1393000113
Opcode ID: ea4ce6ab553a50f4f2774901b023371508ea7dbfcac46c77071015354b0b93af
Instruction ID: b2a313385f53b903f0ad10f8ab8951de3d5360ba50abf385a757a4befa23e8b9
Opcode Fuzzy Hash: ea4ce6ab553a50f4f2774901b023371508ea7dbfcac46c77071015354b0b93af
Instruction Fuzzy Hash: 5C71997121C7428BC324EF28D8845AB77E2EFD0314F648A7DD48AC7699D7359416CB42

Function 009E2754 Relevance: 2.7, Strings: 2, Instructions: 173COMMON

Download Yara Rule

Strings

g4Re, xrefs: 00B7A94B
K, xrefs: 00AA8D68

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: K$g4Re
API String ID: 0-3504011839
Opcode ID: 090a30bf039be6567b9e381dfedb80af97e27021a81d717bd3503456d9dfafef
Instruction ID: f421bb385c2c1ed9d3be1b546ae3bc28187ef771d7763c5860c0be8cab47b322
Opcode Fuzzy Hash: 090a30bf039be6567b9e381dfedb80af97e27021a81d717bd3503456d9dfafef
Instruction Fuzzy Hash: E951CB352087124BC71CEA28E8910E6B3D2EBC2320F518A7E90A3C76D6EB7D554BDB41

Function 00AFC208 Relevance: 2.7, Strings: 2, Instructions: 168COMMON

Download Yara Rule

Strings

g4Re, xrefs: 00B7A94B
U, xrefs: 00B1AF9E

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: U$g4Re
API String ID: 0-3909523924
Opcode ID: 2b435d89c15170d25bfdcedbc131fe372cb1c0ea1a2969ca9da94a5ae0207e26
Instruction ID: 913f7777facba5ccb2f2b5cac438c2e0385487f7a41d64bb52d08d77b76534ee
Opcode Fuzzy Hash: 2b435d89c15170d25bfdcedbc131fe372cb1c0ea1a2969ca9da94a5ae0207e26
Instruction Fuzzy Hash: 9751C931618A158BD719EE28DC806FB73E1FBD5311F604ABED096C71D1EA28A41BDF81

Function 008F0D7F Relevance: 2.7, Strings: 2, Instructions: 163COMMON

Download Yara Rule

Strings

qw, xrefs: 008F0EDD
{u, xrefs: 008F0ED5

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: qw${u
API String ID: 0-846694736
Opcode ID: 4d58df0359b109fc5a5c3778d9f3ec6b8f855542f42acbaf412d5868a6ff542c
Instruction ID: ab0b40c6d1f0d59b193c3cdfa696fcdec5d4b0c57a6e8ad7151f38a4fb8ef4d3
Opcode Fuzzy Hash: 4d58df0359b109fc5a5c3778d9f3ec6b8f855542f42acbaf412d5868a6ff542c
Instruction Fuzzy Hash: 1D5153B800C3429EC320AF24C890A2ABBF5FF95348F545D0DF5D69B2A2E7388905CB56

Function 00A27752 Relevance: 2.7, Strings: 2, Instructions: 161COMMON

Download Yara Rule

Strings

A, xrefs: 00A4AA27
t!y', xrefs: 00A277AA

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: A$t!y'
API String ID: 0-3349323110
Opcode ID: 126db032e96601deeb6e6541ccde4575fa353924e1e0487916889c192d0b953a
Instruction ID: c40323da650eabfa64c4c12b673bd7bbd698fa3a6ef519687c3f83c9bf97b1fb
Opcode Fuzzy Hash: 126db032e96601deeb6e6541ccde4575fa353924e1e0487916889c192d0b953a
Instruction Fuzzy Hash: 2051473250C3419BD709DF39D8645AABBE1EBC5321F64CA2DE19AC76C5EB368416CB01

Function 00A01F79 Relevance: 2.7, Strings: 2, Instructions: 156COMMON

Download Yara Rule

Strings

b, xrefs: 00B9D890
), xrefs: 00A01FF5

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: )$b
API String ID: 0-2592687535
Opcode ID: 1553e67294edda9d3a15e98e2f4348f8704d5d01cc11a89515e6eb113db6f1a9
Instruction ID: 0737a5aee6e70b20bbbcb062548638b6071742dd7e0ca45432e2e3442d58eadf
Opcode Fuzzy Hash: 1553e67294edda9d3a15e98e2f4348f8704d5d01cc11a89515e6eb113db6f1a9
Instruction Fuzzy Hash: 19517972808B664BC315EB3C99814E7B7E5FBC6324F60867EE596831E6EB74100AC741

Function 00A19B4E Relevance: 2.6, Strings: 2, Instructions: 145COMMON

Download Yara Rule

Strings

,qz, xrefs: 00A19B78
c, xrefs: 00A19BA2

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: ,qz$c
API String ID: 0-378958135
Opcode ID: 33e7e6aad9922457fed33dd59359ac74ca01e219f079d26d9a8fc128d7a03ad2
Instruction ID: 506c8c7d03974bf7b756534090cc42d2a3dcc98f81e970eddf9c94182b2702d1
Opcode Fuzzy Hash: 33e7e6aad9922457fed33dd59359ac74ca01e219f079d26d9a8fc128d7a03ad2
Instruction Fuzzy Hash: BD5158312087128BD718DF7DE8815AA77D2EBC5320F24CB3DE196875D5E73A9406D641

Function 00A41DA6 Relevance: 2.6, Strings: 2, Instructions: 145COMMON

Download Yara Rule

Strings

$, xrefs: 00A41F2C
G, xrefs: 00A41E23

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: $$G
API String ID: 0-3646227131
Opcode ID: bba9bd3f3f530d1b72eb2af4ac602c903e940977d7d9f6f739ff54c40db2866a
Instruction ID: a31a6a7efddc3d27e3683fb14d48f58889cdf40cbb26a60e49fc1109129dfda9
Opcode Fuzzy Hash: bba9bd3f3f530d1b72eb2af4ac602c903e940977d7d9f6f739ff54c40db2866a
Instruction Fuzzy Hash: D75187722143068BD728EF29D9515FBB3E2FBC5324FA0C62C94978B4D4DB35644AC782

Function 00909140 Relevance: 2.6, Strings: 2, Instructions: 136COMMON

Download Yara Rule

Strings

['e!, xrefs: 009091E3, 009091EB
hk, xrefs: 009091C5

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: ['e!$hk
API String ID: 0-2806763672
Opcode ID: c00498365a6d43a5207156985b6aad5656464975f35f99816a02cfcd7c82610c
Instruction ID: 583bec7f41d184d0b2409a5f9fc942da500436cc641e90eb28cbdaf80df73203
Opcode Fuzzy Hash: c00498365a6d43a5207156985b6aad5656464975f35f99816a02cfcd7c82610c
Instruction Fuzzy Hash: C85111B440C384AFD300EF14D984A1EBBF8AB96748F54890CF1D5AB292D3759908CFA7

Function 00924040 Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

uxVd, xrefs: 00924170
%*+(, xrefs: 00924133, 0092413B

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+($uxVd
API String ID: 0-4108384496
Opcode ID: 7d818e1a00f62e673dc248623d27e619434903ce6de3b31a8d110ca371cb8b41
Instruction ID: 1da6559dc57420fca92067194485544f5bb49369e4901334a1a39793715baf1a
Opcode Fuzzy Hash: 7d818e1a00f62e673dc248623d27e619434903ce6de3b31a8d110ca371cb8b41
Instruction Fuzzy Hash: 7741C17550C224EBDB25EF14FC41A6BBBAAFFA5300F14481CE9858325AD732DCA0DB52

Function 00AC2FA4 Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

-, xrefs: 00AA8C95
K, xrefs: 00AA8D68

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: -$K
API String ID: 0-3744625951
Opcode ID: e71bc7a781d542304cc3345ac98ea8c70bb4275ec3adfa57101dbb55a3611c0d
Instruction ID: e605292bfe6266bcfa3cb1ce115f871a53069eb66bfb8d93e7e9e9e455563900
Opcode Fuzzy Hash: e71bc7a781d542304cc3345ac98ea8c70bb4275ec3adfa57101dbb55a3611c0d
Instruction Fuzzy Hash: A941FD362087034BD718FB28D4525FA73E2EBC5320F50866D909387AC2DB79995BCB81

Function 00AA8C79 Relevance: 2.6, Strings: 2, Instructions: 122COMMON

Download Yara Rule

Strings

-, xrefs: 00AA8C95
K, xrefs: 00AA8D68

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: -$K
API String ID: 0-3744625951
Opcode ID: 90a17fc9a0d8a5467a7891f007c191e1f598d5eb7dac5fd1e9363b49b383ba99
Instruction ID: f77774092f35a5e35f0580c57d731a8b709521cbae4d8df5f23393e1317c26b1
Opcode Fuzzy Hash: 90a17fc9a0d8a5467a7891f007c191e1f598d5eb7dac5fd1e9363b49b383ba99
Instruction Fuzzy Hash: 7941D9362083034BD718EB28D4425FA73E2EBC5320F518A7D909787AC6DB79995BCB81

Function 009440A7 Relevance: 2.6, Strings: 2, Instructions: 120COMMON

Download Yara Rule

Strings

D, xrefs: 00B6182A
a, xrefs: 00B6186F

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: D$a
API String ID: 0-1133464678
Opcode ID: c0335bc17d0fd4311bc9bc5567c4433faab983c4f5963282615b79631dd2cd09
Instruction ID: 3d977fdf61ec9259dd9e482296e92a6b8367d20e20b2e7c9b3696c55d4cd9caa
Opcode Fuzzy Hash: c0335bc17d0fd4311bc9bc5567c4433faab983c4f5963282615b79631dd2cd09
Instruction Fuzzy Hash: 684125711083568BC728EB38D5508A7BBE2EFD5320F248BBDC1AA874D5EB74554ACB06

Function 00A575CD Relevance: 2.6, Strings: 2, Instructions: 117COMMON

Download Yara Rule

Strings

O, xrefs: 00A575F5
5%, xrefs: 0094FCCF

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 5%$O
API String ID: 0-3485265443
Opcode ID: d55cb641200a123d4d6e10714c79d8a13722a6144ddb26d7ed742a001a3a4fe7
Instruction ID: 4dee00daa176e56b60da89dd3d6e2dd03850d065825fd69f58e8f825d2708342
Opcode Fuzzy Hash: d55cb641200a123d4d6e10714c79d8a13722a6144ddb26d7ed742a001a3a4fe7
Instruction Fuzzy Hash: DA41683110870A8FCB11EF28E44059AB7E1FFE9324F118BADE5E597265E7349925CF82

Function 00929D20 Relevance: 2.6, Strings: 2, Instructions: 98COMMON

Download Yara Rule

Strings

@, xrefs: 00929D88
=:;8, xrefs: 00929DD3, 00929DDB

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: InitializeThunk
String ID: =:;8$@
API String ID: 2994545307-1758559817
Opcode ID: 881d5ef8011d2d099812b9dbe953e1eb437a17ee6c178310bb2fb9b198d017fa
Instruction ID: 2f255ea584e8d24ae1666126e4c2247a423c47b339e17f60a7fe63f96adc654f
Opcode Fuzzy Hash: 881d5ef8011d2d099812b9dbe953e1eb437a17ee6c178310bb2fb9b198d017fa
Instruction Fuzzy Hash: 59319A719083148BC324DF14E881A2BFBF9EFC9304F14992CE98897295D37599088B96

Function 0090A280 Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

8:, xrefs: 0090A298
<>, xrefs: 0090A290

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 8:$<>
API String ID: 0-2607517028
Opcode ID: 3da914df8ead0393b77d730dbd202dd7d2bc9a86835f7365976f1bcb74c3584b
Instruction ID: d7d35bba5b94a112d5e89501b80e22b54de49456874c72395776180f6a293d3b
Opcode Fuzzy Hash: 3da914df8ead0393b77d730dbd202dd7d2bc9a86835f7365976f1bcb74c3584b
Instruction Fuzzy Hash: 9821597940D3818AC7309F20D5007ABBBF1BF82745FA45A5DE4C89B290EB34C941DB97

