Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DpEHzbOOoB.exe

Overview

General Information

Sample name:DpEHzbOOoB.exe
renamed because original name is a hash value
Original sample name:44f43f42c9ea788b936ec3b5da2e3ad6.exe
Analysis ID:1579030
MD5:44f43f42c9ea788b936ec3b5da2e3ad6
SHA1:5ae43b8c14aa9f1b9c1e123e3343de37bff60523
SHA256:bd3db35de8078184822ca8742025e6742deed410880360fd1361ec0ddc339067
Tags:AsyncRATexeRATuser-abuse_ch
Infos:

Detection

AsyncRAT
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AsyncRAT
AI detected suspicious sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
PE file contains more sections than normal
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • DpEHzbOOoB.exe (PID: 3472 cmdline: "C:\Users\user\Desktop\DpEHzbOOoB.exe" MD5: 44F43F42C9EA788B936EC3B5DA2E3AD6)
    • conhost.exe (PID: 2268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AsyncRATAsyncRAT is a Remote Access Tool (RAT) designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop control, and many other functions that may cause harm to the victims computer. In addition, AsyncRAT can be delivered via various methods such as spear-phishing, malvertising, exploit kit and other techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.asyncrat

Malware Configuration

Threatname: AsyncRAT

{"Server": "104.236.39.42", "Port": "6606,7707,8808", "Version": "0.5.8", "MutexName": "NLzwJdZ9VJQw", "Autorun": "false", "Group": "null"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
    00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmpWindows_Trojan_Asyncrat_11a11ba1unknownunknown
      • 0x98fb:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn "
      • 0xac38:$a2: Stub.exe
      • 0xacc8:$a2: Stub.exe
      • 0x66ff:$a3: get_ActivatePong
      • 0x9b13:$a4: vmware
      • 0x998b:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
      • 0x745a:$a6: get_SslClient
      00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
      • 0x998d:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
      00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
      • 0xcd19:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
      • 0x102af:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
      Click to see the 2 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.DpEHzbOOoB.exe.1030000.1.raw.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
        0.2.DpEHzbOOoB.exe.1030000.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          0.2.DpEHzbOOoB.exe.1030000.1.raw.unpackWindows_Trojan_Asyncrat_11a11ba1unknownunknown
          • 0x98fb:$a1: /c schtasks /create /f /sc onlogon /rl highest /tn "
          • 0xac38:$a2: Stub.exe
          • 0xacc8:$a2: Stub.exe
          • 0x66ff:$a3: get_ActivatePong
          • 0x9b13:$a4: vmware
          • 0x998b:$a5: \nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS
          • 0x745a:$a6: get_SslClient
          0.2.DpEHzbOOoB.exe.1030000.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_ASEP_REG_ReverseDetects file containing reversed ASEP Autorun registry keysditekSHen
          • 0x998d:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
          0.2.DpEHzbOOoB.exe.1030000.1.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
            Click to see the 2 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            No Suricata rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000000.00000002.3377585292.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: AsyncRAT {"Server": "104.236.39.42", "Port": "6606,7707,8808", "Version": "0.5.8", "MutexName": "NLzwJdZ9VJQw", "Autorun": "false", "Group": "null"}
            Multi AV Scanner detection for submitted file
            Source: DpEHzbOOoB.exeReversingLabs: Detection: 60%
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D618CF CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptReleaseContext,CryptDestroyHash,CryptDestroyKey,0_2_00D618CF
            Source: DpEHzbOOoB.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: DpEHzbOOoB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D70050
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D72290
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D72330
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D725A2
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D72508
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push ebp0_2_00E1C600
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D72740
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6E770
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, dword ptr [ecx]0_2_00D8C720
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D728DC
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6E9D7
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D729C0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push esi0_2_00D98970
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, dword ptr [ecx]0_2_00D98970
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6E900
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EAC0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D70A90
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, dword ptr [ecx]0_2_00D8CBE0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EBA0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EB1C
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6ECCC
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D72CF0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6ECE6
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EC7C
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EC08
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, dword ptr [ecx+08h]0_2_00D94DF0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, dword ptr [ecx]0_2_00D9ED90
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6ED89
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6ED60
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push esi0_2_00D8CD00
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EE8C
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EE40
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push esi0_2_00D94E60
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, dword ptr [ecx+08h]0_2_00D94E60
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EFFE
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EF63
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6EF25
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then sub esp, 1Ch0_2_00D890C0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, dword ptr [ecx]0_2_00D97010
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D71160
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D71290
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, dword ptr [ecx+08h]0_2_00D952A0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6F200
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D713D0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6F360
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push esi0_2_00D95310
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, dword ptr [ecx+08h]0_2_00D95310
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6F400
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6F438
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6F5D0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D73590
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D71588
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D71540
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D6F640
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push ebp0_2_00D977DB
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D737D0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push ebx0_2_00D897D3
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D73789
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D71980
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push ebx0_2_00DEB950
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then lea eax, dword ptr [ecx+0Ch]0_2_00D9792B
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then lea eax, dword ptr [ecx+08h]0_2_00D97A8B
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D71A20
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then lea eax, dword ptr [ecx+04h]0_2_00D97BEB
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then mov eax, 00E281BCh0_2_00DDFB80
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00D71CC0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push edi0_2_00D8BCA0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then push edi0_2_00DDFD30
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 4x nop then jmp 00D614C0h0_2_00E19EE0

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: global trafficTCP traffic: 192.168.2.6:49725 -> 104.236.39.42:6606
            Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: unknownTCP traffic detected without corresponding DNS query: 104.236.39.42
            Source: DpEHzbOOoB.exeString found in binary or memory: https://gcc.gnu.org/bugs/):

            Key, Mouse, Clipboard, Microphone and Screen Capturing

            barindex
            Yara detected AsyncRAT
            Source: Yara matchFile source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.DpEHzbOOoB.exe.1030000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: DpEHzbOOoB.exe PID: 3472, type: MEMORYSTR

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
            Source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
            Source: 0.2.DpEHzbOOoB.exe.1030000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
            Source: 0.2.DpEHzbOOoB.exe.1030000.1.unpack, type: UNPACKEDPEMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
            Source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Asyncrat_11a11ba1 Author: unknown
            Source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
            Source: 00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
            Source: Process Memory Space: DpEHzbOOoB.exe PID: 3472, type: MEMORYSTRMatched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB40500_2_00DB4050
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DCA1000_2_00DCA100
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB22C00_2_00DB22C0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DBE2800_2_00DBE280
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D643C00_2_00D643C0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DC03400_2_00DC0340
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DBA3300_2_00DBA330
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D6E4400_2_00D6E440
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB88400_2_00DB8840
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D729C00_2_00D729C0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DCE9E00_2_00DCE9E0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC9300_2_00DAC930
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D70A900_2_00D70A90
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DA0A700_2_00DA0A70
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB4A300_2_00DB4A30
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D72CF00_2_00D72CF0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DBECE00_2_00DBECE0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB2CA00_2_00DB2CA0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D9AC700_2_00D9AC70
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D9ED900_2_00D9ED90
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DF0ED00_2_00DF0ED0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DC0EC00_2_00DC0EC0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D98E400_2_00D98E40
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DBCE300_2_00DBCE30
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D650700_2_00D65070
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DC52900_2_00DC5290
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DC728D0_2_00DC728D
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB13900_2_00DB1390
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB54A00_2_00DB54A0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAF5700_2_00DAF570
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DC35100_2_00DC3510
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB36700_2_00DB3670
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAD7F00_2_00DAD7F0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DBD8000_2_00DBD800
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DBF8000_2_00DBF800
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB7AD00_2_00DB7AD0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D9BBD80_2_00D9BBD8
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D9FC200_2_00D9FC20
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DCBD3D0_2_00DCBD3D
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D99E800_2_00D99E80
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB5F400_2_00DB5F40
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_006A1AC50_2_006A1AC5
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: String function: 00E1FAD0 appears 266 times
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: String function: 00E1FC60 appears 46 times
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: String function: 00E1DFB0 appears 36 times
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: String function: 00E1FBC0 appears 82 times
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: String function: 00DFDF30 appears 39 times
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: String function: 00E1DE50 appears 36 times
            Source: DpEHzbOOoB.exeStatic PE information: Number of sections : 18 > 10
            Source: DpEHzbOOoB.exe, 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameStub.exe" vs DpEHzbOOoB.exe
            Source: DpEHzbOOoB.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
            Source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
            Source: 0.2.DpEHzbOOoB.exe.1030000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
            Source: 0.2.DpEHzbOOoB.exe.1030000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
            Source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Asyncrat_11a11ba1 reference_sample = fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1, os = windows, severity = x86, creation_date = 2021-08-05, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Asyncrat, fingerprint = 715ede969076cd413cebdfcf0cdda44e3a6feb5343558f18e656f740883b41b8, id = 11a11ba1-c178-4415-9c09-45030b500f50, last_modified = 2021-10-04
            Source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
            Source: 00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
            Source: Process Memory Space: DpEHzbOOoB.exe PID: 3472, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
            Source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, Settings.csBase64 encoded string: 'ywODZf305wWXdAZWhT9HiHVvJUbegV+c8pfaDsV5zHUrGVbCWHK5Oc0pZMncSOyNAaywUaaOZFqLm0346YwaDg==', 'zvwyge4m4aTtV6KENeAXTLml5RnI5h2+/F3gC1dGzwncBzrlg+WGoNGY99nLtW+ycksKaSBUX66r/rJbnnGAUg==', 'IYLsJTMrnn/zfFA3W62/c9RR+E4ApuCfYJfkbL3ls4eNpmHp4Yugh1CJOlbD1Wr9ZE/R62n3d2zqAZjQN5P5kimI3D1FUD+GTvMn/idZdzzMG+/4glTGuOAunTV8juQ7eviHML6HLuUSP7KQZgSDql6AgEf22GBiA7jTUeMe2fm/gU7gzQxIogUw71GsWmrBISTzb1J/7osyrmzKdtF84wKCYLNZ3lSK3ulWqRqv11IIZjq56BMSVENPvpokLjjrEDiWFGentstkuS0dBr1v7qYpWt0eMrabpkMnGwMlIT/ySvFNaXbQeZ1H6NY8krTYXKPJjhZdjvk08oBdrQXD9snIwIEI2loDikWV/uu7m0IxCCsyzONDphhU8DqpXkPSB1KVInXc4pMjhGL4qTR98vtqMui4KB7dF/Lq63WnjpH7zXxx8xNOHnwCOoxAo8HZ7oyxNYGDijrUHLKv4+Ee499D8pUGN7ZdIDLQ0tTMYPA0OZr+JccQ6oV6589k55iiGj1vdU+4i7tua1Shydkj8i5q/YQ6K9/bGZ4SAqRtEUlLPmqz5FHlXkENZLQAE9ff2mzCLCEc92m4AVA4jZ62W48rDYdXN7ZT+bn880sLFMwrhTRXVIZbe59b+EeRVSeKdEwlEUUbCd6U1luawA0oQ7ieh2csqvmzXMg3KADJFMkVxbUwHbsc6+yqq47od7O7DeMTEKv5kl0MPL9eDHqWU9a/RzGpy2YushiEsI/x7jREJlRWdXBWimaU+HTC85LpTIzkj1snLfn6yg6B/dFPmL2KbVo9GPtHVz4XMasOQaloAKPzu8L/QKXS8Th+An2iDMIsPyZ8Fq/QoNvOmtNql8pPu10jHtGuYrPFkxKFMmKICnJpKzjDEGvSw7qzTNSoCqHfaWb8gPCvMbRq0IZpvz7c1JjFbyW4Io7wVnI4rOJ2Kg8nOIqTio9Uk3Uj0IXEIqULjknpZTK13jAMoJ6Z3IPPPx2y8wrX7Tk3RQBcDccFGSK3JjcrvbRxYEcCnV1iNkQcDUKAiLTltqSTxaKH4mmRWGXCdOUdja5TeUtCpSeB7weKfYj9zb32ywvIj1UN19AC9spAmlu2UZKJJx9WJyzXFAQ8JuYU7bEur7m2s3ySyzdG60KrJPocbBxZRVyxghPlOP7+RpSTUoZJSa/JPLdkenyvwOH0LaY644WDJ/tAh3xUE4XVrLhcCW6CjZk/ymK2mk+GaJiKdHqSmbwq6MCJWa1tmJopLnKZD8j0VVT/Z/dnIwLNHlaJ/bN9RuPWsvtMX16RQkJ3e5xfUQMZ07PvYn9fGQLsxOsIzLcRwf3oSG+v98EIxNcrU3F5NFq5hR3y66Bz5ExH3fGNKZRNroT4R4ERd0BtB2JUWYjPMsGH6kSvo6+n5NK31b6o9iIkdFr8eG4LSo6oylMQ4OMsqZIA/HXGUSSnTQ5H+Jqi0F1VSyH5CPOs+aUHvNJooudZJgTP2BDvALpEBpjs/DcAhIvVvCaYrPCipTQZVan7bg0i8XrB21cS5b8WtsatGgEXeWrfvcmfJPetXoEnS+BY3b/8Ap+Dc+sp2t2JMivXoq3dxWKASF+KQEFAihvEH+I8RmNRQpmRbF+yNfZa0LU4eOnc664lazpDJYZm9QRNcjx4fVBUu+bFMkwsZSUFAXj4GzbEc2ueMX/TGaRvdLIN5GXS1b8cL4kpKICG2K0ndsaDjdjF4Y09XqkrIxqFPAtb6mWGrI0bb+lXGM/oDB5evqLKzW0NSGcPwXHxREqnUgeezXTRoijYIomPPQkwZl639zInnfPwGVr3pSGhZW0MVyOzLaIvAt3GH2Y5ZFaTj95po5DruQzB2Js0Z30kZbt+/+gWaNwSud94CCI9OdLq+QsSOxMXBVb+2PGZylLWCZhA7kWvKbQNrQq4o912HPdONQAPmqKYiHrTgqXFLQz97mlBS7qSWi5x5rG4qEHpyPNM4yzGC132uD2xW/RBlxLva+dOTAB41OiRQ8pcF1VME7N4Aev183QNH+f2OiJKuaKSYUT/L6Wx+HtB3/EChDLmJZ2hQrnbpKYAC7GtceJAyvqj23B1aPua+roplCnaAq8hMF36HdHK5dw7Gb0/EdkUBGDNll89jOs5OV3PP7KjEFsCX5MbDMVbxp30jUX6UBdYvGg09pxgFRJ7Dz795qeOfJFxyOuVna4B5N3pqgICGhNd8Xyns6lqsUi8obXQbMETLcy2GuBe1dx7zBIjTWE3nFDxFTlWf7iAajZp+D9xpED4ZOalGshOUisCZRKSqsFgn/sRELJLjYGsRODeJuNLPtd29OIeuOSHC+yXTgeg6JG6d9FU8LZJJ/2+iEplCYc=', 'r85rHPhchJiLNCmS/crTi5FckEdxlrDO5T0Q4QuLKwvW1mMbhLPdJIip3aK3zqmVM72xAQjSYeF7hmv1Wvx3cw==', 'KfSIJNY7/lFwhCcig+Ed65j8ToCy12/TpxSa/5yAQxxHoKlrv3hxbmCJVsvuG2T3sDrHq68ULz3yeDYJ8F3PYQ==', 'VpWsh4IaTeCNJmNS0HPoXNJtZN5eV2icjVTK5qcUZSXPKO4ptAQbswJMTrUgkmgigytBADJo0FPDXTrbnheWrg=='
            Source: classification engineClassification label: mal84.troj.evad.winEXE@2/1@0/1
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeMutant created: NULL
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeMutant created: \Sessions\1\BaseNamedObjects\NLzwJdZ9VJQw
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2268:120:WilError_03
            Source: DpEHzbOOoB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: DpEHzbOOoB.exeReversingLabs: Detection: 60%
            Source: unknownProcess created: C:\Users\user\Desktop\DpEHzbOOoB.exe "C:\Users\user\Desktop\DpEHzbOOoB.exe"
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: DpEHzbOOoB.exeStatic file information: File size 2905266 > 1048576
            Source: DpEHzbOOoB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D614C0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00D614C0
            Source: DpEHzbOOoB.exeStatic PE information: section name: /4
            Source: DpEHzbOOoB.exeStatic PE information: section name: /14
            Source: DpEHzbOOoB.exeStatic PE information: section name: /29
            Source: DpEHzbOOoB.exeStatic PE information: section name: /41
            Source: DpEHzbOOoB.exeStatic PE information: section name: /55
            Source: DpEHzbOOoB.exeStatic PE information: section name: /67
            Source: DpEHzbOOoB.exeStatic PE information: section name: /80
            Source: DpEHzbOOoB.exeStatic PE information: section name: /91
            Source: DpEHzbOOoB.exeStatic PE information: section name: /107
            Source: DpEHzbOOoB.exeStatic PE information: section name: /123
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB402A push ecx; mov dword ptr [esp], ebx0_2_00DB403E
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC1AE push eax; mov dword ptr [esp], ebx0_2_00DAC1C4
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00E2026C push eax; mov dword ptr [esp], ebx0_2_00E20292
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00E2026C push edx; mov dword ptr [esp], edi0_2_00E202EE
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DE8230 push eax; mov dword ptr [esp], ebx0_2_00DE833F
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DF83D0 push edi; mov dword ptr [esp], ebx0_2_00DF88D5
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC3A0 push eax; mov dword ptr [esp], ebx0_2_00DAC3D0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC3A4 push eax; mov dword ptr [esp], ebx0_2_00DAC3D0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DEA340 push edx; mov dword ptr [esp], ebx0_2_00DEA555
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DEA340 push eax; mov dword ptr [esp], ebx0_2_00DEA578
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC372 push eax; mov dword ptr [esp], ebx0_2_00DAC3D0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC370 push eax; mov dword ptr [esp], ebx0_2_00DAC3D0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DD2470 push eax; mov dword ptr [esp], ebx0_2_00DD268E
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DD46C0 push eax; mov dword ptr [esp], ebx0_2_00DD4862
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DD0690 push ecx; mov dword ptr [esp], ebx0_2_00DD1538
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC660 push eax; mov dword ptr [esp], ebx0_2_00DAC859
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC606 push eax; mov dword ptr [esp], ebx0_2_00DAC61C
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC7F3 push eax; mov dword ptr [esp], ebx0_2_00DAC859
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC7F1 push eax; mov dword ptr [esp], ebx0_2_00DAC859
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DD87F0 push eax; mov dword ptr [esp], ebx0_2_00DD8A20
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DAC82A push eax; mov dword ptr [esp], ebx0_2_00DAC859
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB4A05 push ecx; mov dword ptr [esp], ebx0_2_00DB4A19
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB6BE8 push edx; mov dword ptr [esp], ebx0_2_00DB6BFC
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DF8B10 push edi; mov dword ptr [esp], ebx0_2_00DF9015
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00DB2C7A push ecx; mov dword ptr [esp], ebx0_2_00DB2C8E
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D8E0AA push eax; mov dword ptr [esp], esi0_2_00E20EF9
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D8E0AA push eax; mov dword ptr [esp], ebx0_2_00E20FBE
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D8E0AA push eax; mov dword ptr [esp], esi0_2_00E20EF9
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D8E0AA push eax; mov dword ptr [esp], ebx0_2_00E20FBE
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D8AED9 push eax; mov dword ptr [esp], ebx0_2_00E20292
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D8AED9 push edx; mov dword ptr [esp], edi0_2_00E202EE

            Boot Survival

            barindex
            Yara detected AsyncRAT
            Source: Yara matchFile source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.DpEHzbOOoB.exe.1030000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: DpEHzbOOoB.exe PID: 3472, type: MEMORYSTR
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AsyncRAT
            Source: Yara matchFile source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.DpEHzbOOoB.exe.1030000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: DpEHzbOOoB.exe PID: 3472, type: MEMORYSTR
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: DpEHzbOOoB.exe, 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeMemory allocated: C70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeMemory allocated: 2AF0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeMemory allocated: C90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeAPI coverage: 1.6 %
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D82B46 GetSystemTimeAsFileTime followed by cmp: cmp dword ptr [ebp-0ch], 01h and CTI: jnle 00D82B80h0_2_00D82B46
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D82B46 GetSystemTimeAsFileTime followed by cmp: cmp eax, 02h and CTI: ja 00D82C61h0_2_00D82B46
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: DpEHzbOOoB.exe, 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: vmware
            Source: DpEHzbOOoB.exe, 00000000.00000002.3378074049.000000000515A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D7F5CF IsDebuggerPresent,RaiseException,0_2_00D7F5CF
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D614C0 GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00D614C0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeProcess token adjusted: DebugJump to behavior
            Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D61102 Sleep,_initterm,_initterm,SetUnhandledExceptionFilter,_set_invalid_parameter_handler,exit,_cexit,0_2_00D61102
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D7FD9F RtlRemoveVectoredExceptionHandler,RtlRemoveVectoredExceptionHandler,RtlAddVectoredExceptionHandler,RtlAddVectoredExceptionHandler,TlsGetValue,CloseHandle,CloseHandle,TlsSetValue,CloseHandle,CloseHandle,TlsSetValue,CloseHandle,0_2_00D7FD9F
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeCode function: 0_2_00D7E8A0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_00D7E8A0
            Source: C:\Users\user\Desktop\DpEHzbOOoB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Yara detected AsyncRAT
            Source: Yara matchFile source: 0.2.DpEHzbOOoB.exe.1030000.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.DpEHzbOOoB.exe.1030000.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: DpEHzbOOoB.exe PID: 3472, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Scheduled Task/Job            		1
            Scheduled Task/Job            		1
            Process Injection            		1
            Virtualization/Sandbox Evasion            		OS Credential Dumping11
            System Time Discovery            		Remote Services1
            Archive Collected Data            		2
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Scheduled Task/Job            		1
            Disable or Modify Tools            		LSASS Memory111
            Security Software Discovery            		Remote Desktop ProtocolData from Removable Media1
            Non-Standard Port            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Process Injection            		Security Account Manager1
            Virtualization/Sandbox Evasion            		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Deobfuscate/Decode Files or Information            		NTDS4
            System Information Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script131
            Obfuscated Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            DpEHzbOOoB.exe61%ReversingLabsWin32.Backdoor.Asyncrat

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            No contacted domains info

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://gcc.gnu.org/bugs/):DpEHzbOOoB.exefalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              104.236.39.42
              		unknownUnited States
              		14061DIGITALOCEAN-ASNUStrue

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1579030
              Start date and time:2024-12-20 17:46:29 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 4m 57s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:6
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:DpEHzbOOoB.exe
              renamed because original name is a hash value
              Original Sample Name:44f43f42c9ea788b936ec3b5da2e3ad6.exe
              Detection:MAL
              Classification:mal84.troj.evad.winEXE@2/1@0/1
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 32
              • Number of non-executed functions: 180
              Cookbook Comments:
              • Found application associated with file extension: .exe

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.12.23.50
              • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • VT rate limit hit for: DpEHzbOOoB.exe

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              DIGITALOCEAN-ASNUShttp://email.mg.mylearninghub.com/c/eJyUzr9OxCAcAOCngc2Gf6UwMBjPeiZ3i4nJeRuF3vWXUlBKz9anNw5OTu7f8HlDnacU94Y2XEhKJFF4MPqinXaO1KLXyhHbKKuJrLUinXVKKgyGESYoo5oyKkVT-UbwWrva876RjikkyHStpi30NkeI12HpKpcmHMxQyvuM-D1iLWKt70Oxv-ivR6y1SxkQay-Q53JIV4htCiF9HiCOiLcu-f4hxQvkCfHdG23G7vixvj4v9XY80ePTeHoJqzz79XGvzivZf51P4w0Qk-AR30muFM7GbnHJVWfzCBEJ4i2AG-ButnHc0k-jKhmX_83xzbDvAAAA__-qL3HaGet hashmaliciousUnknownBrowse
              • 142.93.172.25
              nshmpsl.elfGet hashmaliciousMiraiBrowse
              • 46.101.242.244
              https://www.tblgroup.com/tbl2/certificados-digitales/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
              • 178.128.225.126
              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, zgRATBrowse
              • 178.62.201.34
              file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC StealerBrowse
              • 178.62.201.34
              8ZVMneG.exeGet hashmaliciousLummaCBrowse
              • 178.62.201.34
              file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
              • 104.131.68.180
              file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
              • 178.62.201.34
              ir_agent.exeGet hashmaliciousMetasploitBrowse
              • 157.230.10.115
              https://track.samsupport.jmsend.com/z.z?l=aHR0cHM6Ly9zYW1zdXBwb3J0cy1jb20uam1haWxyb3V0ZS5uZXQveC91P3U9ZWJlNTI4YmMtYTNjMS00NjI0LWFmZjEtYzcwNDJmMjczZWIw&r=14771356625&d=20437066&p=1&t=h&h=40dfe9be3647ce867f619b07dd91c655Get hashmaliciousUnknownBrowse
              • 104.248.15.35

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              \Device\ConDrv

              Download File
              Process:C:\Users\user\Desktop\DpEHzbOOoB.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):90
              Entropy (8bit):4.183775979370118
              Encrypted:false
              SSDEEP:3:Avi93MFQQKrVso9zKAJIKdtJdEmzxMfaVsn:AKxMFQQqso9zKbBixMfesn
              MD5:2F17D8A7B60890A595E67EA1726570CE
              SHA1:E6A32E0478C5540A98F102EFEFF1E1850CF482AC
              SHA-256:50B700773E55F2A9E276E2575422F31B7E805C454BDBE2ABACAC14EB8F5BCB01
              SHA-512:794BD34D6A44E49E18D81FC9DA55DE2EC10D27D4A27D4FC374F7C83AB78B58E1EBB0C3668A47199B7AC2EB218DB482A9B73A008C2F32D0EE6CAE82D14FD99F0D
              Malicious:false
              Reputation:low
              Preview:Allocted memory for shellcode: 00690000..Moved shellcode into allocated memory: 00690000..

              Static File Info

              General

              File type:PE32 executable (console) Intel 80386, for MS Windows
              Entropy (8bit):6.225211960607337
              TrID:
              • Win32 Executable (generic) a (10002005/4) 99.83%
              • Windows Screen Saver (13104/52) 0.13%
              • Generic Win/DOS Executable (2004/3) 0.02%
              • DOS Executable Generic (2002/1) 0.02%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:DpEHzbOOoB.exe
              File size:2'905'266 bytes
              MD5:44f43f42c9ea788b936ec3b5da2e3ad6
              SHA1:5ae43b8c14aa9f1b9c1e123e3343de37bff60523
              SHA256:bd3db35de8078184822ca8742025e6742deed410880360fd1361ec0ddc339067
              SHA512:8f0efd96a0ecda7ddd683520d4005b7ddea427b1dc104fec044812b1289f398b86d889dd901341ee97fcc605b14174fe29793f713e9ee2ab839eca15cff88bda
              SSDEEP:24576:gKncCmoImiJ7un1SdudwaXwQ9gGo7GiaeY8i1ZXD1Fcb6DXqM6DV+QVJHcuQ5p3j:nnfZ2aXl2GoaPeY8Mjv69hF65VB
              TLSH:02D50913668B0E65CDC267B8518B537A9734EE75CA27CBBFEB49C5206D132C07C2A742
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W<`g.....`....&....*.^...................p....@..................................k,...@... ............................

