Edit tour

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe
Analysis ID:	1669390
MD5:	562839ff96784f8ef8b7768534933a2c
SHA1:	5f223cf60e5dcfabb80742e1a1c33e8bc590c73b
SHA256:	0ba78b87fd8907401f8332f113dcef8f85d6ef4bb560faf03ec3988e91523631
Tags:	exeuser-SecuriteInfoCom
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found large amount of non-executed APIs

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe (PID: 8388 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe" MD5: 562839FF96784F8EF8B7768534933A2C)

cleanup

Joe Sandbox Signatures

• AV Detection
• Compliance
• Spreading
• System Summary
• Malware Analysis System Evasion
• Anti Debugging
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Virustotal: Detection: 63%			Perma Link
Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	ReversingLabs: Detection: 61%

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BC2294 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,

0_2_00007FF7C6BC2294

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BA3518	0_2_00007FF7C6BA3518
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BA1000	0_2_00007FF7C6BA1000
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BBFF7C	0_2_00007FF7C6BBFF7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC6F1C	0_2_00007FF7C6BC6F1C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB75DC	0_2_00007FF7C6BB75DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC15A0	0_2_00007FF7C6BC15A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC75B8	0_2_00007FF7C6BC75B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC3D68	0_2_00007FF7C6BC3D68
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB7D6C	0_2_00007FF7C6BB7D6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BABD28	0_2_00007FF7C6BABD28
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BADEF0	0_2_00007FF7C6BADEF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BBA350	0_2_00007FF7C6BBA350
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BAAD00	0_2_00007FF7C6BAAD00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB949C	0_2_00007FF7C6BB949C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BA9460	0_2_00007FF7C6BA9460
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC5278	0_2_00007FF7C6BC5278
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BADA78	0_2_00007FF7C6BADA78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BC2294	0_2_00007FF7C6BC2294

Source: classification engine

Classification label: mal48.winEXE@1/0@0/0

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Virustotal: Detection: 63%
Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	ReversingLabs: Detection: 61%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

API coverage: 5.2 %

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BC2294 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,

0_2_00007FF7C6BC2294

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BB07B4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7C6BB07B4

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BC34A4 GetProcessHeap,

0_2_00007FF7C6BC34A4

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB07B4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7C6BB07B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB0500 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF7C6BB0500
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB71E4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF7C6BB71E4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: 0_2_00007FF7C6BB0994 SetUnhandledExceptionFilter,	0_2_00007FF7C6BB0994

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BC9040 cpuid

0_2_00007FF7C6BC9040

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF7C6BC5808
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7C6BBDFC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF7C6BC606C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,	0_2_00007FF7C6BC5F14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7C6BC5B64
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,	0_2_00007FF7C6BBE354
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF7C6BC5CCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: EnumSystemLocalesW,	0_2_00007FF7C6BC5C34
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: GetLocaleInfoW,	0_2_00007FF7C6BC611C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF7C6BC6250

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BB0A00 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF7C6BB0A00

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Code function: 0_2_00007FF7C6BA3518 GetUserNameA,GetFileAttributesA,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7C6BA3518

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 DLL Side-Loading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	2 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	1 Account Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 System Owner/User Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	22 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	64%	Virustotal		Browse
SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe	61%	ReversingLabs	Win64.Malware.Heuristic

Domains and IPs

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1669390
Start date and time:	2025-04-19 23:06:15 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 1m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	1
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe
Detection:	MAL
Classification:	mal48.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 94% Number of executed functions: 5 Number of non-executed functions: 67
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Joe Sandbox View / Context