Function 008F508C Relevance: 2.1, Strings: 1, Instructions: 894COMMON

Download Yara Rule

Strings

{q, xrefs: 008F59E4

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: {q
API String ID: 0-2853237608
Opcode ID: 8eb189261b24c210c2e9a9bd4ee1d24037db500d01a682a5169e2ab78b63360c
Instruction ID: 380eb4a7694ec5187080d78d098046445d0d833d1d37ac6a0d36a189e68ebcab
Opcode Fuzzy Hash: 8eb189261b24c210c2e9a9bd4ee1d24037db500d01a682a5169e2ab78b63360c
Instruction Fuzzy Hash: FB62A7B19083849BD715CB68D890A2FBBE5FF8A344F08492CF689C3252E774D945CB96

Function 008E5320 Relevance: 1.8, Strings: 1, Instructions: 565COMMON

Download Yara Rule

Strings

%1.17g, xrefs: 008E56E0

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %1.17g
API String ID: 0-1551345525
Opcode ID: dbaa4a816996d6d446162aa3374fef4b6fc006dd26bc476320afecab5e37de21
Instruction ID: a7a9066dd1b0ce8dfd7c634bf23c3f15f5c0b482198f499e00c7282ffbc4a916
Opcode Fuzzy Hash: dbaa4a816996d6d446162aa3374fef4b6fc006dd26bc476320afecab5e37de21
Instruction Fuzzy Hash: BC12E4B5A08BC2CBD7258E1AD480326BB92FFA231CF19856DD899CB352E771DC45C781

Function 0090B830 Relevance: 1.7, Strings: 1, Instructions: 446COMMON

Download Yara Rule

Strings

%*+(%*+(, xrefs: 0090BB44, 0090BB4D

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+(%*+(
API String ID: 0-3260058896
Opcode ID: b173b13e7f43ec5c93446d8f5145997a6bf096b45e5d09f63937ec715e190334
Instruction ID: d35dc35427f9007e7bdb5633ec41c2282d43d50e5cc6eb6a86018fbb8a596f61
Opcode Fuzzy Hash: b173b13e7f43ec5c93446d8f5145997a6bf096b45e5d09f63937ec715e190334
Instruction Fuzzy Hash: 33F153B4518344DFE3209F14D881B6BBBFAFB86704F54882CF689872A2D731D954DB52

Function 00910590 Relevance: 1.7, Strings: 1, Instructions: 426COMMON

Download Yara Rule

Strings

", xrefs: 0091088E

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 9b23901def143e5434acf77a64974edaa58281f4e5229a5b57c05ecd2e6691bf
Instruction ID: 443b2efdd40c76ebad73960d1e900a71dd0c39ebd4b20487e37b2422b46e23a3
Opcode Fuzzy Hash: 9b23901def143e5434acf77a64974edaa58281f4e5229a5b57c05ecd2e6691bf
Instruction Fuzzy Hash: A8D1F7B1B043085BD7258E24C8557ABB7DAAFC5350F08892DF89AC7382D6B6DDC4C792

Function 0090A3A8 Relevance: 1.7, Strings: 1, Instructions: 417COMMON

Download Yara Rule

Strings

01, xrefs: 0090A56F

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 01
API String ID: 0-3477152822
Opcode ID: 542bda601ed16d8e25b999b96afca3c75cdd81b1a25fd1ed5cf89767e06b46cc
Instruction ID: 6714feeb0d94c0d5cad33ad07e6ac7b9b47ac99b2987c9f8f7dc2d11963ca5c5
Opcode Fuzzy Hash: 542bda601ed16d8e25b999b96afca3c75cdd81b1a25fd1ed5cf89767e06b46cc
Instruction Fuzzy Hash: 31D1B8759183528FC724DF28D880A6BB3F6FF85B40F14891CE4C59B2A0E731E915DB92

Function 0094B12F Relevance: 1.7, Strings: 1, Instructions: 406COMMON

Download Yara Rule

Strings

%, xrefs: 00AFD7C8

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 1e3864e7c3d049cdb39c11bc2f13a1961ddaeafada3acab09a345182a09c513f
Instruction ID: 321e0cc2caf545995c751aeb25c6897c8c37316ea8c4b0698bab19ab98f861f9
Opcode Fuzzy Hash: 1e3864e7c3d049cdb39c11bc2f13a1961ddaeafada3acab09a345182a09c513f
Instruction Fuzzy Hash: F3D1B931418B2A4BC71CEF68D8424BAB3E1FBC5315F208A7ED48BC7585DB399906CB85

Function 0090F1B0 Relevance: 1.6, Strings: 1, Instructions: 365COMMON

Download Yara Rule

Strings

c5V3, xrefs: 0090F2FD

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: c5V3
API String ID: 0-2034645838
Opcode ID: f67587ea4758c5448e7bac0d5c58f97f0e1a0fe569266ea47b950bd989803aad
Instruction ID: 8da5269df6317b464726edfc623aab27d1fad28c63a0e97f8b833c19ceb43bbc
Opcode Fuzzy Hash: f67587ea4758c5448e7bac0d5c58f97f0e1a0fe569266ea47b950bd989803aad
Instruction Fuzzy Hash: BEC198B451C3819FD3209F289890A2ABBF9EF8A744F140D2CF5D09B2A2D335D945CF92

Function 009253B7 Relevance: 1.6, APIs: 1, Instructions: 69libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 0092542C

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 213ddea2f91e88bb93a2e841e0f67554658636e54eaf59ae3da869775d28a21f
Instruction ID: 0d9641edde4e3571a341fae06aac5a61b2ba159c50ff8c500c539c232836d43b
Opcode Fuzzy Hash: 213ddea2f91e88bb93a2e841e0f67554658636e54eaf59ae3da869775d28a21f
Instruction Fuzzy Hash: E1213874914296DFCB05CFA8E5906BDFBB4EF1A301F588458D441B7392C330AA01CFA5

Function 00AA5E51 Relevance: 1.6, Strings: 1, Instructions: 313COMMON

Download Yara Rule

Strings

g4Re, xrefs: 00B7A94B

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: g4Re
API String ID: 0-293795819
Opcode ID: 9aa4974a5922aeb48f226408c210380f4fa6196630812c9e5379fe28d0d3184c
Instruction ID: e4047f317156343bccda0badc5d863163d4018b69f9570931bfdf25014d57c2d
Opcode Fuzzy Hash: 9aa4974a5922aeb48f226408c210380f4fa6196630812c9e5379fe28d0d3184c
Instruction Fuzzy Hash: 43B198312083128FC719EB28D8455BBB7E2EBC5321F64CA3DD4C6875D6EB35A11ACB81

Function 009B2EE3 Relevance: 1.6, Strings: 1, Instructions: 305COMMON

Download Yara Rule

Strings

0, xrefs: 00B97127

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 6cb3f5677be0b3732cd756c366b1cddcee94bca8b084200c9d09df1aa93b4e8a
Instruction ID: ccd71d4873f21d80432a3806bab7a08a0a0ca889a890aa968efb9a5bdf553310
Opcode Fuzzy Hash: 6cb3f5677be0b3732cd756c366b1cddcee94bca8b084200c9d09df1aa93b4e8a
Instruction Fuzzy Hash: BAB189326087158BC72CEF68E4510EAB3E6EBC8321F65893ED487C7584EA35651A8B41

Function 00B8D0C9 Relevance: 1.5, Strings: 1, Instructions: 278COMMON

Download Yara Rule

Strings

!, xrefs: 00B8D17A

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: f96eec1ef9b11888b5a34bcac17c0d475bf2b58eb18c46077c53dce2aa00f8c3
Instruction ID: 6c8031388f37d8a27c5ebe8d7bdf90685363e12b8b3e8d2043d31f5f5566f5a6
Opcode Fuzzy Hash: f96eec1ef9b11888b5a34bcac17c0d475bf2b58eb18c46077c53dce2aa00f8c3
Instruction Fuzzy Hash: 2E81B93251862D4BD72CEE2DAC425F6B3E5EBC5310F61932ED9C3C71A2E6342107CA85

Function 009286E0 Relevance: 1.5, Strings: 1, Instructions: 277COMMON

Download Yara Rule

Strings

;:9, xrefs: 00928703, 0092870B

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: ;:9
API String ID: 0-2043501942
Opcode ID: d6123cdd1493cf804f2918f04febef639b6399b34981bcdaf362152ca7ad8949
Instruction ID: fb535ace897c5f08b1244deaf3d63ccf1ca3c069098913af4a440e1663c817d6
Opcode Fuzzy Hash: d6123cdd1493cf804f2918f04febef639b6399b34981bcdaf362152ca7ad8949
Instruction Fuzzy Hash: 6991C03661D211CFC704DFA8E89062AB3E5FFA9311F1A886DD5C587261D735E8A0EF81

Function 008EABD0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

,, xrefs: 008EAD06

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: 65f8cc50c799b904217e010f0220bc04276427b601594f4dabc0abeb30ff465c
Instruction ID: 2dd01b44043b6e82a9f282e25ee4a6dbbbb9142883ee2092f15a597897e0eabc
Opcode Fuzzy Hash: 65f8cc50c799b904217e010f0220bc04276427b601594f4dabc0abeb30ff465c
Instruction Fuzzy Hash: B1B138712083859FC325CF19C88061BBBE0AFAA704F544A6DF5D997382D631E918CBA7

Function 00967F1C Relevance: 1.5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

Strings

O, xrefs: 00BB7C8E

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: 5cdc9a8089801a3475a0e9e8e99db65c229f14ecec6ab07e0531fc0f9cdffeec
Instruction ID: 64fed1e944b0052fcbfe8d6eddc5da1c93700967ec5042ef74a46a858fd322ba
Opcode Fuzzy Hash: 5cdc9a8089801a3475a0e9e8e99db65c229f14ecec6ab07e0531fc0f9cdffeec
Instruction Fuzzy Hash: 9491B8361187198BC715EF2CE8515FBB3E2EBC5310F21CA3ED596C7296EA359406C742

Function 00916820 Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

u, xrefs: 00916968

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: u
API String ID: 0-4067256894
Opcode ID: 4546da41cdc33ba8f4f9838122fd60e60cf191f94a29619b11c874fdb845186d
Instruction ID: a222b319304602f6d802ef869aacfcd831903357dde6c7f9a1f65b1288cb768a
Opcode Fuzzy Hash: 4546da41cdc33ba8f4f9838122fd60e60cf191f94a29619b11c874fdb845186d
Instruction Fuzzy Hash: C0812B32B5E6C54BD328993C8C523AABA934FD2334F2DC76EE4F1873E1D56988429351

Function 00A6F523 Relevance: 1.5, Strings: 1, Instructions: 234COMMON

Download Yara Rule

Strings

1I, xrefs: 00A6F537

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 1I
API String ID: 0-2290412665
Opcode ID: 3cbc6fce2e1a6bfaadebae2e14b366313a7310648153544468b33661a84ca37f
Instruction ID: 5fb6a51804a3153bcb0ec41887a23caaaca4047c40c7b5deb2844e1e418d4899
Opcode Fuzzy Hash: 3cbc6fce2e1a6bfaadebae2e14b366313a7310648153544468b33661a84ca37f
Instruction Fuzzy Hash: 81813675704B118BC328DF38D8915ABF7E2AFD5320F688A7DD49687785E7349806CB82

Function 0090AC00 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

Q-_, xrefs: 0090AE2B

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: Q-_
API String ID: 0-2648658811
Opcode ID: 227fefea603484debc5658d5d8b5704617ee3c50fd6d1d6cf883d0fbf0ab8886
Instruction ID: 8a4cd04ff8f63a063d0f2dff972ee19043c6a30e71f15fae5daafebb373a9c75
Opcode Fuzzy Hash: 227fefea603484debc5658d5d8b5704617ee3c50fd6d1d6cf883d0fbf0ab8886
Instruction Fuzzy Hash: 367146B44083819BD710DF14D881A2BBBF4BF95748F54890CF8D89B291E734D909CB97

Function 00918210 Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 009183AF

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
API String ID: 0-2471034898
Opcode ID: a4c6c4e9d27b6c29730e69caedf4ea1d61b006f978c7d24d6aa2170cb90f7073
Instruction ID: 16d78bca8583cf78fa8d7a4c00f9e84cc8e34b48be681900225cf6aa491a78a3
Opcode Fuzzy Hash: a4c6c4e9d27b6c29730e69caedf4ea1d61b006f978c7d24d6aa2170cb90f7073
Instruction Fuzzy Hash: 6D617D33B199A547C725893C4C512EA6A435B97370B3E8B76ECB1DB3E0C9688C47B391