              File Icon

              Icon Hash:00928e8e8686b000

              Static PE Info

              General

              Entrypoint:0x4010de
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows cui
              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
              Time Stamp:0x67603C57 [Mon Dec 16 14:42:31 2024 UTC]
              TLS Callbacks:0x40d2bc, 0x40d353, 0x41fd9f
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:708f232e472f8eef6981a507eea8665b

              Entrypoint Preview

              Instruction
              push ebp
              mov ebp, esp
              sub esp, 18h
              mov dword ptr [ebp-0Ch], 000000FFh
              mov dword ptr [0056D15Ch], 00000000h
              call 00007F800514D4FDh
              mov dword ptr [ebp-0Ch], eax
              mov eax, dword ptr [ebp-0Ch]
              leave
              ret
              lea ecx, dword ptr [esp+04h]
              and esp, FFFFFFF0h
              push dword ptr [ecx-04h]
              push ebp
              mov ebp, esp
              push ecx
              sub esp, 44h
              mov dword ptr [ebp-10h], 00000000h
              mov dword ptr [ebp-18h], 00000018h
              mov eax, dword ptr [ebp-18h]
              mov eax, dword ptr fs:[eax]
              mov dword ptr [ebp-1Ch], eax
              mov eax, dword ptr [ebp-1Ch]
              mov eax, dword ptr [eax+04h]
              mov dword ptr [ebp-14h], eax
              mov dword ptr [ebp-0Ch], 00000000h
              jmp 00007F800514D514h
              mov eax, dword ptr [ebp-10h]
              cmp eax, dword ptr [ebp-14h]
              jne 00007F800514D4FBh
              mov dword ptr [ebp-0Ch], 00000001h
              jmp 00007F800514D52Dh
              mov dword ptr [esp], 000003E8h
              mov eax, dword ptr [0056E488h]
              call eax
              sub esp, 04h
              mov eax, dword ptr [ebp-14h]
              mov dword ptr [ebp-20h], 0056DC08h
              mov dword ptr [ebp-24h], eax
              mov dword ptr [ebp-28h], 00000000h
              mov ecx, dword ptr [ebp-24h]
              mov eax, dword ptr [ebp-28h]
              mov edx, dword ptr [ebp-20h]
              lock cmpxchg dword ptr [edx], ecx
              mov dword ptr [ebp-10h], eax
              cmp dword ptr [ebp-10h], 00000000h
              jne 00007F800514D4A6h
              mov eax, dword ptr [0056DC04h]
              cmp eax, 01h
              jne 00007F800514D500h
              mov dword ptr [esp], 0000001Fh
              call 00007F800516926Bh
              jmp 00007F800514D525h
              mov eax, dword ptr [0056DC04h]

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x16e0000x1394.idata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x1720000xef0c.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x123a880x18.rdata
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x16e3ac0x280.idata
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000xc5c280xc5e00da1a6fff796c4b8a4b3b1ef456033671False0.36838553182248895data6.313742710900034IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .data0xc70000x14100x16004fbd2f347950781b7c6714b88862969eFalse0.07137784090909091data0.9702256770678146IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .rdata0xc90000x64f8c0x6500005edf2bd01378887e0205cbbc0dcd3e2False0.3735810836943069data5.003907969655444IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              /40x12e0000x3e4fc0x3e60007a84cbc4fe74d49639db3a359e0cd51False0.20224824649298598data4.913292120754181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .bss0x16d0000xc0c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .idata0x16e0000x13940x14009ab4c6b67efc6d615b346dc8bdf78504False0.377734375data5.295637926792917IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .CRT0x1700000x340x200a4634427fcf734c8aecff685d4fdc4caFalse0.072265625data0.28578180731160896IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .tls0x1710000x80x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .reloc0x1720000xef0c0xf000cb167f68606e3ef91f0b6837ce46d947False0.22722981770833334data6.262729340507036IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              /140x1810000x1300x20012fa29153b93ece2190236c6bbeb1fb3False0.279296875Matlab v4 mat-file (little endian) *, rows 2, columns 2621441.6218896208732692IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              /290x1820000xf7cb0xf80061e5f63589ecf82ed194e7ae3453ff8eFalse0.45258946572580644data5.914789511515112IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              /410x1920000x18fc0x1a000f82a5d48fc64307da51c826c542a577False0.2839543269230769data4.896568038236842IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              /550x1940000x6f2d0x70001f9a1aaed2bea933de371052f95fbae1False0.3854282924107143data4.954625869972493IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              /670x19b0000x380x200f26bb6eed100e61d55f22695afa1f8e1False0.1171875data0.6721446845015865IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              /800x19c0000x1e40x200ea05d2ee4f233893bbc10dcfba4c3d6dFalse0.61328125data4.697729175672054IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              /910x19d0000xa540xc00c37bba5bdc410758225420016319f6d7False0.12076822916666667data4.5559805073614505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              /1070x19e0000x8f5b0x90008930bbaeea12303a5294abc5b5b0af4bFalse0.4320746527777778data5.4381632695093005IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              /1230x1a70000xeeb0x10007e6435553fc6fc41988b2933019d85feFalse0.546142578125data5.115902564300797IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Imports

              DLLImport
              ADVAPI32.dllCryptAcquireContextW, CryptCreateHash, CryptDecrypt, CryptDeriveKey, CryptDestroyHash, CryptDestroyKey, CryptHashData, CryptReleaseContext
              KERNEL32.dllCloseHandle, CreateEventA, CreateSemaphoreA, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, FileTimeToSystemTime, FormatMessageA, FreeLibrary, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetHandleInformation, GetLastError, GetModuleHandleA, GetProcAddress, GetProcessAffinityMask, GetProcessTimes, GetSystemTimeAdjustment, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetThreadTimes, GetTickCount, InitializeCriticalSection, IsDebuggerPresent, LeaveCriticalSection, LoadLibraryA, LocalFree, MultiByteToWideChar, OpenProcess, OutputDebugStringA, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseException, ReleaseSemaphore, ResetEvent, ResumeThread, SetEvent, SetLastError, SetProcessAffinityMask, SetSystemTime, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, Sleep, SuspendThread, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WideCharToMultiByte
              api-ms-win-crt-convert-l1-1-0.dllmbrtowc, strtol, strtoul, wcrtomb
              api-ms-win-crt-environment-l1-1-0.dll__p__environ, __p__wenviron, getenv
              api-ms-win-crt-filesystem-l1-1-0.dll_lock_file, _unlock_file
              api-ms-win-crt-heap-l1-1-0.dll_set_new_mode, calloc, free, malloc, realloc
              api-ms-win-crt-locale-l1-1-0.dll___lc_codepage_func, ___mb_cur_max_func, localeconv, setlocale
              api-ms-win-crt-math-l1-1-0.dll__setusermatherr
              api-ms-win-crt-private-l1-1-0.dll_setjmp3, longjmp, memchr, memcmp, memcpy, memmove, strchr
              api-ms-win-crt-runtime-l1-1-0.dll__p___argc, __p___argv, __p___wargv, _beginthreadex, _cexit, _configure_narrow_argv, _configure_wide_argv, _crt_at_quick_exit, _crt_atexit, _endthreadex, _errno, _exit, _initialize_narrow_environment, _set_app_type, _initialize_wide_environment, _initterm, _set_invalid_parameter_handler, abort, exit, signal, strerror, system
              api-ms-win-crt-stdio-l1-1-0.dll__acrt_iob_func, __p__commode, __p__fmode, __stdio_common_vfprintf, __stdio_common_vfwprintf, __stdio_common_vsprintf, __stdio_common_vswprintf, _read, fgetwc, fputc, fputs, fwrite, getc
              api-ms-win-crt-string-l1-1-0.dll_strdup, iswctype, memset, strcmp, strcoll, strlen, strncmp, strxfrm, towlower, towupper, wcscoll, wcslen, wcsxfrm
              api-ms-win-crt-time-l1-1-0.dll__daylight, __timezone, __tzname, _tzset, strftime, wcsftime
              api-ms-win-crt-utility-l1-1-0.dllrand_s

              Network Behavior

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Dec 20, 2024 17:47:36.049096107 CET497256606192.168.2.6104.236.39.42
              Dec 20, 2024 17:47:36.180247068 CET660649725104.236.39.42192.168.2.6
              Dec 20, 2024 17:47:36.180439949 CET497256606192.168.2.6104.236.39.42
              Dec 20, 2024 17:47:36.199896097 CET497256606192.168.2.6104.236.39.42
              Dec 20, 2024 17:47:36.320538044 CET660649725104.236.39.42192.168.2.6
              Dec 20, 2024 17:47:58.073753119 CET660649725104.236.39.42192.168.2.6
              Dec 20, 2024 17:47:58.073844910 CET497256606192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:03.093419075 CET497256606192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:03.093839884 CET497918808192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:03.212858915 CET660649725104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:03.213293076 CET880849791104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:03.213439941 CET497918808192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:03.213917017 CET497918808192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:03.334248066 CET880849791104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:25.105786085 CET880849791104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:25.108633995 CET497918808192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:30.121963024 CET497918808192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:30.122349977 CET498557707192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:30.241885900 CET880849791104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:30.242165089 CET770749855104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:30.242361069 CET498557707192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:30.242729902 CET498557707192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:30.362256050 CET770749855104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:52.121881008 CET770749855104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:52.121969938 CET498557707192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:57.137475014 CET498557707192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:57.137983084 CET499197707192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:57.257160902 CET770749855104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:57.257584095 CET770749919104.236.39.42192.168.2.6
              Dec 20, 2024 17:48:57.257674932 CET499197707192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:57.258121967 CET499197707192.168.2.6104.236.39.42
              Dec 20, 2024 17:48:57.377671003 CET770749919104.236.39.42192.168.2.6
              Dec 20, 2024 17:49:19.184549093 CET770749919104.236.39.42192.168.2.6
              Dec 20, 2024 17:49:19.184679031 CET499197707192.168.2.6104.236.39.42
              Dec 20, 2024 17:49:24.200259924 CET499197707192.168.2.6104.236.39.42
              Dec 20, 2024 17:49:24.200789928 CET499798808192.168.2.6104.236.39.42
              Dec 20, 2024 17:49:24.319782972 CET770749919104.236.39.42192.168.2.6
              Dec 20, 2024 17:49:24.320395947 CET880849979104.236.39.42192.168.2.6
              Dec 20, 2024 17:49:24.320554018 CET499798808192.168.2.6104.236.39.42
              Dec 20, 2024 17:49:24.321150064 CET499798808192.168.2.6104.236.39.42
              Dec 20, 2024 17:49:24.440671921 CET880849979104.236.39.42192.168.2.6

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:11:47:20
              Start date:20/12/2024
              Path:C:\Users\user\Desktop\DpEHzbOOoB.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\DpEHzbOOoB.exe"
              Imagebase:0xd60000
              File size:2'905'266 bytes
              MD5 hash:44F43F42C9EA788B936EC3B5DA2E3AD6
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Asyncrat_11a11ba1, Description: unknown, Source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, Author: unknown
              • Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000000.00000002.3377512207.0000000001030000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
              Reputation:low
              Has exited:false

              General

              Target ID:1
              Start time:11:47:20
              Start date:20/12/2024
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff66e660000
              File size:862'208 bytes
              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:false

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:0.9%
                Dynamic/Decrypted Code Coverage:26.4%
                Signature Coverage:7%
                Total number of Nodes:258
                Total number of Limit Nodes:13
                execution_graph 129821 6a00bb 129822 6a01c9 129821->129822 129823 6a00df 129821->129823 129833 6a1395 129822->129833 129857 6a293c 129823->129857 129826 6a00f7 129827 6a293c LoadLibraryA 129826->129827 129832 6a016f 129826->129832 129828 6a0139 129827->129828 129829 6a293c LoadLibraryA 129828->129829 129830 6a0155 129829->129830 129831 6a293c LoadLibraryA 129830->129831 129831->129832 129834 6a293c LoadLibraryA 129833->129834 129835 6a13b8 129834->129835 129836 6a293c LoadLibraryA 129835->129836 129837 6a13d0 129836->129837 129838 6a293c LoadLibraryA 129837->129838 129839 6a13ee 129838->129839 129840 6a1403 VirtualAlloc 129839->129840 129855 6a1417 129839->129855 129842 6a1431 129840->129842 129840->129855 129841 6a293c LoadLibraryA 129843 6a14af 129841->129843 129842->129841 129842->129855 129844 6a1505 129843->129844 129843->129855 129861 6a2743 129843->129861 129845 6a1567 129844->129845 129846 6a293c LoadLibraryA 129844->129846 129844->129855 129845->129855 129856 6a15c9 129845->129856 129865 6a0525 129845->129865 129846->129844 129849 6a16d5 129894 6a1ac5 LoadLibraryA 129849->129894 129851 6a168a 129851->129855 129888 6a1186 129851->129888 129855->129832 129856->129849 129856->129851 129856->129855 129858 6a2953 129857->129858 129859 6a297a 129858->129859 129900 6a0a41 LoadLibraryA 129858->129900 129859->129826 129863 6a2758 129861->129863 129862 6a27ce LoadLibraryA 129864 6a27d8 129862->129864 129863->129862 129863->129864 129864->129843 129866 6a2743 LoadLibraryA 129865->129866 129867 6a0539 129866->129867 129870 6a0541 129867->129870 129895 6a27e1 129867->129895 129870->129855 129879 6a0620 129870->129879 129871 6a0577 VirtualProtect 129871->129870 129872 6a058b 129871->129872 129873 6a05a5 VirtualProtect 129872->129873 129874 6a27e1 LoadLibraryA 129873->129874 129875 6a05c6 129874->129875 129875->129870 129876 6a05dd VirtualProtect 129875->129876 129876->129870 129877 6a05ed 129876->129877 129878 6a0602 VirtualProtect 129877->129878 129878->129870 129880 6a2743 LoadLibraryA 129879->129880 129881 6a0636 129880->129881 129882 6a27e1 LoadLibraryA 129881->129882 129883 6a0646 129882->129883 129884 6a064f VirtualProtect 129883->129884 129885 6a0683 129883->129885 129884->129885 129886 6a065f 129884->129886 129885->129856 129887 6a066e VirtualProtect 129886->129887 129887->129885 129889 6a11b9 129888->129889 129890 6a12ab SysAllocString 129889->129890 129891 6a1293 129889->129891 129893 6a1264 129889->129893 129890->129891 129892 6a12ff SafeArrayCreate 129891->129892 129891->129893 129892->129893 129893->129855 129894->129855 129896 6a0559 129895->129896 129898 6a27fc 129895->129898 129896->129870 129896->129871 129898->129896 129899 6a0be6 LoadLibraryA 129898->129899 129899->129896 129900->129858 129901 d610de 129904 d61102 129901->129904 129905 d6113c 129904->129905 129906 d61192 129905->129906 129907 d611a0 129905->129907 129960 d7cf14 __stdio_common_vfprintf __acrt_iob_func _exit 129906->129960 129909 d6119e 129907->129909 129910 d611a9 _initterm 129907->129910 129911 d611dd _initterm 129909->129911 129912 d611fb 129909->129912 129910->129909 129911->129912 129927 d6dab1 129912->129927 129914 d61246 _set_invalid_parameter_handler 129916 d6126d 129914->129916 129931 d613c8 malloc 129916->129931 129922 d612b5 129923 d612c3 exit 129922->129923 129924 d612d0 129922->129924 129923->129924 129925 d610fa 129924->129925 129926 d612d9 _cexit 129924->129926 129926->129925 129928 d6dac4 129927->129928 129930 d6db41 129927->129930 129961 d6d7f4 6 API calls 129928->129961 129930->129914 129932 d61469 129931->129932 129933 d613f4 strlen malloc memcpy 129932->129933 129934 d61282 129932->129934 129933->129932 129935 d6d28c 129934->129935 129936 d61287 129935->129936 129937 d6d29b 129935->129937 129939 d61bff 129936->129939 129962 d6d22d 129937->129962 129940 d6d28c 17 API calls 129939->129940 129941 d61c19 129940->129941 130079 de4f50 129941->130079 129943 d61d31 129944 d61d95 system 129943->129944 129945 d61da1 129943->129945 129944->129945 130083 dfcad0 129945->130083 129947 d61dcd 130087 d61a59 129947->130087 129949 d61df3 129950 d61ea0 memset memcpy 129949->129950 130094 d61739 129950->130094 129958 d87e30 4 API calls 129959 d62004 129958->129959 129959->129922 129960->129909 129961->129930 129963 d6d241 129962->129963 129964 d6d27d 129963->129964 129969 d732cb 129963->129969 129975 d732b0 129963->129975 129981 d61494 _crt_atexit 129964->129981 129966 d6d289 129966->129936 129970 d732d0 129969->129970 129982 d805e7 129970->129982 129976 d732c0 129975->129976 129976->129963 129977 d805e7 16 API calls 129976->129977 129978 d73301 129977->129978 129979 d7ef82 2 API calls 129978->129979 129980 d7330d 129979->129980 129981->129966 129983 d73301 129982->129983 129984 d80606 129982->129984 130001 d7ef82 129983->130001 129984->129983 130004 d8013e 129984->130004 129986 d80631 129987 d7ef82 2 API calls 129986->129987 129988 d80642 129987->129988 129989 d8064b 129988->129989 129990 d80690 129988->129990 130009 d80f2e 129989->130009 129992 d80680 129990->129992 130012 d7cdc0 __stdio_common_vfprintf 129990->130012 130013 d7f02f malloc free 129992->130013 129995 d806d6 130014 d80200 __stdio_common_vfprintf free free 129995->130014 129996 d80f2e 16 API calls 129998 d8066c 129996->129998 130000 d80f2e 16 API calls 129998->130000 130000->129992 130069 d7edbe 130001->130069 130003 d7330d 130005 d80157 130004->130005 130006 d80186 calloc 130005->130006 130007 d801e0 130005->130007 130008 d801b5 130006->130008 130007->129986 130008->130007 130015 d80d22 130009->130015 130012->129992 130013->129995 130014->129983 130027 d80301 130015->130027 130018 d8065d 130018->129996 130024 d80e5c 130024->130018 130026 d80eac abort 130024->130026 130025 d80e57 abort 130025->130024 130026->130018 130028 d80320 130027->130028 130038 d80316 130027->130038 130029 d8013e calloc 130028->130029 130028->130038 130030 d8034b 130029->130030 130031 d7ef82 2 API calls 130030->130031 130034 d8035c 130031->130034 130032 d80365 130062 d7f02f malloc free 130032->130062 130034->130032 130061 d7cdc0 __stdio_common_vfprintf 130034->130061 130035 d803bb 130063 d80200 __stdio_common_vfprintf free free 130035->130063 130038->130018 130039 d7fbdd 130038->130039 130040 d7ef82 2 API calls 130039->130040 130041 d7fbf6 130040->130041 130042 d7fc65 130041->130042 130043 d7fc04 calloc 130041->130043 130066 d7f800 malloc realloc memmove 130042->130066 130044 d7fc54 130043->130044 130045 d7fc21 130043->130045 130065 d7f02f malloc free 130044->130065 130064 d7f800 malloc realloc memmove 130045->130064 130049 d7fc2c 130049->130044 130050 d7fc42 free 130049->130050 130050->130044 130051 d7fccc 130051->130018 130055 d7fcd4 130051->130055 130052 d7fc70 130067 d7f02f malloc free 130052->130067 130054 d7fc60 130054->130051 130056 d7fce4 130055->130056 130057 d7fd92 DuplicateHandle 130055->130057 130056->130057 130068 d87c40 __stdio_common_vsprintf 130056->130068 130057->130024 130057->130025 130059 d7fd7d abort 130059->130057 130061->130032 130062->130035 130063->130038 130064->130049 130065->130054 130066->130052 130067->130054 130068->130059 130072 d7ed84 130069->130072 130071 d7edd0 130071->130003 130073 d7ed9d 130072->130073 130074 d7edb5 130073->130074 130075 d7eda1 130073->130075 130074->130071 130078 d7ece1 malloc free 130075->130078 130077 d7edb3 130077->130074 130078->130077 130080 de4f5b 130079->130080 130082 de5008 130080->130082 130110 d831b0 30 API calls 130080->130110 130082->129943 130084 dfcaea 130083->130084 130111 dfc9d0 130084->130111 130086 dfcb09 130086->129947 130092 d61a6d 130087->130092 130088 d61b7e 130088->129949 130092->130088 130143 e0da10 268 API calls 130092->130143 130144 e13930 233 API calls 130092->130144 130145 dfcefc 225 API calls 130092->130145 130146 e1a480 226 API calls 130092->130146 130095 d6174a 130094->130095 130096 d61801 130095->130096 130097 d617a1 memcpy 130095->130097 130100 d61804 130096->130100 130147 d61677 130097->130147 130099 d617e8 memcpy 130099->130096 130101 d61815 130100->130101 130102 d618cc VirtualAlloc 130101->130102 130103 d6186c memcpy 130101->130103 130106 d87e30 130102->130106 130148 d616d8 130103->130148 130105 d618b3 memcpy 130105->130102 130107 d87e4e 130106->130107 130149 d73e90 _lock_file 130107->130149 130109 d61fd8 memcpy 130109->129958 130110->130080 130112 dfca0d 130111->130112 130119 dfc980 130112->130119 130116 dfca26 130127 e19e00 130116->130127 130118 dfca74 130118->130086 130120 dfc9a6 130119->130120 130121 dfc9c7 130120->130121 130130 e1fbc0 224 API calls 130120->130130 130123 de5c60 130121->130123 130124 de5c6f 130123->130124 130125 de5c93 130123->130125 130131 df2aa8 194 API calls 130124->130131 130125->130116 130132 e19b50 130127->130132 130131->130125 130135 df93a0 130132->130135 130138 e18c40 130135->130138 130140 e18c4f 130138->130140 130139 df93bf 130139->130118 130140->130139 130142 e17820 225 API calls 130140->130142 130142->130140 130143->130092 130144->130092 130145->130092 130146->130092 130147->130099 130148->130105 130152 d787e8 _errno 130149->130152 130155 d7884a 130152->130155 130153 d73ecb _unlock_file 130153->130109 130154 d76a70 fputc 130154->130155 130155->130153 130155->130154 130156 d78b6e 130157 d78b74 130156->130157 130161 d771aa 130157->130161 130159 d78bdf 130160 d771aa fputc 130159->130160 130160->130159 130162 d771ce 130161->130162 130166 d77453 130162->130166 130168 d76a70 fputc 130162->130168 130164 d77479 130165 d7749b 130164->130165 130167 d76a70 fputc 130164->130167 130165->130159 130166->130164 130169 d76a70 130166->130169 130167->130164 130168->130162 130170 d76a85 130169->130170 130171 d76aba 130170->130171 130172 d76aa4 fputc 130170->130172 130171->130166 130172->130171