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.215183182252695
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe
File size:	258'048 bytes
MD5:	562839ff96784f8ef8b7768534933a2c
SHA1:	5f223cf60e5dcfabb80742e1a1c33e8bc590c73b
SHA256:	0ba78b87fd8907401f8332f113dcef8f85d6ef4bb560faf03ec3988e91523631
SHA512:	6f01d32c204a2a86abdd0b5fb02e1aa1947768dc63f6e0e3078b3261a22b066a67f583238829f1e69422b57c93b910dcc5d3a0bfc64657bdf4cdfe850fb3eb86
SSDEEP:	3072:1FIUA2/r2Zl9Yrb4fAj/6tXn/atD0cm53jVnw31fzXom6oxsHFM8CLX5kDsufmbM:1MBoj/6tX/atQJ53jVn2pj0M8Cqs
TLSH:	53446B1677A40CF8EDA7923DCC560A4AE7B2BC160771EB4F03A046975F236A19D3E721
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.o.'.<.'.<.'.<._.=.'.<._.=''.<._.=.'.<J..=.'.<J..=.'.<._.=.'.<.'.<.'.<J..=.'.<...=.'.<...=.'.<Rich.'.<.......................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x1400100c0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x67FD2C79 [Mon Apr 14 15:40:41 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	bdcc417182aff23aa735853592246a3c

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F11A8D6EACCh
dec eax
add esp, 28h
jmp 00007F11A8D6E00Fh
int3
int3
dec eax
sub esp, 28h
dec ebp
mov eax, dword ptr [ecx+38h]
dec eax
mov ecx, edx
dec ecx
mov edx, ecx
call 00007F11A8D6E1A2h
mov eax, 00000001h
dec eax
add esp, 28h
ret
int3
int3
int3
inc eax
push ebx
inc ebp
mov ebx, dword ptr [eax]
dec eax
mov ebx, edx
inc ecx
and ebx, FFFFFFF8h
dec esp
mov ecx, ecx
inc ecx
test byte ptr [eax], 00000004h
dec esp
mov edx, ecx
je 00007F11A8D6E1A5h
inc ecx
mov eax, dword ptr [eax+08h]
dec ebp
arpl word ptr [eax+04h], dx
neg eax
dec esp
add edx, ecx
dec eax
arpl ax, cx
dec esp
and edx, ecx
dec ecx
arpl bx, ax
dec edx
mov edx, dword ptr [eax+edx]
dec eax
mov eax, dword ptr [ebx+10h]
mov ecx, dword ptr [eax+08h]
dec eax
mov eax, dword ptr [ebx+08h]
test byte ptr [ecx+eax+03h], 0000000Fh
je 00007F11A8D6E19Dh
movzx eax, byte ptr [ecx+eax+03h]
and eax, FFFFFFF0h
dec esp
add ecx, eax
dec esp
xor ecx, edx
dec ecx
mov ecx, ecx
pop ebx
jmp 00007F11A8D6DB06h
int3
dec eax
mov dword ptr [esp+10h], ebx
dec eax
mov dword ptr [esp+18h], esi
push ebp
push edi
inc ecx
push esi
dec eax
mov ebp, esp
dec eax
sub esp, 10h
xor eax, eax
xor ecx, ecx
cpuid
inc esp
mov eax, ecx
inc esp
mov edx, edx
inc ecx
xor edx, 49656E69h
inc ecx
xor eax, 6C65746Eh
inc esp
mov ecx, ebx
inc esp
mov esi, eax
xor ecx, ecx

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3ab3c	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x3f000	0x24fc	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x42000	0x9f4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x36230	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x360f0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2b000	0x2d0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x29fbc	0x2a000	4ae98620d798231ae83c5c21c5b6882f	False	0.55322265625	data	6.456616681569424	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2b000	0x104aa	0x10600	29db539a915f66ed2b2547ccae501c18	False	0.3946207061068702	data	4.7260402613019545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3c000	0x2d54	0x1600	d461a1acf0d73fdd5355a27bac2e1f2e	False	0.1709872159090909	DOS executable (block device driver)	2.952461754720926	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x3f000	0x24fc	0x2600	0f58dd2a82eaf44fc9c32d42ccc602c1	False	0.4758429276315789	data	5.328409395697172	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x42000	0x9f4	0xa00	5b5afc5bfb303aad40b6322ab9afefeb	False	0.5171875	data	5.392109284293155	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
ADVAPI32.dll	GetUserNameA
KERNEL32.dll	FindFirstFileA, FindNextFileA, FindClose, GetFileAttributesA, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, CompareStringEx, GetCPInfo, GetStringTypeW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, SetEndOfFile, RtlUnwindEx, RtlPcToFileHeader, RaiseException, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, WriteFile, GetFileSizeEx, SetFilePointerEx, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, CloseHandle, HeapReAlloc, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, SetStdHandle, CreateFileW, HeapSize, WriteConsoleW, RtlUnwind