Function 00AC4FBF Relevance: 1.5, Strings: 1, Instructions: 211COMMON

Download Yara Rule

Strings

$, xrefs: 00A41F2C

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 7fc8f46b94edca1edae6f313fa6b79449ee40a649f695d3b57bb222f0c8f1e9b
Instruction ID: bcbd7e3c909c7e0254f29b07dec42d32759078eb5a47327f000a870cb01a3302
Opcode Fuzzy Hash: 7fc8f46b94edca1edae6f313fa6b79449ee40a649f695d3b57bb222f0c8f1e9b
Instruction Fuzzy Hash: C16175364147568BE718EB39D8922FB73D2FBC5320F90C62DE59B8B195E738A40B8741

Function 00A4CE94 Relevance: 1.5, Strings: 1, Instructions: 205COMMON

Download Yara Rule

Strings

:, xrefs: 00AB364E

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: :
API String ID: 0-336475711
Opcode ID: 6d78317dd7e024073c4c5e02d83ae82b6bf83800227d1a0c6715b1127d49006d
Instruction ID: 037310b575eab8e755f6e996a9104540d934a33d1c9bda0c24bc2f3382add295
Opcode Fuzzy Hash: 6d78317dd7e024073c4c5e02d83ae82b6bf83800227d1a0c6715b1127d49006d
Instruction Fuzzy Hash: AA71767260C7118BD719EF2DE4515AAB3E2FBC4311F54CA3EE486872D9DB34640ACB41

Function 009DFD03 Relevance: 1.4, Strings: 1, Instructions: 198COMMON

Download Yara Rule

Strings

%^*K, xrefs: 009DFD0D

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %^*K
API String ID: 0-1592776602
Opcode ID: 554a97b26b3025ddbdc31fdf9a5057d819f214b27fe071a607fd9df6fbef8f0e
Instruction ID: ad062cbdbbadbefdbd96444babad1200cd9af33efb2e0faad694c8fb4ddaa705
Opcode Fuzzy Hash: 554a97b26b3025ddbdc31fdf9a5057d819f214b27fe071a607fd9df6fbef8f0e
Instruction Fuzzy Hash: 5651A93261462B8FC718CE28DC815E673D7FB99320B51873E8997CB2C9DB3599078780

Function 00942254 Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

%, xrefs: 0094231F

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 9e92cc68c9ea2f4845edd2e9e328aa15fd4e5a7ddfbcda2834f53ba08b7d4e56
Instruction ID: 1d9836b39a5f549be1fce77aeacb6f6f30ae2e71f6b2ffa7f129d2f145b0a758
Opcode Fuzzy Hash: 9e92cc68c9ea2f4845edd2e9e328aa15fd4e5a7ddfbcda2834f53ba08b7d4e56
Instruction Fuzzy Hash: A1517C36418B278BC324EB29E4C20AAB3D2FBD5320F95CB6DC4E657585E33459169F81

Function 00923540 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00923573, 0092357B

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 676cc776fa96f05e948aaa90796aea9a757f7a6a377b34054df756fdd4e7c102
Instruction ID: b4bd25cbc5656d32d29ba1670a6f77c96cb12e29858d8bbea10e4f218e5f9b8a
Opcode Fuzzy Hash: 676cc776fa96f05e948aaa90796aea9a757f7a6a377b34054df756fdd4e7c102
Instruction Fuzzy Hash: 3351B170A08350AFD710EF18E8C5F2AB7E9EB49744F55C82CE2888B356D335DD508B56

Function 0091F4E0 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

%*+(, xrefs: 0091F503, 0091F50B

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID: InitializeThunk
String ID: %*+(
API String ID: 2994545307-3233224373
Opcode ID: b449b979e6c33fd0d8f19aa44951f4cc728037ae5dbf6beaf0290e8fbc1e3c19
Instruction ID: 830083d35fe3fea5e494210d3f341ed0cdcda37c678f91e4de0c9e3b21d6d6f6
Opcode Fuzzy Hash: b449b979e6c33fd0d8f19aa44951f4cc728037ae5dbf6beaf0290e8fbc1e3c19
Instruction Fuzzy Hash: CB51E17470D309ABD715AF1898A0A7EF7EAEB99341F58892CF4C583261D331E860CB52

Function 00927630 Relevance: 1.4, Strings: 1, Instructions: 171COMMON

Download Yara Rule

Strings

=:;8, xrefs: 009276D3, 009276DB

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: =:;8
API String ID: 0-508151936
Opcode ID: f3104358f78c189a0bf55d4bc82f08c6e23044b6755e40197f0866576fba36a2
Instruction ID: f715156dc59bac5facc4f49e1f03fb1dbad11ce4ecb093b21772e1db03021f58
Opcode Fuzzy Hash: f3104358f78c189a0bf55d4bc82f08c6e23044b6755e40197f0866576fba36a2
Instruction Fuzzy Hash: 4651E87160C2209BC7149A58EC90B2FF7EAFB85714F288E2CE9D5A7395D731AC10CB52

Function 010ADF1C Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

-, xrefs: 01141F66

Memory Dump Source

Source File: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: 89e7863b23d6b70e8819fd0c06e1dc5f05dcaa1b059dd2bf842cf06580ea3cb5
Instruction ID: 1a776906dd674bee2e12861165261105e35269a3153ee417397f46187d7133ea
Opcode Fuzzy Hash: 89e7863b23d6b70e8819fd0c06e1dc5f05dcaa1b059dd2bf842cf06580ea3cb5
Instruction Fuzzy Hash: 5651A97110C3428BE31CEA39E8008ABB7E1EFD2320F648ABDE1A6C75C5EB75514AD741

Function 009E4EA5 Relevance: 1.4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

Strings

l, xrefs: 009E4F2A

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: l
API String ID: 0-2517025534
Opcode ID: 62586314565ff205bfccec00b191f3ce2f7f341c1d2a0437e42cbc71e46c6d29
Instruction ID: 31009ad7837deb2358dca98326ed05291e42aa0f03f883dfd20a11d1677ed664
Opcode Fuzzy Hash: 62586314565ff205bfccec00b191f3ce2f7f341c1d2a0437e42cbc71e46c6d29
Instruction Fuzzy Hash: 56518A3260C7528BC719EF28D4904EBB7E3EBD4310F54CA3EE19A8B694DB399419CB41

Function 00968D7B Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

!, xrefs: 00AA9310

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: b7fe9065848e4e263504e84c903e06f1f200c19ad83333416da9d98c495537f8
Instruction ID: 85da9deb8ee122299d9183f1df8c9d39fb417525a42502ed601f9e6e90a88fcd
Opcode Fuzzy Hash: b7fe9065848e4e263504e84c903e06f1f200c19ad83333416da9d98c495537f8
Instruction Fuzzy Hash: AC41AD3281CA258BC31CDE7D99814E2B3E5FBD6320B25876DD9D7C30E2C6655407CAC1

Function 0093F16E Relevance: 1.4, Strings: 1, Instructions: 165COMMON

Download Yara Rule

Strings

*, xrefs: 0093F197

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: e0727a797f0232ff0ae23b6d29af0254eab8e27496bec1344759d3d1e8ed30c0
Instruction ID: 3ad93a47235e99b8921c93dfb07e7f16a462c5a1df28970239fbd833034e5d71
Opcode Fuzzy Hash: e0727a797f0232ff0ae23b6d29af0254eab8e27496bec1344759d3d1e8ed30c0
Instruction Fuzzy Hash: AF51393200CB194BC319AF69A4565AAB7E5FBC1320F618B7ED5DB831A1EB305016CB86

Function 00AFB9E1 Relevance: 1.4, Strings: 1, Instructions: 163COMMON

Download Yara Rule

Strings

z, xrefs: 00AFBA84

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: z
API String ID: 0-1657960367
Opcode ID: 972cb775f8cab50665abec5c26e3e4c2ad5b311b92ba73b7c1b9c83e63769f23
Instruction ID: 78c94f0e3ae6155d6a1f6cdd9c6a718874a2873e137a012020926e669a32822d
Opcode Fuzzy Hash: 972cb775f8cab50665abec5c26e3e4c2ad5b311b92ba73b7c1b9c83e63769f23
Instruction Fuzzy Hash: FE51333112CB5A5BC328FF55E8820A6B3E2EBD1314F548F2DC4D787456D63195138B87

Function 00B66898 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

B, xrefs: 00BB635C

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: ec0861d2951f3c48971c740831f28f9f8b3bf64ae30c6e3296bb15dc3305e228
Instruction ID: 983d4ac41a55e8a4d3b0fb8016b43dff5f36ad6f22885bb03caf284017316309
Opcode Fuzzy Hash: ec0861d2951f3c48971c740831f28f9f8b3bf64ae30c6e3296bb15dc3305e228
Instruction Fuzzy Hash: 185145326083178FC718DF68D4514BAB3E1EBC6320F64872DE5A28B6C9DB34A506DB85

Function 00A0B8CC Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

(, xrefs: 00A0B8CC

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: b221b5d553ac6fda1c3d3468899b149396fac4ccc9053b5a745af8c007a0781a
Instruction ID: 677d7c802427e1791b3775aaf76aced6dcb1ccb613818f4dc0cfdc7563831695
Opcode Fuzzy Hash: b221b5d553ac6fda1c3d3468899b149396fac4ccc9053b5a745af8c007a0781a
Instruction Fuzzy Hash: 5E5186356086438FCB18DF2CD4801BBB7E6EFD5315F608B6DA19AD31E4DB35A40A8B80

Function 00923B60 Relevance: 1.4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

%*+(, xrefs: 00923C13, 00923C1B

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 023f3354248c6f4fd559052f369196d12be58fceedd7b24862eabaa8f4a726f7
Instruction ID: 32b043646b1c078e9413b2d6908d7f46c08ae03742eacb19bf9136e6188bb00a
Opcode Fuzzy Hash: 023f3354248c6f4fd559052f369196d12be58fceedd7b24862eabaa8f4a726f7
Instruction Fuzzy Hash: 3041A27460C2209BDB24DF19F980A3AB7EAEB89704F54C82CE8C697255D339DE10DB12

Function 009ACD50 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

K, xrefs: 00AA8D68

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: K
API String ID: 0-856455061
Opcode ID: c894a3df58ed5e7fd6fd624e10158617981e02d4c35fa1f6952a32f4dcd8178d
Instruction ID: bdb0b0e90b6f87423735031dd22f7c508e8e8be0128b8167bcde2589d08c6bdc
Opcode Fuzzy Hash: c894a3df58ed5e7fd6fd624e10158617981e02d4c35fa1f6952a32f4dcd8178d
Instruction Fuzzy Hash: 195177362083138BD718EE28E4414EAB3E2FFD1320F21877E9093879D5DB79655ACB41

Function 00AE8E56 Relevance: 1.4, Strings: 1, Instructions: 151COMMON

Download Yara Rule

Strings

%, xrefs: 00AB6BE0

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 316164e57ba2274cdde9470f88a116b576f6a809fc0d786802708eb111db49bf
Instruction ID: b0bbdaef7d26b7d841740c960cc1fd4efbbc95380644e2aff8de031c075d1d17
Opcode Fuzzy Hash: 316164e57ba2274cdde9470f88a116b576f6a809fc0d786802708eb111db49bf
Instruction Fuzzy Hash: 4B517732418B568BD318EF5DA4021ABB3E5FBC5321F60CA7ED8DA875DAE73054178B81

Function 0095188F Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

G, xrefs: 00951895

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 9bd08e2f027081d084690cb9e4112ff25be63c4bca0c75354913b8bba7d87a3e
Instruction ID: 397da299f91af3828e301c519fc985b359349e1a9d4bdb86d620d18e75f92485
Opcode Fuzzy Hash: 9bd08e2f027081d084690cb9e4112ff25be63c4bca0c75354913b8bba7d87a3e
Instruction Fuzzy Hash: 1751A8315187558BC714EFB9E8515EB73E2FFC1320F24CA2CA4A5872D8E735990ACB42

Function 00A68179 Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

{N?+, xrefs: 00AFC7B4

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: {N?+
API String ID: 0-320637751
Opcode ID: 568009a16d5540fa012904942261276f5357fbb3289027eea8a389b5b1d72f6e
Instruction ID: 334b9bc96f1c39d61e68f4e2c9ff9aca37048f28233ef17990f8dba8d35321cf
Opcode Fuzzy Hash: 568009a16d5540fa012904942261276f5357fbb3289027eea8a389b5b1d72f6e
Instruction Fuzzy Hash: 625189356086424FDB19EF28D8512AAFBF1FFC5310F64CB6EE4858B256E375940ADB80