                Executed Functions

                Function 00D61102 Relevance: 7.6, APIs: 5, Instructions: 115COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 76 d61102-d6113a 77 d6115e-d61186 76->77 78 d6113c-d61142 77->78 79 d61188-d61190 77->79 80 d61144-d6114b 78->80 81 d6114d-d6115b 78->81 82 d61192-d6119e call d7cf14 79->82 83 d611a0-d611a7 79->83 80->79 81->77 89 d611d3-d611db 82->89 85 d611c9 83->85 86 d611a9-d611c7 _initterm 83->86 85->89 86->89 90 d611dd-d611f1 _initterm 89->90 91 d611fb-d611ff 89->91 90->91 92 d61217-d6121e 91->92 93 d61201-d61215 91->93 94 d61220-d6123e 92->94 95 d61241-d612b0 call d6dab1 _set_invalid_parameter_handler call d6d450 call d613c8 call d6d28c call d61bff 92->95 93->92 94->95 107 d612b5-d612c1 95->107 108 d612c3-d612cb exit 107->108 109 d612d0-d612d7 107->109 108->109 110 d612de-d612ea 109->110 111 d612d9 _cexit 109->111 111->110
                APIs
                • _initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D611C2
                • _initterm.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D611EC
                • _set_invalid_parameter_handler.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D61263
                • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D612CB
                • _cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D612D9
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: _initterm$_cexit_set_invalid_parameter_handlerexit
                • String ID:
                • API String ID: 1032935107-0
                • Opcode ID: 089fd6e2199eb903cbe0022589835be6d9c2d4d60979646f058bcbae0689dea9
                • Instruction ID: 426591a1b8dcbca8ce2f40c82c08b472ef330b2d65730e2504493696db906827
                • Opcode Fuzzy Hash: 089fd6e2199eb903cbe0022589835be6d9c2d4d60979646f058bcbae0689dea9
                • Instruction Fuzzy Hash: 6B51E8B4908208DFCB00EF6AD986B5DBBF2FB45304F04842CE554A7350D77AA94ADF66
                Function 00D618CF Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e209a7a3e65c4462a7c55c8ba1c884e12cc641aeb7ad4713468d2957d7f38303
                • Instruction ID: 2b95f279cf3b79c798266748db74d4ab0fac0f9910f14f781945ad805ad69b4c
                • Opcode Fuzzy Hash: e209a7a3e65c4462a7c55c8ba1c884e12cc641aeb7ad4713468d2957d7f38303
                • Instruction Fuzzy Hash: 7D410AB45093459FDB00DF79C94475ABBF0BF84318F148A28E8A8AB390D775D909CF92
                Function 00D61BFF Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 305processmemoryCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • system.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D61D9C
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D61EB8
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D61ED1
                • VirtualAlloc.KERNELBASE ref: 00D61FBD
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D61FEC
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpy$AllocVirtualmemsetsystem
                • String ID: $Allocted memory for shellcode: %p$Moved shellcode into allocated memory: %p$kernel32.dll$pause
                • API String ID: 3517231560-713411007
                • Opcode ID: fbd8dc29a7fce1256b4122341c40e1f2af2b677321decc8438b95822613bd375
                • Instruction ID: 0b8b48e5b6478adbb8ff59a1a96088e3617e26101aa5314347db3db2fb4930a6
                • Opcode Fuzzy Hash: fbd8dc29a7fce1256b4122341c40e1f2af2b677321decc8438b95822613bd375
                • Instruction Fuzzy Hash: 47E170B4E043198FCB54EFA8C985A9DBBF1BF88300F148569E458EB355E7349988CF61
                Function 006A0525 Relevance: 6.1, APIs: 4, Instructions: 99memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 112 6a0525-6a053f call 6a2743 115 6a0541-6a0542 112->115 116 6a0547-6a0560 call 6a27e1 112->116 118 6a061c-6a061f 115->118 120 6a0618 116->120 121 6a0566-6a0571 116->121 122 6a061a-6a061b 120->122 121->120 123 6a0577-6a0585 VirtualProtect 121->123 122->118 123->120 124 6a058b-6a05cd call 6a2739 call 6a2db1 VirtualProtect call 6a27e1 123->124 124->120 131 6a05cf-6a05db 124->131 131->120 132 6a05dd-6a05eb VirtualProtect 131->132 132->120 133 6a05ed-6a0616 call 6a2739 call 6a2db1 VirtualProtect 132->133 133->122
                APIs
                  • Part of subcall function 006A2743: LoadLibraryA.KERNELBASE(00000000,?,?), ref: 006A27D5
                • VirtualProtect.KERNELBASE(00000000,0000000C,00000040,?), ref: 006A0580
                • VirtualProtect.KERNELBASE(00000000,0000000C,?,?), ref: 006A05B3
                • VirtualProtect.KERNELBASE(00000000,0040145E,00000040,?), ref: 006A05E6
                • VirtualProtect.KERNELBASE(00000000,0040145E,?,?), ref: 006A0610
                Memory Dump Source
                • Source File: 00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_690000_DpEHzbOOoB.jbxd
                Yara matches
                Similarity
                • API ID: ProtectVirtual$LibraryLoad
                • String ID:
                • API String ID: 895956442-0
                • Opcode ID: 93985e93d1afab8f719b8aa13ce6a91e230957808ceab0eaee363415b4ddc148
                • Instruction ID: b363025f931378d0525972ba26bb9fb70998f2e75f8fadfcd68af9fbc5bb12cd
                • Opcode Fuzzy Hash: 93985e93d1afab8f719b8aa13ce6a91e230957808ceab0eaee363415b4ddc148
                • Instruction Fuzzy Hash: 5621957224420A7EF350BA658C45FBB769DDB86304F44083EFA06D2152EB69EE058BB5
                Function 006A2743 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 138 6a2743-6a2756 139 6a2758-6a275b 138->139 140 6a276e-6a2778 138->140 141 6a275d-6a2760 139->141 142 6a277a-6a2782 140->142 143 6a2787-6a2793 140->143 141->140 144 6a2762-6a276c 141->144 142->143 145 6a2796-6a279b 143->145 144->140 144->141 146 6a27ce-6a27d5 LoadLibraryA 145->146 147 6a279d-6a27a8 145->147 148 6a27d8-6a27dc 146->148 149 6a27aa-6a27c2 call 6a2e11 147->149 150 6a27c4-6a27c8 147->150 149->150 154 6a27dd-6a27df 149->154 150->145 151 6a27ca-6a27cc 150->151 151->146 151->148 154->148
                APIs
                • LoadLibraryA.KERNELBASE(00000000,?,?), ref: 006A27D5
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_690000_DpEHzbOOoB.jbxd
                Yara matches
                Similarity
                • API ID: LibraryLoad
                • String ID: .$.dll
                • API String ID: 1029625771-979041800
                • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                • Instruction ID: d3855274e22132853b5f2d4d408fb47500aaa15d863331bccde69d8ec9782cd0
                • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                • Instruction Fuzzy Hash: 3E21D6766002969FDB21EF6CC894AA97BE5AF06720F1841ADE8019BB41D730ED45CF50
                Function 00D80D22 Relevance: 4.6, APIs: 3, Instructions: 111COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 155 d80d22-d80d5f call d80301 159 d80d69-d80d78 call d7fbdd 155->159 160 d80d61-d80d64 155->160 164 d80d7a-d80d7e 159->164 165 d80d80-d80d85 159->165 161 d80eb4-d80ebb 160->161 164->165 166 d80d8a-d80e55 call d7fcd4 DuplicateHandle 164->166 165->161 174 d80e5c-d80eaa 166->174 175 d80e57 abort 166->175 178 d80eac abort 174->178 179 d80eb1 174->179 175->174 178->179 179->161
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abb2cf26132276744129e9ad2e6fd273ff9e154fc37ebc99be614782ac8c1f7c
                • Instruction ID: 8d36c530e17c782007fdb0c358510ae6ba196d9272c085bcdd71165e787bb1b5
                • Opcode Fuzzy Hash: abb2cf26132276744129e9ad2e6fd273ff9e154fc37ebc99be614782ac8c1f7c
                • Instruction Fuzzy Hash: 4E41D8B09043198FDB50EFA9D984B8EBBF0FF48314F008569E454A7361D379A949CFA2
                Function 00D78F87 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 180 d78f87-d78f8b 181 d790b3-d790b4 180->181 182 d78f91-d78fe2 memset localeconv mbrtowc 180->182 185 d790b7-d790bf 181->185 183 d78fe4-d78fe8 182->183 184 d78fec-d78ff2 182->184 183->184 184->181 186 d790c5 185->186 187 d7888e-d788a9 185->187 188 d790d9-d790ef 186->188 189 d79023-d79027 187->189 190 d788af 187->190 193 d790f5-d790f9 188->193 194 d7884f-d78853 188->194 191 d7908c-d790a5 call d76a70 189->191 192 d79029-d7902d 189->192 190->189 191->188 192->191 195 d7902f-d79033 192->195 197 d790c7-d790d4 call d76a70 194->197 198 d78859-d78889 194->198 195->191 200 d79035-d79039 195->200 197->188 198->185 202 d79044-d79048 200->202 203 d7903b-d79042 200->203 205 d79051-d79055 202->205 206 d7904a 202->206 203->205 205->185 207 d79057-d7905e 205->207 206->205 208 d79060-d7906b 207->208 209 d7906d-d7908a 207->209 208->185 209->185
                APIs
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D78FB0
                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00D78FB5
                • mbrtowc.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00D78FD6
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: localeconvmbrtowcmemset
                • String ID:
                • API String ID: 1709116024-0
                • Opcode ID: a2a14218c89ef3c9c12be86bfb960d592027f78ffae062c87574101d97858297
                • Instruction ID: 45339fadae0e2fbba223f74475bdd94838e937dab8c4b85ec13213c15ec02309
                • Opcode Fuzzy Hash: a2a14218c89ef3c9c12be86bfb960d592027f78ffae062c87574101d97858297
                • Instruction Fuzzy Hash: B011DFB0C05349DEDB00DFA5D1886ADBBF0AF49304F10C45AE898AB241E3798A45DFA2
                Function 00D787E8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 210 d787e8-d78843 _errno 211 d7884a 210->211 212 d790d9-d790ef 211->212 213 d790f5-d790f9 212->213 214 d7884f-d78853 212->214 215 d790c7-d790d4 call d76a70 214->215 216 d78859-d78889 214->216 215->212 218 d790b7-d790bf 216->218 219 d790c5 218->219 220 d7888e-d788a9 218->220 219->212 221 d79023-d79027 220->221 222 d788af 220->222 223 d7908c-d790a5 call d76a70 221->223 224 d79029-d7902d 221->224 222->221 223->211 224->223 225 d7902f-d79033 224->225 225->223 227 d79035-d79039 225->227 229 d79044-d79048 227->229 230 d7903b-d79042 227->230 231 d79051-d79055 229->231 232 d7904a 229->232 230->231 231->218 233 d79057-d7905e 231->233 232->231 234 d79060-d7906b 233->234 235 d7906d-d7908a 233->235 234->218 235->218
                APIs
                • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D787F1
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: _errno
                • String ID: /
                • API String ID: 2918714741-2043925204
                • Opcode ID: ac11232a6ab7e51e67b6c865de7d401179476bf234dc8a200da1874716138dc8
                • Instruction ID: 225e4125e2f6007f05be942f111b7798353f602d574303aec6df2618f8a4b1bd
                • Opcode Fuzzy Hash: ac11232a6ab7e51e67b6c865de7d401179476bf234dc8a200da1874716138dc8
                • Instruction Fuzzy Hash: 0051C4B5D1021ACFCF10CF99D494AAEBBF0BF09314F148259E469AB390E3789A45CF61
                Function 006A1186 Relevance: 3.2, APIs: 2, Instructions: 183memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 236 6a1186-6a11b3 237 6a123b-6a1242 236->237 238 6a11b9-6a11cc 236->238 239 6a1260-6a1262 237->239 240 6a1244-6a1258 237->240 244 6a126f-6a1272 238->244 245 6a11d2-6a11fe call 6a271e 238->245 242 6a1274-6a127f 239->242 243 6a1264-6a126a 239->243 240->239 250 6a1386 242->250 251 6a1285-6a1291 242->251 246 6a138a-6a1394 243->246 244->240 257 6a1200-6a120f 245->257 258 6a1234 245->258 250->246 252 6a129f-6a12c7 call 6a271e SysAllocString 251->252 253 6a1293-6a129d 251->253 262 6a12cb-6a12da 252->262 261 6a12dd-6a12df 253->261 257->240 265 6a1211-6a1216 257->265 260 6a1237-6a1239 258->260 260->237 260->240 261->250 263 6a12e5-6a12f9 261->263 262->261 263->250 269 6a12ff-6a1321 SafeArrayCreate 263->269 265->260 268 6a1218-6a122e 265->268 271 6a1232 268->271 269->250 270 6a1323-6a132e 269->270 272 6a1343-6a134c 270->272 273 6a1330-6a1341 270->273 271->260 277 6a134e call 73d01d 272->277 278 6a134e call 73d01c 272->278 273->272 273->273 274 6a1354-6a136a 275 6a137f 274->275 276 6a136c-6a137d 274->276 275->250 276->275 276->276 277->274 278->274
                APIs
                • SysAllocString.OLEAUT32(?), ref: 006A12B3
                • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 006A1317
                Memory Dump Source
                • Source File: 00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_690000_DpEHzbOOoB.jbxd
                Yara matches
                Similarity
                • API ID: AllocArrayCreateSafeString
                • String ID:
                • API String ID: 3700836371-0
                • Opcode ID: e9dae07e6597974dd7a2e07dc59b16717cc00198222b0edab0e98d7cec828a5a
                • Instruction ID: ea9808957f384e498d695df35379fc74c20cec2a2860531295b73317bbf0f443
                • Opcode Fuzzy Hash: e9dae07e6597974dd7a2e07dc59b16717cc00198222b0edab0e98d7cec828a5a
                • Instruction Fuzzy Hash: FC613A71200206AFDB14EF64C884FEBB7E9BF4A305F148669E959CB141DB30EA45CFA1
                Function 006A0620 Relevance: 3.0, APIs: 2, Instructions: 48memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 279 6a0620-6a064d call 6a2743 call 6a27e1 284 6a064f-6a065d VirtualProtect 279->284 285 6a0683 279->285 284->285 286 6a065f-6a0681 call 6a2db1 VirtualProtect 284->286 287 6a0685-6a0688 285->287 286->287
                APIs
                  • Part of subcall function 006A2743: LoadLibraryA.KERNELBASE(00000000,?,?), ref: 006A27D5
                • VirtualProtect.KERNELBASE(00000000,00000004,00000040,?), ref: 006A0658
                • VirtualProtect.KERNELBASE(00000000,00000004,?,?), ref: 006A067B
                Memory Dump Source
                • Source File: 00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_690000_DpEHzbOOoB.jbxd
                Yara matches
                Similarity
                • API ID: ProtectVirtual$LibraryLoad
                • String ID:
                • API String ID: 895956442-0
                • Opcode ID: 4b81b02862df4f1b90606a87d7a95fef9c5f7f2dde159036914d36a532f09deb
                • Instruction ID: d5553a52e69ca9072c4489801464fae273ce4e9210d7892fa93ac65f2ca40b77
                • Opcode Fuzzy Hash: 4b81b02862df4f1b90606a87d7a95fef9c5f7f2dde159036914d36a532f09deb
                • Instruction Fuzzy Hash: BBF08CB61406147AE611AA64CC42FFB32EDDF8AB54F000428FF06D6080EAA5EF058AA5
                Function 00D73E90 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 290 d73e90-d73ede _lock_file call d787e8 _unlock_file
                APIs
                • _lock_file.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,?,?,?,?,?,?,?,00D87E61), ref: 00D73E9D
                  • Part of subcall function 00D787E8: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D787F1
                • _unlock_file.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00D73ED3
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: _errno_lock_file_unlock_file
                • String ID:
                • API String ID: 1836919547-0
                • Opcode ID: ab438b4eea75e2382216d6c3ec97d9b98b8c340286addecc02824ebcf9f1f3c2
                • Instruction ID: 95ac852e08a6fc279291d91175a8476fcb93b3961583fc4f949e079e6921c7b0
                • Opcode Fuzzy Hash: ab438b4eea75e2382216d6c3ec97d9b98b8c340286addecc02824ebcf9f1f3c2
                • Instruction Fuzzy Hash: B8F014B4608349AFCB40EF69C48564EBBE5EF49354F40882DF89DC7341E774E9448B62
                Function 05071328 Relevance: 1.7, Strings: 1, Instructions: 444COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 293 5071328-50713a0 300 50713a6-50713c1 293->300 301 5071593-50715c2 call 50703ac 293->301 305 50713c7-5071416 300->305 306 50719ce-50719d3 300->306 313 50715d4-50715da 301->313 314 50715c4-50715d2 301->314 305->306 324 507141c-5071442 305->324 310 50719df-50719e6 306->310 315 50715e2-50715f7 313->315 314->315 322 5071609 315->322 323 50715f9-5071607 315->323 326 5071611-5071661 call 50703bc call 50703cc 322->326 323->326 324->306 332 5071448-507146a 324->332 341 5071667-50716a4 326->341 342 50716ee 326->342 332->306 336 5071470-50714bf 332->336 336->306 353 50714c5-50714eb 336->353 341->342 363 50716a6-50716ec 341->363 345 50716f3-50716f7 342->345 347 5071702 345->347 348 50716f9 345->348 350 5071705-5071714 347->350 348->347 355 50719c0-50719c7 350->355 356 507171a-50717b6 call 50703dc call 50703ec 350->356 353->306 364 50714f1-5071508 353->364 355->310 356->306 391 50717bc-50717d6 356->391 363->345 372 507157a-507158e 364->372 373 507150a-5071522 364->373 372->350 373->350 379 5071528-5071531 373->379 379->306 381 5071537-5071544 379->381 383 507154c-507155b 381->383 386 5071567-5071573 383->386 387 507155d 383->387 386->379 389 5071575 386->389 387->350 387->386 389->350 391->306 393 50717dc-50717ec 391->393 394 50717f2-507180e 393->394 395 5071810-5071817 394->395 396 507181f-5071826 394->396 397 507181d 395->397 398 50719c9 395->398 396->398 399 507182c-50719b2 396->399 397->399 398->306 399->310
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: ,
                • API String ID: 0-3772416878
                • Opcode ID: 50a63b52065ba18b349a9102c254a7af74dba83195bc9ccc03d85b982ce63b3e
                • Instruction ID: 68ce4e1012696cd4f6778bef78ea313a6aec9c467e339e41ca86c4609caba625
                • Opcode Fuzzy Hash: 50a63b52065ba18b349a9102c254a7af74dba83195bc9ccc03d85b982ce63b3e
                • Instruction Fuzzy Hash: 64026C30B00205DFD714EB64E494B6E7BE2FF84310F248669E5469F3A9DBB5AC42CB94
                Function 006A1395 Relevance: 1.6, APIs: 1, Instructions: 325memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 425 6a1395-6a13f9 call 6a293c * 3 432 6a13fb-6a13fd 425->432 433 6a1423 425->433 432->433 434 6a13ff-6a1401 432->434 435 6a1426-6a1430 433->435 434->433 436 6a1403-6a1415 VirtualAlloc 434->436 437 6a1431-6a1454 call 6a2db1 call 6a2dd5 436->437 438 6a1417-6a141e 436->438 444 6a149e-6a14b7 call 6a293c 437->444 445 6a1456-6a148c call 6a2aa9 call 6a297f 437->445 438->433 439 6a1420 438->439 439->433 444->433 451 6a14bd 444->451 454 6a16ed-6a16f6 445->454 455 6a1492-6a1498 445->455 453 6a14c3-6a14c9 451->453 456 6a14cb-6a14d1 453->456 457 6a1505-6a150e 453->457 460 6a16f8-6a16fb 454->460 461 6a16fd-6a1705 454->461 455->444 455->454 462 6a14d3-6a14d6 456->462 458 6a1510-6a1516 457->458 459 6a1567-6a1572 457->459 465 6a151a-6a1535 call 6a293c 458->465 468 6a158b-6a158e 459->468 469 6a1574-6a157d call 6a0689 459->469 460->461 466 6a1734 460->466 461->466 467 6a1707-6a1732 call 6a2dd5 461->467 463 6a14ea-6a14ec 462->463 464 6a14d8-6a14dd 462->464 463->457 473 6a14ee-6a14fc call 6a2743 463->473 464->463 472 6a14df-6a14e8 464->472 490 6a1537-6a153f 465->490 491 6a1554-6a1565 465->491 470 6a1738-6a1758 call 6a2dd5 466->470 467->470 474 6a16e9 468->474 475 6a1594-6a159d 468->475 469->474 486 6a1583-6a1589 469->486 504 6a175a 470->504 505 6a175e-6a1760 470->505 472->462 472->463 487 6a1501-6a1503 473->487 474->454 481 6a159f 475->481 482 6a15a3-6a15aa 475->482 481->482 488 6a15da-6a15de 482->488 489 6a15ac-6a15b5 call 6a0525 482->489 486->482 487->453 492 6a1680-6a1683 488->492 493 6a15e4-6a1606 488->493 506 6a15c3-6a15c4 call 6a0620 489->506 507 6a15b7-6a15bd 489->507 490->474 495 6a1545-6a154e 490->495 491->459 491->465 497 6a16d5-6a16d7 call 6a1ac5 492->497 498 6a1685-6a1688 492->498 493->474 511 6a160c-6a161f call 6a2db1 493->511 495->474 495->491 510 6a16dc-6a16dd 497->510 498->497 501 6a168a-6a168d 498->501 508 6a168f-6a1691 501->508 509 6a16a6-6a16b7 call 6a1186 501->509 504->505 505->435 517 6a15c9-6a15cc 506->517 507->474 507->506 508->509 513 6a1693-6a1696 508->513 527 6a16c8-6a16d3 call 6a0c52 509->527 528 6a16b9-6a16c0 call 6a1765 509->528 514 6a16de-6a16e5 510->514 525 6a1643-6a167c 511->525 526 6a1621-6a1625 511->526 518 6a1698-6a169b 513->518 519 6a169d-6a16a4 call 6a2333 513->519 514->474 520 6a16e7 514->520 517->488 523 6a15ce-6a15d4 517->523 518->514 518->519 519->510 520->520 523->474 523->488 525->474 538 6a167e 525->538 526->525 530 6a1627-6a162a 526->530 527->510 536 6a16c5 528->536 530->492 534 6a162c-6a1641 call 6a2bb4 530->534 534->538 536->527 538->492
                APIs
                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006A140F
                Memory Dump Source
                • Source File: 00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_690000_DpEHzbOOoB.jbxd
                Yara matches
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 1a5418cea19d400be9e889379b85ba4036e89269bda122047750eba29fcf4b87
                • Instruction ID: 39bd780b221e3e4bf94751bfe5c4d9e2a0e4dc92e21f292d5e9a9451ff5371da
                • Opcode Fuzzy Hash: 1a5418cea19d400be9e889379b85ba4036e89269bda122047750eba29fcf4b87
                • Instruction Fuzzy Hash: 3FB1B171500A06ABDB21BEA4CC80BE7B7EAFF4B310F18051DE5598A241E731ED51DFA5
                Function 00D76A70 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 540 d76a70-d76a83 541 d76a95-d76aa2 540->541 542 d76a85-d76a93 540->542 544 d76aa4-d76ab8 fputc 541->544 545 d76aba-d76aca 541->545 542->541 543 d76acc-d76add 542->543 544->543 545->543
                APIs
                • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00D790D9), ref: 00D76AB3
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: fputc
                • String ID:
                • API String ID: 1992160199-0
                • Opcode ID: d80988cd9840ddee065780d0f99f51e15070dac6dd1702830e52bb0e7157485a
                • Instruction ID: b6d25b1743705b2102590e34f038177cbfa3d32c9854c925d0864ba9bda7c117
                • Opcode Fuzzy Hash: d80988cd9840ddee065780d0f99f51e15070dac6dd1702830e52bb0e7157485a
                • Instruction Fuzzy Hash: 9E015A79204609AFDB00DF18C685E89BBE1EF48350B09D592FD59DF366E330E905CB54
                Function 05071562 Relevance: .2, Instructions: 183COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b68616eb286c90011352b0e87151a472898a06ff42b6b6f6e38e3c612f71d457
                • Instruction ID: 205ae966d9d475c035fbbff895049031477df3ca27a3876d29cb7ed2262e1b5c
                • Opcode Fuzzy Hash: b68616eb286c90011352b0e87151a472898a06ff42b6b6f6e38e3c612f71d457
                • Instruction Fuzzy Hash: E7612630B00204CFD714EB69E894B5E7BF6FB85300F148669E5469F3A6DBB5AC468B90
                Function 05070AB8 Relevance: .2, Instructions: 160COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d05e1a27c9a1c69644eeb5f7ab844cc54362cbbd524b2e7442fb646ff3426db9
                • Instruction ID: ab55db3daf4d88e215e0aba347b83f4f5156e24daba3dcb418b7dbef4f99d288
                • Opcode Fuzzy Hash: d05e1a27c9a1c69644eeb5f7ab844cc54362cbbd524b2e7442fb646ff3426db9
                • Instruction Fuzzy Hash: FE518D34B002189FD754DF69D458A5EBBF6FF88700F2581A9E406EB3A6CA35ED018B94
                Function 05070920 Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c9901c495bee32199ab04e3b1975bffcbe7034c6a76f5bc8595b0ba0d8303967
                • Instruction ID: 095c22da9b5fb462bc35d16927391823709a6c8007aea9fb3bd5d93fa0c2f2cc
                • Opcode Fuzzy Hash: c9901c495bee32199ab04e3b1975bffcbe7034c6a76f5bc8595b0ba0d8303967
                • Instruction Fuzzy Hash: 8441A031B042449FDB15DF79D458A9EBBF2EF89300F1485A9E006EB3A2CA749C05CBA5
                Function 050706A0 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b10cbb62c120ba1238aa5f32225be0a01ec7b60819768e802204a97f48ca0dd7
                • Instruction ID: b67961acd5e39132b93d3071bf32340e9b2da1271d7278765abe9e9db9f9085a
                • Opcode Fuzzy Hash: b10cbb62c120ba1238aa5f32225be0a01ec7b60819768e802204a97f48ca0dd7
                • Instruction Fuzzy Hash: 1651B130201252DFCB09FFA4F8889593BF2FB853067549A6CD4059B368DB75A947CBE0
                Function 05070DD0 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8764d1c709f0cb90632c46eaac5cc7f7d80bff8fd3fe4595e56c9bd12f2b3c14
                • Instruction ID: 2ea48780aa85c218aa9f8fffb8ef3b753253d3edbac3258999b42d2cf573926f
                • Opcode Fuzzy Hash: 8764d1c709f0cb90632c46eaac5cc7f7d80bff8fd3fe4595e56c9bd12f2b3c14
                • Instruction Fuzzy Hash: C8417C70E00209AFDB04EFB9D45966EBFFAEF88300F248169D549D7346DA349E428B94
                Function 05070F39 Relevance: .1, Instructions: 90COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0a1feac7ea61cc61265ac62c18b3d3db6ffdb5fb0fe12352e9c74ceed466398b
                • Instruction ID: bf9e503ff96bffa9a7c1f65e0e586ee2aa9d9f07f4b06fb6d7c5d326004a5b3b
                • Opcode Fuzzy Hash: 0a1feac7ea61cc61265ac62c18b3d3db6ffdb5fb0fe12352e9c74ceed466398b
                • Instruction Fuzzy Hash: CF31DF34B012468FDB54DB78C465A6FBBF2BF89200F144169E545DB395DE309D028790
                Function 05070911 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3e16300fb39cef9473fda814d28a450ca03bc870b99a0fc8b1aa66d36312cedd
                • Instruction ID: c05e9dccd2847637ff36b86ef34b83786553da48406aab99eda3845a24bb077f
                • Opcode Fuzzy Hash: 3e16300fb39cef9473fda814d28a450ca03bc870b99a0fc8b1aa66d36312cedd
                • Instruction Fuzzy Hash: DD318F74A042099FDB14DF69D498BAEBBF2FF89300F148569E406AB3A1CA759D05CF90
                Function 05070599 Relevance: .1, Instructions: 76COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 237cba1d11fe0bc6dc5d67eb86dce4341390fef267e44ba3d013db4796f4bf77
                • Instruction ID: 034d5d52ff3ae58ddafff4e5959fa7b8bfa7f3204d71c81e2e0843f8fcedeb3d
                • Opcode Fuzzy Hash: 237cba1d11fe0bc6dc5d67eb86dce4341390fef267e44ba3d013db4796f4bf77
                • Instruction Fuzzy Hash: 3121EE30A1574ACFDB94AB76F93D62E7AE5BB84644B004629D803C6254EB74C500CFBD
                Function 050705A8 Relevance: .1, Instructions: 71COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8c0b9bb3a056e39d1b29140a0f332a97a1e623a93b928f8fa9eb3420ee4e72
                • Instruction ID: d1810155e3586190a2bb991e6feede7311d6ab5518bc50fb6ba50a0db58a2fb4
                • Opcode Fuzzy Hash: bd8c0b9bb3a056e39d1b29140a0f332a97a1e623a93b928f8fa9eb3420ee4e72
                • Instruction Fuzzy Hash: F6210E30A1564BCFDB98ABB6F93C63E7AE5BF84240B004629A403C2254EB74D501DFBD
                Function 05071030 Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4595da2cf90df0ac1cf8075727dfb792479bcbf11d7fa511a051f1cef27ea7c4
                • Instruction ID: a2af740e9a68a119b8ec410519b1206201365d254b3c814118686dc3d26a5735
                • Opcode Fuzzy Hash: 4595da2cf90df0ac1cf8075727dfb792479bcbf11d7fa511a051f1cef27ea7c4
                • Instruction Fuzzy Hash: 0911CB31A002459FCB44EBB9E408AAE7FF6EF892007044879D54AD7398EA31D802CBD4
                Function 05071040 Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c105c6944f11ef4bd559295ef288ac71cca909a6d98498f5b4e53c5f6334e650
                • Instruction ID: 80bc07a2ea94ece645d71385d0f206ebfd5fbe56d05368d7ba2c93d1443efa72
                • Opcode Fuzzy Hash: c105c6944f11ef4bd559295ef288ac71cca909a6d98498f5b4e53c5f6334e650
                • Instruction Fuzzy Hash: E9115B75B00249DFCB54EBB9D408A6E7BE6EF882007154479D50AD7398EA71D842CBD4
                Function 05070A3F Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a529b49fafc48cca3be2ef25d8318295bcc7c7eac4c1fc413815123f374f6bc5
                • Instruction ID: 58d21b111bb310edd78a480f2333b360b78a1d8d901fd850b1df06647dfbd612
                • Opcode Fuzzy Hash: a529b49fafc48cca3be2ef25d8318295bcc7c7eac4c1fc413815123f374f6bc5
                • Instruction Fuzzy Hash: 48F028313093800FD34A5739A45409E7FE29FC616031544B7E049CF3A3CD148C06C7A1
                Function 0073D01D Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3376915629.000000000073D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73d000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 81136bcafcff06d9f955a027f40c72d2c5acb8c958d5277241b2cd2d80810a02
                • Instruction ID: ee10964f27c59921f7517f37c42673ac8af8533871f6fe0f4cc18d0124df5522
                • Opcode Fuzzy Hash: 81136bcafcff06d9f955a027f40c72d2c5acb8c958d5277241b2cd2d80810a02
                • Instruction Fuzzy Hash: F301F2715043409AF7384E25ED84B67BF98DF81B24F18C41AED480A283C7BD9C41CAB1
                Function 050712A1 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e9d6a4daad99d805cc442809c71c72794b915c882a7d8ef2676b6cd342ee9a61
                • Instruction ID: f33bcab857bd71a0951c01b9c9762268843b11675af1b3dcf5b9392aae9a78bb
                • Opcode Fuzzy Hash: e9d6a4daad99d805cc442809c71c72794b915c882a7d8ef2676b6cd342ee9a61
                • Instruction Fuzzy Hash: 02017C30E0225A8FCF54EBA9E0506AEBBF6FF45704B14406CD44AD7255C7309906DB95
                Function 0073D01C Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3376915629.000000000073D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0073D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_73d000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7d29cddfd8b8b46409514bf5d26c94969d808455932162fe8d9508a058b9d754
                • Instruction ID: 5ea696817a6c4f26617cf397d39bb451e1c56a588eaee64b14217486fc8876a8
                • Opcode Fuzzy Hash: 7d29cddfd8b8b46409514bf5d26c94969d808455932162fe8d9508a058b9d754
                • Instruction Fuzzy Hash: 11F0C271405344AEF7248E16DDC4B63FF98EB91B28F18C45AED480A282C37DAC45CAB1
                Function 05070A80 Relevance: .0, Instructions: 24COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d0e4cf6816259bb57044e345e41d549a560b7f077170ef6aa0ffc905d3ba7287
                • Instruction ID: cbff7fd13635f7d26f84eff632f7b8f186c8c49d47adb41b2470bf4088be848c
                • Opcode Fuzzy Hash: d0e4cf6816259bb57044e345e41d549a560b7f077170ef6aa0ffc905d3ba7287
                • Instruction Fuzzy Hash: C4E08C313002005F8348962EA88885AB7EAEBC9521354447AF10DC7361CD60CC014290
                Function 05070673 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a07a3e1ace23fc21de80648a8d715b27142de4be3ae89c93c4526b8d87221a1
                • Instruction ID: 9fd9db8331153d1d3f2814827092e65e16272a36ae67959ed7f8a62ccde8609a
                • Opcode Fuzzy Hash: 2a07a3e1ace23fc21de80648a8d715b27142de4be3ae89c93c4526b8d87221a1
                • Instruction Fuzzy Hash: 29C08C3881778DCED7149361F83C62C7E62ABC0304F00120DA103CCA65CEB418408F3E
                Function 0507068F Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3378021706.0000000005070000.00000040.00000800.00020000.00000000.sdmp, Offset: 05070000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_5070000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2cbe10daf2fa408d187ca9ee34e5289498b0b8e0ce54c0d7e48239a403dfdeb9
                • Instruction ID: 7308b692a04db9e650b79814b857f994363c681b1844530c65522f2ab9d9ecde
                • Opcode Fuzzy Hash: 2cbe10daf2fa408d187ca9ee34e5289498b0b8e0ce54c0d7e48239a403dfdeb9
                • Instruction Fuzzy Hash: 43C08C3881734ECED31463A1F83C62C7E62ABC0304F001208A103CCA65CEB418004F3E