DLL

Import

ADVAPI32.dll

GetUserNameA

KERNEL32.dll

FindFirstFileA, FindNextFileA, FindClose, GetFileAttributesA, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, CompareStringEx, GetCPInfo, GetStringTypeW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, SetEndOfFile, RtlUnwindEx, RtlPcToFileHeader, RaiseException, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, WriteFile, GetFileSizeEx, SetFilePointerEx, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, HeapFree, CloseHandle, HeapReAlloc, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadFile, ReadConsoleW, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, SetStdHandle, CreateFileW, HeapSize, WriteConsoleW, RtlUnwind

• SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Click to jump to process

Memory Usage

• SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Click to jump to process

Target ID:	0
Start time:	17:07:13
Start date:	19/04/2025
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe"
Imagebase:	0x7ff7c6ba0000
File size:	258'048 bytes
MD5 hash:	562839FF96784F8EF8B7768534933A2C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:	3.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	27%
Total number of Nodes:	1110
Total number of Limit Nodes:	40

Executed Functions

Function 00007FF7C6BA3518 Relevance: 39.5, APIs: 3, Strings: 19, Instructions: 1024
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32 ref: 00007FF7C6BA3567

Strings

\Downloads, xrefs: 00007FF7C6BA395E, 00007FF7C6BA3EC0, 00007FF7C6BA43D7
C:\Users\, xrefs: 00007FF7C6BA3587
D:\wamp64, xrefs: 00007FF7C6BA3F6E
E:\Users\, xrefs: 00007FF7C6BA3FC4
\Documents, xrefs: 00007FF7C6BA365A, 00007FF7C6BA3B86, 00007FF7C6BA40E8
E:\inetpub, xrefs: 00007FF7C6BA44A6
C:\inetpub, xrefs: 00007FF7C6BA3A37
C:\xampp, xrefs: 00007FF7C6BA39A9
\Videos, xrefs: 00007FF7C6BA389D, 00007FF7C6BA3DF0, 00007FF7C6BA431D
D:\xampp, xrefs: 00007FF7C6BA3F0B
E:\xampp, xrefs: 00007FF7C6BA4418
C:\wamp64, xrefs: 00007FF7C6BA3A0C
.php, xrefs: 00007FF7C6BA3420
E:\wamp64, xrefs: 00007FF7C6BA447B
D:\Users\, xrefs: 00007FF7C6BA3A62
\Desktop, xrefs: 00007FF7C6BA35B9, 00007FF7C6BA3AB6, 00007FF7C6BA4018
\Pictures, xrefs: 00007FF7C6BA371E, 00007FF7C6BA3C53, 00007FF7C6BA41A6
D:\inetpub, xrefs: 00007FF7C6BA3F99
\Music, xrefs: 00007FF7C6BA37DC, 00007FF7C6BA3D20, 00007FF7C6BA4264

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: NameUser
String ID: .php$C:\Users\$C:\inetpub$C:\wamp64$C:\xampp$D:\Users\$D:\inetpub$D:\wamp64$D:\xampp$E:\Users\$E:\inetpub$E:\wamp64$E:\xampp$\Desktop$\Documents$\Downloads$\Music$\Pictures$\Videos
API String ID: 2645101109-2252226799
Opcode ID: 28ff0a4ffb8e6d361176906c899271f9ba3979d0f3f6f7c5e929975fe70ae57a
Instruction ID: 9bb574cb26899dbbf1ba4d3eac946d9d8dd2e275140f0163abf9f317260f365e
Opcode Fuzzy Hash: 28ff0a4ffb8e6d361176906c899271f9ba3979d0f3f6f7c5e929975fe70ae57a
Instruction Fuzzy Hash: 2EC2A053D18BC594E722DF348C812E9A760FBA9798F959321EB8C16A57EF24E3D0C350

Function 00007FF7C6BBE03C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF7C6BBE744,?,?,?,?,00007FF7C6BB7D01,?,?,?,?,00007FF7C6BAE538), ref: 00007FF7C6BBE1B8
GetProcAddress.KERNEL32(?,?,?,00007FF7C6BBE744,?,?,?,?,00007FF7C6BB7D01,?,?,?,?,00007FF7C6BAE538), ref: 00007FF7C6BBE1C4