Function 00F0042F Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

!, xrefs: 00F9EC46

Memory Dump Source

Source File: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: 69e0f012da79cc433a87ce30c51663dbb2e397689a1b1c67e87278e571c4eaec
Instruction ID: c4fef2a9670421a8042c8cf310f0d3112feaf3f28bf5508eacfc3cc0cfa55b4c
Opcode Fuzzy Hash: 69e0f012da79cc433a87ce30c51663dbb2e397689a1b1c67e87278e571c4eaec
Instruction Fuzzy Hash: 5541DB325087428BC715DF68E98159BF7E2FFE1320F2189ADD8C68B192D770A427C782

Function 00A0B28A Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

C, xrefs: 00B7DFBD

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 0d71568321a344211077e4706eb667dd27f7d32fb7b50f07d14a380027049f68
Instruction ID: 86851782427c45d6ee70564188183378c1dde2eaf87fc06159c37c05c316e460
Opcode Fuzzy Hash: 0d71568321a344211077e4706eb667dd27f7d32fb7b50f07d14a380027049f68
Instruction Fuzzy Hash: C44198311086578BD319EB29D8504EBB3E2EBD1359F94CA3DE4968B099E379A40AD380

Function 00929BA0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

=:;8, xrefs: 00929BFF

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: =:;8
API String ID: 0-508151936
Opcode ID: e5fcb949739b68aff0f2793d8e40f4ee783b1d38bb24ed273c880306a1371c1b
Instruction ID: ed73c25436f23a6c018a35dd0e585e0daa9ceccb7353f0485fc6d9c558a9c682
Opcode Fuzzy Hash: e5fcb949739b68aff0f2793d8e40f4ee783b1d38bb24ed273c880306a1371c1b
Instruction Fuzzy Hash: A7418C74608320AFD714DF15E990B2BB7EAEB86710F64881CF8CA9B295D331E810DB56

Function 00A72D89 Relevance: 1.4, Strings: 1, Instructions: 126COMMON

Download Yara Rule

Strings

d, xrefs: 009E5ABA

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: ada815c8b1c089548770cd5e0e96641daa428dd5107ee0f9b9d1110502e2d928
Instruction ID: 51f12d34bc1f279b64ddaf8dfc26e3844d3ddfc03960b92f33e78f748c3354e9
Opcode Fuzzy Hash: ada815c8b1c089548770cd5e0e96641daa428dd5107ee0f9b9d1110502e2d928
Instruction Fuzzy Hash: 8041A531408A128BC71EEB28C8501FB33D2EBE4311F11C62DA9CA8B6C6DB399912C784

Function 00B3257D Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

~, xrefs: 00AC44EC

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: ~
API String ID: 0-1707062198
Opcode ID: 280f729962f017625cac465091f0fc3a5185c9d01c52e8b001383fecd36df59c
Instruction ID: dedbfe02e29a5dc7ea710bfb5e2b8938eb9cc72826b478d5ac685581287ce8e8
Opcode Fuzzy Hash: 280f729962f017625cac465091f0fc3a5185c9d01c52e8b001383fecd36df59c
Instruction Fuzzy Hash: 27419E355082328BD729EB6DC8540BBB3E2EBD1311F28953DE4C6C725AD739991787C2

Function 00A1FDD5 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

6, xrefs: 00BBC3B0

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: 879456cb884e17b9d0d2a9f20f121baf6748273dc9590b26decdf4b03f5af4ba
Instruction ID: f8c362ed72a63086b43601e9b7d21fa134af620e91e2a8f609120cacbceafc16
Opcode Fuzzy Hash: 879456cb884e17b9d0d2a9f20f121baf6748273dc9590b26decdf4b03f5af4ba
Instruction Fuzzy Hash: 214156321087618BC708FF18E5615ABB3E2FBE8310F60896ED88BC7694DB309916CB45

Function 00B65B03 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

d, xrefs: 009E5ABA

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 879358a9c745ed2157969c8033fdfd0fcbc93b02c825380c00cb85013e33b434
Instruction ID: 7815c2750699bea2d6a36c3d7d89dd59b3de8425b3a7eed3e351e55a7ee28633
Opcode Fuzzy Hash: 879358a9c745ed2157969c8033fdfd0fcbc93b02c825380c00cb85013e33b434
Instruction Fuzzy Hash: 5731BD320147528BCB1DEA3488912FB33D2EBD1325F95D62C999B875C5EF3B950ACA40

Function 00AD62B9 Relevance: 1.4, Strings: 1, Instructions: 116COMMON

Download Yara Rule

Strings

:, xrefs: 00AD62C7

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: :
API String ID: 0-336475711
Opcode ID: 860499a8d3bff986a52d6b5d185b5a4bcce3696313bc5235b6350b9294c5e4ec
Instruction ID: 2cfd7f6f826459b765434f95e8183d6237a43eb888ad4a885f2b2b3f93564079
Opcode Fuzzy Hash: 860499a8d3bff986a52d6b5d185b5a4bcce3696313bc5235b6350b9294c5e4ec
Instruction Fuzzy Hash: 794124725087564FD318EA3DE8541ABBBE2ABC8310F60CA3DD0DACB1E4DB7454168741

Function 00A978FA Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

B, xrefs: 00BB635C

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: 99c781c1e574bac479a237b495c2e2aa29ca1c00ff96f56a28820d3b8ed7d01c
Instruction ID: 0b0ad1bfa909044ad85fccd011335df0edd7e31adba8e14bb3c4be59ccb0e619
Opcode Fuzzy Hash: 99c781c1e574bac479a237b495c2e2aa29ca1c00ff96f56a28820d3b8ed7d01c
Instruction Fuzzy Hash: 874142316083078FCB1CDF28D8518FAB3E0EB86320F64872DA566CB6C5DB70A506DB84

Function 00A3B038 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

$H, xrefs: 00BA29B7

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: $H
API String ID: 0-3358997243
Opcode ID: 4031e49c277356db13c0c2b37d2b06faba0656a6e3cf83324ef815d1730bd030
Instruction ID: ac2f978ffae4bc82356f2e53e177f41228e7ba14013967371c7ad32942df1e08
Opcode Fuzzy Hash: 4031e49c277356db13c0c2b37d2b06faba0656a6e3cf83324ef815d1730bd030
Instruction Fuzzy Hash: 34417831A187478FCB1CEF28E8504BAB3D2FBD5301F58CA7D918EC7588E734910A8A05

Function 00A85D3A Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

7, xrefs: 009A8415

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 21acf1682a07ee1fdb57ccdddd83d7f20ff6e6a737ff158c73e7d4d9c22e5c84
Instruction ID: 8d2f0d30be3bc8961cea04c0fc8cc2b799b5aa33b9f97ad4779b19d376343adc
Opcode Fuzzy Hash: 21acf1682a07ee1fdb57ccdddd83d7f20ff6e6a737ff158c73e7d4d9c22e5c84
Instruction Fuzzy Hash: 354163712087058FE708DF29D8559ABB3E2FBC4320F50CA7CE28997298DB75D8418B02

Function 009ECC6E Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

%, xrefs: 009ECD77

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 1ca74eba3def34c3b16fb9da226a66d72fb0b7587fe33caadb92404d5c61847b
Instruction ID: cf99594180674b697ce439dce46de2c1e8db5be56fe7e0bca9371fe0d4d3b540
Opcode Fuzzy Hash: 1ca74eba3def34c3b16fb9da226a66d72fb0b7587fe33caadb92404d5c61847b
Instruction Fuzzy Hash: CF41013151C7969BC718EF38D8521BEB7E5BFC5310F55893EE58A87188DB389409CB42

Function 00985F15 Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

k, xrefs: 00985F29

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: k
API String ID: 0-140662621
Opcode ID: fea7c9179fb5a370f1429990f071a1db9f64b63e495f5cd6555d962e3aa7aa7e
Instruction ID: 46ba364ddb2fc579550b90df669b7c6cdcc6778bd6ac70eb088fc56cfa8ff1c2
Opcode Fuzzy Hash: fea7c9179fb5a370f1429990f071a1db9f64b63e495f5cd6555d962e3aa7aa7e
Instruction Fuzzy Hash: 63417535108B128FC71CEF2CD4948AAB3E5EAC5320F604B7CA595C36D5D731A422CB82

Function 00B62755 Relevance: 1.4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

7, xrefs: 00B6AF33

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-59465594
Opcode ID: 4d87b693f2b72d50beebbdb1f6e7bad4df655ac0cc46b7680e8a3390d2a4a564
Instruction ID: 2bc42ed0a47b8212db96090886bafe68722ddb198571c1acc48e52a10ffd4b12
Opcode Fuzzy Hash: 4d87b693f2b72d50beebbdb1f6e7bad4df655ac0cc46b7680e8a3390d2a4a564
Instruction Fuzzy Hash: 433188326087228BCB08EE2CE5814EBB3D2EFD1315F208A3DD8A6C71D4D779A01AD741

Function 00AEA60B Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

?7, xrefs: 0099A3CC

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: ?7
API String ID: 0-2713361868
Opcode ID: 28315ad365e1feb92facedf7ca599804e1327e0b0c274775485b3b13565aea29
Instruction ID: 41fdbad708b526aaeca532c709f703b50e6fbbdbc2ab54631927a3f700dd5fee
Opcode Fuzzy Hash: 28315ad365e1feb92facedf7ca599804e1327e0b0c274775485b3b13565aea29
Instruction Fuzzy Hash: 88310631018B559BD709EF68E8442BBB3E5FBC1310F64CA7ED49AC3095EB35A51A8F81

Function 00A55EAF Relevance: 1.3, Strings: 1, Instructions: 92COMMON

Download Yara Rule

Strings

I, xrefs: 00A55F50

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: d9ce073001f4a59c2875d0849035352e86a4bca81e78bec8295f4065b1fb76a9
Instruction ID: a9e9749af7c158dce257e401d9cebf5248daa7427fb5936e0b886f59408a2643
Opcode Fuzzy Hash: d9ce073001f4a59c2875d0849035352e86a4bca81e78bec8295f4065b1fb76a9
Instruction Fuzzy Hash: 673166316146118FD718EB38D8958EBF3E6FBC8324B60C93ED457C6889D37991068A50

Function 00946C7C Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

}#t!y', xrefs: 009A6EC9

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: }#t!y'
API String ID: 0-104498848
Opcode ID: 7ec22dd667fbf3f4b082ec5a9b044ff2df759271b99c61e37deeb59c09caef48
Instruction ID: ad91a3dc79997332de89d27ff3b3303341c5f60553b814cb890199b0afc25e64
Opcode Fuzzy Hash: 7ec22dd667fbf3f4b082ec5a9b044ff2df759271b99c61e37deeb59c09caef48
Instruction Fuzzy Hash: 7E21A83651875287C718EF29C0521ABB3E6EFC9311F95C97DD9CAC7288D7398441CB02

Function 00A0823E Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

b, xrefs: 009A5FE3

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: 56dd80129db2aface3da590ce69a7cd5bceca0f895b6a7394389bbb7e77d92c2
Instruction ID: 09106597e681fe6702bf1bdec9a1c5d1f3f131dd99c15cadfd28690642f41ee4
Opcode Fuzzy Hash: 56dd80129db2aface3da590ce69a7cd5bceca0f895b6a7394389bbb7e77d92c2
Instruction Fuzzy Hash: B32104712287028BD709DF25D9844ABB7E2EBD6311F24CE3EC4C9831A5DB399495CA01

Function 00A11115 Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

#, xrefs: 00B9689E

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: c62bf21ab82d4b3a672857decfe15bd7dea8633d326f41244fccda4de050b5bc
Instruction ID: 71b94553aafc247721d4ea528d333da4b54f6e5202ed54f4cafe85f52b45a5b0
Opcode Fuzzy Hash: c62bf21ab82d4b3a672857decfe15bd7dea8633d326f41244fccda4de050b5bc
Instruction Fuzzy Hash: F221943650C7614BD70CDB39D4548AAF7D2ABD2320F21CB3ED4AAC79D4E7398602CA01

Function 00B39225 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

!, xrefs: 00945E7A

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: !
API String ID: 0-2657877971
Opcode ID: aa5f19f6b74d92c9d8d2d9eb3d9628ab13ea60dab2661015add650487dce741e
Instruction ID: 1bbce0e7f2b89d5e7fd6b20594ca09b8ae112d965373661f35d5bdf0d2ae1c30
Opcode Fuzzy Hash: aa5f19f6b74d92c9d8d2d9eb3d9628ab13ea60dab2661015add650487dce741e
Instruction Fuzzy Hash: 052148315186168BE738EF2CA01557AB3F4FFCD310FA2497ED48787685DA3055148B42