                Non-executed Functions

                Function 00E19EE0 Relevance: 56.1, APIs: 31, Strings: 1, Instructions: 101stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E19EF6
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00E19F6B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215B4
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215B9
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Strings
                • basic_string::_S_construct null not valid, xrefs: 00E215A8
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort$memcpystrlen
                • String ID: basic_string::_S_construct null not valid
                • API String ID: 3784850259-290684606
                • Opcode ID: 197a30797e5879c8e7cfe927f637cc3e4baa9520d37d78a3162e363b986d06e8
                • Instruction ID: 40f5f6696b90d6902d7e5cfe1aa1c26584ba64306f3ccdcc02a6111f300f6dde
                • Opcode Fuzzy Hash: 197a30797e5879c8e7cfe927f637cc3e4baa9520d37d78a3162e363b986d06e8
                • Instruction Fuzzy Hash: 1D219FB1A083008BC311BF3590812AEFBF4EF85314F04A56EE88D97206E635D984CBB2
                Function 00D6E770 Relevance: 43.7, APIs: 29, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ae63c9b10a0996ad0a0c8021dcaaf8f00c4da16aa5f201534fce45d9f348c03b
                • Instruction ID: 251f0102d5c9acececf72f0fdcec91f1e7dbb19b1110cca16bf44107da1d0e58
                • Opcode Fuzzy Hash: ae63c9b10a0996ad0a0c8021dcaaf8f00c4da16aa5f201534fce45d9f348c03b
                • Instruction Fuzzy Hash: 5441E279A083559FDB24CF29C480726BBE0AF96324F1C899DDC865B396D332EC45C7A1
                Function 00D6E900 Relevance: 42.1, APIs: 28, Instructions: 92COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215B9
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: c1b876aa3acfc5f550c7de7d934121defa2dbc95bb8b60ccc75ed008fdbcfe3d
                • Instruction ID: 86154874fe1cb5dc7d6c146715f3d1bfecdf778561fc4e3ab7af0d3c7810e841
                • Opcode Fuzzy Hash: c1b876aa3acfc5f550c7de7d934121defa2dbc95bb8b60ccc75ed008fdbcfe3d
                • Instruction Fuzzy Hash: AA1159756406048FE3249F19D44677AB3F6DF82320F486A93F54997297D238DD48DB31
                Function 00D6E9D7 Relevance: 42.0, APIs: 28, Instructions: 43COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215B9
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: fb40e1b0776d0c0d0162172ace3598653799c9f7d28ad65752666a0be8126920
                • Instruction ID: 6e1f22185eb0e5f83fc8c93b3f4428082fc2a8975d1516320c34ce862a0faf77
                • Opcode Fuzzy Hash: fb40e1b0776d0c0d0162172ace3598653799c9f7d28ad65752666a0be8126920
                • Instruction Fuzzy Hash: 90C00254EA9A114BC1207F6045563BAF2FADF27701F98BA616A4E3305FAA02F5009439
                Function 00D6EAC0 Relevance: 40.6, APIs: 27, Instructions: 137COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 059aaad991da6e98c0f2fb89ce67e2cd20b1b8fa38751db307792f85dc5cab6b
                • Instruction ID: 339865a4916150110167ed8255ca0fe1e03bee9e3d24e6d6445a972b17a96d2d
                • Opcode Fuzzy Hash: 059aaad991da6e98c0f2fb89ce67e2cd20b1b8fa38751db307792f85dc5cab6b
                • Instruction Fuzzy Hash: F54128359483288FD710DF24E4946BAB3F7EFE1300F549A6AE455632C5D336EA09CB61
                Function 00D6EBA0 Relevance: 40.6, APIs: 27, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a7c777aa9bb1ecb14032e86d61ef223d212ad79dd079777e95776e809cea36c4
                • Instruction ID: d41b4bcd98a4480c4a5d0468af470172fad69cf7ba49e72c472b9279db8f3d4d
                • Opcode Fuzzy Hash: a7c777aa9bb1ecb14032e86d61ef223d212ad79dd079777e95776e809cea36c4
                • Instruction Fuzzy Hash: 71112C76B4832107D3305E6C94C4229F7D29F92314F2C5BA9D8676738BD266DD05C365
                Function 00D6EF63 Relevance: 40.6, APIs: 27, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4580b008e8356daa0636490526acafab6a2303adf062d548a020f20cd140cb72
                • Instruction ID: e37874b1822f65ad9d80135a93b12eea240a41212f27fecc10b1e69bee1f06ea
                • Opcode Fuzzy Hash: 4580b008e8356daa0636490526acafab6a2303adf062d548a020f20cd140cb72
                • Instruction Fuzzy Hash: 42110CB6E40B210BE7244F34C891371B7A29F93318F1C569DD9B72764AC566B806A370
                Function 00D6EC7C Relevance: 40.6, APIs: 27, Instructions: 72COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 19847deb77c7434c6b0d67c339517706fa2e3d74689923538859d97d31c2f99a
                • Instruction ID: e216e3db3e6fb91a408cf18de1583ca81bd0895679e52f2cf00193c26d3e9aa9
                • Opcode Fuzzy Hash: 19847deb77c7434c6b0d67c339517706fa2e3d74689923538859d97d31c2f99a
                • Instruction Fuzzy Hash: A701D435A483244BC730AF4C9080229F3E5EF92314F5C6D99D99B6724AE622F90487A5
                Function 00D6EB1C Relevance: 40.6, APIs: 27, Instructions: 70COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 5b656be4fedba32c572f532c9dab799fbc332b2035d0e333417ab7adf0409d47
                • Instruction ID: 01e21a77fcbc7192eaf31f041e58b0821d467f91e9d5ae84aa13bc0bd7efc0be
                • Opcode Fuzzy Hash: 5b656be4fedba32c572f532c9dab799fbc332b2035d0e333417ab7adf0409d47
                • Instruction Fuzzy Hash: 2C012B369043284FC230AF14E0842A5F3B3DF92300F49AA55D85E7325AD326FA08C6A4
                Function 00D6EFFE Relevance: 40.6, APIs: 27, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d43bbb73ab0a15effbdd3638410ebb0ee1c226ced8cf559f38785fa6ca1c7421
                • Instruction ID: 8a3f5d6e0c678057b0c87586987c8d65f5e47d830d3e90ed37803bcfe8e79126
                • Opcode Fuzzy Hash: d43bbb73ab0a15effbdd3638410ebb0ee1c226ced8cf559f38785fa6ca1c7421
                • Instruction Fuzzy Hash: B7F0B4B2E48B615BD7205F2480A5335E6E19F53304F5CB6A8D9962724BC626E80492B5
                Function 00D6EF25 Relevance: 40.6, APIs: 27, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: e3f22118d9a873a5c281ad9aabe6a386d907e792496cf003d9607b1a8418aac3
                • Instruction ID: c78ce7065799a3ee81ff11692d46f2e48e184443eb7e41013dcf990c4a42a198
                • Opcode Fuzzy Hash: e3f22118d9a873a5c281ad9aabe6a386d907e792496cf003d9607b1a8418aac3
                • Instruction Fuzzy Hash: 4DF02E28E8C716CF86246F58905517173B3AF73344BBCB5E1E4C727166E505D903D639
                Function 00D6EC08 Relevance: 40.6, APIs: 27, Instructions: 54COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: f11198a2dd30b041777eea7bf55816835f95002a27d8de93c6a71771de1b90fe
                • Instruction ID: d12516a01cb5d677205415545ed5bfd01c5d12dbd1483bdf234596606483663d
                • Opcode Fuzzy Hash: f11198a2dd30b041777eea7bf55816835f95002a27d8de93c6a71771de1b90fe
                • Instruction Fuzzy Hash: 35E08636B883154780203E98754103AF3B6DFA2354F687E74E84E6310AF942E50441B9
                Function 00D6ECE6 Relevance: 40.5, APIs: 27, Instructions: 49COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: ad479f99b6ccf76dd7b9498fc76f9ec55c5ea53ecdaa6d874371aa5ac368f3fe
                • Instruction ID: 290f6337ed5f05af24c02c1d41578c6956470284a7b0779c5aa2b701d2444ec0
                • Opcode Fuzzy Hash: ad479f99b6ccf76dd7b9498fc76f9ec55c5ea53ecdaa6d874371aa5ac368f3fe
                • Instruction Fuzzy Hash: EAE08630A493164BC6146F244095579F3F2DF17304F55BAA4D44EB300AE612F6058538
                Function 00D6EE8C Relevance: 40.5, APIs: 27, Instructions: 49COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 418c9f6d8360643c0586ae3e33143ac89b7637888d0f5d2afab86f1f66378935
                • Instruction ID: cfc18ef60e9340e9757c5f99357ea83817dd8566a34459b005248b350ec50bd9
                • Opcode Fuzzy Hash: 418c9f6d8360643c0586ae3e33143ac89b7637888d0f5d2afab86f1f66378935
                • Instruction Fuzzy Hash: D7E01228B493068B82147F5855A553AF3B7DF72300F5CFF64684AA750FFA12E5048179
                Function 00D6ED60 Relevance: 40.5, APIs: 27, Instructions: 46COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: f8765be74fa417df66237348eccf2a9dfac8ce8288f74754aa45bb8ca85f9e4e
                • Instruction ID: 7bdb263ae7046de6d125b8b067128e3e4f75d58dd05ea49edfd0f7a19833e2d1
                • Opcode Fuzzy Hash: f8765be74fa417df66237348eccf2a9dfac8ce8288f74754aa45bb8ca85f9e4e
                • Instruction Fuzzy Hash: A1E0E634DA870547C251BE64514607DF3F9DFA3340F54BB65E8457300AF712E1444635
                Function 00D6ECCC Relevance: 40.5, APIs: 27, Instructions: 44COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 2c0d1b593ae05a621f852af054b73bf23d7f743bfc4d7be2cff74e961be21094
                • Instruction ID: fd5d76b9ca47996a23b9606119d81d1139160f82946271b351ed867eb423296e
                • Opcode Fuzzy Hash: 2c0d1b593ae05a621f852af054b73bf23d7f743bfc4d7be2cff74e961be21094
                • Instruction Fuzzy Hash: 2FD0C934F957158740207E24559603AF3F6DF67310F95BE64E88F3360AEA03F8408579
                Function 00D6ED89 Relevance: 40.5, APIs: 27, Instructions: 44COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: bb211bef5449e18345a6823f2cb24e80c99b9c93d7ee475bac77c9d594abcdda
                • Instruction ID: 037a0db53094d1e995c9aff66daf7cd1fc659197dc9c84b11bf6ebcbb15e72a1
                • Opcode Fuzzy Hash: bb211bef5449e18345a6823f2cb24e80c99b9c93d7ee475bac77c9d594abcdda
                • Instruction Fuzzy Hash: 0CD0C929F9971587C0307EA4515223AF2F6DF67300F99BE68AC8E3320AE952F8008579
                Function 00D6EE40 Relevance: 40.5, APIs: 27, Instructions: 44COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215BE
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C3
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 2b169602e5bc5a17b242f2c383a689a24b6258e38de38e82ea17de0671338225
                • Instruction ID: 39226762572f846e283f28cabdbaf33f8a6d96c6bbfe47153e93af6f756f0882
                • Opcode Fuzzy Hash: 2b169602e5bc5a17b242f2c383a689a24b6258e38de38e82ea17de0671338225
                • Instruction Fuzzy Hash: FAD0C728F597158B8110BF94515107AF3B5DF6B300F9479A0ED4A7320AEA51F5019539
                Function 00D6F200 Relevance: 37.7, APIs: 25, Instructions: 171COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0a8cf30173573f56b21499809b483dcb71d5a6cca76dc0967ae9fed31ab29d55
                • Instruction ID: 2284d67f3d42f1a3a105d55e43ef83f666d074101d46904b749ba847db2a153a
                • Opcode Fuzzy Hash: 0a8cf30173573f56b21499809b483dcb71d5a6cca76dc0967ae9fed31ab29d55
                • Instruction Fuzzy Hash: 42518F759087818FD310CF18D480B6ABBE1BFDA314F059AADE9D497322D774E984CB52
                Function 00D6F360 Relevance: 37.6, APIs: 25, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ee281104127be487de584299145326e236adef80ca9f4e09af07be3e89766185
                • Instruction ID: 24740082ca906e71a14d593af8af754e4bc8fc1b02f17bbb9034768cf6b00871
                • Opcode Fuzzy Hash: ee281104127be487de584299145326e236adef80ca9f4e09af07be3e89766185
                • Instruction Fuzzy Hash: 8E21D572A087418FC710CF28D4803AABBF1FF8A318F195968EC99A7256D735F905CB51
                Function 00D6F438 Relevance: 37.6, APIs: 25, Instructions: 84COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3faa3922a24a93764c693583c58d5511085700e52348c367c3c1c73ef2a590a4
                • Instruction ID: 9383ccad46d9713f8c44250d93909b3e2d37db463eeffe3acc2ce3fb6b896ea7
                • Opcode Fuzzy Hash: 3faa3922a24a93764c693583c58d5511085700e52348c367c3c1c73ef2a590a4
                • Instruction Fuzzy Hash: 2E216375A087408FD711DF18E04476ABBE0FF9A324F5859B9D8C9A7256C732F940CB62
                Function 00D6F400 Relevance: 37.6, APIs: 25, Instructions: 62COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215C8
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,?,?,00E21277), ref: 00E215CD
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D2
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 7ca9a59fcd3cc508483212bbd637231eb76bed888663df35bb7fead2d956e838
                • Instruction ID: c4cee6d7fb925531de71d9a09601b8a73d69d5e329fdd5f0cbfc917897c12bb6
                • Opcode Fuzzy Hash: 7ca9a59fcd3cc508483212bbd637231eb76bed888663df35bb7fead2d956e838
                • Instruction Fuzzy Hash: 29018675A483008FC710DF24D480369BBF1EF9A328F1866A9DC8D67257C632E541CB25
                Function 00D6F5D0 Relevance: 34.6, APIs: 23, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: febf2c257a2f7422b4d883feb2c8fe55f0b78347a3adb6708e6a81c1c6f6b745
                • Instruction ID: 0a61c829d308857f107443afd76a161ae99103abd254b44c5364601013dfa341
                • Opcode Fuzzy Hash: febf2c257a2f7422b4d883feb2c8fe55f0b78347a3adb6708e6a81c1c6f6b745
                • Instruction Fuzzy Hash: B3F0C8B0D082510FE720AF74B4C437676E0AF57318F4875F5D9495B10BE566E8848BB5
                Function 00D6F640 Relevance: 33.1, APIs: 22, Instructions: 128COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215D7
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 54a2ff9cce036c2ff42472b4025a2dd9ba33ca266295365fadd19cbe63738217
                • Instruction ID: b23292b2323bd61633d8d01b74cc92ff92b9c8d9d760b56f57d55af7b8c744e0
                • Opcode Fuzzy Hash: 54a2ff9cce036c2ff42472b4025a2dd9ba33ca266295365fadd19cbe63738217
                • Instruction Fuzzy Hash: 6531F472D046198BCB108FACE8803EDF7F2EF4A314F545266E954EB366D331A846CB64
                Function 00D70A90 Relevance: 31.9, APIs: 21, Instructions: 430stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00E1E4CA,?,?,00D71199), ref: 00D70B30
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID:
                • API String ID: 39653677-0
                • Opcode ID: 17dca7b0c2aadfe5937ef3742f794ba4fee9f55e43383e3c737d58933cbedc02
                • Instruction ID: 745a37ba6347e1edc1d08454c1a0d6c01d4cf76b70ad1280cf0d23c2e1ae2ad1
                • Opcode Fuzzy Hash: 17dca7b0c2aadfe5937ef3742f794ba4fee9f55e43383e3c737d58933cbedc02
                • Instruction Fuzzy Hash: D7F1C2719087518FD721CB28C044765FBE1AF85318F1DC79AE8AC9B2D2E331E989D7A1
                Function 00D70050 Relevance: 31.6, APIs: 21, Instructions: 128COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215DC
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E1
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: a0287f6b1a3b2c3393fc34bacda1124b8811d3911cf9974e1893e851990bd6f0
                • Instruction ID: 32ada72a85e38079dda9be8300a7dd41f2ec04e6cd6b8f14e2232ace3ebab2a8
                • Opcode Fuzzy Hash: a0287f6b1a3b2c3393fc34bacda1124b8811d3911cf9974e1893e851990bd6f0
                • Instruction Fuzzy Hash: 6831E472D00219CBCB108F6CD8807D9FBF6EF49354F54821AE958FB296E331A846CB64
                Function 00D71160 Relevance: 28.6, APIs: 19, Instructions: 95COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 00D70A90: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00E1E4CA,?,?,00D71199), ref: 00D70B30
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215E6
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215EB
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F0
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort$strlen
                • String ID:
                • API String ID: 2656325428-0
                • Opcode ID: cb650d4f29d469508eced86296cdd3ebf4adb059fe6b1b0e90f426c5d4fb925d
                • Instruction ID: 94731df136a17ea4c462d65b2fe26c847bc987a2088fcfafe15fe3f00ba0c241
                • Opcode Fuzzy Hash: cb650d4f29d469508eced86296cdd3ebf4adb059fe6b1b0e90f426c5d4fb925d
                • Instruction Fuzzy Hash: 8E311CE060D3C0DEE711DB2AA944B157FD15BA2308F0C55BDDA84AB292D7B7840DC73A
                Function 00D71290 Relevance: 27.1, APIs: 18, Instructions: 115COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID:
                • API String ID: 39653677-0
                • Opcode ID: c4d82750410f7af69b19b99438b7b3808aabc0a9ec8603860207d14a03e220de
                • Instruction ID: a2052a503abcd38877d88fa67af481f77e2ad883eb6c664300e5ab558d9a168a
                • Opcode Fuzzy Hash: c4d82750410f7af69b19b99438b7b3808aabc0a9ec8603860207d14a03e220de
                • Instruction Fuzzy Hash: 7531F474B083018FE7209F29D48072AB7E1EFC5304F08DA6DE84D9B206E735D844CB65
                Function 00D713D0 Relevance: 25.6, APIs: 17, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID:
                • API String ID: 39653677-0
                • Opcode ID: 9f8b4d8b1f2a8a8bc210c36fc57fcb52bcda4bebed22a587414eff93fb5009b3
                • Instruction ID: 8a700fd979e72721d2594914c96a5fedd6506aee88ac0ffbd255e84afeadc4e6
                • Opcode Fuzzy Hash: 9f8b4d8b1f2a8a8bc210c36fc57fcb52bcda4bebed22a587414eff93fb5009b3
                • Instruction Fuzzy Hash: 08413CB4A083028FD714DF19D58071ABBE0EFC9714F18CA6DE88C97351E775D9448BA2
                Function 00D71540 Relevance: 24.0, APIs: 16, Instructions: 41COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215F5
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 992e8b256ffc271c40946b83adc82906a8b8b88f0a672c6a3bfb883f03214b6d
                • Instruction ID: b7f3f4cc63caf33c37ec9aab95fd02ac7cf298cb5945c98a72543726b6c3119a
                • Opcode Fuzzy Hash: 992e8b256ffc271c40946b83adc82906a8b8b88f0a672c6a3bfb883f03214b6d
                • Instruction Fuzzy Hash: 4BF0A770E083824BD220FF188145238B6F29FA3304F98B6E4E8092714BEA22E405C27A
                Function 00D71588 Relevance: 22.5, APIs: 15, Instructions: 45COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FA
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E215FF
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(00D7180B), ref: 00E21604
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: e79c96672b49b6619ab93d895bc324afa552a7877040907c10c7ac1f43d9880a
                • Instruction ID: d0d19770aadbc69f08a6d5b885f8799c23c7bd1d0e2e5ffbfbe8f7dad5ed7a51
                • Opcode Fuzzy Hash: e79c96672b49b6619ab93d895bc324afa552a7877040907c10c7ac1f43d9880a
                • Instruction Fuzzy Hash: 83F096B49443824BD724EF289145339B7F1AF93300F8865E4D84927207E626E449C776
                Function 00D71980 Relevance: 21.1, APIs: 14, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4408fbcfea30fda08f695f1d08be0af241228c8f96435562a1de3a25aa1bc106
                • Instruction ID: 890d616e16f4063cf7fe67a71fdd80304a1839fc0c7278eded849fd6db971d99
                • Opcode Fuzzy Hash: 4408fbcfea30fda08f695f1d08be0af241228c8f96435562a1de3a25aa1bc106
                • Instruction Fuzzy Hash: 9F112179D0021C9BCB14EF54C8819EEB7B5EF45350F10D5A9AD0D67305EA31EE45CAB1
                Function 00D71A20 Relevance: 19.6, APIs: 13, Instructions: 77COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 638f449c4ba0f6c23781f449668da5854df453fb750d420019999d9d3e6764a4
                • Instruction ID: 25d8f485d3e1703a86c932f41142b7a51d753fc5a2348a5cb5ee5fa0a02da26d
                • Opcode Fuzzy Hash: 638f449c4ba0f6c23781f449668da5854df453fb750d420019999d9d3e6764a4
                • Instruction Fuzzy Hash: 4A21FC78A0021D9BCF14EF64C8819EEB7B5EF45354F14D5A8ED0CA7302EA30AE458BA0
                Function 00D71CC0 Relevance: 18.0, APIs: 12, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2160C
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21611
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21616
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2161B
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21620
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21625
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 4a8384076a6fe86f807140f963fd8e67438e3ae5410e6d9bf2b20735e6759f50
                • Instruction ID: 7749d8cccb59085e9822342322146ad0df12567a14c2badac5ee3a3aaf2ae108
                • Opcode Fuzzy Hash: 4a8384076a6fe86f807140f963fd8e67438e3ae5410e6d9bf2b20735e6759f50
                • Instruction Fuzzy Hash: BEF055736400044F8210AE1CE8428B273F9DF93324B58A3A2F41CDB296E516E8078274
                Function 00D72290 Relevance: 16.6, APIs: 11, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID:
                • API String ID: 39653677-0
                • Opcode ID: 714c13318a09d7a5f9cb5406f263d5207e05095718e44e74fb4b4b2576c0c22f
                • Instruction ID: 556074549b9dd54be2297f6aac999bd85764d7d7463e9e06336d8676ee964a66
                • Opcode Fuzzy Hash: 714c13318a09d7a5f9cb5406f263d5207e05095718e44e74fb4b4b2576c0c22f
                • Instruction Fuzzy Hash: FC11A0319056459FCB20AF24C88167AB3B6EF95304F99D529EC4D5B206F621E841CBB2
                Function 00DF0ED0 Relevance: 15.2, Strings: 12, Instructions: 159COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: Auth$Auth$Auth$Genu$Genu$Genu$ault$defa$rand$rdra$rdrn$rdse
                • API String ID: 0-3498459026
                • Opcode ID: 43120c141cd0f59d3a13c68b018f74e00a2b7c10618c910f6db22b9ad7e6305f
                • Instruction ID: b7195d25042452198b0dce9e27378924d6e8e8229fc931d18c274f4512a3e430
                • Opcode Fuzzy Hash: 43120c141cd0f59d3a13c68b018f74e00a2b7c10618c910f6db22b9ad7e6305f
                • Instruction Fuzzy Hash: 65412975A05346CBFB318B68E9C077266A2BF41364FAAC43AC245DB386C635DCD1C261
                Function 00D72330 Relevance: 15.1, APIs: 10, Instructions: 144COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6da20c44175d49435569ded6a60036eb15a7abe1cb4ebc486d413c0b1699f1f3
                • Instruction ID: f116e1d552188828a8fa7cc8d4ead4dd95fc1ebd9a0dfe5d71c50c66ab272a8f
                • Opcode Fuzzy Hash: 6da20c44175d49435569ded6a60036eb15a7abe1cb4ebc486d413c0b1699f1f3
                • Instruction Fuzzy Hash: AE418F746083568FD720DE18C48067AB7E1EBA5318F18C92DE8D89B355F334D94A8BB2
                Function 00D98970 Relevance: 13.8, APIs: 7, Strings: 2, Instructions: 250stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D9899A
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D98A0A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID: basic_string: construction from null is not valid$basic_string: construction from null is not valid
                • API String ID: 39653677-1250104765
                • Opcode ID: e7bd84f0959a6b624fba5b3ba26fd8ec2a00701f1ba0efe8888c92fbd3c5fc5b
                • Instruction ID: 9ca36b910cf7c14205cd0345b38ad3ee413c32eb86f252fd062df5f6fb33a6d3
                • Opcode Fuzzy Hash: e7bd84f0959a6b624fba5b3ba26fd8ec2a00701f1ba0efe8888c92fbd3c5fc5b
                • Instruction Fuzzy Hash: 9A818EF1A053148FCB10BF28D48545AFBE1FF55710F0A896EE8889B315E631D985CBA2
                Function 00D72508 Relevance: 13.6, APIs: 9, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3027d383c3d660bf85bfa5b2407c193b37435ca8a168f8b79128040ab73d990f
                • Instruction ID: 4d953932a9966b67d9fa6285cff70a6e5e6f4260da644d431c1228ad31e19525
                • Opcode Fuzzy Hash: 3027d383c3d660bf85bfa5b2407c193b37435ca8a168f8b79128040ab73d990f
                • Instruction Fuzzy Hash: C711E0709082558FCB14AF19C8A02BBB3B6EB95320F58D929E99C43345F232EC41CBB1
                Function 00DC3510 Relevance: 12.7, APIs: 6, Strings: 2, Instructions: 703COMMON
                Download Yara Rule
                APIs
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DC3656
                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DC366D
                  • Part of subcall function 00E18B60: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00E18B75
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memchrmemcpysetlocale
                • String ID: .$6
                • API String ID: 4291329590-4089497287
                • Opcode ID: a066aa50a05d63542132c7006530105f77e4b41a8658bac167e1a9238dc99713
                • Instruction ID: 8172eb98876a4a1a165587ae618585ecf855cb1cc1add69d614189d9ac97461f
                • Opcode Fuzzy Hash: a066aa50a05d63542132c7006530105f77e4b41a8658bac167e1a9238dc99713
                • Instruction Fuzzy Hash: F152F5759047599FCB04DF69C080A9EBBF1AF88314F148A2EE898A7351D734E945CBA1
                Function 00D614C0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: AddressProc$HandleLibraryLoadModule
                • String ID: __deregister_frame_info$__register_frame_info$libgcc_s_dw2-1.dll
                • API String ID: 384173800-1835852900
                • Opcode ID: 7c998c830140ab5a7f37ab11bac88dc843dc783105c3c9c4b99722db53806d24
                • Instruction ID: 5178ae6ef2210dd9ecc91cf3c18d7c3a1650faa652a1a10b4dad8922db1f74ff
                • Opcode Fuzzy Hash: 7c998c830140ab5a7f37ab11bac88dc843dc783105c3c9c4b99722db53806d24
                • Instruction Fuzzy Hash: 23015EB58093148FC7107F69AA0A91EBFF4AB80311F09583DD499A7301E7718409CBA3
                Function 00D737D0 Relevance: 12.1, APIs: 8, Instructions: 140COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aeaedc6d300533d5e6f233a3b9c7cedd32884239e7933dacd691cc4e98813af9
                • Instruction ID: 5adc65f48e87e1e1322401ec488c33f21f94f9f679f203ec427f1c2d35e3ef24
                • Opcode Fuzzy Hash: aeaedc6d300533d5e6f233a3b9c7cedd32884239e7933dacd691cc4e98813af9
                • Instruction Fuzzy Hash: D6515DB5A097059FC710EF25C58065ABBF5FF84304F09C92DE8899B301EB31E945DBA2
                Function 00D725A2 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b0d9a30435ad1a8d5ac5afd4f68577d2d8bf968d8fc72f376cec5b77a4c883f
                • Instruction ID: e138d49d6dccbab2b4db2acb2e8b76f60f3c13cf6a84592fcab3a536d09e94a8
                • Opcode Fuzzy Hash: 5b0d9a30435ad1a8d5ac5afd4f68577d2d8bf968d8fc72f376cec5b77a4c883f
                • Instruction Fuzzy Hash: 6B11B675A042558FCB14DF24C4907BFF3E1EB54314F499A1AE88A53255E630FD89CBA1
                Function 00D72CF0 Relevance: 10.9, APIs: 7, Instructions: 360COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 005e0942c14e6959d161ceeac61893201f9d43e87ba0fe53c0003680f812d30f
                • Instruction ID: d1dd010db549b70e86bf82e44cf5f1a0efad2c65b478b8b63335eb096248948c
                • Opcode Fuzzy Hash: 005e0942c14e6959d161ceeac61893201f9d43e87ba0fe53c0003680f812d30f
                • Instruction Fuzzy Hash: CAD18B316047458BCB14DF19C48066AB7E2FF94354F58CA2DE89DAB315F770EE068BA2
                Function 00D8CD00 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 212stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D8CD26
                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D8CD49
                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D8CDBF
                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D8CE31
                  • Part of subcall function 00E1FC60: strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E1FC6E
                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D8CEC5
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcmp$strlen
                • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                • API String ID: 3738950036-1697194757
                • Opcode ID: 5675d01933872c2947043d6ac10519d2667c71c850ae17ad02df1962ac2fe312
                • Instruction ID: a7d84fdd1ad5e44c5df275279029059ffb1d91c9d6de0ecc14afacd7e21fb36f
                • Opcode Fuzzy Hash: 5675d01933872c2947043d6ac10519d2667c71c850ae17ad02df1962ac2fe312
                • Instruction Fuzzy Hash: DA6141716093059FC700AF29C8C581AFBE5AFC8B54F54A93DF88997310E371E880DBA6