Strings

ext-ms-, xrefs: 00007FF7C6BBE115
api-ms-, xrefs: 00007FF7C6BBE102

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 933019dcc0fbd5848821acf18b732c32933b14a96845b994dc779ebab6b2dcf8
Instruction ID: 0134b8bfeb816d799959500482ce8c3ae52675ea2bd8a84f5597ba85d426ca1c
Opcode Fuzzy Hash: 933019dcc0fbd5848821acf18b732c32933b14a96845b994dc779ebab6b2dcf8
Instruction Fuzzy Hash: CC41D031B19A1291EA17EF169C80267A395BF85BF0FE84535ED0D47794DE3CE4028324

Function 00007FF7C6BAFF4C Relevance: 4.6, APIs: 3, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7C6BAFC30: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF7C6BAFC44

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF7C6BAFF70
__scrt_release_startup_lock.LIBCMT ref: 00007FF7C6BAFFDE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF7C6BB0031

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: 5324d965c8c309e2eddf3ebd36c367fcd01fae4ccd6c01d1cdfdc9b7472d90f4
Instruction ID: 62bfb87415aa1cf024f18a1d5ab6857389a9d1b81a8a787a93cb00b4c9d0453e
Opcode Fuzzy Hash: 5324d965c8c309e2eddf3ebd36c367fcd01fae4ccd6c01d1cdfdc9b7472d90f4
Instruction Fuzzy Hash: CF312911E0824742FA27BF259CE12BBE3919F853A4FE44035ED4D4B2D3DE2DE5448238

Function 00007FF7C6BB8D00 Relevance: 4.5, APIs: 3, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF7C6BB8CFC), ref: 00007FF7C6BB8D11
TerminateProcess.KERNEL32(?,?,?,00007FF7C6BB8CFC), ref: 00007FF7C6BB8D1C
ExitProcess.KERNEL32 ref: 00007FF7C6BB8D2B

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 64f5a314acf0d0577079106ac6116e740043fcc94654ce8b7ae2396de8d76da9
Instruction ID: e1a60400ba929e39e511f4f39752871e2bc82362a06642e9bbcc2495884c8025
Opcode Fuzzy Hash: 64f5a314acf0d0577079106ac6116e740043fcc94654ce8b7ae2396de8d76da9
Instruction Fuzzy Hash: 90D01710B0860A52EA463F30ACC817E82162FA8721BA0183EC81E06393CD3CA4084220

Function 00007FF7C6BB8C31 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7C6BB8C5F

Part of subcall function 00007FF7C6BB8D58: GetModuleHandleExW.KERNEL32 ref: 00007FF7C6BB8D7D
Part of subcall function 00007FF7C6BB8D58: GetProcAddress.KERNEL32 ref: 00007FF7C6BB8D93
Part of subcall function 00007FF7C6BB8D58: FreeLibrary.KERNEL32 ref: 00007FF7C6BB8DBA

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: bec4e057efd22ef7971475711ccf8f05bef3624c47bc1f8d12fe4a0cda5783cd
Instruction ID: 54b13d3a56bb3b7e4f3ce77281613118fc4840daaece7e0e7354b281b7be05f9
Opcode Fuzzy Hash: bec4e057efd22ef7971475711ccf8f05bef3624c47bc1f8d12fe4a0cda5783cd
Instruction Fuzzy Hash: 1B21A172A15745CAEB26AF74C8802FD73A0FB84328FA4063ADB5D06AC9DF38D544C754