Function 00923890 Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

%*+(, xrefs: 009238A2

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: %*+(
API String ID: 0-3233224373
Opcode ID: 6bde8bdc46593c85db6d4a1a8c12068484ccb1a78ed4bbf8039c4b9ceeb1c5d9
Instruction ID: 218efea65f74da5338b75cd25f503fd2a73c7f5651003d6981a71c53be8a6c9b
Opcode Fuzzy Hash: 6bde8bdc46593c85db6d4a1a8c12068484ccb1a78ed4bbf8039c4b9ceeb1c5d9
Instruction Fuzzy Hash: 6111CA7991D210DBD715AF14F880A2AB7B9EB86301F54DC1CF0C49B209D335DD509B51

Function 00A168D2 Relevance: 1.3, Strings: 1, Instructions: 48COMMON

Download Yara Rule

Strings

J, xrefs: 00A1692C

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: J
API String ID: 0-1141589763
Opcode ID: 886d2bf06ff4c0edcfa458ea474e44140f4dc63e03a4a600c9a666172d54fc80
Instruction ID: 21ef1436a167607f599c325255fffa25c97f4b4358fbdc2e1256314a136636de
Opcode Fuzzy Hash: 886d2bf06ff4c0edcfa458ea474e44140f4dc63e03a4a600c9a666172d54fc80
Instruction Fuzzy Hash: BD0126315183815A87099BB490454E777D1EFDA714F51DE2CE0998A685D3B9D017DB02

Function 008F6319 Relevance: 1.3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

Strings

*:, xrefs: 008F6319

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID: *:
API String ID: 0-3904767845
Opcode ID: 3ea9c96409157ddd172d30646556e2a6724db776a46a9ef0688ce10671969780
Instruction ID: 3d5886f7f84cd599d21553818a44c19e5e8cefef73a6fa3ac69e0a8071f916f1
Opcode Fuzzy Hash: 3ea9c96409157ddd172d30646556e2a6724db776a46a9ef0688ce10671969780
Instruction Fuzzy Hash: BC016D314183C48BD3109B64D865B6BF7F4FF8A308F080A2DE5C9A7292E338C6148B27

Function 008EC210 Relevance: .8, Instructions: 830COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2da6bf06da9aa3264ba6359e8c59aacf157f0e828513f862b690c0f73cc5cd19
Instruction ID: d180e6af09d02ab71ed5809f1b2c5c0dc29a27ce0d66a67025274e98958dc4e7
Opcode Fuzzy Hash: 2da6bf06da9aa3264ba6359e8c59aacf157f0e828513f862b690c0f73cc5cd19
Instruction Fuzzy Hash: FB421832E087688BC724DF19D8802AEB3E1FFD5315F158A3DD996D7281E734A912C782

Function 008EB700 Relevance: .7, Instructions: 670COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd79a502e0bdf9d1b1dfe6322a506e7c01f8394628c9ece8fb8fc20cb7e12c6f
Instruction ID: df9a44eac70b38c4045f5882830403e91855723e2b95163df309021134d144fe
Opcode Fuzzy Hash: fd79a502e0bdf9d1b1dfe6322a506e7c01f8394628c9ece8fb8fc20cb7e12c6f
Instruction Fuzzy Hash: 6052C470E08BC88FEB35CB25C4847A7BBE1FB92314F14482DD5E687A82D779A985C741

Function 008E73D0 Relevance: .7, Instructions: 657COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f01135e6ac47d6d3255b9d122b0e56324ba24bd072eb5f317897480c6ff1649
Instruction ID: 7dec3271614e6c00c6fd0c828f81c399d6553a60ce8b54f3e99df0e3ea83150c
Opcode Fuzzy Hash: 0f01135e6ac47d6d3255b9d122b0e56324ba24bd072eb5f317897480c6ff1649
Instruction Fuzzy Hash: 8352F63150C3898FCB15CF16C0906AABBE1FF8A318F18896DE8D997352D778D949CB81

Function 008E7DD0 Relevance: .6, Instructions: 592COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8ac4ba853e89e81b770d6ff8b4c02276d18f150406044ca7d5f794f8e92f1d0
Instruction ID: a218605718c0259a7ac1e1889a52992aaac9dff11956255f08df6083d61eec95
Opcode Fuzzy Hash: f8ac4ba853e89e81b770d6ff8b4c02276d18f150406044ca7d5f794f8e92f1d0
Instruction Fuzzy Hash: 97322070514B95CFC368CF2AC59052ABBF1FB46704B604A2ED6AB87B90DB36F845CB14

Function 00928BE0 Relevance: .5, Instructions: 519COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5a2104c828af7993f422a6fb5a3a3c5fff1407d5021ba72f4bdc124c849a992
Instruction ID: d97c0b37f18e35416dc30e2a697333f2ad620c980acc05394c92e0906c400550
Opcode Fuzzy Hash: e5a2104c828af7993f422a6fb5a3a3c5fff1407d5021ba72f4bdc124c849a992
Instruction Fuzzy Hash: 58F1DF3561D250DFC708DF28E8A0A2EB7E6FF8A304F19892DE89597395C735E814CB52

Function 008EA680 Relevance: .4, Instructions: 446COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 023f59f2af2b1a00ca78420362bb30278b3b19866e6c24b6e05a83a8d4ac3537
Instruction ID: fae848b2d5bbd604e21c13f0d1b0b80b56d57d48a1aaed48ec1c9018dd4f8a15
Opcode Fuzzy Hash: 023f59f2af2b1a00ca78420362bb30278b3b19866e6c24b6e05a83a8d4ac3537
Instruction Fuzzy Hash: 4DF19A356083818FC728DF2AC88166AFBE2FFD9704F08882DE4D587751E675E845CB96

Function 00907250 Relevance: .4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7355aced3574d3d5a4851ab57aa7d740be85b04cf8de1b5761f5a09ca7580abf
Instruction ID: 69021b61c8fd59b2d19337ba41f5553cf5eb5c2a7db26315681688d3e1b12906
Opcode Fuzzy Hash: 7355aced3574d3d5a4851ab57aa7d740be85b04cf8de1b5761f5a09ca7580abf
Instruction Fuzzy Hash: 1BC18B7190C2009FD711AF98D841A2BF7F9EF96364F08881CF8D59B291E335E954CBA2

Function 008ECF10 Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 494aa05c37aa1374e0a6a8deff9936b50247b33044ffcb0ed7a4e339b7e73d37
Instruction ID: 77dcd92383e95068b7573513be6565b0449029c64d82bc613bbb5e762211bc4d
Opcode Fuzzy Hash: 494aa05c37aa1374e0a6a8deff9936b50247b33044ffcb0ed7a4e339b7e73d37
Instruction Fuzzy Hash: 87D10B72A087854FC314CE2AD89025BF7E3FBC2324F59C61DE9A5873D5E6749D098B81

Function 00BC0698 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2081f062370d2d66b38fe96055c10500d03d1c11bac88073afa91fafaa7d2195
Instruction ID: c51570040004f3582f5eaecb1249f54e55d4e0712d477d77b64c99be7a7522af
Opcode Fuzzy Hash: 2081f062370d2d66b38fe96055c10500d03d1c11bac88073afa91fafaa7d2195
Instruction Fuzzy Hash: 1BB1EB36618A2A8BC71CEB28D8925F6B3E2EBC5311F51823DC587CB5C6EB355907C741

Function 00904D40 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 034fb226c85d329c4013c33858b4fbea43bd4e6054e23c4f7899ba55db17dc9d
Instruction ID: b005a2d7f340f87a73c51aab9a2a2839d67d8dbd50264e6f0d5fb7e27ff3e392
Opcode Fuzzy Hash: 034fb226c85d329c4013c33858b4fbea43bd4e6054e23c4f7899ba55db17dc9d
Instruction Fuzzy Hash: 88A1ABB19082008FC714DF18C891A2BB3F5FF96764F19895CEA858B3D1E335E904CB92

Function 00AEC8F1 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bd278c09007c9ea0c04bb2fd0679403fa899ef3fb125e3ab35d426f11f65fff
Instruction ID: 7146a872ed0a24dc85316bd2068efb7dd2db46152f23c0a5d84be9ebdccd7304
Opcode Fuzzy Hash: 5bd278c09007c9ea0c04bb2fd0679403fa899ef3fb125e3ab35d426f11f65fff
Instruction Fuzzy Hash: C4A1AC329187598FC31CEE28E8850B6B3E5FBC5315F248A3ED5D7C7296DA3454078B85

Function 00927BE0 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f41f3c99396b7f3999ed93934731de9ec55766c7fc0c33706ee236f75c9555d8
Instruction ID: 2f28db3fb177dce452998f8b80cc236415f859a0a2924924f40be5cdd8ee7ac6
Opcode Fuzzy Hash: f41f3c99396b7f3999ed93934731de9ec55766c7fc0c33706ee236f75c9555d8
Instruction Fuzzy Hash: 9DA1F471A0C3605BD7109F68EC45B6BF7E9EBC5314F18492CF998E7296E631DC048BA2

Function 008EB270 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2eefbcabbb49be9fc3a5cb3eb551301aa0c5dd4b78795e6fe0b3ea0a4c42c97
Instruction ID: c066dae1bc7429a25d8d4442d6a188c870480c5503f81179ec04f50bb8055116
Opcode Fuzzy Hash: a2eefbcabbb49be9fc3a5cb3eb551301aa0c5dd4b78795e6fe0b3ea0a4c42c97
Instruction Fuzzy Hash: EDC15CB2A087858FC360CF69DC867ABB7E1FF85318F08492DD1D9C6242E778A155CB06

Function 008F6866 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 829b455cfe555f622cfab6ae00ee0dedba87d387cbfb518f62b0a5e56936264a
Instruction ID: c1506c68b62063ec69ab782b5fb69483d8df7be2b9f7b190edddd40f06cd5cb3
Opcode Fuzzy Hash: 829b455cfe555f622cfab6ae00ee0dedba87d387cbfb518f62b0a5e56936264a
Instruction Fuzzy Hash: 10B123754183849BE3109B68D881B2FFBE4FF86308F544A2CF589C7292E775D8588B67

Function 00ADD3C6 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ca8ab1f4b61b376469dfc7a94effe6fdb152d3a52aa2bae9c2a20dbe5583c7a
Instruction ID: 0264e52f161128eabfa2ba965c8d6411282fe66158a83dbb8bb1f09d2d2b1175
Opcode Fuzzy Hash: 6ca8ab1f4b61b376469dfc7a94effe6fdb152d3a52aa2bae9c2a20dbe5583c7a
Instruction Fuzzy Hash: 67A156725087468FD318EF68E8815BBB7E2FBD5310F60CA3EE58687195EB345416CB81

Function 00AF4481 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2c837b7a65de97231a29e4cffbe0921ecc1623fb9e1d5c2724a823be74bd18e
Instruction ID: ad03399d2de5924063afb4874cb2415b244cdad77b3991548b7bec719638c17d
Opcode Fuzzy Hash: e2c837b7a65de97231a29e4cffbe0921ecc1623fb9e1d5c2724a823be74bd18e
Instruction Fuzzy Hash: 91A1A8361087528FD728EB28E8465EAB3E1FBC6321F508B3EC49BC75D5DB75440A8B41

Function 008E937E Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b279b4d8bf3084681c898dcd15b8f43883850503a0e8a771ffadfbb3ea80c49
Instruction ID: 31771f20948fb483295e2a1aaea4b8ce2fde91c951c622a709583cac29fcf074
Opcode Fuzzy Hash: 5b279b4d8bf3084681c898dcd15b8f43883850503a0e8a771ffadfbb3ea80c49
Instruction Fuzzy Hash: 73B1AB79628241CFD718CF24D8A03AA77E1FF88359F18896CE485873A1D774DA86DF81

Function 009FC8E8 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45a110ae1595d8c2cd367181e7561a3e01c17d1107d6fce622c8a368004178f2
Instruction ID: cdfd75beae8b0c23e1755aa77fea3158ad4920415af396e4d851cc07fe1574b5
Opcode Fuzzy Hash: 45a110ae1595d8c2cd367181e7561a3e01c17d1107d6fce622c8a368004178f2
Instruction Fuzzy Hash: 7391A832608A164BD714EF79D8505EBB3E2EBD9320F60CB3DE096C3295E735950ADB42