                Function 00D72740 Relevance: 9.2, APIs: 6, Instructions: 181COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1bfcda72ef934a6a4d44c35e4c5c1534c932c01864a41b0dcc2f5ad11e4b4b9
                • Instruction ID: 3ff03aec8001a5ccade73c1d5274e51ae28a469fda951abf032c0152a6804cc8
                • Opcode Fuzzy Hash: e1bfcda72ef934a6a4d44c35e4c5c1534c932c01864a41b0dcc2f5ad11e4b4b9
                • Instruction Fuzzy Hash: AE6156749083858FD720DF29C08067ABBE1EF98354F48C95AE88C9B216F331D9468B67
                Function 00D728DC Relevance: 9.0, APIs: 6, Instructions: 18COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162A
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E2162F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21634
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21639
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: a560a880d5f3523c4625205781b8947505d385abf2560b3464a7ea7cb0e760f7
                • Instruction ID: 3df9945e05a443d3b4b244f85eb8bf64d853d79c83fa89b66ad25844bb5f2207
                • Opcode Fuzzy Hash: a560a880d5f3523c4625205781b8947505d385abf2560b3464a7ea7cb0e760f7
                • Instruction Fuzzy Hash: 90D0EA25E45A168A44207BB8410607DB2F7DF32300B99F5A66C5E6340E7E13F402547B
                Function 00D729C0 Relevance: 7.7, APIs: 5, Instructions: 228COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7ac09b7640bb7cb7c4762ae791983240fb38dbb01ff0f17f2248118ca013eef8
                • Instruction ID: 1bc96d033935f6e2e8df496477271d3f42d38991ceafb5f8d3df874af1c32e78
                • Opcode Fuzzy Hash: 7ac09b7640bb7cb7c4762ae791983240fb38dbb01ff0f17f2248118ca013eef8
                • Instruction Fuzzy Hash: 17816C756083448FD720DF29C48167AF7E1EF98304F48CA6EE89D9B219F630D9468B66
                Function 00DC5290 Relevance: 6.6, APIs: 2, Strings: 2, Instructions: 614COMMON
                Download Yara Rule
                APIs
                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DC53D7
                  • Part of subcall function 00E18B60: setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00E18B75
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memchrsetlocale
                • String ID: .$6
                • API String ID: 3596956032-4089497287
                • Opcode ID: 2564d9f7c1cd79ea82b35c2fb3f4b97fc3ec791d8440c67f46ac11126dc3de1d
                • Instruction ID: 3b48edfa67ae5e6ec3fcdf9148ca9c499409d9cee9ebcd6e29608832dffbec34
                • Opcode Fuzzy Hash: 2564d9f7c1cd79ea82b35c2fb3f4b97fc3ec791d8440c67f46ac11126dc3de1d
                • Instruction Fuzzy Hash: 184209B590471A8FCB00DF69D48099EBBF0FF88304F058A2EE899A7355D734E945CBA1
                Function 00D8BCA0 Relevance: 4.8, APIs: 1, Strings: 2, Instructions: 309COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D8BCD2
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                • API String ID: 4088430540-1697194757
                • Opcode ID: 08c404ed9771ab0bceadf1a2e7c20ea2c885a3e37df89cb7d425680fa23f1ee2
                • Instruction ID: 70e7485e9320d6533beec9fa632d044c3a593d78265bab42d7ddab6a7512be21
                • Opcode Fuzzy Hash: 08c404ed9771ab0bceadf1a2e7c20ea2c885a3e37df89cb7d425680fa23f1ee2
                • Instruction Fuzzy Hash: 9181AF72A042098FC310EE2DD8C045BF7E2EBD4760F58892EE98997314D371EC858BA6
                Function 00E1C600 Relevance: 4.7, APIs: 2, Strings: 1, Instructions: 235COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E1C61D
                  • Part of subcall function 00E051F0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(00000000,?,?,00DAABCE), ref: 00E0522F
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpywcslen
                • String ID: basic_string::append
                • API String ID: 982415701-3811946249
                • Opcode ID: 684a94635385aafefaa1e24f029d95c225a63188663f2e1b6058e96205b85869
                • Instruction ID: ff1e02388170e4bacd08a914a7ea0582158f4ee5f4b567327e5128fd8bbb8ec4
                • Opcode Fuzzy Hash: 684a94635385aafefaa1e24f029d95c225a63188663f2e1b6058e96205b85869
                • Instruction Fuzzy Hash: 51815EB5A046048FCB00EF69C58559EFBF5FF88310F049A6DE899AB345E734D845CBA2
                Function 00D73590 Relevance: 4.6, APIs: 3, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cc4d083473ac4083813a7b84172a84d38794973faee8cfa6c62be5216808910f
                • Instruction ID: 40836274b52b0f9113206b5865d22c0d4e647e6b34ae4df2686baf296d47def9
                • Opcode Fuzzy Hash: cc4d083473ac4083813a7b84172a84d38794973faee8cfa6c62be5216808910f
                • Instruction Fuzzy Hash: AA417F717093118FC721AF69D58062AF7E5EF90740F18C96DD8889B305E772EE069BB2
                Function 00D9AC70 Relevance: 4.6, APIs: 2, Instructions: 2108stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D9AD51
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D9D7FE
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID:
                • API String ID: 39653677-0
                • Opcode ID: 31dc09c2b36bca90a135b5247ab38a3b0941ba6fca9b1a43f7f366b6b8572e24
                • Instruction ID: 1bc9ff6c82cbd7b4a3f6da4ae8bde36b4d3ee5563c5b1d56e161b82b22606c61
                • Opcode Fuzzy Hash: 31dc09c2b36bca90a135b5247ab38a3b0941ba6fca9b1a43f7f366b6b8572e24
                • Instruction Fuzzy Hash: 7C134E75A083558FCB20CF29C5847AABBF2BF99310F184A99E4A997391D730DD44CF62
                Function 00DDFD30 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 92COMMON
                Download Yara Rule
                APIs
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DDFD88
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DDFE01
                  • Part of subcall function 00DE1870: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DE18F6
                  • Part of subcall function 00DE1870: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DE1933
                Strings
                • basic_string::_M_replace_aux, xrefs: 00DDFDB0
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpy$memset
                • String ID: basic_string::_M_replace_aux
                • API String ID: 438689982-2536181960
                • Opcode ID: 76ea389839f57e694c4c1b35cbc11d40844320803906703042372409eb2ebbbe
                • Instruction ID: 9660ba6ef1cfef9244821f772248176594c7cf993f696fe2450289825285f105
                • Opcode Fuzzy Hash: 76ea389839f57e694c4c1b35cbc11d40844320803906703042372409eb2ebbbe
                • Instruction Fuzzy Hash: 63215E72A093109FC300AF1DD88145EFBE5EB85754F998A6EF88897312D2319854CBA2
                Function 00D94E60 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D94E7D
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D94ECD
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID: basic_string: construction from null is not valid
                • API String ID: 4088430540-2991274800
                • Opcode ID: d3eedd385f3b4d0b5f74200f3f9e1e675d42b2c0ba88927e21343ba6b8ff9d72
                • Instruction ID: de68a71773ed293e72b4b2faa7c4c5a90ec4d54be07ffd1812836b3d6aa76b2c
                • Opcode Fuzzy Hash: d3eedd385f3b4d0b5f74200f3f9e1e675d42b2c0ba88927e21343ba6b8ff9d72
                • Instruction Fuzzy Hash: 0C1160B19053248BCB10BF28C08586AB7F4BF45314F06596DE8CCAB312E235DD85CBA5
                Function 00D95310 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D9532D
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D9537D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID: basic_string: construction from null is not valid
                • API String ID: 4088430540-2991274800
                • Opcode ID: d3eedd385f3b4d0b5f74200f3f9e1e675d42b2c0ba88927e21343ba6b8ff9d72
                • Instruction ID: aa0d8a771ab88632735122808dbe1b75d347f763944750363d6c5bdcfad095f8
                • Opcode Fuzzy Hash: d3eedd385f3b4d0b5f74200f3f9e1e675d42b2c0ba88927e21343ba6b8ff9d72
                • Instruction Fuzzy Hash: 2C1160B19053248BCB11BF28C08586AB7F4AF45310F06596DE8CDAB315E236DD85CBA5
                Function 00DA0A70 Relevance: 4.4, APIs: 2, Instructions: 1860COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DA0B53
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DA2F29
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID:
                • API String ID: 4088430540-0
                • Opcode ID: 35c3296693979bd4f036f17078d1c3ac0ae0cf9f7e40f108956146ed12c451de
                • Instruction ID: 442c7a8ca21072fd953ec6ca809ceb9cf1d97999568d9987aee00944f475f7ac
                • Opcode Fuzzy Hash: 35c3296693979bd4f036f17078d1c3ac0ae0cf9f7e40f108956146ed12c451de
                • Instruction Fuzzy Hash: 6EF25A74A083548FCB24DF29C4846AEBBF2BF9A300F188959F88997351D774DD85CB62
                Function 00DB5F40 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 886COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memset
                • String ID: -
                • API String ID: 2221118986-2547889144
                • Opcode ID: c7db4e87394dff83fd7a30cc75cb67dd5e1ca0a5af2ccaad413ea57e0ee89169
                • Instruction ID: 348f42728eb97cf077617fd411ae897508b4e88db93d0602c683dbaae9bee14f
                • Opcode Fuzzy Hash: c7db4e87394dff83fd7a30cc75cb67dd5e1ca0a5af2ccaad413ea57e0ee89169
                • Instruction Fuzzy Hash: 82828F74A04258DFCF10DF68D4906EDFBF2AF49310F188659E896AB382D739E945CB60
                Function 00D7E8A0 Relevance: 3.8, Strings: 3, Instructions: 32COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: GetSystemTimePreciseAsFileTime$GetTickCount64$kernel32.dll
                • API String ID: 0-436723696
                • Opcode ID: b52a71277fd6bae700c769ab432bd69640bb79e78b275b9d382cc56e142aff4f
                • Instruction ID: a04c3f6a45f680bebf03e64f2101338f0f64a4995a1e1d3609cac6ddada7d5ec
                • Opcode Fuzzy Hash: b52a71277fd6bae700c769ab432bd69640bb79e78b275b9d382cc56e142aff4f
                • Instruction Fuzzy Hash: E7F0B6B49182449FCB04EF6AED45918BBF0FB45309F419579E468E7360E3319D09CF01
                Function 00D643C0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 641COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: decltype(nullptr)
                • API String ID: 0-1940065048
                • Opcode ID: 500350ddbfec766da2594b18f0b5e1ed2338be3d340f2c003f63117732a23d18
                • Instruction ID: c5deb8911d8bad887d833d8c3d38b231f8cbce2c9afa7dce5063def033006990
                • Opcode Fuzzy Hash: 500350ddbfec766da2594b18f0b5e1ed2338be3d340f2c003f63117732a23d18
                • Instruction Fuzzy Hash: 2622C2B0B086814FDB649E78D885366BBD39B42310F5CC57AD48A8B387D739DC858BB1
                Function 00D98E40 Relevance: 3.3, Strings: 2, Instructions: 790COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID: *$c
                • API String ID: 39653677-4022913888
                • Opcode ID: aa00960d011c9405636fea538b1af2ad4ce2be45d372e455365c07370841e03e
                • Instruction ID: 6b69b8089c02560f9c7c43921d49842a67fb4ac578c3ac7e2a172bc91b806d4f
                • Opcode Fuzzy Hash: aa00960d011c9405636fea538b1af2ad4ce2be45d372e455365c07370841e03e
                • Instruction Fuzzy Hash: 66623A746083418FCB20CF2DC49466AFBE1BF86360F548A6DE5A98B3A1D731DC45CB62
                Function 00D9ED90 Relevance: 3.2, Strings: 2, Instructions: 666COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID: *$c
                • API String ID: 4088430540-4022913888
                • Opcode ID: d06ed1cdfc020f5c5d08aa222f41c482d0266b2caa5875b42db221238eef43d4
                • Instruction ID: 7f1ac4c89a8363d1ba9ee1e442bd983a23c50ca397ae6faef47be89a5011839c
                • Opcode Fuzzy Hash: d06ed1cdfc020f5c5d08aa222f41c482d0266b2caa5875b42db221238eef43d4
                • Instruction Fuzzy Hash: 484238756083419FCB64DF29C480A2ABBF2BF85300F54896DF999CB3A1D735E845CB62
                Function 00DDFB80 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 49COMMON
                Download Yara Rule
                Strings
                • basic_string::_S_construct null not valid, xrefs: 00DDFC00
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: basic_string::_S_construct null not valid
                • API String ID: 0-290684606
                • Opcode ID: 418e886558d2e8831fdf399ade41685656ee3ce70efc623410d6fbfad65037c7
                • Instruction ID: cded0b9c91dc51cb15e5f053040c69fd2bf7864f3d5bc2e94cfb9cc11670e5fb
                • Opcode Fuzzy Hash: 418e886558d2e8831fdf399ade41685656ee3ce70efc623410d6fbfad65037c7
                • Instruction Fuzzy Hash: F3019AB15093409BC310AF6AC09162BFFE4EF91350F9A986EE8CE47302C235D844CBB2
                Function 00D94DF0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 33COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D94E0D
                Strings
                • basic_string: construction from null is not valid, xrefs: 00D94E30
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID: basic_string: construction from null is not valid
                • API String ID: 4088430540-2991274800
                • Opcode ID: 61bafec6aadc0ed4ecff662a1258be9effe2faf5152618c37ea0e806bf23d794
                • Instruction ID: dd7c1481cff62a881ce6611b60cdca707a9c64048aee66538d27038b9b122036
                • Opcode Fuzzy Hash: 61bafec6aadc0ed4ecff662a1258be9effe2faf5152618c37ea0e806bf23d794
                • Instruction Fuzzy Hash: 26F05EB19153148FCB00FF28C08185AB7F4BF55314F0658ADE8C8AB316E232ED86CB95
                Function 00D952A0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 33COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D952BD
                Strings
                • basic_string: construction from null is not valid, xrefs: 00D952E0
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID: basic_string: construction from null is not valid
                • API String ID: 4088430540-2991274800
                • Opcode ID: 61bafec6aadc0ed4ecff662a1258be9effe2faf5152618c37ea0e806bf23d794
                • Instruction ID: c52ff6df85056069bf136bd5cc8d890d4315f15af4e768aadfdf6a47b8bb74aa
                • Opcode Fuzzy Hash: 61bafec6aadc0ed4ecff662a1258be9effe2faf5152618c37ea0e806bf23d794
                • Instruction Fuzzy Hash: D2F05EB19053148FCB00FF28C08185AB7F4BF55310F0658ADE8C8AB316E232ED89CB95
                Function 00D73789 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21640
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-0000000B,?,00000000,?,00D72248), ref: 00E21645
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: 9493f8d091f09c6bfbcea887540c7fc36073f080c5c696d717b73eb1cc78a0ed
                • Instruction ID: b59cd82e29c74c0d0e8ff0d53276d39e8b0c4d85ab624040c1906855a0504846
                • Opcode Fuzzy Hash: 9493f8d091f09c6bfbcea887540c7fc36073f080c5c696d717b73eb1cc78a0ed
                • Instruction Fuzzy Hash: 34E012B58093018EC3107F64860637EB5F5AF91344F88A86CD8CC37102FB76A5045777
                Function 00D9BBD8 Relevance: 2.9, Strings: 2, Instructions: 388COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: *$c
                • API String ID: 0-4022913888
                • Opcode ID: 977944e241251efd95638e4f01da5e8ed8d5da079c4b06e95c3514907b14010e
                • Instruction ID: 2830f959868cabb1dcca06dd9a7e9dc4540d00e8f552dc8fde40bdb1515b92c1
                • Opcode Fuzzy Hash: 977944e241251efd95638e4f01da5e8ed8d5da079c4b06e95c3514907b14010e
                • Instruction Fuzzy Hash: FB027F70A0426A8FCF35CF28C4947A9BBF1BF59310F1886E9D49997291D7309E84DFA1
                Function 00D65070 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: std$string literal
                • API String ID: 0-2980153874
                • Opcode ID: 10cc3660fc2eedd6e8b22a2d833afa6774cf181b29064d41dd9e6d526fbc416f
                • Instruction ID: 409f2b6ecf0c267d40ce5d304e58212f818e7e44ba8f5287e668e44437d2668b
                • Opcode Fuzzy Hash: 10cc3660fc2eedd6e8b22a2d833afa6774cf181b29064d41dd9e6d526fbc416f
                • Instruction Fuzzy Hash: 6BB1B0B0604B058FDB14CF29E890366B7E2EF45300F5886A9D8498F35EE779D9858BB4
                Function 00D8CBE0 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
                Download Yara Rule
                Strings
                • basic_string::substr, xrefs: 00D8CC38
                • %s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00D8CC40
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::substr
                • API String ID: 0-3532027576
                • Opcode ID: 6cfa87cbbbd980b3fc8b6a3f67e2862fff5e990c6346583255141dbae866e832
                • Instruction ID: 57f23c37b2f9dd1e67b853bdfbed1c4a4b6c6fed8da1bcdb8ad6adb5ee6394ac
                • Opcode Fuzzy Hash: 6cfa87cbbbd980b3fc8b6a3f67e2862fff5e990c6346583255141dbae866e832
                • Instruction Fuzzy Hash: 4D01F6B1A0A3409FC744DF69D881A5AFBE0BBC9760F14E96EF488D7300C234D8809B96
                Function 00D97010 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
                Download Yara Rule
                Strings
                • %s: __pos (which is %zu) > this->size() (which is %zu), xrefs: 00D97070
                • basic_string::substr, xrefs: 00D97068
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::substr
                • API String ID: 0-3532027576
                • Opcode ID: 5ae80f26f225f4fd9bb06df8344f2d72f84ec71d2b97656d446e632f13c8d9ee
                • Instruction ID: 1ec7b3fcae99ee7696cae3452d4def31c07147115694995838503c35ee4e0842
                • Opcode Fuzzy Hash: 5ae80f26f225f4fd9bb06df8344f2d72f84ec71d2b97656d446e632f13c8d9ee
                • Instruction Fuzzy Hash: 160178B0A182008BCB04EF2CC48082AFBF5FBD9314F5099ADE48CAB301D631D846CB96
                Function 00DCA100 Relevance: 2.5, APIs: 1, Instructions: 1278stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DCA2BE
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID:
                • API String ID: 39653677-0
                • Opcode ID: f46be3fff39908ced301ebf77e033a778ab0781445f73e0f908240903b86fcda
                • Instruction ID: a404e54e1f793ea791f9bd511a113896834ef35f00f6e5f69846416e0a155347
                • Opcode Fuzzy Hash: f46be3fff39908ced301ebf77e033a778ab0781445f73e0f908240903b86fcda
                • Instruction Fuzzy Hash: C2B24B7460839A8FCB20CF6CC484B5ABBF1AF85324F598A5DE4A59B391D730DC45CB62
                Function 00DCE9E0 Relevance: 2.4, APIs: 1, Instructions: 1177COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DCEC19
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID:
                • API String ID: 4088430540-0
                • Opcode ID: ffc01a5e1c1d01b95b9bb66c541e6e82d4ea7a254f982e1353d4b03bc7f278e2
                • Instruction ID: dd39a900ec19a43a2f9b87104338f2af45fa236e96898463e2858876f5e0357a
                • Opcode Fuzzy Hash: ffc01a5e1c1d01b95b9bb66c541e6e82d4ea7a254f982e1353d4b03bc7f278e2
                • Instruction Fuzzy Hash: 4EB21675A083569FCB60DF68C580BAEBBF2BF89300F54892DE8859B251D734DC45CB62
                Function 00DCBD3D Relevance: 2.4, APIs: 1, Instructions: 1112COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DCC0BD
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID:
                • API String ID: 4088430540-0
                • Opcode ID: 0dab1cc208e89c578fb40856391c5b877f3381e308077b204eb3943ff4008303
                • Instruction ID: 52b49117120a0955faa098eb55e54d2599431a5d7007af92b58a2bbaff2530e5
                • Opcode Fuzzy Hash: 0dab1cc208e89c578fb40856391c5b877f3381e308077b204eb3943ff4008303
                • Instruction Fuzzy Hash: 3EA24774A1421A8FCB14DFA8C480AADBBF1FF89310F14955DE989AB361D731EC85CB61
                Function 00DC728D Relevance: 2.3, APIs: 1, Instructions: 1072stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DC75DB
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID:
                • API String ID: 39653677-0
                • Opcode ID: dc6315cf37e3c8628e299e6543afdac93fc6e1ba541ddb210cb153ce919b97e3
                • Instruction ID: 6c4bf7a997027cf37054698cbc11c33a39041ef08de697acd34a3a7fa34c5c87
                • Opcode Fuzzy Hash: dc6315cf37e3c8628e299e6543afdac93fc6e1ba541ddb210cb153ce919b97e3
                • Instruction Fuzzy Hash: D9A23974A0865A8FCB14DFA8C480A9DBBF2BF89310F18866DE855AB351D730ED45CF61
                Function 00D9FC20 Relevance: 2.3, APIs: 1, Instructions: 1055COMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D9FDA5
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen
                • String ID:
                • API String ID: 4088430540-0
                • Opcode ID: 65b59c7d75d3c73efb97bf6af536732be8060e081872b1db9658e43719d04bbf
                • Instruction ID: 1cee6fcb7a6b32b0f64b42be79307e16527afd443eb629d6eec72a5e759aefb4
                • Opcode Fuzzy Hash: 65b59c7d75d3c73efb97bf6af536732be8060e081872b1db9658e43719d04bbf
                • Instruction Fuzzy Hash: CCA20674A04219CFCB14DFA8C484AADBBF1FF89304F188569E895AB365D734EC45CB61
                Function 00D99E80 Relevance: 2.3, APIs: 1, Instructions: 1017stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D99FDB
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID:
                • API String ID: 39653677-0
                • Opcode ID: acddaf7a8a25794e942242102fd2832d5aae569b4bcd25bfd0127756f75bf390
                • Instruction ID: 47ae1900fcf0d72525d52f6fcfe8b3d2c5ba4e242173f02113cdd4f938ae7550
                • Opcode Fuzzy Hash: acddaf7a8a25794e942242102fd2832d5aae569b4bcd25bfd0127756f75bf390
                • Instruction Fuzzy Hash: 4BA23B75A04614CFCF14CF6CC484A9DBBF1BF49320F298659E865AB391D731AC45CBA2
                Function 00DB1390 Relevance: 2.2, APIs: 1, Instructions: 968COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4b31f90cad8e27173407f0d6bc2b0bd576726d9e550f87601a6b5ecd8d12f094
                • Instruction ID: 32cd10ffe4bd753aac31aabe2e93f0bdd9ccb848364f081f39faedba16a7d028
                • Opcode Fuzzy Hash: 4b31f90cad8e27173407f0d6bc2b0bd576726d9e550f87601a6b5ecd8d12f094
                • Instruction Fuzzy Hash: F8924874A04369CFCB24CFA8C4A47EDBBF1BF05324F688619D4A6AB291D7749845CF60
                Function 00DAD7F0 Relevance: 2.2, APIs: 1, Instructions: 957COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 868cfaccc9a4d7d0be49ed192373bfd6004f0ad508866d1f9329d66e64d110fd
                • Instruction ID: d9f01e6d5baaa7091c6fedce70126359f623a23b980f5ccefc7ed64a412971ea
                • Opcode Fuzzy Hash: 868cfaccc9a4d7d0be49ed192373bfd6004f0ad508866d1f9329d66e64d110fd
                • Instruction Fuzzy Hash: 62924970A043588FDF20CFA8C48479DBBF2AF56324F288659D4AAAF295C374DD45CB61
                Function 00DAF570 Relevance: 2.2, APIs: 1, Instructions: 949COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3f38093c74ce87d10c4a54d32bb082d1468b085a9bc1f73cbb9dc0b5a507ab55
                • Instruction ID: d16b396d91c1ea68b5aef54744c96e6cf0b4b94823e290c4f839e51bc796d43c
                • Opcode Fuzzy Hash: 3f38093c74ce87d10c4a54d32bb082d1468b085a9bc1f73cbb9dc0b5a507ab55
                • Instruction Fuzzy Hash: EA924E71905358CFCB20CFA8C48479DBBF1AF46324F2986A9D8A9AB2D5C374DC45CB61
                Function 00DAC930 Relevance: 2.2, APIs: 1, Instructions: 948COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a62f3d13e334114292b3e5439bc548c5dd50c2b8928c5373f8176be6e01e446
                • Instruction ID: 129012683c353a1a250fa0b09e40f13a1afb061a43d92d01927a604ce363c38f
                • Opcode Fuzzy Hash: 6a62f3d13e334114292b3e5439bc548c5dd50c2b8928c5373f8176be6e01e446
                • Instruction Fuzzy Hash: 63923C71A053588FCF20CFA8C4847ADBBF2AF46324F188659D4AAAB2D5C774DC45CB61
                Function 00DB54A0 Relevance: 2.0, APIs: 1, Instructions: 703COMMON
                Download Yara Rule
                APIs
                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?), ref: 00DB595A
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memchr
                • String ID:
                • API String ID: 3297308162-0
                • Opcode ID: 13e66793185bc27625fe316773b8ec2f744626961ddf3b7ea4c628ff3ab736ac
                • Instruction ID: fcabeaa52ece78461f74232311f643f39208d203a018c18d649275cf7947065b
                • Opcode Fuzzy Hash: 13e66793185bc27625fe316773b8ec2f744626961ddf3b7ea4c628ff3ab736ac
                • Instruction Fuzzy Hash: 30626A70E04698CFCF11CFA8D4847DDBBF2AF45310F688259E8A6AB395D7349846CB61
                Function 00DB4A30 Relevance: 2.0, APIs: 1, Instructions: 700COMMON
                Download Yara Rule
                APIs
                • memchr.API-MS-WIN-CRT-PRIVATE-L1-1-0(?), ref: 00DB4ED9
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memchr
                • String ID:
                • API String ID: 3297308162-0
                • Opcode ID: 026d78e8d215291e5b35c9249f3a3e178950867afe950a48bd23765ce647f227
                • Instruction ID: 1b815852f4d6ea3c00f37b9c3a6fb09a48b0b5bffa853d7c925174ba740fc4f2
                • Opcode Fuzzy Hash: 026d78e8d215291e5b35c9249f3a3e178950867afe950a48bd23765ce647f227
                • Instruction Fuzzy Hash: 12625B70E05298CFDF15CFA8D4807EDBBF1AF49310F288259E466AB396D3349845CBA1
                Function 00DB4050 Relevance: 1.9, APIs: 1, Instructions: 647COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42b05400fd1109625c7f3a8d627757474921032962cb05f0460854068d0715be
                • Instruction ID: 7afee7a6853fa740df0920fdd26282aad0e794d61c3ccbaa33cdf9765804fe22
                • Opcode Fuzzy Hash: 42b05400fd1109625c7f3a8d627757474921032962cb05f0460854068d0715be
                • Instruction Fuzzy Hash: 17528D70D05298DFDF10CFA8D4846EEBFF1AF56320F188659E8A26B382C3349945CB61
                Function 00DB22C0 Relevance: 1.9, APIs: 1, Instructions: 646COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 253ef335704d2598ae46266fe09a4b2f58736de6af24a4ac36bd0f332f2fbe42
                • Instruction ID: 59615677f9c8c4579f4443f9b7d2a34c4eb319f9372672d56752e7d9ca9fa127
                • Opcode Fuzzy Hash: 253ef335704d2598ae46266fe09a4b2f58736de6af24a4ac36bd0f332f2fbe42
                • Instruction Fuzzy Hash: 10527E76D04298DFCF11CFA8C4847EDBBB1AF19320F188659E8966B381C734D945CBA1
                Function 00DB3670 Relevance: 1.9, APIs: 1, Instructions: 646COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 253ef335704d2598ae46266fe09a4b2f58736de6af24a4ac36bd0f332f2fbe42
                • Instruction ID: 9debae7bc57cce2d26bd1534d54ff62989276ab0b4274d4899dec1bbdd5bf4ef
                • Opcode Fuzzy Hash: 253ef335704d2598ae46266fe09a4b2f58736de6af24a4ac36bd0f332f2fbe42
                • Instruction Fuzzy Hash: 38525D74904299DFCF14CFA8C4847EDBFB1AF09320F188659E8966B381C734DA45DBA1
                Function 00DB2CA0 Relevance: 1.9, APIs: 1, Instructions: 642COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3d87d1e9d367f84e0a8b3b13ec10afc5be363b0964a566bf3ec070dd1ea3b9a6
                • Instruction ID: cc915dfed33c63456fa1cfa11f18b61c6f0c578d403f08c4e8e57636132be395
                • Opcode Fuzzy Hash: 3d87d1e9d367f84e0a8b3b13ec10afc5be363b0964a566bf3ec070dd1ea3b9a6
                • Instruction Fuzzy Hash: A4525E71A04298DFDF10CFA8C4847EDBFB1AF19310F18865AE896AB381C735D945DBA1