Non-executed Functions

Function 00007FF7C6BA1000 Relevance: 15.4, Strings: 12, Instructions: 428
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\bT[a-zA-Z0-9]{33}\b|\bT[a-zA-Z0-9]{34}\b, xrefs: 00007FF7C6BA1413
\b0x[a-fA-F0-9]{40}\b, xrefs: 00007FF7C6BA13A8
0x1a2f21755df3849f307e874cafabbe94c4026b90, xrefs: 00007FF7C6BA10AC
LPfod1Raka3rYAjG6tYsPRf1UGjfe3yXUz, xrefs: 00007FF7C6BA1138
\b(?:[13][a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[a-zA-HJ-NP-Z0-9]{39,59})\b, xrefs: 00007FF7C6BA1343
btc, xrefs: 00007FF7C6BA103C, 00007FF7C6BA1358
TXddtHfr8STtmDEDxcrzanC8htLQZtbTgX, xrefs: 00007FF7C6BA10F2
ltc, xrefs: 00007FF7C6BA1115, 00007FF7C6BA1495
eth, xrefs: 00007FF7C6BA1088, 00007FF7C6BA13BF
trx, xrefs: 00007FF7C6BA10CF, 00007FF7C6BA142A
1N75DmxTsCut3SV23Mp4QV6qt1kKbmNiwH, xrefs: 00007FF7C6BA1064
\b(?:[LM3][a-km-zA-HJ-NP-Z1-9]{26,33})\b, xrefs: 00007FF7C6BA147E

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID: 0x1a2f21755df3849f307e874cafabbe94c4026b90$1N75DmxTsCut3SV23Mp4QV6qt1kKbmNiwH$LPfod1Raka3rYAjG6tYsPRf1UGjfe3yXUz$TXddtHfr8STtmDEDxcrzanC8htLQZtbTgX$\b(?:[13][a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[a-zA-HJ-NP-Z0-9]{39,59})\b$\b(?:[LM3][a-km-zA-HJ-NP-Z1-9]{26,33})\b$\b0x[a-fA-F0-9]{40}\b$\bT[a-zA-Z0-9]{33}\b|\bT[a-zA-Z0-9]{34}\b$btc$eth$ltc$trx
API String ID: 118556049-2374793347
Opcode ID: f92cce702970a9531a72e72ed2e898de2691a48bbf204ab308b3a587b26451bf
Instruction ID: aa43b8f7712b2b6c78ccf77d226ba5f4c77cfe7e82aba0ca6196908984c72629
Opcode Fuzzy Hash: f92cce702970a9531a72e72ed2e898de2691a48bbf204ab308b3a587b26451bf
Instruction Fuzzy Hash: 7A12B332A15B4695EB12EF24D8802EEB3B0FB84764FA44236EB4D17666EF3CD545C350

Function 00007FF7C6BC75B8 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7C6BC719C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BC71DD
Part of subcall function 00007FF7C6BC719C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BC725B
Part of subcall function 00007FF7C6BC719C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BC72AC

CreateFileW.KERNEL32 ref: 00007FF7C6BC76BE
CreateFileW.KERNEL32 ref: 00007FF7C6BC770E
GetLastError.KERNEL32 ref: 00007FF7C6BC773E
GetFileType.KERNEL32 ref: 00007FF7C6BC7753
GetLastError.KERNEL32 ref: 00007FF7C6BC775D
CloseHandle.KERNEL32 ref: 00007FF7C6BC7790
CloseHandle.KERNEL32 ref: 00007FF7C6BC78F3
CreateFileW.KERNEL32 ref: 00007FF7C6BC7928
GetLastError.KERNEL32 ref: 00007FF7C6BC7937

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: 98dbda4ce531ff64c2c3eb78b33b6cc2ef0d19486f2d80594ea85e9c8d2e1f12
Instruction ID: 15a592ac43e7108e44da0ac950fb2affdd189f8253c23df32519b4da0f7bdcc1
Opcode Fuzzy Hash: 98dbda4ce531ff64c2c3eb78b33b6cc2ef0d19486f2d80594ea85e9c8d2e1f12
Instruction Fuzzy Hash: 22C1E536B24A4196EB11DF69C8D06AE7761FB48BA8BA00235DF1E573D5DF38D112C310

Function 00007FF7C6BC5808 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF7C6BBC4EC: GetLastError.KERNEL32 ref: 00007FF7C6BBC4FB
Part of subcall function 00007FF7C6BBC4EC: FlsGetValue.KERNEL32 ref: 00007FF7C6BBC510
Part of subcall function 00007FF7C6BBC4EC: SetLastError.KERNEL32 ref: 00007FF7C6BBC59B