Function 00928F50 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e72937c6114b6a4182a69d345e703b2fe20cff5fe6294c14c2caf9bac867d8b
Instruction ID: 68dfac7084fbf066ac28bf3b5834c087c4d51b559afcd65eb05a30090bb6bf19
Opcode Fuzzy Hash: 0e72937c6114b6a4182a69d345e703b2fe20cff5fe6294c14c2caf9bac867d8b
Instruction Fuzzy Hash: CE71AD3561C350DFC704DF28E990A2EB7E6EF8A711F09882DE9C987396C335A814DB52

Function 0093F039 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0646006e62e18cbf7b498866a6d2535f2b66199afac8a39a145b2ed2b8d6f9e
Instruction ID: 3faa6f71472493bc62d97bffef04bbaf76e33b6771eedaed26a8450377c0aa4d
Opcode Fuzzy Hash: b0646006e62e18cbf7b498866a6d2535f2b66199afac8a39a145b2ed2b8d6f9e
Instruction Fuzzy Hash: 2F71D936018A1A8FD318EE28DC466F673E2EB82301F44032CDD83CB5A6EA35641786C2

Function 009BBD74 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70909254d1365c4ba2bfd6323eeb29735eb017715c241be622d628d91981d4e0
Instruction ID: 49246e987da83ccf3a7c4e5b5586815a054537ac29158ef738a4d7494e3fef05
Opcode Fuzzy Hash: 70909254d1365c4ba2bfd6323eeb29735eb017715c241be622d628d91981d4e0
Instruction Fuzzy Hash: E761DC36618B1A4FC3189F19E8422E2B3D1FBC5321F24C72ED8C7875A2D7342856CB82

Function 00906FF0 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 991f67f4cb2949dbd1b0847a10ed7ca861556c95c0a0c140152687a4efa38ae2
Instruction ID: c6f2262aabae6b7b3cc294eac39f595a7d3d4080a43f5fffa16ee78264384090
Opcode Fuzzy Hash: 991f67f4cb2949dbd1b0847a10ed7ca861556c95c0a0c140152687a4efa38ae2
Instruction Fuzzy Hash: A161ADB1A08204AFDB209FA4CC96B77B3B8EF86764F144958F985CB2D0E375E841C765

Function 0090DB4B Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe66e476040787bc60e246adb0bcd763ebba20479d96868f5cd5382ec2b3a10
Instruction ID: 53cf5c5952b1f3c29933993bcc5f3475b8f885c177b3c44a4c1ec0a7e91f96a6
Opcode Fuzzy Hash: cbe66e476040787bc60e246adb0bcd763ebba20479d96868f5cd5382ec2b3a10
Instruction Fuzzy Hash: C75108B3E147194FD714DE69DC4022AF3D2ABC4210F5A863CD969CB382EA74EC058BC1

Function 0090E8B2 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acdd9813e9b1bf735554b5d437fd9e6b30a3c0dce5329d998c375d6cf5d2dec8
Instruction ID: f9e62112ba50b12a89738cdbc6a39b3a53d8e2d71a6d7f0d1e6715e722c99738
Opcode Fuzzy Hash: acdd9813e9b1bf735554b5d437fd9e6b30a3c0dce5329d998c375d6cf5d2dec8
Instruction Fuzzy Hash: 486166B8508342CEE720EF54D401A3AB7F4BF92744F640C4CF9C89B2A1E73A9951DB66

Function 00BC1BCA Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc96ba54a11eb9891ff34bed2b1f020db809ec728b8429837e3365c02eeb15d2
Instruction ID: c0003dd4191582d7058a4c83252fe06c200697da8932691452eb39fa8afeb683
Opcode Fuzzy Hash: fc96ba54a11eb9891ff34bed2b1f020db809ec728b8429837e3365c02eeb15d2
Instruction Fuzzy Hash: 2A61AA366086234BE719EA79D8916BA73D3EFD1314F10C63CE142CB5D8DB39951AC740

Function 009165E0 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9ac3478295facbc0491498c31a2b4cc0d7dbf483e318f26c71b0636e367de9b
Instruction ID: 519f30b04a105bf9801bf399c3659e15c92932100d872998752edc0457f5df7d
Opcode Fuzzy Hash: a9ac3478295facbc0491498c31a2b4cc0d7dbf483e318f26c71b0636e367de9b
Instruction Fuzzy Hash: 7E513626B1E6844BE728893C8C223F96A834FD6334F3C8B6DE5F2873E1D55948819341

Function 009B7DDA Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dba8c3f9368bd801036e694fb3ceca8580b141545e603a509c60d58a068d998c
Instruction ID: b4b8262373bf98da46b8775be2f4689fdbbeafac28954bdc0ac41ebc601b0c4e
Opcode Fuzzy Hash: dba8c3f9368bd801036e694fb3ceca8580b141545e603a509c60d58a068d998c
Instruction Fuzzy Hash: EA61AB72A083078BC71CDB68D8558BB33E2FBD9301F608A3DE15B97585EB74651A8B41

Function 00AFE9BB Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 743427bc81003e5de40d5cfbfb4abfae93c3bdb737519381173b4f153b90fb66
Instruction ID: a7a754756cda2409e0de5d7472e8af5af1a77919ac312f2dd85dc3dd7cb77d8d
Opcode Fuzzy Hash: 743427bc81003e5de40d5cfbfb4abfae93c3bdb737519381173b4f153b90fb66
Instruction Fuzzy Hash: 6F51557650C7258BC318EE29E8421BBB7E1FBD1321F108B3ED8CA87195D77599468B82

Function 0091EC60 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a99f5321f3f2183fe9fb28e1bdd9ee3f2c08fcc938c141056ba77b01cc1f059
Instruction ID: 491c423615fb0a0eb5035dd88b25d27155b83d753382c668bb3fe0cb3ef61f3d
Opcode Fuzzy Hash: 6a99f5321f3f2183fe9fb28e1bdd9ee3f2c08fcc938c141056ba77b01cc1f059
Instruction Fuzzy Hash: E8515CB16087548FE314DF29D89435BBBE1BBC4354F044A2DE4E987390E379DA488B82

Function 00907850 Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0099daa4a7189be715a8bd39b4143470b266ef4c3cef37748dd23a2a38ae69c5
Instruction ID: bcd448e859390eb3e115dc2e4d94168d97456f09c2325584489c0a8290559604
Opcode Fuzzy Hash: 0099daa4a7189be715a8bd39b4143470b266ef4c3cef37748dd23a2a38ae69c5
Instruction Fuzzy Hash: ED4191A19086158FDB209F54DC96A73B2B8FF55374F098918EC968B3D1F334E944C762

Function 009F857E Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc7b059c60c05b9af7202a5b2dc4b00c605e768db23253688bec7357cdc45553
Instruction ID: f649b4357dd9ba6f83c0f8a69b5f013c410121c0105dddd583f95bfc2a805cab
Opcode Fuzzy Hash: dc7b059c60c05b9af7202a5b2dc4b00c605e768db23253688bec7357cdc45553
Instruction Fuzzy Hash: 5A5171305187078BC71CEA28D8124FAB3E1EB85324FA4837D91A7CBAC5DB74A40ADA45

Function 008E6E30 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c083366f9271e43f78402c596b324539846e450b2900557f58066e4fcabb431
Instruction ID: 1f5d850b6d1443e1edeef0a7a6fbc88e6fe7b141beb1668c50e98961aab310e8
Opcode Fuzzy Hash: 1c083366f9271e43f78402c596b324539846e450b2900557f58066e4fcabb431
Instruction Fuzzy Hash: 89410822B0C2BA0BC7149A3E8C6027ABAD29FD6258F1D8679E8C5DB7C6F5749C1053D4

Function 00A4EA8B Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7ff55c560d6bfa8b6b33fc17db92c635803aa8fcd92f39a2d02cc9f3a668f6f
Instruction ID: a8d6c7e43845b6cf3aa1936bade07a11c4448a41fa4b975f657db7b96f59d0b5
Opcode Fuzzy Hash: b7ff55c560d6bfa8b6b33fc17db92c635803aa8fcd92f39a2d02cc9f3a668f6f
Instruction Fuzzy Hash: 5E51583110CB1B4BC70CDA28D4954E7B7D2FBC1328F648B7DC5DB87596D63561168B81

Function 009FBC54 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3ac95aa45b4d55e1bebe53849452ad6d8782677aa59e3e5d16ed37a5cd414e4
Instruction ID: 2add25e9b7cfc1478c8d894d5d2141f3a5ff5df93d0d5e8cc305622bf4440421
Opcode Fuzzy Hash: e3ac95aa45b4d55e1bebe53849452ad6d8782677aa59e3e5d16ed37a5cd414e4
Instruction Fuzzy Hash: FB519B7261C7528BD71CEB28E8411AB77D2EBCA331F60873EE59A875D4DB34401ACB49

Function 009FA195 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70178e3644b33ba3f0c34480f24bd139f3c00dfca89a6dd5378c7e16e86cb1e4
Instruction ID: 69604a6fd1acc479bfcdd62a27608b8aeed1311ef1eba3ed99d7a41588436008
Opcode Fuzzy Hash: 70178e3644b33ba3f0c34480f24bd139f3c00dfca89a6dd5378c7e16e86cb1e4
Instruction Fuzzy Hash: 2541FD3750CE564AC72D9B38AD821E77782F7C2301B946B2ED8C3871A3DD3561038AC6

Function 008E5C00 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b31c6ac0c99a53b0627a0ddeb021baf9a575c7a411fbee3cb4ce1ae558fef5e6
Instruction ID: 091b9c7a442085bc4ade6597d94b791cdbabfbbb83fcb8fc09772990eb7f1df2
Opcode Fuzzy Hash: b31c6ac0c99a53b0627a0ddeb021baf9a575c7a411fbee3cb4ce1ae558fef5e6
Instruction Fuzzy Hash: E751F374A047419FC714DF19C880826B7A1FF86368F15466CF899CB352DA31ED52CB92

Function 00900708 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f04a4ff5529b381f62f4d77126a4d128eb2bcdce855602533de6d7475bfd496e
Instruction ID: 25822ee3495d72f4fbbdce191564771d853d121c0cc97370df6575d51b453e7d
Opcode Fuzzy Hash: f04a4ff5529b381f62f4d77126a4d128eb2bcdce855602533de6d7475bfd496e
Instruction Fuzzy Hash: CF5198B05093808ED3309F44D8617ABB7E1EFC6344F044A1DF589AB282EB798950CB67

Function 00AD4859 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64ab6857720a8a6b33044d96ba667065f81d1ce337fafd4246dd904433c187f3
Instruction ID: 84a367cfc3af25c17bc519a2eb903c565e3b686a9bb878049a87fb0396d1bda8
Opcode Fuzzy Hash: 64ab6857720a8a6b33044d96ba667065f81d1ce337fafd4246dd904433c187f3
Instruction Fuzzy Hash: 2441CB36528A0D8BC30C9E68D4896FA73D1FBC5314F61973ED8C7C7182EA75510B8980

Function 00B30E04 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b3bbd8509bc09367c9be076cfa3af483453ef0d8bfd2250f0ee7f4affcd87c2
Instruction ID: b15ad9e220871391f8b27791f2b5964d3415f76874e299138d31ac30a720e737
Opcode Fuzzy Hash: 7b3bbd8509bc09367c9be076cfa3af483453ef0d8bfd2250f0ee7f4affcd87c2
Instruction Fuzzy Hash: 8D419B361182034BCB18DB38D8A01E773E2EBD6320F54A62D9497876D5DB3A504ED701

Function 00B2B555 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0248c25b24446053ad3260e0c0598925476b98ef9b3093db623a0eb968593891
Instruction ID: 0625d742928864412e202dae569144455442e42b3fe04cfc1fcbb29432487798
Opcode Fuzzy Hash: 0248c25b24446053ad3260e0c0598925476b98ef9b3093db623a0eb968593891
Instruction Fuzzy Hash: C3417C325146138BDB08EF38D8964EB73A2EFD5325F618B3DD0968B5C1EB39911AC744