                Function 00D8C720 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                Download Yara Rule
                Strings
                • basic_string::at: __n (which is %zu) >= this->size() (which is %zu), xrefs: 00D8C740
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: basic_string::at: __n (which is %zu) >= this->size() (which is %zu)
                • API String ID: 0-3720052664
                • Opcode ID: 88caf2ed8182c7380b7d7117905f81fb37a92baed5715aa619147fb5f88d6461
                • Instruction ID: 219455ce3e0302fcf488df351471c3a872a9f7399e03db2e2af8d531de93ff71
                • Opcode Fuzzy Hash: 88caf2ed8182c7380b7d7117905f81fb37a92baed5715aa619147fb5f88d6461
                • Instruction Fuzzy Hash: FBE0B6B5E456008BCB04EF18C585829F7F1BB95714F64E9ADE488A7320D335D450CA5A
                Function 00DC0EC0 Relevance: .9, Instructions: 915COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memset
                • String ID:
                • API String ID: 2221118986-0
                • Opcode ID: 179dc46892423742b5f191c7f2c9a2edf5e3ab6a96dbb27a676c7869b0903388
                • Instruction ID: c9210c42a49dd323650c56c2db967787a1bdab0bddc0761873cb0b2a11ef9351
                • Opcode Fuzzy Hash: 179dc46892423742b5f191c7f2c9a2edf5e3ab6a96dbb27a676c7869b0903388
                • Instruction Fuzzy Hash: 72826E78A052668FCF10DF68C184BADBBB1BF46310F28825DE8959B392D734DD46CB61
                Function 00DB8840 Relevance: .9, Instructions: 905COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1830f217340e704a01beccf9dc3c3bad5896b1ab6c0d1e0fb95ad861d5c76a2b
                • Instruction ID: 404556ef0216886d685518731481c0b9ce7d8c410ae49e3daa4a68b5dcc9317a
                • Opcode Fuzzy Hash: 1830f217340e704a01beccf9dc3c3bad5896b1ab6c0d1e0fb95ad861d5c76a2b
                • Instruction Fuzzy Hash: 14825970E04298CFCF24CFA8C4946EDBBF2AF45300F688559E896AB295D734DC46DB61
                Function 00DBA330 Relevance: .9, Instructions: 901COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bbe2bf6c9e78f67ce9d14d537af64e6ee0f269f8646a0f3e263a8f12e333071b
                • Instruction ID: 1d6402bee740b659000b28359fae15e7b636a08de285c964c3940c7cfa2a625e
                • Opcode Fuzzy Hash: bbe2bf6c9e78f67ce9d14d537af64e6ee0f269f8646a0f3e263a8f12e333071b
                • Instruction Fuzzy Hash: 75824A74E04298CFCB20CFACC4846EDBBF1AF45300F698559E896AB295D774DC46CB62
                Function 00DB7AD0 Relevance: .9, Instructions: 894COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02c33b594f581eedb7f6349a46d9ded6b5bfcde8c359620d439e1c7e4cc99e33
                • Instruction ID: 0bff9cbd7f605dc242afed2c5c84c2b1eabf5a3e1ffa0587e0803cb1a77f099c
                • Opcode Fuzzy Hash: 02c33b594f581eedb7f6349a46d9ded6b5bfcde8c359620d439e1c7e4cc99e33
                • Instruction Fuzzy Hash: 97824A71A08298CFCB20CFA8C4846EDBBF1AF45304F288559D896AF395DB74DC46DB61
                Function 00DC0340 Relevance: .8, Instructions: 775COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 94ab529cb51e605ecdfc13a0759b295ae5e88d689e41b9ad1c01ef59ed7b779a
                • Instruction ID: 3c48f578925e4ba78a6e1d3cc0ade9442aa2b3aa370a8e75e9e836991f054f07
                • Opcode Fuzzy Hash: 94ab529cb51e605ecdfc13a0759b295ae5e88d689e41b9ad1c01ef59ed7b779a
                • Instruction Fuzzy Hash: F8725870D0429ACBCF14DFA8C480BADBBF1BF49314F18825EE895AB391D3749946CB61
                Function 00DBF800 Relevance: .8, Instructions: 775COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cbe85c22d13378a8fa3966e2ba344a35c18d2e3fe8ca9409b3d8f796ab7a0eb8
                • Instruction ID: d20f23e7d301bbf6d35efcd8a13861a83e0e6c7b0fc769be67404f35ba5d3150
                • Opcode Fuzzy Hash: cbe85c22d13378a8fa3966e2ba344a35c18d2e3fe8ca9409b3d8f796ab7a0eb8
                • Instruction Fuzzy Hash: C9725774D04299CBCF14DFA8C8847EDFBF1AF09310F18826AE896AB391D3749945CB61
                Function 00DBECE0 Relevance: .8, Instructions: 750COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 107d4629646bcba44732ce25e508f89e27e84418c8a23251091af1e9af7fe4fa
                • Instruction ID: 1467d67b14a9d97ddc12a1926a955ef0342230a25363841ab6a871cb4b2ed3cb
                • Opcode Fuzzy Hash: 107d4629646bcba44732ce25e508f89e27e84418c8a23251091af1e9af7fe4fa
                • Instruction Fuzzy Hash: A9628B74E04258DBCF20DFA8D8807EDBBF1AF15310F188669E896AB391D374D946CB61
                Function 006A1AC5 Relevance: .7, Instructions: 730COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3376760865.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Offset: 00690000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_690000_DpEHzbOOoB.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e9605cc20d5a432bb4b98ed333ad3e91973b5d32c767189beb935d7d5ee4da1
                • Instruction ID: 7af643df2bbba80e0458f7cf0910854cf99e0b5c1e0b6e12eb1d9ba8b41a9310
                • Opcode Fuzzy Hash: 9e9605cc20d5a432bb4b98ed333ad3e91973b5d32c767189beb935d7d5ee4da1
                • Instruction Fuzzy Hash: 1F427A71608302AFDB24EF18C844BAAB7EAEF8A714F14492DF9859B241D774ED41CF91
                Function 00DBD800 Relevance: .7, Instructions: 713COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f356d34a71cb60b63ae29080683b6a5240ce4678c6a7e794e7d1214c3d8a711f
                • Instruction ID: 5989eafc4297b4ed3fcbe4517952a692a9c5c81d7f80f4c476cad32222e014c9
                • Opcode Fuzzy Hash: f356d34a71cb60b63ae29080683b6a5240ce4678c6a7e794e7d1214c3d8a711f
                • Instruction Fuzzy Hash: 22627A74D04298CFCF10DFA8C4806EEBBF2AF15310F18855AE896AB295E374DD46CB61
                Function 00DBE280 Relevance: .7, Instructions: 701COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a3b641d8ba35ab618413efaa06daf78dce81bc53db4e9712a6e0af3aa051ff5
                • Instruction ID: 6fb4d846b9097ffee0d3272fe2bbba810633512130f38d398d35339d98456c79
                • Opcode Fuzzy Hash: 6a3b641d8ba35ab618413efaa06daf78dce81bc53db4e9712a6e0af3aa051ff5
                • Instruction Fuzzy Hash: F4627A74D042A8CFDF20DFA8C4846EDBBF1AF15314F188659E896AB381D374D946CBA1
                Function 00DBCE30 Relevance: .7, Instructions: 672COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9a7cdb7d6216d77f92f74cca9c4299f47db322e8781cb6ae382fef89741b1505
                • Instruction ID: 9fa67f264c99fa0e5d2227899c24bc4db11b0ca2d011ca59592ba33a60328d72
                • Opcode Fuzzy Hash: 9a7cdb7d6216d77f92f74cca9c4299f47db322e8781cb6ae382fef89741b1505
                • Instruction Fuzzy Hash: 50526D70904298CFCF20DFA8C4806EDBBF2AF15314F188659E896AB291E734DD46CB61
                Function 00D7FD9F Relevance: .2, Instructions: 205COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abortfree
                • String ID:
                • API String ID: 1693707922-0
                • Opcode ID: df30e50752ead2ee1ad27454622f5f48792d127b7341116c1eee6249bb541018
                • Instruction ID: 4deba6ea715a49ffe88981a8c7ff926d46826c2b0a46b594b2732dfe111928e0
                • Opcode Fuzzy Hash: df30e50752ead2ee1ad27454622f5f48792d127b7341116c1eee6249bb541018
                • Instruction Fuzzy Hash: DB91A274A086049FDB10EF69D884B5DBBF0FF44304F0584A9E8A4AB361E775EA49CF61
                Function 00DEB950 Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpy
                • String ID:
                • API String ID: 3510742995-0
                • Opcode ID: ee57f7ad00c51163c4a4d12ecc13cb4995162b5a2dcb30e40ea7b4697f8e1bf3
                • Instruction ID: 2f0bf728e1d813c9dc2f4a3efa1e9bc8ba3b9eed71d04a1c1764e7c2e7124311
                • Opcode Fuzzy Hash: ee57f7ad00c51163c4a4d12ecc13cb4995162b5a2dcb30e40ea7b4697f8e1bf3
                • Instruction Fuzzy Hash: 638127B49142149FCB04EF68D885A9EFBF1FF58310F118969E885AB356EB30E845CF91
                Function 00D6E440 Relevance: .1, Instructions: 134COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9d2595964f5e293aef949adb1d2bdcf8b7eec2306e9f167ab347e21702b06a27
                • Instruction ID: 6fe901a58ea6945f256f574f1296228bb6175562f9bcff87979318b5c9234118
                • Opcode Fuzzy Hash: 9d2595964f5e293aef949adb1d2bdcf8b7eec2306e9f167ab347e21702b06a27
                • Instruction Fuzzy Hash: 98317E3A7096114BC748896EC48022BF7D79BD8724F6ACA3DE58AC7798FA70DC418791
                Function 00D82B46 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a94057f624e05cc5ac7e92495a25f9ec1a5963fb88ad820087fa8a29804a1ea
                • Instruction ID: 88cc96b35b4e9f59ca464aa8d213e38f0939abc60705bbd7d18d33bc862070d3
                • Opcode Fuzzy Hash: 7a94057f624e05cc5ac7e92495a25f9ec1a5963fb88ad820087fa8a29804a1ea
                • Instruction Fuzzy Hash: DD31C274A042089FDB00EF69C885BAEBBF0FB48314F15C46AE859AB355E375E9448F61
                Function 00D977DB Relevance: .0, Instructions: 44COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpymemmove
                • String ID:
                • API String ID: 167125708-0
                • Opcode ID: 56fca915b360e6128e9081341cbe617bb25a08c99327a6f5a13156a174063f84
                • Instruction ID: 6e101abb49ffbb0251a8082f30a26856b20c0114d23bacc829b46b46f8910227
                • Opcode Fuzzy Hash: 56fca915b360e6128e9081341cbe617bb25a08c99327a6f5a13156a174063f84
                • Instruction Fuzzy Hash: AA018BB0A043048FDB04AF2DC59475AFBE5EF89250F14C5ADE9489B346E731C845CBA1
                Function 00D7F5CF Relevance: .0, Instructions: 30COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 947f990db31bbc6bc76ae124c71dbe6ed745e7a937457891da25851e12c16c7e
                • Instruction ID: b3d0ac93213e452f49cb8c0630690c9b77adeb34672e49afc3d7ea115c4c9ddb
                • Opcode Fuzzy Hash: 947f990db31bbc6bc76ae124c71dbe6ed745e7a937457891da25851e12c16c7e
                • Instruction Fuzzy Hash: 66F092B4A042099FDB10DFA9C855B9EBBF4EF44344F508429E868E7360E375DA4A8F91
                Function 00D897D3 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 05c8828a1ab901ecc8c77880102908db8f66838344fabb78df9a2d204a5fdc58
                • Instruction ID: b0a086fbebedb27d45579488a3a213629723deec466f3e69a919f63935fb2320
                • Opcode Fuzzy Hash: 05c8828a1ab901ecc8c77880102908db8f66838344fabb78df9a2d204a5fdc58
                • Instruction Fuzzy Hash: 11C012F6C0520107C7243E645C97199B7B55A12284F903088AC9A7B213EE35809187C5
                Function 00D890C0 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abortfputcfputsfreefwrite
                • String ID:
                • API String ID: 2053421089-0
                • Opcode ID: 1523ec889bc2717603923624a63c24d89c7aa923caaec7bfbcdae498a44a34db
                • Instruction ID: 17ca0e26fa47d7e03ea50ca66e610b668989713bed36aba62e670c758a9abbb1
                • Opcode Fuzzy Hash: 1523ec889bc2717603923624a63c24d89c7aa923caaec7bfbcdae498a44a34db
                • Instruction Fuzzy Hash: C9C012B4C082408AC200BF38860A228BAB0AB52200F8439ACE88027202E735C458869B
                Function 00D9792B Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: da425252fb3c11f753555d94494e6f6cdb0ab8c68fd256dcd5ce4199327a8e98
                • Instruction ID: 901e8d14849091c78050bfa842273d1c952b1583e3469156d861a2597c66c53a
                • Opcode Fuzzy Hash: da425252fb3c11f753555d94494e6f6cdb0ab8c68fd256dcd5ce4199327a8e98
                • Instruction Fuzzy Hash: 0FB09230D005204BCF80BF2885A503CE2F09A82350F0AB9ACE549B7283EA25C9478A9E
                Function 00D97A8B Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f5b86ced4857355c9b7cb2c5dc03fb9fdfc136b73c13bbe0f3e252b41227586
                • Instruction ID: acf57bee3b8f7abd7e06b0615b558a6b10288e78f1e89cd7b812f0b8f83c92ed
                • Opcode Fuzzy Hash: 5f5b86ced4857355c9b7cb2c5dc03fb9fdfc136b73c13bbe0f3e252b41227586
                • Instruction Fuzzy Hash: 2CB09230D005244BCF80BF2885A553CE2F09A82340F0A79ACE549F7283EA25CD868A9E
                Function 00D97BEB Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3bd2b75da7b7fb9921c44301d48412c083c9a06edc437b80eb1d82a69dbcd579
                • Instruction ID: 088e19bd518b353cf4d9de87b2485b2318d685f5138a4ece915e955e0f698ea6
                • Opcode Fuzzy Hash: 3bd2b75da7b7fb9921c44301d48412c083c9a06edc437b80eb1d82a69dbcd579
                • Instruction Fuzzy Hash: C2B09B70D0051057CF40BF28455503CE5F09A43340F09756CD549B7143E625C946469D
                Function 00D89801 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 100fileCOMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D8987B
                • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D89898
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D898AC
                • fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D898B5
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D898C1
                • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D898DE
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D898F4
                • fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D898FD
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D8990B
                • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D8992C
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D8993D
                • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D8995E
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D89963
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00DDFB2D), ref: 00E1EFF3
                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00DDFB2D), ref: 00E1EFFB
                  • Part of subcall function 00D6D050: strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D6D0D5
                  • Part of subcall function 00D6D050: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D6D0F0
                  • Part of subcall function 00D6D050: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D6D0FA
                Strings
                • terminate called without an active exception, xrefs: 00D89925
                • terminate called after throwing an instance of ', xrefs: 00D89891
                • -, xrefs: 00D89911
                • terminate called recursively, xrefs: 00D89957
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func$fwrite$abortfputsfree$memcpystrlen
                • String ID: -$terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
                • API String ID: 1650128851-3753627788
                • Opcode ID: c6aa8cfd6f026e68393ff549bff38d35027cecf8fce1e6b01d99b010a8df134c
                • Instruction ID: de526ced41e044c196e5bf38f80558898ad8f48659282ef5747c18a4eb615784
                • Opcode Fuzzy Hash: c6aa8cfd6f026e68393ff549bff38d35027cecf8fce1e6b01d99b010a8df134c
                • Instruction Fuzzy Hash: 6841E8B08093119EE700BF65C54935EBEE5EF89314F15D81EE8D897242E7BA84858F63
                Function 00D88F20 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 147COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-00000001,?,?,?,00D88DF7), ref: 00E1EE40
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00D88D3C,?,?,?,00000001,-BCD4D4E8,-00000038,00E1EE99), ref: 00E1EE48
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00D88D3C,?,?,?,00000001,-BCD4D4E8,-00000038,00E1EE99), ref: 00E1EE50
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00D88D3C,?,?,?,00000001,-BCD4D4E8,-00000038,00E1EE99), ref: 00E1EE58
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID: what(): $ f$,
                • API String ID: 4206212132-110371659
                • Opcode ID: bf3e0e0bf7193ed6bf9a206912ac8b19efbd23149481075591e052272d8f51b8
                • Instruction ID: 8b84cea4df460dadd99927e0b0fbd7803e8e56194055200ccb88bc44fe8a0a82
                • Opcode Fuzzy Hash: bf3e0e0bf7193ed6bf9a206912ac8b19efbd23149481075591e052272d8f51b8
                • Instruction Fuzzy Hash: E8411A705083148FC700BF74C4462AEBAF1EF86304F45A82DF889AB356EB759486CB66
                Function 00E1DF50 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 157COMMON
                Download Yara Rule
                APIs
                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00E1FBD4,?,?,?,00DFC9C7), ref: 00E1DF5E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: malloc
                • String ID: :$@$GLIBCXX_TUNABLES$obj_count$obj_size
                • API String ID: 2803490479-652221970
                • Opcode ID: 91f17adb36facca0da24cf95e741a8ca02323002e47668ede3f66e87e9ae7272
                • Instruction ID: 471b6a0ae6638d4a0c593b52f29e56e8b0a7c404f2ead00f7d282f1065cd05a3
                • Opcode Fuzzy Hash: 91f17adb36facca0da24cf95e741a8ca02323002e47668ede3f66e87e9ae7272
                • Instruction Fuzzy Hash: 1E51A1B06083128FD720DF25E98535ABBE1BF85308F54996DE889AB382E774C945CF52
                Function 00D6C0DB Relevance: 15.4, APIs: 4, Strings: 6, Instructions: 368stringCOMMON
                Download Yara Rule
                APIs
                • strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D6C10D
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D6C248
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlenstrncmp
                • String ID: Z$Z$_$_$_$_GLOBAL_
                • API String ID: 1310274236-662103887
                • Opcode ID: e6515562227f4b4b615d6e3b16ed1469c1ed30fa9ab01a0382f96e50051adfe7
                • Instruction ID: 4a3357fb7bc20aab8b126a0cb79d0be7e946db6b8eae546118d05eb323a6c1b5
                • Opcode Fuzzy Hash: e6515562227f4b4b615d6e3b16ed1469c1ed30fa9ab01a0382f96e50051adfe7
                • Instruction Fuzzy Hash: 41F195719143588FEB20DF28C8943EDBBF1EF45304F4891E6C489AB246D7799A85CFA1
                Function 00D92AB0 Relevance: 15.2, APIs: 6, Strings: 4, Instructions: 240stringCOMMON
                Download Yara Rule
                APIs
                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00D94163), ref: 00D92B01
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00D94163), ref: 00D92B1C
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00D94163), ref: 00D92B73
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00D94163), ref: 00D92BD0
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00D94163), ref: 00D92C30
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92C8E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen$strcmp
                • String ID: *$basic_string::append$locale::_S_normalize_category category not found$J
                • API String ID: 551667898-3765260623
                • Opcode ID: 5df2f31e486686b59ddb42483e9a83b6485668189125d630022bb6cc7f9c5678
                • Instruction ID: cc4dd6eb49087606aad627fed42e632e364871a0f3343c7cb65f9f269f4dfa1b
                • Opcode Fuzzy Hash: 5df2f31e486686b59ddb42483e9a83b6485668189125d630022bb6cc7f9c5678
                • Instruction Fuzzy Hash: 9EA10870604601DFDB00EF68C09176EBBE2BF85304F15C56DE499AB35ADB35E885CBA2
                Function 00D6D458 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 172fileCOMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,00D6D6F8), ref: 00D6D46C
                • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D6D48C
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D6D49B
                  • Part of subcall function 00D7CD34: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00D6D4B3), ref: 00D7CD66
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D6D4B3
                Strings
                • VirtualQuery failed for %d bytes at address %p, xrefs: 00D6D616
                • Mingw-w64 runtime failure:, xrefs: 00D6D485
                • VirtualProtect failed with code 0x%x, xrefs: 00D6D6EC
                • Address %p has no image-section, xrefs: 00D6D54D
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func$__stdio_common_vfprintfabortfwrite
                • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                • API String ID: 1305897650-1534286854
                • Opcode ID: dca611d7a664ba8b9709ee65f4cd90482c44b7101f075510b5c4bd216f7b1a72
                • Instruction ID: 126b1c81589229a0b025ba84e881d5ab0f600e5cac1c2c94f2556d2529ef3e83
                • Opcode Fuzzy Hash: dca611d7a664ba8b9709ee65f4cd90482c44b7101f075510b5c4bd216f7b1a72
                • Instruction Fuzzy Hash: BB6138B4E052099FC704DF59D882A5EB7F2FB88340F58C569E868E7351D335EA42CBA1
                Function 00E1DEB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62COMMON
                Download Yara Rule
                APIs
                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00DE0172), ref: 00E1DEC7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: malloc
                • String ID: what(): $ f
                • API String ID: 2803490479-331495661
                • Opcode ID: e4b873df53db1cf19e91e8a1113fe42134b750bbac4d6431a8124e53dec31c3e
                • Instruction ID: 07da7bc58bf3ff9a3ec07c22f6ce42ac199d8d208948c190fbd03b42f7a776e0
                • Opcode Fuzzy Hash: e4b873df53db1cf19e91e8a1113fe42134b750bbac4d6431a8124e53dec31c3e
                • Instruction Fuzzy Hash: DE11ADB06087118FD700BF74C94636DBAE5BF89304F41A85DE9CDAB346EB7984819B63
                Function 00E1EF2C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 55COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort$fputcfputsfreefwrite
                • String ID: what(): $ f$,
                • API String ID: 3364258748-110371659
                • Opcode ID: f7c7c6f042a1aeff616591b9eeaadedafb19a45f4d880a267cf7fbc2a96c75f2
                • Instruction ID: 1aa2f4f4d5f62eb52cd9b6b6e98cffae1e2edd6de92415e85c6de4d0631eacc4
                • Opcode Fuzzy Hash: f7c7c6f042a1aeff616591b9eeaadedafb19a45f4d880a267cf7fbc2a96c75f2
                • Instruction Fuzzy Hash: B31172B09087108ED700BFB4C54626DBAF1FF89304F01A81DE8C9A7352DBB98485DB67
                Function 00DFC560 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151COMMON
                Download Yara Rule
                APIs
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00DFC5EB
                Strings
                • random_device::random_device(const std::string&): device not available, xrefs: 00E201A0
                • random_device: rand_s failed, xrefs: 00E20128
                • random_device: rdseed failed, xrefs: 00E20134
                • random_device::random_device(const std::string&): unsupported token, xrefs: 00E201AF
                • random_device: rdrand failed, xrefs: 00E2011C
                • basic_string: construction from null is not valid, xrefs: 00E201D0
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: setlocale
                • String ID: basic_string: construction from null is not valid$random_device: rand_s failed$random_device: rdrand failed$random_device: rdseed failed$random_device::random_device(const std::string&): device not available$random_device::random_device(const std::string&): unsupported token
                • API String ID: 1598674530-2583435102
                • Opcode ID: b22819c49d474de0f754e2c70748cdda22a37d3fb38b9cc78e46299e470270de
                • Instruction ID: c840f991ef46fe559d0e1c6733d413837c728f3c90f1a52e6ce7a600a843bcab
                • Opcode Fuzzy Hash: b22819c49d474de0f754e2c70748cdda22a37d3fb38b9cc78e46299e470270de
                • Instruction Fuzzy Hash: 895170B06093189FC710BF74D54656EBBE4EF84744F05A82CE9C9AB302DB749885CBB2
                Function 00E1E430 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77fileCOMMON
                Download Yara Rule
                APIs
                • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00DDFB2D), ref: 00E1EFBB
                • fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00DDFB2D), ref: 00E1EFD0
                • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00DDFB2D), ref: 00E1EFE9
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00DDFB2D), ref: 00E1EFF3
                • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,FFFFFFFF,00DDFB2D), ref: 00E1EFFB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abortfputcfputsfreefwrite
                • String ID: what(): $ f
                • API String ID: 2053421089-331495661
                • Opcode ID: 78032bdc797d20e65b1ab7bb081e224b965a746ac17340c7fd4724e8561659f7
                • Instruction ID: 9a32ee324b29ed438994fe21576ecafbbc901119cae4a1c04853fe692ad76e68
                • Opcode Fuzzy Hash: 78032bdc797d20e65b1ab7bb081e224b965a746ac17340c7fd4724e8561659f7
                • Instruction Fuzzy Hash: 8E210AB05093118FD704BF74C5466AEBAE1BF89304F02A86DF8CA6B342DB749481CB62
                Function 00E1DF00 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 68COMMON
                Download Yara Rule
                APIs
                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00E1DF10
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: malloc
                • String ID: @$GLIBCXX_TUNABLES$obj_count$obj_size
                • API String ID: 2803490479-3111467365
                • Opcode ID: 414bc172c27c6f62e60f2054661bf4381f7ecdb8acebd6cc2278ce4fb6ded449
                • Instruction ID: e291b3e3682bc2964b73c95c94e4e3500e3fc8e91e32e88e7e255d202778da0e
                • Opcode Fuzzy Hash: 414bc172c27c6f62e60f2054661bf4381f7ecdb8acebd6cc2278ce4fb6ded449
                • Instruction Fuzzy Hash: A22168B05187018FE310AF21D94576ABBE4FFD5308F05A65DE8D86B292E7748185CB62
                Function 00D96260 Relevance: 12.2, APIs: 5, Strings: 3, Instructions: 212stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D96286
                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D962AA
                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D9631D
                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D9638F
                  • Part of subcall function 00E1FC60: strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E1FC6E
                • memcmp.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D96427
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcmp$strlen
                • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$B$basic_string::compare
                • API String ID: 3738950036-513501225
                • Opcode ID: 9fac16f389ea292b52a04f57e57dae4a4d125dd787c114370d0466ba7a766df4
                • Instruction ID: c4fd8fbb3369bcb5f302b2a76adf1608a94f9e9eb044a39b383233a127f5cdec
                • Opcode Fuzzy Hash: 9fac16f389ea292b52a04f57e57dae4a4d125dd787c114370d0466ba7a766df4
                • Instruction Fuzzy Hash: E46125716093059FCB04AF68C9C181ABBE5AFC8754F58993DE8CC97316D271E8848BA6
                Function 00D92DD0 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 186stringCOMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 00DDF810: memset.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00DE7A9E,?,?,?,?,?,?,?), ref: 00DDF855
                • strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92E31
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92E4C
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92E93
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92EF1
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92F58
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen$memsetstrcmp