TranslateName.LIBCMT ref: 00007FF7C6BC5872
TranslateName.LIBCMT ref: 00007FF7C6BC58AD
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF7C6BBA508), ref: 00007FF7C6BC58F4
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF7C6BBA508), ref: 00007FF7C6BC592C
GetLocaleInfoW.KERNEL32 ref: 00007FF7C6BC5AE9

Strings

utf8, xrefs: 00007FF7C6BC5A10

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 2a17088055c9c1c9c2355bdc920a44067c63e7d7da4458fbaba91a42e976d9e2
Instruction ID: 87a4cb1a684fdad36f94e1bf75a179fc25fa9ce1be920d0157c399742d753d2c
Opcode Fuzzy Hash: 2a17088055c9c1c9c2355bdc920a44067c63e7d7da4458fbaba91a42e976d9e2
Instruction Fuzzy Hash: 67917332A0874295EB26BF11DD816BAA794EB84BA0FA44131DA4D47796DF3CE661C320

Function 00007FF7C6BC6250 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF7C6BBC4EC: GetLastError.KERNEL32 ref: 00007FF7C6BBC4FB
Part of subcall function 00007FF7C6BBC4EC: FlsGetValue.KERNEL32 ref: 00007FF7C6BBC510
Part of subcall function 00007FF7C6BBC4EC: SetLastError.KERNEL32 ref: 00007FF7C6BBC59B

Part of subcall function 00007FF7C6BBC4EC: FlsSetValue.KERNEL32 ref: 00007FF7C6BBC531

GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF7C6BC63C0

Part of subcall function 00007FF7C6BBC4EC: FlsSetValue.KERNEL32 ref: 00007FF7C6BBC55E
Part of subcall function 00007FF7C6BBC4EC: FlsSetValue.KERNEL32 ref: 00007FF7C6BBC56F
Part of subcall function 00007FF7C6BBC4EC: FlsSetValue.KERNEL32 ref: 00007FF7C6BBC580

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF7C6BBA501), ref: 00007FF7C6BC63A7
ProcessCodePage.LIBCMT ref: 00007FF7C6BC63EA
IsValidCodePage.KERNEL32 ref: 00007FF7C6BC63FC
IsValidLocale.KERNEL32 ref: 00007FF7C6BC6412
GetLocaleInfoW.KERNEL32 ref: 00007FF7C6BC646E
GetLocaleInfoW.KERNEL32 ref: 00007FF7C6BC648A

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 2a0b70611619fbe5e4cb92711768d18b31f9a17638e2f1b651d57f2b08e46b06
Instruction ID: 0ed457bcf740a200ea64b44fdb3b3eb27486a4a230befa79503803fb76c86167
Opcode Fuzzy Hash: 2a0b70611619fbe5e4cb92711768d18b31f9a17638e2f1b651d57f2b08e46b06
Instruction Fuzzy Hash: DC718322B04613A5FB22AF64DC90ABEB7A4BF84764FA44035CE0D47695EF3CE645C360

Function 00007FF7C6BB07B4 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7C6BB07D0
RtlCaptureContext.KERNEL32 ref: 00007FF7C6BB07FD
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7C6BB0817
RtlVirtualUnwind.KERNEL32 ref: 00007FF7C6BB0858
IsDebuggerPresent.KERNEL32 ref: 00007FF7C6BB08AC
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7C6BB08C9
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7C6BB08D4

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 808b0641316214cb5e09ba379ea4ac13f852f3c4882ef47f01b1c8580cfb5d14
Instruction ID: 0e796150df8374b05d5ade3c7dc152e8ebc940fd16cd3de8848961a0d0c3929d
Opcode Fuzzy Hash: 808b0641316214cb5e09ba379ea4ac13f852f3c4882ef47f01b1c8580cfb5d14
Instruction Fuzzy Hash: 40311072709B8195EB61AF60EC803EEB364FB84754F94403ADA4E47B94DF38D648C714

Function 00007FF7C6BADEF0 Relevance: 9.3, APIs: 6, Instructions: 277COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C6BAE2AB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C6BAE2B7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C6BAE2BD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C6BAE2C3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C6BAE2C9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C6BAE2CF