Function 00A26CED Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc398b44dee8004a77891092f895c77e63d62e837940fe1aece58a11162fec3e
Instruction ID: ac4b8c4899117d33ed91f6e5c9cca0ec8761d8edc0f40c2a70791299063d1f14
Opcode Fuzzy Hash: dc398b44dee8004a77891092f895c77e63d62e837940fe1aece58a11162fec3e
Instruction Fuzzy Hash: 8731DB7291892E4B831C8A7D4C970B273C6E787322305436EDEA7CB1E3E978184749C5

Function 00981A48 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708afe04386a738c6ff5b2abe4034771e88e0a00a6c86d475ef4a6ce244a0be4
Instruction ID: 6b0455592167e9359246e120141709cae06473b11bb6d7d5ed8a55426b154250
Opcode Fuzzy Hash: 708afe04386a738c6ff5b2abe4034771e88e0a00a6c86d475ef4a6ce244a0be4
Instruction Fuzzy Hash: 1951F5311187068BC718EF19E8814BAB3E2EBC8324F64CA3EE499C7695D7399416CB42

Function 00A29740 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2364c0b2899874f14572c4f71e6a3d4514f44f98dd2aa450e5fe7ca0d6cfdb6
Instruction ID: 31fad22b41353cf0357fb6b70c54acbac1111ee3bd4c1045883794cdcfcaeb8d
Opcode Fuzzy Hash: f2364c0b2899874f14572c4f71e6a3d4514f44f98dd2aa450e5fe7ca0d6cfdb6
Instruction Fuzzy Hash: 1841A4B141C70B8FC318FF2894512BBB7A0FBD2310F548A2DD5EB83591EB31900A8741

Function 008F5E11 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6be65742a9429fd2770fe07dd6da3712c49ff40585c19611a6fb76054cc6d5ab
Instruction ID: c4cde55a4673ac2393261c522dd7d2011beb39f009376ff0e2e45227e5610a99
Opcode Fuzzy Hash: 6be65742a9429fd2770fe07dd6da3712c49ff40585c19611a6fb76054cc6d5ab
Instruction Fuzzy Hash: F941EF729083949BCB208B34DC41B2A77E5FB8A714F144938F69AD7251E73199068B82

Function 009FF9B1 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39c4e6a9d8c6ebbcd741a121ec1ddf916b00dfa04701b0c453f26bbf652b4a0a
Instruction ID: 14a502fec68f7f2f42895e9fd3795b70a8cc68cc00e631a34ef13e12b6a6e6eb
Opcode Fuzzy Hash: 39c4e6a9d8c6ebbcd741a121ec1ddf916b00dfa04701b0c453f26bbf652b4a0a
Instruction Fuzzy Hash: DE414835604B168FCB19EF28D8954FA73E2EBD1320F40862DD4A2876D5EF36A54AC781

Function 00A526FA Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 918772630cbfbc0cc80c4de2eb725667c83d904d017c00c6afd0392016ad43d1
Instruction ID: d72357e6fa4263df7463c0070b7adf9a547e113e694aba45e3d8f62393bb93ba
Opcode Fuzzy Hash: 918772630cbfbc0cc80c4de2eb725667c83d904d017c00c6afd0392016ad43d1
Instruction Fuzzy Hash: AD41C9366107525BD718EB78C8915AB73E3EBC9300B54C63DE586CB6CAEF79C5068740

Function 0098D73F Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dbf1bfaef54ca0111609ef91761f39dc2c8f21ebadeba46568ad29635b86944
Instruction ID: 475c17b0823bda982babc003c4f79bd8bda67f9e72734c7bdf1af21c0c05e4ec
Opcode Fuzzy Hash: 1dbf1bfaef54ca0111609ef91761f39dc2c8f21ebadeba46568ad29635b86944
Instruction Fuzzy Hash: 2741CE3150C7264FD755EA3CE8C05EBB7D1EBCA321B20463ED4C1C728AD626981BCB81

Function 008F1B50 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ca663a277ede34ddc906ed8ded8ece6209b27b8a01707d7999b523a0a1fc5b8
Instruction ID: ebe2fe9011be4a3eaeeee7681238df5c5e6ab2a80b1912a9b5981d185d18ef15
Opcode Fuzzy Hash: 8ca663a277ede34ddc906ed8ded8ece6209b27b8a01707d7999b523a0a1fc5b8
Instruction Fuzzy Hash: 8E414672B183A94BC71C8E398C9423ABAD1EBC5220F18873DF5A6C73D1E674C946A750

Function 008F63AC Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d124e42cc2b4960b7d19bec050a4dc257b5fafdc852f9d875f35809aa287b788
Instruction ID: 1dd4da863b16a831e49088a03ca82932e9c0ecaf4cedc61881a45a5480fc4740
Opcode Fuzzy Hash: d124e42cc2b4960b7d19bec050a4dc257b5fafdc852f9d875f35809aa287b788
Instruction Fuzzy Hash: E3414930418388ABE3059B68D885A2FFBF1FF92348F54996CF4C887262E375D8548B17

Function 00AE3D85 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693682c1bd5525e55388d3050241fed239d2a41f772c549d9cb56c32bcb3160f
Instruction ID: 7ec74c746886a84c902c90aeff3f09bc5c4652279901a9f53aa12d009c038a33
Opcode Fuzzy Hash: 693682c1bd5525e55388d3050241fed239d2a41f772c549d9cb56c32bcb3160f
Instruction Fuzzy Hash: CA41593A5083039FD318EF29D8914FBB3E2FBC4321F24C62DE19A8B195D779144ACA59

Function 00BD99A0 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d5797c90f13cbb1fbf211be8671992538350e5f408b04343fea5b092c923abc
Instruction ID: 5856c372ee8fbc7b9a0bffbce021d7fe6a2325b63b594714526ff0a5dca52984
Opcode Fuzzy Hash: 0d5797c90f13cbb1fbf211be8671992538350e5f408b04343fea5b092c923abc
Instruction Fuzzy Hash: 3141BE662042528BC70DEF3DD9516A6B3E2FFC5300F58C92DE5C6CB586D6399406C782

Function 00BCA566 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb46c5d9a89580c9224d998d504becf2243ac2a6fb6f9f8074702d8338494f8c
Instruction ID: cdb41426ab160de325e903d7259387b4c492e28391248b703a10312a294c7d7f
Opcode Fuzzy Hash: bb46c5d9a89580c9224d998d504becf2243ac2a6fb6f9f8074702d8338494f8c
Instruction Fuzzy Hash: 0E415831208A068BC719DF68E8410EAB3D2FFC5320F24D73DA4A6C75D4DB79950ACB85

Function 00A79E27 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec75fb248c0c7b0678659082f30422e83211af085c6b62b5a8d91d4ff74a6ccb
Instruction ID: 89796f4426e7d0b0df7fec5770f3d37403f9ea64d54c321e55167069d97a6dc7
Opcode Fuzzy Hash: ec75fb248c0c7b0678659082f30422e83211af085c6b62b5a8d91d4ff74a6ccb
Instruction Fuzzy Hash: BF3168716187164BD318EB29D8012FBB3E6EBD4321F60CA3ED5C6C764AD7B8450ACB85

Function 00B9B2D3 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a87105fc3844b382e023f3ec51445851df0f7b3ff1b99460e34b31e088873522
Instruction ID: fae2f624f7b5b1fb97dbf8df44aa37af819e61448c2a6cc60da9026e3b93c374
Opcode Fuzzy Hash: a87105fc3844b382e023f3ec51445851df0f7b3ff1b99460e34b31e088873522
Instruction Fuzzy Hash: D631AC340085474FE709EF78D4919EB37A2FBE1368B19DA2C8082C7D89E7B8A416D742

Function 00F041E2 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5dbae1d89e80375fc9de56f368efe473cf9db613ea4c36f80b34dc10aabcaf
Instruction ID: 73b117522e8be4baeb187187acfb122e6fc8b76cf194e3844e109cb760535fed
Opcode Fuzzy Hash: bb5dbae1d89e80375fc9de56f368efe473cf9db613ea4c36f80b34dc10aabcaf
Instruction Fuzzy Hash: 7A31983200DB5E4AD31CBB20A8061AB77D4EBC6320F645A3ED8D782482D2214217DF8B

Function 0091F3F0 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62aea7369d740e3de1080bf5b4370736746017f1fb31a9432853974110e3f4a0
Instruction ID: 4080c370fe601c1811473173b7fa85121f65c029b60b6dd85e1d634ae0aaf54f
Opcode Fuzzy Hash: 62aea7369d740e3de1080bf5b4370736746017f1fb31a9432853974110e3f4a0
Instruction Fuzzy Hash: BB213B32A0812C4BC324DB5D889547BF7E8EB99704F46D63EE9C4A72A4E3349C6487E1

Function 00FA7353 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af2d1a9568c706fab4a5bc00f027bd0817027c3958cef468c9d96f573645ee0d
Instruction ID: 7bb0b0d3d5b39f9fa082eef1158c5d97402b0031c30b9044f62788366b9ca888
Opcode Fuzzy Hash: af2d1a9568c706fab4a5bc00f027bd0817027c3958cef468c9d96f573645ee0d
Instruction Fuzzy Hash: DE318836A10616CFCB08EE38E8515EA7392ABE5321B64573FC16ACB5E1DB756149C600

Function 0095684D Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66c193feb151689f22f4917ebc201042be794d02647c1ed80d6200a7553f4c17
Instruction ID: 0b2ac7b4d0f079ecec1e9d553eff946a6150e151bee1ff534abd662eded62176
Opcode Fuzzy Hash: 66c193feb151689f22f4917ebc201042be794d02647c1ed80d6200a7553f4c17
Instruction Fuzzy Hash: 8C3199311183598BC714EF78E8C157BB7A0EFC1310F548A7DE9868B196D730A916CB01

Function 00B043A3 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfa71d64528941f9adf7689ad91c3b2d17533b8d2661e9d150569b83e26a8621
Instruction ID: 953749220fb77088fcd8ea357b22e7bff42873403390ee5904901c10b65d6cc2
Opcode Fuzzy Hash: cfa71d64528941f9adf7689ad91c3b2d17533b8d2661e9d150569b83e26a8621
Instruction Fuzzy Hash: 19315A752147128BC31DDF38E5A24BBB3E2FFD9321B14863D9593875D5DB3590178601

Function 00989D24 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a5ce4fe8f2d88674d35bc0be2a14475765c689d55f58794724589141f55958
Instruction ID: 9da8ac699cec06c7a05b7eb08f8ed5d49cf447a0f43910f881acce633e9ea6e2
Opcode Fuzzy Hash: 68a5ce4fe8f2d88674d35bc0be2a14475765c689d55f58794724589141f55958
Instruction Fuzzy Hash: D5316631459B429BD318DB39D8125EBB3E0EBD6360F24CB2CE5A9C71D0D738814ACB02

Function 008FFBB1 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dfa10d1468a8236ef5b858a97ba6bb27d235666f6f960edc972e096ac9b335b
Instruction ID: a0d6d86b6f7fd24330d6fba53b68b3f2d55eacc397f441f67bf88abb10e0c8cd
Opcode Fuzzy Hash: 6dfa10d1468a8236ef5b858a97ba6bb27d235666f6f960edc972e096ac9b335b
Instruction Fuzzy Hash: B331BF704082648BC720CFA8C451BBBB7F1FF96714F048929EA89DB392E3748904DB66

Function 00A42524 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ed4e661e8d71611be6ac721b963aa77b98de83603a274220ea2d23f0845743b
Instruction ID: a83b8271f17b9a1af29d138b0d9937821f57049a6a406263c548de985161192d
Opcode Fuzzy Hash: 6ed4e661e8d71611be6ac721b963aa77b98de83603a274220ea2d23f0845743b
Instruction Fuzzy Hash: 4421CE21924A524EDB24AF3CCC803FE3B935BC2320F99C6B8D455C76DADB3A9107D612

Function 008E7020 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33d31a09656a9d2dd8cbe1796d33085e85b9f7fe2a6e27ad1515e7e6793034da
Instruction ID: 4a2ecb13289947e6a057fb6183bc5cbfda61345e3f2867efa12a8eac645d6869
Opcode Fuzzy Hash: 33d31a09656a9d2dd8cbe1796d33085e85b9f7fe2a6e27ad1515e7e6793034da
Instruction Fuzzy Hash: 0511BC3371C6614BE768CE66D8F167A6392F7CA32170A013DDA87D7281CE21E801D250