                • String ID: *$J
                • API String ID: 3639840916-4199782726
                • Opcode ID: ec871d791aae45909c73ea9ff5d80704db5491e8c22ebdf378315f5f0061df16
                • Instruction ID: 7fac5e8db631fa1aaf46ede5da30b52561b11c39f4ba0dd2cda03314c330118e
                • Opcode Fuzzy Hash: ec871d791aae45909c73ea9ff5d80704db5491e8c22ebdf378315f5f0061df16
                • Instruction Fuzzy Hash: 307139B5A046019FDB00EF69C48866EFBF5FF88304F05C66DE9949B315D731A849CBA2
                Function 00D6C159 Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 180stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D6C197
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D6C20C
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D6C248
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID: Z$Z$_$_
                • API String ID: 39653677-3067807210
                • Opcode ID: 1d12fd5b4d405e2feb4a6687e941f0720b94f87b0336cc6eee3350ba6f183d97
                • Instruction ID: bdfc94902da5730d54da2996ac48b6bc4231a650d044a1c471a54160037e1553
                • Opcode Fuzzy Hash: 1d12fd5b4d405e2feb4a6687e941f0720b94f87b0336cc6eee3350ba6f183d97
                • Instruction Fuzzy Hash: 9D81B7718142588FDB20CF14C8943FDBBF2AF46304F4891D6C4C95B256D775AA86CFA1
                Function 00D6DBCC Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                Download Yara Rule
                APIs
                • signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D6DC61
                • signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D6DC7E
                • signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D6DCC0
                • signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D6DCDD
                • signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D6DD23
                • signal.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D6DD40
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: signal
                • String ID:
                • API String ID: 1946981877-0
                • Opcode ID: 0e619bcd792323d211e1551a3bf45aa3e52bcab856fc2a988b1bcac1e2eb98da
                • Instruction ID: fc5e30e9c48923962461943c1e126fd2e55a779f94a322cdfa2abd7903829c24
                • Opcode Fuzzy Hash: 0e619bcd792323d211e1551a3bf45aa3e52bcab856fc2a988b1bcac1e2eb98da
                • Instruction Fuzzy Hash: 49414BB0E05705CFDB20EFA8D5043ADB7F1AF45328F158659D0A4A72A1C3B98A85CF72
                Function 00D8E2B0 Relevance: 9.0, APIs: 6, Instructions: 50stringCOMMON
                Download Yara Rule
                APIs
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00D8E2C8
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D8E2D2
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D8E2EF
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00D8E302
                • wcsftime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00D8E326
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00D8E338
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: setlocale$memcpystrlenwcsftime
                • String ID:
                • API String ID: 3412479102-0
                • Opcode ID: d42256d81bf55e3f967aeb86b97360d4ac7b56e39df0d1184e26d93e8dde8f3b
                • Instruction ID: 29204f7f09ae3d2b7b8fcb28028749ff5eb06623487b62ccbb3c74fc70b6ba1f
                • Opcode Fuzzy Hash: d42256d81bf55e3f967aeb86b97360d4ac7b56e39df0d1184e26d93e8dde8f3b
                • Instruction Fuzzy Hash: 681180B0909310AFC740EF69C48561EBBF5EF88710F41982DF8C88B311E77998408BA6
                Function 00D8E000 Relevance: 9.0, APIs: 6, Instructions: 49stringCOMMON
                Download Yara Rule
                APIs
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00D8E018
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D8E022
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D8E03F
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00D8E052
                • strftime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00D8E076
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00D8E088
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: setlocale$memcpystrftimestrlen
                • String ID:
                • API String ID: 1843691881-0
                • Opcode ID: 4b3c023084fcae4185465a26ea72771837c3f0ef4655f109945dcc3f2304897c
                • Instruction ID: f47c8d7df483d216144101c79eb23cbf8e964a659c123c8d183e5cc9466994af
                • Opcode Fuzzy Hash: 4b3c023084fcae4185465a26ea72771837c3f0ef4655f109945dcc3f2304897c
                • Instruction Fuzzy Hash: A11192B4909314AFC340AF69C48571EBBE5EF95710F41982DF8C88B302E7B99840CBA6
                Function 00D7CE6B Relevance: 9.0, APIs: 6, Instructions: 32COMMON
                Download Yara Rule
                APIs
                • _initialize_wide_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7CE71
                • _configure_wide_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7CE8B
                • __p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7CE90
                • __p___wargv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7CE9C
                • __p__wenviron.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00D7CEA8
                • _set_new_mode.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D7CEC2
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __p___argc__p___wargv__p__wenviron_configure_wide_argv_initialize_wide_environment_set_new_mode
                • String ID:
                • API String ID: 2388432996-0
                • Opcode ID: c15d3af6908a26b6c38de5889335e076a43bc0cf8aee88e3b9b3a9e4130e36da
                • Instruction ID: d9c2792e4d8f422ffc689dea9ac2bb298958ffdfd2495d2a91532871f8e14ea9
                • Opcode Fuzzy Hash: c15d3af6908a26b6c38de5889335e076a43bc0cf8aee88e3b9b3a9e4130e36da
                • Instruction Fuzzy Hash: 2FF092786047048FCB14EF28C48675937B2EF4A304F4194A4F9598B361E674E881DBB6
                Function 00D7CE08 Relevance: 9.0, APIs: 6, Instructions: 32COMMON
                Download Yara Rule
                APIs
                • _initialize_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7CE0E
                • _configure_narrow_argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7CE28
                • __p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7CE2D
                • __p___argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7CE39
                • __p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00D7CE45
                • _set_new_mode.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D7CE5F
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __p___argc__p___argv__p__environ_configure_narrow_argv_initialize_narrow_environment_set_new_mode
                • String ID:
                • API String ID: 3593706420-0
                • Opcode ID: 604d1501ea40cbf6b675f44eedfd05fb1a34137d8e3c5d65eca50e6a5e5c35e8
                • Instruction ID: a044069059c8de375b24cea5458ba71354542cfc20bd98ed3e89aea9ac0a934c
                • Opcode Fuzzy Hash: 604d1501ea40cbf6b675f44eedfd05fb1a34137d8e3c5d65eca50e6a5e5c35e8
                • Instruction Fuzzy Hash: 17F09278210705CFCB00EF28C48679937B2EF49304F11A464F9498B3A1E634E881DBB6
                Function 00D879AE Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                Download Yara Rule
                APIs
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D87B1A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memset
                • String ID: &
                • API String ID: 2221118986-1010288
                • Opcode ID: 3aa77bfc06be1d6af081c6afabda9ad1a02a93b4e8642b0013c1bf1220210976
                • Instruction ID: 758ff031748db75421a6eaafa2df685550850dd2a0b7d637a1a5609cf8c0692b
                • Opcode Fuzzy Hash: 3aa77bfc06be1d6af081c6afabda9ad1a02a93b4e8642b0013c1bf1220210976
                • Instruction Fuzzy Hash: 3971CF7490820ADFDF14EF59C4847AEB7B1FF04354F248519E868AB250D378EA95CFA1
                Function 00D877B3 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 152COMMON
                Download Yara Rule
                APIs
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D87911
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memset
                • String ID: &
                • API String ID: 2221118986-1010288
                • Opcode ID: 19790077a93d18aadedbb103ff7a4815a4efdb1ebdd894fc13699cdb425ee73c
                • Instruction ID: 85f059674fb33785137adfb9478d6ab5657f4186ecd13eea3b0731c2110fee27
                • Opcode Fuzzy Hash: 19790077a93d18aadedbb103ff7a4815a4efdb1ebdd894fc13699cdb425ee73c
                • Instruction Fuzzy Hash: 4C71B47090824ADFDF11EF59C4487AEBBF0AF04355F288559E868AB240D378DA54CFA2
                Function 00D8AE00 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 130windowCOMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: FormatFreeLocalMessage
                • String ID: Unknown error code$basic_string: construction from null is not valid
                • API String ID: 1427518018-3299438129
                • Opcode ID: 394b2283a35a39c67b6970bdae1f8377b07eac273e3a97e6e6794703cda22993
                • Instruction ID: 2851a9b965a8d44a70a59bdf4c469baa3c356d807aec37c857c0e02103d6b169
                • Opcode Fuzzy Hash: 394b2283a35a39c67b6970bdae1f8377b07eac273e3a97e6e6794703cda22993
                • Instruction Fuzzy Hash: 64417EB05043149FCB00BF68D4856AEBBF5FF84750F45985DE4C9AB301D7749589CBA2
                Function 00D833C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 36COMMON
                Download Yara Rule
                APIs
                • exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00D83B65), ref: 00D83429
                Strings
                • ../../../mingw-w64-libraries/winpthreads/src/rwlock.c, xrefs: 00D83402
                • (((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0), xrefs: 00D8340A
                • Assertion failed: (%s), file %s, line %d, xrefs: 00D83412
                • (, xrefs: 00D833FA
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: exit
                • String ID: ($(((rwlock_t *)*rwl)->valid == LIFE_RWLOCK) && (((rwlock_t *)*rwl)->busy > 0)$../../../mingw-w64-libraries/winpthreads/src/rwlock.c$Assertion failed: (%s), file %s, line %d
                • API String ID: 2483651598-1678677298
                • Opcode ID: ac794cd4267c771f944ab96167759ca0a0d710a7a14696ad1e8c4401dfbb3f2d
                • Instruction ID: a12f52e8d6a8437136c4bc4d90083bdc73fc8c5b3752cc145891f2747c9e955f
                • Opcode Fuzzy Hash: ac794cd4267c771f944ab96167759ca0a0d710a7a14696ad1e8c4401dfbb3f2d
                • Instruction Fuzzy Hash: 9B01A2B52052019FD710EF68D58690ABBE4FF89304F05D858E4CC9B362E7B4E984CB62
                Function 00DF4FC0 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 335stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,00DAE07F), ref: 00DF501B
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DF509F
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DF5106
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID: @2$e2
                • API String ID: 39653677-2580298683
                • Opcode ID: cb8c4ff7a926a25f1dcd1f1c839ef8497682b72736decf883aae64cfccbead4b
                • Instruction ID: cd35e0716c76db0449588f8124782f5e26311195d18f70e9cd073d7c3087206c
                • Opcode Fuzzy Hash: cb8c4ff7a926a25f1dcd1f1c839ef8497682b72736decf883aae64cfccbead4b
                • Instruction Fuzzy Hash: EAE17C70A04A098FCB00EF6CD4849ADBBF1FF48310F158669E995DB359E734E945CBA1
                Function 00DF5620 Relevance: 7.8, APIs: 3, Strings: 2, Instructions: 314stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF566C
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF56EA
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF5765
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen$strlen
                • String ID: @2$e2
                • API String ID: 1625065929-2580298683
                • Opcode ID: 2d4da8e28d4806b22a98add0323caafa405b64eb6453fabc3bbf12bbd2a222aa
                • Instruction ID: 3bc45aa3a43f421eed34fde7d48eed67efd19163760625115c2e4e97a4559b22
                • Opcode Fuzzy Hash: 2d4da8e28d4806b22a98add0323caafa405b64eb6453fabc3bbf12bbd2a222aa
                • Instruction Fuzzy Hash: 95D14874A04609CFCB00EF68D484AAEBBF0EF48310F158669E995EB355E734D945CFA1
                Function 00DD87F0 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 198COMMON
                Download Yara Rule
                APIs
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DD887E
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DD8911
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpy
                • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::replace
                • API String ID: 3510742995-3564965661
                • Opcode ID: e41777f694f4a6e5f08d4a017de1213b72222a9408994bd717ac0cf3e6eab170
                • Instruction ID: 0c386eff93b6aa0d3643df0b6fda1b3becdd3f0f6142800e8ee76458f1ad0e11
                • Opcode Fuzzy Hash: e41777f694f4a6e5f08d4a017de1213b72222a9408994bd717ac0cf3e6eab170
                • Instruction Fuzzy Hash: DE713675A092059FCB04EF2CD4905AEBBF1FF88700F55892EE89997310EB70D854DBA2
                Function 00DE1390 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 184COMMON
                Download Yara Rule
                APIs
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DE140E
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DE148E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpy
                • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::replace
                • API String ID: 3510742995-3564965661
                • Opcode ID: 3e43b131977acda1ec56586d63a9f5d9375c53c4434cc2804e3c7529e2e11586
                • Instruction ID: 03703bb7ffd366f67768eb17759ef6ffa8971e407ca3bc6c961b5ffe9c826f94
                • Opcode Fuzzy Hash: 3e43b131977acda1ec56586d63a9f5d9375c53c4434cc2804e3c7529e2e11586
                • Instruction Fuzzy Hash: B97126B5A083449FCB04EF2DC4815AEBBF5EF89350F15892EE89997351E730D840CBA2
                Function 00D98C70 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 155stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D98CA4
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D98D0F
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D98D6A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpystrlenwcslen
                • String ID: basic_string: construction from null is not valid
                • API String ID: 339887217-2991274800
                • Opcode ID: 161ca4081163c898e34f1b7eecad5272d0957940c84ba137609ab9dd7d75d39d
                • Instruction ID: 7b58d3e3b9c83569a13e9d795189a2374baee6b5f982852f81985d106298b765
                • Opcode Fuzzy Hash: 161ca4081163c898e34f1b7eecad5272d0957940c84ba137609ab9dd7d75d39d
                • Instruction Fuzzy Hash: 3E516CB1A052148FCB00FF28D48051ABBE1FF95710F15896EE9888B315E631DD85DBA2
                Function 00D92B51 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 121stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00D94163), ref: 00D92B73
                  • Part of subcall function 00E00D80: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(000000FF,?,00000000,00E1A59A), ref: 00E00DBC
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,00D94163), ref: 00D92BD0
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00D94163), ref: 00D92C30
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92C8E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen$memcpy
                • String ID: J
                • API String ID: 3396830738-3956618759
                • Opcode ID: f88734460c1396a73b0a353bc691ce2d64f7ac5f6659655c5cddf398900b5e4e
                • Instruction ID: 93c5cb3e417bee1421bb66393819b1302a299b3ea770e23ab22f4891430e8bfb
                • Opcode Fuzzy Hash: f88734460c1396a73b0a353bc691ce2d64f7ac5f6659655c5cddf398900b5e4e
                • Instruction Fuzzy Hash: 2551F970604601DFCB01EF28C1C062DBBE2AF85314F55C6A9D4595F39ADB35E849CBE2
                Function 00D92E71 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 117stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92E93
                  • Part of subcall function 00DE04E0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,-00000001,?,?,00D92EA6), ref: 00DE053F
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92EF1
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92F58
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D92FBD
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen$memcpy
                • String ID: J
                • API String ID: 3396830738-3956618759
                • Opcode ID: 43264bb9a67756503f21d37606a1be26d4a501263f1fd02672b4603416d1f35e
                • Instruction ID: 80b41b423e828810a84f1b8e3ec691570cc89dd5c00c1cd8ec7062491c2faba8
                • Opcode Fuzzy Hash: 43264bb9a67756503f21d37606a1be26d4a501263f1fd02672b4603416d1f35e
                • Instruction Fuzzy Hash: 5C5128B4A046418FDB00EF29C08862DFBF2FF48300F0586ADE5549F355C771A84ACBA2
                Function 00D77629 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                Download Yara Rule
                APIs
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D77651
                • localeconv.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00D77656
                • mbrtowc.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00D77676
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D776FD
                • wcrtomb.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00D7771D
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memset$localeconvmbrtowcwcrtomb
                • String ID:
                • API String ID: 2392567419-0
                • Opcode ID: aa594e081c6ecece04dd3111b94be4974811a4007c47f4445fab938b5b50daaf
                • Instruction ID: 8d494a13ad0ee76face8daddd417797bdc5a74553e6a01e02d36a53ab9792981
                • Opcode Fuzzy Hash: aa594e081c6ecece04dd3111b94be4974811a4007c47f4445fab938b5b50daaf
                • Instruction Fuzzy Hash: B741A2B49087099FCB04DF68C185AAEBBF1FF48344F10C969E8989B351E774DA44CBA1
                Function 00D83799 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 88COMMON
                Download Yara Rule
                APIs
                • calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00D83785), ref: 00D837C7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: calloc
                • String ID:
                • API String ID: 2635317215-3916222277
                • Opcode ID: 2f2140615158a5e0eb888250178b7f0b847e0d8eaea449e2480fa4df428144fa
                • Instruction ID: 8e7fd07f632ab3b818868571f96b3274d88380dcb5c9831ab0a17494e6a6fd2a
                • Opcode Fuzzy Hash: 2f2140615158a5e0eb888250178b7f0b847e0d8eaea449e2480fa4df428144fa
                • Instruction Fuzzy Hash: 4A417174E04208EFDB00EFA8C4857ADB7F0EF45704F4589A9E898AB352D774DA44CB61
                Function 00E18B60 Relevance: 7.6, APIs: 5, Instructions: 64stringCOMMON
                Download Yara Rule
                APIs
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00E18B75
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00E18BC3
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00E18BE0
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00E18BF4
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00E18C2A
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: setlocale$memcpystrlen
                • String ID:
                • API String ID: 4096897932-0
                • Opcode ID: 9e0c88b704f45f3e8a852c9902a69967c48f14e0389a49230efca99851c44fe1
                • Instruction ID: f3854563b9f849291b08dbc5b4a7eeaa43bfce81a0b75d4e94f30bbd8561aae6
                • Opcode Fuzzy Hash: 9e0c88b704f45f3e8a852c9902a69967c48f14e0389a49230efca99851c44fe1
                • Instruction Fuzzy Hash: CD21B0B4A093109FD340EF29D48161EBBE1EF89354F40896EF8CC97302E679C9409BA2
                Function 00D6D390 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D6D410
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func
                • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)$:
                • API String ID: 711238415-3864346924
                • Opcode ID: 1de649de0e1b5bb428be07f8953d2e06cf07ae63ed532c0c5179ad9aabae18cd
                • Instruction ID: e9af7a4e455391357841a000f70b6200b06401e64775c367bd83f1c3962b806e
                • Opcode Fuzzy Hash: 1de649de0e1b5bb428be07f8953d2e06cf07ae63ed532c0c5179ad9aabae18cd
                • Instruction Fuzzy Hash: 7211C570904608DFCB00EF55E08999EBFF0FF88350F528888E8C8AB255CB35D964CB66
                Function 00D6D3D7 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D6D410
                  • Part of subcall function 00D7CDC0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D7CDF8
                Strings
                • :, xrefs: 00D6D42E
                • The result is too small to be represented (UNDERFLOW), xrefs: 00D6D3D7
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00D6D435
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func__stdio_common_vfprintf
                • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)$:
                • API String ID: 2168557111-2473762508
                • Opcode ID: 5ef82987a22086144fb37127dc4fb8f54e3c274eb0bc34be8e9b7b793b386571
                • Instruction ID: ee6c586e1046a035f577bc519c7c6a13a8ffee26a42d5e592cc050fa3ee7bf2b
                • Opcode Fuzzy Hash: 5ef82987a22086144fb37127dc4fb8f54e3c274eb0bc34be8e9b7b793b386571
                • Instruction Fuzzy Hash: 51018074904A08EBCB00EF55E08999DBFF0FF88344F528888E8C867255CB35D964CB66
                Function 00D6D3C5 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D6D410
                  • Part of subcall function 00D7CDC0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D7CDF8
                Strings
                • :, xrefs: 00D6D42E
                • Partial loss of significance (PLOSS), xrefs: 00D6D3C5
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00D6D435
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func__stdio_common_vfprintf
                • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)$:
                • API String ID: 2168557111-3247828426
                • Opcode ID: ba27ba53e2092d7404d996a85e63c924a3a89d7ab1571ef2ac4c547351c528e5
                • Instruction ID: 258e10ac3a2b84af60c5d16a52cfe6f8a2039da03fa7e2b9d9093092ee20e88b
                • Opcode Fuzzy Hash: ba27ba53e2092d7404d996a85e63c924a3a89d7ab1571ef2ac4c547351c528e5
                • Instruction Fuzzy Hash: 9B019274904A08DBCB00EF55E08999DBFF0FF88344F528888E8C867255CB35D974CB66
                Function 00D6D3CE Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D6D410
                  • Part of subcall function 00D7CDC0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D7CDF8
                Strings
                • :, xrefs: 00D6D42E
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00D6D435
                • Total loss of significance (TLOSS), xrefs: 00D6D3CE
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func__stdio_common_vfprintf
                • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)$:
                • API String ID: 2168557111-3146038039
                • Opcode ID: 312196841425e425466d6bcbdd046227da2fe15ee8e8b1a96d355b1abf20a6ea
                • Instruction ID: 9480f6d490c645b751b709ce303eb0604a3f3fb950df4e89f0a5bfaf97c6862b
                • Opcode Fuzzy Hash: 312196841425e425466d6bcbdd046227da2fe15ee8e8b1a96d355b1abf20a6ea
                • Instruction Fuzzy Hash: 41019274904A08EBCB00EF55E08999DBFF0FF88344F528888E8C867255CB35D9B4CB66
                Function 00D6D3B3 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D6D410
                  • Part of subcall function 00D7CDC0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D7CDF8
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func__stdio_common_vfprintf
                • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)$:
                • API String ID: 2168557111-1385961598
                • Opcode ID: aedd0da29604c82469629647014188f29e46ec8ba604f5c2907293cc2e29b38f
                • Instruction ID: 2de62e106c23184a976bf984ee079a43dee162a4e72528e162377a0dd0edfaf5
                • Opcode Fuzzy Hash: aedd0da29604c82469629647014188f29e46ec8ba604f5c2907293cc2e29b38f
                • Instruction Fuzzy Hash: 7C019274904A08DBCB00EF55E08999DBFF0FF88344F528888E8C867255CB35D974CB66
                Function 00D6D3BC Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D6D410
                  • Part of subcall function 00D7CDC0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D7CDF8
                Strings
                • :, xrefs: 00D6D42E
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00D6D435
                • Overflow range error (OVERFLOW), xrefs: 00D6D3BC
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func__stdio_common_vfprintf
                • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)$:
                • API String ID: 2168557111-252943749
                • Opcode ID: 585a82a5928010329fa91785434c4af5765dfc53647b0f75b83101e0c5d06ad8
                • Instruction ID: 2810f46b9a0cbb43a33fc3a2e509a40e902cdfcf1a2c00dda2f26de97d74b7e5
                • Opcode Fuzzy Hash: 585a82a5928010329fa91785434c4af5765dfc53647b0f75b83101e0c5d06ad8
                • Instruction Fuzzy Hash: BC019274904A08DBCB00EF55E08999DBFF0FF88344F528889E8C867255CB35D974CB66
                Function 00D6D3AA Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D6D410
                  • Part of subcall function 00D7CDC0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D7CDF8
                Strings
                • :, xrefs: 00D6D42E
                • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00D6D435
                • Argument domain error (DOMAIN), xrefs: 00D6D3AA
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func__stdio_common_vfprintf
                • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)$:
                • API String ID: 2168557111-884274926
                • Opcode ID: ac81529136c96cfa11ffd129591bccc17239ca53a389ddf7cb41b4fdeeb113ad
                • Instruction ID: cf59ecbcc03e2bb678a59804645c916af91a5785c7f8cd49f4fa09cb414133a7
                • Opcode Fuzzy Hash: ac81529136c96cfa11ffd129591bccc17239ca53a389ddf7cb41b4fdeeb113ad
                • Instruction Fuzzy Hash: 11018074904A08DBCB00EF55E08999DBFF0FF88344F528888E8C867255CB35D964CB66
                Function 00D6D050 Relevance: 6.3, APIs: 5, Instructions: 98stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D6D0D5
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D6D0F0
                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D6D0FA
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: freememcpystrlen
                • String ID:
                • API String ID: 2208669145-0
                • Opcode ID: 9e61869d6bebb5e4e28db6d21dafd3ca6bdf4f2f911bd685b6e4491c1e55a7c8
                • Instruction ID: 0b7e58372b43d2bef26554194ba9b477d20c7eebd031dd8157615360689f33ac
                • Opcode Fuzzy Hash: 9e61869d6bebb5e4e28db6d21dafd3ca6bdf4f2f911bd685b6e4491c1e55a7c8
                • Instruction Fuzzy Hash: D7314271B087018BD311AF2AE88072BBBE7AFD2750F29492CE99447341D7B5D84587B1
                Function 00D66589 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 329COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: {lambda
                • API String ID: 0-291243406
                • Opcode ID: cae1b3405426818fce5ab25f436b74a5500ec56e6cebaeff5eb81bcb30a2d668
                • Instruction ID: 7cba20daad67c0370acd302508ac72728deccd79ec9697473b0ab1355a302f2c
                • Opcode Fuzzy Hash: cae1b3405426818fce5ab25f436b74a5500ec56e6cebaeff5eb81bcb30a2d668
                • Instruction Fuzzy Hash: 1DF12E70608782DFC305CF28C0943E9FBE1BF99304F188669E8D857346D3B5A995DBA6
                Function 00D6812B Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 228stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D69855
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D69914
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID: auto:
                • API String ID: 39653677-1224775448
                • Opcode ID: d6ee10c270d9a82964fed8e213ae60bae1e69201de929d20bd031bb2bf59ab2e
                • Instruction ID: 23a4fdc0555fb87dfb38152e95de4498e4afd625750f68f2c11c14203a9e4e95
                • Opcode Fuzzy Hash: d6ee10c270d9a82964fed8e213ae60bae1e69201de929d20bd031bb2bf59ab2e
                • Instruction Fuzzy Hash: 19A16F706086829FC7198F38C0903A9FBE1BF55308F18866DD9E887346D775E895DBA2
                Function 00DFE180 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 181COMMON
                Download Yara Rule
                APIs
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DFE1B0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memset
                • String ID: basic_string::_M_create
                • API String ID: 2221118986-3122258987
                • Opcode ID: ef62ee52763fdebfc84fdc954688db83595fafa22f601c922bce603c58b5a4df
                • Instruction ID: be7c5ede664bffa5b18bf3b5dfefb772b5b12b166c485c038a034b8a287089f9
                • Opcode Fuzzy Hash: ef62ee52763fdebfc84fdc954688db83595fafa22f601c922bce603c58b5a4df
                • Instruction Fuzzy Hash: 2A5195729093508FD320AF2DD4C066AFBE5FFA6314F59896EE5D88B352D6319440CBA2
                Function 00D87484 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 177COMMON
                Download Yara Rule
                APIs
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D8764B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memset
                • String ID: VJ$z
                • API String ID: 2221118986-276902140
                • Opcode ID: 3333196e8428053d54b8b3dac5cef3d84697475a07213505cb67bf0894425add
                • Instruction ID: 2885b6ce1607357c7c565b262e32880175ebd65c3bc68640f0859f3abc1701e5
                • Opcode Fuzzy Hash: 3333196e8428053d54b8b3dac5cef3d84697475a07213505cb67bf0894425add
                • Instruction Fuzzy Hash: 6B81A17090460ADFDF50DF59C485BAEBBF0BF08314F248559E868AB250E378DA94CFA5
                Function 00D87246 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                APIs
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D873F0
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memset
                • String ID: TJ$z
                • API String ID: 2221118986-2266898901
                • Opcode ID: b730b33983ee9fb9ec29680c49c9dc65ed36b66d478f44d38cee5631b665caf3
                • Instruction ID: ebf50c8528b61562f3b817a57e842a726c63c2bc512f47b2e418c4b9fcf42cb5
                • Opcode Fuzzy Hash: b730b33983ee9fb9ec29680c49c9dc65ed36b66d478f44d38cee5631b665caf3
                • Instruction Fuzzy Hash: 7A81A17090420ADFDF10DF99C4847AEBBF0BB44314F24852AE868AB350D378DA95DFA5
                Function 00E00FB0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                Download Yara Rule
                APIs
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00E0104A
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00E01083
                Strings
                • basic_string::_M_create, xrefs: 00E0116F
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpy
                • String ID: basic_string::_M_create
                • API String ID: 3510742995-3122258987
                • Opcode ID: a0b30d7d33dc5f254140d1a0ba01e5ea0d9db408d1232acb805d100c622b33d1
                • Instruction ID: 759320e7248debaacbdf7da0a275560c815a48788ea7ad3af1fc64020bc01f4b
                • Opcode Fuzzy Hash: a0b30d7d33dc5f254140d1a0ba01e5ea0d9db408d1232acb805d100c622b33d1
                • Instruction Fuzzy Hash: 56517A745083418FC314DF28C48056ABBF2AFC6354F1899AEE9D9AB385D236DCC5DB92
                Function 00DD7B70 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136COMMON
                Download Yara Rule
                APIs
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,00DD625F), ref: 00DD7BCD
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpy
                • String ID: basic_string::assign
                • API String ID: 3510742995-2385367300
                • Opcode ID: c8002d87a287a4aa6d64a18278f49edda728e569cc076a4647b8a6514b72973e
                • Instruction ID: 2c1ee789338182e0d4c6809fce8dc7b7c6975f6cd391043fdc6335e80f27a4d4
                • Opcode Fuzzy Hash: c8002d87a287a4aa6d64a18278f49edda728e569cc076a4647b8a6514b72973e
                • Instruction Fuzzy Hash: 57415E71A1D2108FC714AF2CC48462AFBE2FF95710F5589AFE8888B314E730D844CBA2
                Function 00DE0820 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 133COMMON
                Download Yara Rule
                APIs
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DE087B
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memcpy
                • String ID: basic_string::assign
                • API String ID: 3510742995-2385367300
                • Opcode ID: e88ce326bf145210021af3d2f3a9c4fd51cac706b78d45b1f0d8b8c05a7af874
                • Instruction ID: 490deb8f011486bf4859edef6bf345ce020d03b05feb94a4a96dc3940d05722f
                • Opcode Fuzzy Hash: e88ce326bf145210021af3d2f3a9c4fd51cac706b78d45b1f0d8b8c05a7af874
                • Instruction Fuzzy Hash: 95418D71A092508FD710BF6EC4C461AFFE5AF95310F598A6DE4888B315D2B0D884CFE2
                Function 00D98811 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 115stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D9883D
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D9888D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID: basic_string: construction from null is not valid
                • API String ID: 39653677-2991274800
                • Opcode ID: 78ff2c738f0a2f338babac6f29f0a1b68972ab6b5b139fbed4f8c7a1fc7a191f
                • Instruction ID: d3b35c7ca26b723089718711b5c2902f54661e9e592f28f629c409974fff5ad9
                • Opcode Fuzzy Hash: 78ff2c738f0a2f338babac6f29f0a1b68972ab6b5b139fbed4f8c7a1fc7a191f
                • Instruction Fuzzy Hash: 97318EF1A152188FCB10BF28C48585ABBE5EF15710F0A496DE8C89B312D676DD85CBB2
                Function 00E1E0B0 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,-00000001,?,?,?,00D88DF7), ref: 00E1EE40
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00D88D3C,?,?,?,00000001,-BCD4D4E8,-00000038,00E1EE99), ref: 00E1EE48
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00D88D3C,?,?,?,00000001,-BCD4D4E8,-00000038,00E1EE99), ref: 00E1EE50
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00D88D3C,?,?,?,00000001,-BCD4D4E8,-00000038,00E1EE99), ref: 00E1EE58
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID:
                • API String ID: 4206212132-0
                • Opcode ID: ac3ca453d470214272fa16d0a4fe1b02a551bddbb529e4413ef8a2a65f23deac
                • Instruction ID: de0b4113e46436f7c3c3e45a68880034251b81ee42a56fafdb7ac2d69707ecf6
                • Opcode Fuzzy Hash: ac3ca453d470214272fa16d0a4fe1b02a551bddbb529e4413ef8a2a65f23deac
                • Instruction Fuzzy Hash: 2631DC70A053018BD708BF34C8866BEBBE1EF46314F45696CFC896B352EA30D886C761
                Function 00D94B70 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 110stringCOMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D94B9A
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D94C03
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlenwcslen
                • String ID: basic_string: construction from null is not valid
                • API String ID: 803329031-2991274800
                • Opcode ID: 7cabb00ebcc1842342bb59117eb134a05ddff33f510e29de4952c99e9b4c6e1b
                • Instruction ID: 4196684a88ad2f28859d7e39d50447970e4979fddef0d74ff9ae14fe196774c3
                • Opcode Fuzzy Hash: 7cabb00ebcc1842342bb59117eb134a05ddff33f510e29de4952c99e9b4c6e1b
                • Instruction Fuzzy Hash: 383130B55053148FCB10EF28D48491ABBE5FF99314F15896DE988CB316E331D986CBA2
                Function 00D95020 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 110stringCOMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D9504A
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D950B3
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlenwcslen
                • String ID: basic_string: construction from null is not valid
                • API String ID: 803329031-2991274800
                • Opcode ID: 5a889defabb3fad00e5b971d24b31789640e844b959baa1bd10afc2c4fba7413
                • Instruction ID: 17d7f06f2e358033009704bb817dfb18d8b3f2b25e95b8ecec5cdee79b07eec7
                • Opcode Fuzzy Hash: 5a889defabb3fad00e5b971d24b31789640e844b959baa1bd10afc2c4fba7413
                • Instruction Fuzzy Hash: 0A315EB56047148FCB11EF28E48091ABBE4FF59310F55887DE98C8B319E332D945CBA2
                Function 00E1DFB0 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 533d73dcc3c24721c077513b37ae834fe9cb9b077b04169b55ce7a5c65b2ed1a
                • Instruction ID: 0fbea4340df57beaf740dff57c9e4526f11c7eab4f17b8b91318ee40a7343d88
                • Opcode Fuzzy Hash: 533d73dcc3c24721c077513b37ae834fe9cb9b077b04169b55ce7a5c65b2ed1a
                • Instruction Fuzzy Hash: 26316071A042158FCB04BF64C4851AEB7E2EF85314F05A86DFC496B316DB31A985CBA5
                Function 00D80A10 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                Download Yara Rule
                APIs
                • realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D80A65
                • realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D80A9B
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: realloc
                • String ID:
                • API String ID: 471065373-0
                • Opcode ID: 7433dbf4f22479f990f202a351791039c63124741a3e655e8021d97d2387c453
                • Instruction ID: 283ac37a1ca0a5813f2e0c7ec41ba19534ffdf4b7fb5d9df91b1ec99022611a6
                • Opcode Fuzzy Hash: 7433dbf4f22479f990f202a351791039c63124741a3e655e8021d97d2387c453
                • Instruction Fuzzy Hash: 6E5186B4A042198FCB40DFA8C981A6EBBF1FF48304F518969E858EB311D634E945CB61
                Function 00DABE10 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                Download Yara Rule
                APIs
                • ___mb_cur_max_func.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00DABE3C
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DABEA6
                • wcrtomb.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00DABEE8
                • wcrtomb.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00DABF57
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcrtomb$___mb_cur_max_funcmemcpy
                • String ID:
                • API String ID: 4290179537-0
                • Opcode ID: 3f71c8b4ce9047f2b834852ec7ad8998bcd5cc4392852b3dbcbbf25db2c3cacc
                • Instruction ID: 3ac93ab634c5d7cf98144ad2180d9cade61bfcaff5687a4c539c65f5439163d4
                • Opcode Fuzzy Hash: 3f71c8b4ce9047f2b834852ec7ad8998bcd5cc4392852b3dbcbbf25db2c3cacc
                • Instruction Fuzzy Hash: 514106746083058FC704DF68C88046EBBE1FF8A764F14892EF89597361D375E986DB62
                Function 00D63362 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 101stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D633E3
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen
                • String ID: :-$A-
                • API String ID: 39653677-1876895140
                • Opcode ID: 85b3b99d14d715c3d4404bfaa0802f9fb4bca0ce4644e2446f557db592f93cf7
                • Instruction ID: e240748ef7c33af54b7d7307c31f6ac6a2af3384fa8809b4d6dd12eae8aef781
                • Opcode Fuzzy Hash: 85b3b99d14d715c3d4404bfaa0802f9fb4bca0ce4644e2446f557db592f93cf7
                • Instruction Fuzzy Hash: FF417CB19046018FCB44EF29C48222AFBE1FF85310F19D9ADE8989B746D734E558CFA5
                Function 00DE51B0 Relevance: 6.0, APIs: 4, Instructions: 30stringCOMMON
                Download Yara Rule
                APIs
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00DE51C5
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DE51CF
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DE51F8
                • setlocale.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00DE520C
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: setlocale$memcpystrlen
                • String ID:
                • API String ID: 4096897932-0
                • Opcode ID: 128689b5e9f4d9a602378006fdbc78ea36adbdc54ce8a91d9e04592084fcafd7
                • Instruction ID: 675b8862dad80977f454de3cf951525ca9b8cc1a4a13ee3133597754c21bb7ad
                • Opcode Fuzzy Hash: 128689b5e9f4d9a602378006fdbc78ea36adbdc54ce8a91d9e04592084fcafd7
                • Instruction Fuzzy Hash: E4F03AB1909310AAD3007F68984A21EBBE5EF80754F41881DE4CC9B201E7748444DBA2
                Function 00D61006 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                Download Yara Rule
                APIs
                • _set_app_type.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D61026
                • _set_app_type.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D61034
                • __p__fmode.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D61039
                • __p__commode.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D61046
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: _set_app_type$__p__commode__p__fmode
                • String ID:
                • API String ID: 18583571-0
                • Opcode ID: a6b139a3176a26cf2e75edec2d01c249fcbe966c38c53bcef84079fbe9bee5b7
                • Instruction ID: 297aaf318207dd494e6626b3721dc3d21e79313300b80a316366810fcef2d99b
                • Opcode Fuzzy Hash: a6b139a3176a26cf2e75edec2d01c249fcbe966c38c53bcef84079fbe9bee5b7
                • Instruction Fuzzy Hash: 82F0FE74608300CFC710BF66E98361977B6EF44300F498474E5849B356EA76D88687B6
                Function 00D745E1 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID:
                • String ID: 5$P
                • API String ID: 0-1197624891
                • Opcode ID: 3f9675c142f7c73092b76303cb6ceebca294ae5b5a1e9f7e6ccfe87fb27e5249
                • Instruction ID: 23cdbe0d139d910e9261f2d5650b85a1fd13ed380d3fb2c7e655798f1c460a2f
                • Opcode Fuzzy Hash: 3f9675c142f7c73092b76303cb6ceebca294ae5b5a1e9f7e6ccfe87fb27e5249
                • Instruction Fuzzy Hash: F5C19C74A05209DFDB01DFA8C585BAEBBF1FB49304F248469E858AB351E734EA44CF61
                Function 00DF83D0 Relevance: 5.4, APIs: 4, Instructions: 361stringCOMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DF841C
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF84A2
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF8528
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF85AE
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen$strlen
                • String ID:
                • API String ID: 1625065929-0
                • Opcode ID: 046bc6b98a19fbab4161928e75bac9394066e5bec20080edc6cf7ce6bc2afd2e
                • Instruction ID: c856b422094f458feea84b6db7e9fcc76f4e98aa78b9b0f875ad0067dee8b29c
                • Opcode Fuzzy Hash: 046bc6b98a19fbab4161928e75bac9394066e5bec20080edc6cf7ce6bc2afd2e
                • Instruction Fuzzy Hash: 26E17C74A046098FCB10EFACD0849AEBBF1FF84310B118569E895DB391DB34E945DFA2
                Function 00DF8B10 Relevance: 5.4, APIs: 4, Instructions: 361stringCOMMON
                Download Yara Rule
                APIs
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DF8B5C
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF8BE2
                • wcslen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF8C68
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF8CEE
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: wcslen$strlen
                • String ID:
                • API String ID: 1625065929-0
                • Opcode ID: 3a19406477a856db369bd73a176b57367394c70a93500b8edbe43524790ac8f6
                • Instruction ID: 35a97d8624965727254ca66e447d234f7f7a86b3a8d0d05171c5cf57fc41fe3f
                • Opcode Fuzzy Hash: 3a19406477a856db369bd73a176b57367394c70a93500b8edbe43524790ac8f6
                • Instruction Fuzzy Hash: 58E15A70A016098FCB10EF68C4849AEFBF1FF84310F128569E995DB395DB34E945DBA2
                Function 00DF74F0 Relevance: 5.4, APIs: 4, Instructions: 357stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DF753C
                  • Part of subcall function 00D8C7A0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D8C7D8
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF75B3
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF762A
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF76A1
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen$memcpy
                • String ID:
                • API String ID: 3396830738-0
                • Opcode ID: 8e866d9a6dc418576be80d6916e43f5dda5b0e530400fb857b5a4ed9b1c4630d
                • Instruction ID: 6949c9e6d8fe36ed68fb606852b5f01c5e4b8f4268a7a9cc04b2dd9d9d7a5aa5
                • Opcode Fuzzy Hash: 8e866d9a6dc418576be80d6916e43f5dda5b0e530400fb857b5a4ed9b1c4630d
                • Instruction Fuzzy Hash: 0BE15874A04609CFCB14EF6CC0849AEBBF2EF88310B168569E895DB395D734E941CFA1
                Function 00DF7C60 Relevance: 5.4, APIs: 4, Instructions: 357stringCOMMON
                Download Yara Rule
                APIs
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DF7CAC
                  • Part of subcall function 00D8C7A0: memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D8C7D8
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF7D23
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF7D9A
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00DF7E11
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strlen$memcpy
                • String ID:
                • API String ID: 3396830738-0
                • Opcode ID: c6d88d204048b42c6f922ae186d3f91b3acdbdb77d4332efca458fef90ea83fc
                • Instruction ID: 540e243149022ccb4214bfcb5e56e99236ff79bcc8cc53f8333ab1f0fbb6474b
                • Opcode Fuzzy Hash: c6d88d204048b42c6f922ae186d3f91b3acdbdb77d4332efca458fef90ea83fc
                • Instruction Fuzzy Hash: 19E14B74A04609CFCB10EF6CC4809AEBBF1EF88310B558569E895DB395DB34E945CFA1
                Function 00D8AF10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84stringCOMMON
                Download Yara Rule
                APIs
                • strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D8AF1E
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D8AF35
                Strings
                • basic_string: construction from null is not valid, xrefs: 00E2029C
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: strerrorstrlen
                • String ID: basic_string: construction from null is not valid
                • API String ID: 960536887-2991274800
                • Opcode ID: 34ba033855ebaeccdf454ba6f2bb3c96d9b0d4b753e85fa7466c54c794cfefdc
                • Instruction ID: bc7b2251979bb100ab1788762a6dd2a8f3ec9cb2adb2fcf1f160fd083f8c0ca2
                • Opcode Fuzzy Hash: 34ba033855ebaeccdf454ba6f2bb3c96d9b0d4b753e85fa7466c54c794cfefdc
                • Instruction Fuzzy Hash: 572181B05087148BC700BF68C8864AEBBE5FF84710F465C1CF4C9AB302EB7495858BB2
                Function 00D7FCD4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 00D87C40: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D87C7F
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7FD8D
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __stdio_common_vsprintfabort
                • String ID: 5$Error cleaning up spin_keys for thread %lu.
                • API String ID: 3598471016-2130375756
                • Opcode ID: d9b3d8385b70b2418e990056019645fa161ddb77c2a4b1a8ddb8dab617aab6c8
                • Instruction ID: 6455e8e4e97d6fa12f6fa93b9b7347b4e5b7dad53e5ba2f5e952e07a0c48d54f
                • Opcode Fuzzy Hash: d9b3d8385b70b2418e990056019645fa161ddb77c2a4b1a8ddb8dab617aab6c8
                • Instruction Fuzzy Hash: D61186B0904309AFDB10EF94D45979EBBF5FB44348F108428E458AB390E7B99548CBA5
                Function 00D7CF14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                Download Yara Rule
                APIs
                • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,00D6119E), ref: 00D7CF21
                  • Part of subcall function 00D7CDC0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00D7CDF8
                • _exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00D7CF44
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: __acrt_iob_func__stdio_common_vfprintf_exit
                • String ID: runtime error %d
                • API String ID: 2221612918-1470485912
                • Opcode ID: d19371232e6c8317d9c9faff22d974993b4ed4481d1195ad0009747a5c930a83
                • Instruction ID: 06b179d3579dc896220eb888a5dbaa345e1825f6892477030ff0a666d2d48675
                • Opcode Fuzzy Hash: d19371232e6c8317d9c9faff22d974993b4ed4481d1195ad0009747a5c930a83
                • Instruction Fuzzy Hash: A7E04C704083059BD7107F69D44662ABBE9DF44704F51982DA9DC57242EA74A48187F6
                Function 00D890A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                Download Yara Rule
                APIs
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00E1EF3C,?,?,?,?,?,?,00E1EE35), ref: 00E1EF18
                • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00E1EF3C,?,?,?,?,?,?,00E1EE35), ref: 00E1EF25
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: abort
                • String ID: what():
                • API String ID: 4206212132-593870882
                • Opcode ID: 4eb0ec63d6c09fac12bcd2f3a63882b774b18834d6a27580a6ee1ff5e7ecbb72
                • Instruction ID: 24cce22db237bebbb812bc8e9dc6991dcd16d3a5dc56eafa056d045ce5a7163b
                • Opcode Fuzzy Hash: 4eb0ec63d6c09fac12bcd2f3a63882b774b18834d6a27580a6ee1ff5e7ecbb72
                • Instruction Fuzzy Hash: 9CD0C930A083408BCA107FB8854A06CBAF0AF16300F946968F8C56320AEA3590858773
                Function 00DFEB00 Relevance: 5.1, APIs: 4, Instructions: 100COMMON
                Download Yara Rule
                APIs
                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0(?,?,?,?,?,?,?,?,?,?,00DFE05A), ref: 00DFEB35
                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DFEB69
                • memmove.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00DFEB98
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: memmove
                • String ID:
                • API String ID: 2162964266-0
                • Opcode ID: a72f80b46fe49b5cd5d5593b75128885cca56314fe27ad33137efd01aaf7104a
                • Instruction ID: c3b6b3bc339c252c08f61980c2b44d07bc58566094dffbf9ed792f3fe7d5add6
                • Opcode Fuzzy Hash: a72f80b46fe49b5cd5d5593b75128885cca56314fe27ad33137efd01aaf7104a
                • Instruction Fuzzy Hash: 3F316E345083899FCB119F28848007EFBB5FE95300F2AC86EEADA47225D732D945DB72
                Function 00D7FAEB Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                Download Yara Rule
                APIs
                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D7FB49
                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D7FB61
                • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D7FB79
                • memset.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D7FB94
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: free$memset
                • String ID:
                • API String ID: 2717317152-0
                • Opcode ID: 7850be4385cc46f059fa17abcc2b84223146a0ea333b18245e111a61c70429c9
                • Instruction ID: e42c679a9f03eaf46bcdcdd5c235738899d94b61a4b3f3675d834c0ebe7daa83
                • Opcode Fuzzy Hash: 7850be4385cc46f059fa17abcc2b84223146a0ea333b18245e111a61c70429c9
                • Instruction Fuzzy Hash: F2316274604305DFDB20EF69C995A997BE5EF48390F468478F888CB312E735E941CB62
                Function 00D613C8 Relevance: 5.1, APIs: 4, Instructions: 63stringCOMMON
                Download Yara Rule
                APIs
                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D613DB
                • strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00D61408
                • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00D61429
                • memcpy.API-MS-WIN-CRT-PRIVATE-L1-1-0 ref: 00D61460
                Memory Dump Source
                • Source File: 00000000.00000002.3377267781.0000000000D61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D60000, based on PE: true
                • Associated: 00000000.00000002.3377253054.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377330656.0000000000E27000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377344256.0000000000E29000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377392043.0000000000ECD000.00000004.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377405422.0000000000ECF000.00000008.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000ED2000.00000002.00000001.01000000.00000003.sdmpDownload File
                • Associated: 00000000.00000002.3377420126.0000000000EFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_d60000_DpEHzbOOoB.jbxd
                Similarity
                • API ID: malloc$memcpystrlen
                • String ID:
                • API String ID: 3553820921-0
                • Opcode ID: 6ba966f24e5f2f2b02d30d4ef02a72d6d96e20ae35b919fd262950617e4b3dd0
                • Instruction ID: a0802b27a7151dc7e88d512855734811c36177680eb05731011244a7f74942b9
                • Opcode Fuzzy Hash: 6ba966f24e5f2f2b02d30d4ef02a72d6d96e20ae35b919fd262950617e4b3dd0
                • Instruction Fuzzy Hash: DD217CB4E0460A9FCF00DF98D881A9EB7F1FF49308F048458E559EB311E335AA54CBA5