Function 00B20D8F Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f8bf38adac1a90125f5789e9cf6f84cee25b3838fcb011e160abd52c5b58cab
Instruction ID: 0ec551baafa21a67ca9adbb76624829924bb4fb65c904d0874c9b0440572add7
Opcode Fuzzy Hash: 5f8bf38adac1a90125f5789e9cf6f84cee25b3838fcb011e160abd52c5b58cab
Instruction Fuzzy Hash: E52179321097178BD318DFB8D441AB7B3A1FBC1324F508A3DE182D7695DBB498A6CB81

Function 00A3DD10 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bf3b3aa25dbd9595c37522bf30dc472a7a171dfc0cc37a4daad98806432d0de
Instruction ID: 1afdabeec73bd36f8da87a63862c6c0a42ed3f72b17a78833938932565700cdc
Opcode Fuzzy Hash: 1bf3b3aa25dbd9595c37522bf30dc472a7a171dfc0cc37a4daad98806432d0de
Instruction Fuzzy Hash: 6B21F1325586468BC719DE3CE8448AAB7E2FBD5320B10CB3ED4AAC75D4CB35A10ACB40

Function 0093E0A9 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e515c2f553bc9230283e1625674a6a125e8ac53429777cd471f70775833008f2
Instruction ID: 4cc2c750da29afec5b9ea108387e509e1154b9b46875b2387ce7560ba682fc6e
Opcode Fuzzy Hash: e515c2f553bc9230283e1625674a6a125e8ac53429777cd471f70775833008f2
Instruction Fuzzy Hash: 9B2175304086078BDB0EEF3CD8800F2B7AAFBE1320B14C6AE804ACB4D9DB316119C780

Function 00BC28F3 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af712e345713d441f499cc0155debd1bb0adddf7aa929fa9371298cd732a2ff9
Instruction ID: 79ebab83e81e4b4ddf843b8a9e5414ee8933904bfb7e426a2a416956df3ba7b8
Opcode Fuzzy Hash: af712e345713d441f499cc0155debd1bb0adddf7aa929fa9371298cd732a2ff9
Instruction Fuzzy Hash: B42138772106124FE329DE7A8C558FB7293FBC6314395C63CA503CB2D9E639A8178680

Function 00B2CE0B Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e7790b85cb6afddf734a8f6f17ce98ad0b519010fbe79150b4fba9ece057c2b
Instruction ID: a1649f91850dd49fc19166ff311d912ea9dcc5f0a60f89fa0c9473551cca0164
Opcode Fuzzy Hash: 4e7790b85cb6afddf734a8f6f17ce98ad0b519010fbe79150b4fba9ece057c2b
Instruction Fuzzy Hash: 6B119C36110A064BE714E83ECC915BB72D7DBC0310B66C76C3542DFA59DA39490B5640

Function 0091B9F0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 752d0e56af8d60882b3122eabd923f215d972c1689838fad3a874349b73e0bd5
Instruction ID: 2db6549fcdbfadb74982ed1dfaec324170cb24878a6e5e87c0d6201776721aea
Opcode Fuzzy Hash: 752d0e56af8d60882b3122eabd923f215d972c1689838fad3a874349b73e0bd5
Instruction Fuzzy Hash: A911C633B491D94EC3168D3C84405A5BFE30E97234B5D8399F4B59B2E2D7238DCA9354

Function 009100B0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61bef49b1b035cdbad5d39575e8c3b82fa3bc25c86775e195134dc162f2f545
Instruction ID: 436008abf71c9af50bc772eb2b234d883f8fa3d8f5b9aca8adcd0166976157b1
Opcode Fuzzy Hash: b61bef49b1b035cdbad5d39575e8c3b82fa3bc25c86775e195134dc162f2f545
Instruction Fuzzy Hash: 19019EB5B0434557DA20AE2594C1B6BA2ACABC5B04F18442CE81997202DBB7EC85C2A2

Function 00900304 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cc04417f66777ef167f84988e05a7222f36cb3ec961075a1f2187c2d32b1c95
Instruction ID: 80b1ec55f3a846221068dfd92c5c9bc3456a346bb50b26a54b3dd10a00393a57
Opcode Fuzzy Hash: 6cc04417f66777ef167f84988e05a7222f36cb3ec961075a1f2187c2d32b1c95
Instruction Fuzzy Hash: DF2125714093908FC731DF44D440B9EBBE2FBC6340F45892EE9D96B242DB325894CB92

Function 00B47F80 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19752289b79dd9328a256a1f0a0458930d74845fc21f874d113192ce4c37e436
Instruction ID: dae6f5423116e86a7e855209ae51491710993da90a03355b691e2fcb7460c5c4
Opcode Fuzzy Hash: 19752289b79dd9328a256a1f0a0458930d74845fc21f874d113192ce4c37e436
Instruction Fuzzy Hash: EE01BD61114E2A4BDA11E93ADCA02F333C287E2320F919B1CF121CB1E4D727C1099A41

Function 008EF917 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d74589b7d67c0c2498a272706b7f91852bfb8a10c2c5a21e47afa93f3336fb7b
Instruction ID: 89eec2faa9d388016ab4b968c886e210ac6b6ca452dbe13c35624c8c9f27e42c
Opcode Fuzzy Hash: d74589b7d67c0c2498a272706b7f91852bfb8a10c2c5a21e47afa93f3336fb7b
Instruction Fuzzy Hash: F411AD21B161D5DBEB259B299C60B79BBB2FB87200F1841A9D5C6E7393D6308D41DB04

Function 009232E0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35ebd33b0a868ece5fa81ca9ba613642357e870ac6f59d1c087c9d52aadc636
Instruction ID: 7d8a3e583e3a390d0d73e3dbf99091ecfc1539457756a91f7df3a6d319445fe4
Opcode Fuzzy Hash: c35ebd33b0a868ece5fa81ca9ba613642357e870ac6f59d1c087c9d52aadc636
Instruction Fuzzy Hash: 15014F72A295214B8B4CDD3D9C2116BBBD19B89730F1A8B3DBDFAD72E0D234C8454685

Function 009021A0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aee55f74cf63f0bcf27f2a94c64ef40f74351bc2f3e3d73a2157603e7e4e9e0
Instruction ID: 83bc2a0f4c6610ad6eb8d3716051e8fa586fbabdba77dfa71d291bffbc2af4af
Opcode Fuzzy Hash: 1aee55f74cf63f0bcf27f2a94c64ef40f74351bc2f3e3d73a2157603e7e4e9e0
Instruction Fuzzy Hash: 42014B72A195210B8748DE3C992212BBEE15B85330F168B2EBCFAD73E0D628CD144696

Function 0092518B Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daa4c23ba341ba1de3acd8a1dea8ee6b6a739535d49418445a28a5e438f092d7
Instruction ID: 533996dfe0c91995aca2d96f898e57efd9d04c82b0661a44526d89f3880c43ad
Opcode Fuzzy Hash: daa4c23ba341ba1de3acd8a1dea8ee6b6a739535d49418445a28a5e438f092d7
Instruction Fuzzy Hash: 3101C0B09142418FDB00DFA8E99462F7BB1AB46300F588458D846BF34BD330DA25CBB6

Function 00928840 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a9568405e72b8c3c0afd9200954af8e1d122950d668918ddc6e28e26eda200e
Instruction ID: 0e8be9ed82d6b4c70a97410cf0f435ad040f5ce5e6968f53232a67c225a7954c
Opcode Fuzzy Hash: 5a9568405e72b8c3c0afd9200954af8e1d122950d668918ddc6e28e26eda200e
Instruction Fuzzy Hash: F6F0F47450D2909BD301EB58E594A2FFBF9EFAA700F14981CE4C49B352C239D855CB67

Function 008FB000 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ad453c1600f255c32cbbb150d56cd756ed5e62fad6ff47cef894d65736865b8
Instruction ID: 57c3e243d65a4e4d3847f3966e05fdc93459681931046a001c7207397d06235a
Opcode Fuzzy Hash: 4ad453c1600f255c32cbbb150d56cd756ed5e62fad6ff47cef894d65736865b8
Instruction Fuzzy Hash: 5BF05CB170461897DB329964ECC0F37BB9CDBC7334F090455E940D3102E6665844C3E6

Function 009400CB Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0cbd7fba636258c4d164663c59462bfad8085cec3076b1ed3ce884835154c40
Instruction ID: 870b5580f6354b3029a1aff89db78f41ca223f9b8b17a05bf08418b0b35d8ee6
Opcode Fuzzy Hash: b0cbd7fba636258c4d164663c59462bfad8085cec3076b1ed3ce884835154c40
Instruction Fuzzy Hash: 72E0223300C3901FE305CA28B66076B7BE4CBD1321FA4CC2EE8CEC3A00E130590A8792

Function 00926630 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6659d2df0d24e99c507b7a2ccb161750b1f3597b7b7931ee123b3b73159c1755
Instruction ID: ef26620b87d06be8b10c50149e09968369459f87008ab654462a4d7bc4db086f
Opcode Fuzzy Hash: 6659d2df0d24e99c507b7a2ccb161750b1f3597b7b7931ee123b3b73159c1755
Instruction Fuzzy Hash: 5FF05EB5D092958FC7029B94D9408BEFBB1EE13201B640496D481F3657D2289E06CB36

Function 009216A0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3816b49c30de282c311e471d239b395b74fc0d633d084e618a7aecab666d7a6
Instruction ID: a52d952f4281a4958c59d17c435be692c1b29a3b6a46a1eccb403230ce791478
Opcode Fuzzy Hash: b3816b49c30de282c311e471d239b395b74fc0d633d084e618a7aecab666d7a6
Instruction Fuzzy Hash: E8D05E21608631469B648E19A40497BF7F4EA97B11B89955EF682E3298D630DC41C2A9

Function 00926B07 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9287b2efa13e469759d9e542885c9b5c3d8238506cc69565a2e9650a02e7478
Instruction ID: a1dc72c15b83ffbcc0e8963afa079e0fae50915ac9d3ec6346ee75a3ba0db4bb
Opcode Fuzzy Hash: d9287b2efa13e469759d9e542885c9b5c3d8238506cc69565a2e9650a02e7478
Instruction Fuzzy Hash: 0BD052B6D181308BCB00DF44A80006AF332AB8A220B19A000C88533201CA34BE128AC8

Function 0090A8A0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0e0838d0af4ca94f530d92a49ad635050f03027ea155c25db9dc57ea9b5c196
Instruction ID: fbe88af7e7496e7918b5447de2f449e08447c3ac0ff9638745cf9a997aa28162
Opcode Fuzzy Hash: e0e0838d0af4ca94f530d92a49ad635050f03027ea155c25db9dc57ea9b5c196
Instruction Fuzzy Hash: 5FB0027495C1C0CBD508CF45D550575F375A74B205F14741CD146B7151D660E450DA1D

Function 008FFB73 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1396281304.00000000008E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008E0000, based on PE: true

Associated: 00000000.00000002.1396266900.00000000008E0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396316824.000000000092B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396333470.000000000092E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396351985.000000000093E000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396571979.0000000000BE0000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1396991408.000000000114D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8e0000_LgendPremium.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4816c599710318052a853996821aea5bbd7582c9bd90800ac626bf66ccfb7bf3
Instruction ID: 1df9294cd321597a6bd7a08163031794822be1b3fe8b19ae62b9ff9c95900a22
Opcode Fuzzy Hash: 4816c599710318052a853996821aea5bbd7582c9bd90800ac626bf66ccfb7bf3
Instruction Fuzzy Hash: 7FA011A0C0C08082C8002F202C0A032A03CA30B200F00B020C80E32023A022C208880A

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report LgendPremium.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
LgendPremium.exe

Function 008ED472 Relevance: 3.9, Strings: 3, Instructions: 132
COMMON

Function 00926170 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14
libraryCOMMON

Function 008F01A0 Relevance: 1.7, Strings: 1, Instructions: 403
COMMON

Function 009261CE Relevance: 1.4, Strings: 1, Instructions: 159
COMMON

Function 00929A10 Relevance: 1.4, Strings: 1, Instructions: 139
COMMON

Function 008EEBE0 Relevance: 1.6, APIs: 1, Instructions: 101
libraryCOMMON

Function 0092505A Relevance: 1.6, APIs: 1, Instructions: 70
libraryCOMMON

Function 00925D00 Relevance: 1.6, APIs: 1, Instructions: 50
COMMON

Function 009234C0 Relevance: 1.5, APIs: 1, Instructions: 45
memoryCOMMON

Function 00923498 Relevance: 1.5, APIs: 1, Instructions: 9
memoryCOMMON