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 8a902b7be431d02df3ba500bd66ce96bf1eeeab9e6532306908a5ac2762c6ab3
Instruction ID: 125436d61830962d49fdb766ae0e984d0a0aba54c3c6d3381bdd848f9d1a385d
Opcode Fuzzy Hash: 8a902b7be431d02df3ba500bd66ce96bf1eeeab9e6532306908a5ac2762c6ab3
Instruction Fuzzy Hash: 07B19362F04B4689EB02EFB5C8802EE7376AB45BA8F605631DE5D177DADE38D142C350

Function 00007FF7C6BB71E4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF7C6BB725D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7C6BB7275
RtlVirtualUnwind.KERNEL32 ref: 00007FF7C6BB72B0
IsDebuggerPresent.KERNEL32 ref: 00007FF7C6BB72E9
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7C6BB72F3
UnhandledExceptionFilter.KERNEL32 ref: 00007FF7C6BB72FE

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: f9dc588e434046a8e6ad214f4f0423ac09d416a39b87351110955c191f75c733
Instruction ID: 8a06056586d55bfbf70db1633e4a3a2fffb1a8c9fd31bac8cbdcde28167ae26e
Opcode Fuzzy Hash: f9dc588e434046a8e6ad214f4f0423ac09d416a39b87351110955c191f75c733
Instruction Fuzzy Hash: 8F316136618B8196D761DF25EC802AEB3A4FB84764FA40135EE9D43B55DF38D145CB10

Function 00007FF7C6BC2294 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BC22E0
FindFirstFileExW.KERNEL32 ref: 00007FF7C6BC23EA

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: d8a9710a4b4f931bd6ce2afdc65b7a4ee70d8132e401df3b10f6fe435f2bd8f4
Instruction ID: 9c338175c42af6cce4ce25f094ea3f785b49dec671f86e3553e91ea71de67ef1
Opcode Fuzzy Hash: d8a9710a4b4f931bd6ce2afdc65b7a4ee70d8132e401df3b10f6fe435f2bd8f4
Instruction Fuzzy Hash: 21B1A522B1CA9251EA66FF21AC901BFA360EB84BF4FA45131DE5D07B85DE7CE541C320

Function 00007FF7C6BB0A00 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF7C6BB0A2C
GetCurrentThreadId.KERNEL32 ref: 00007FF7C6BB0A3A
GetCurrentProcessId.KERNEL32 ref: 00007FF7C6BB0A46
QueryPerformanceCounter.KERNEL32 ref: 00007FF7C6BB0A56

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: b8bf11e0edaa7af157fb36c591e00a94452557a9715cf19873dd124ae2f7a1b8
Instruction ID: 5d33b11682ea8537957075eeb113307e98bac251d574b29ab94bb252ca7c635e
Opcode Fuzzy Hash: b8bf11e0edaa7af157fb36c591e00a94452557a9715cf19873dd124ae2f7a1b8
Instruction Fuzzy Hash: 2C117026B14F0689EB00DF60EC852B973B4FB18768F840E31DA6D877A4DF38E1548350

Function 00007FF7C6BC5CCC Relevance: 4.7, APIs: 3, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7C6BBC4EC: GetLastError.KERNEL32 ref: 00007FF7C6BBC4FB
Part of subcall function 00007FF7C6BBC4EC: FlsGetValue.KERNEL32 ref: 00007FF7C6BBC510
Part of subcall function 00007FF7C6BBC4EC: SetLastError.KERNEL32 ref: 00007FF7C6BBC59B

Part of subcall function 00007FF7C6BBC4EC: FlsSetValue.KERNEL32 ref: 00007FF7C6BBC531

GetLocaleInfoW.KERNEL32 ref: 00007FF7C6BC5D38

Part of subcall function 00007FF7C6BC2050: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BC206D

GetLocaleInfoW.KERNEL32 ref: 00007FF7C6BC5D81

Part of subcall function 00007FF7C6BC2050: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BC20C6

GetLocaleInfoW.KERNEL32 ref: 00007FF7C6BC5E49

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
String ID:
API String ID: 1791019856-0
Opcode ID: 92d6418423355d8314ef6e3732ed53f47abfbc63526a58c66444b589371c7a5e
Instruction ID: 683bbf3130b63f6f1dc2f12aa2676c54d78dfc7433f4be837d3030d697201e58
Opcode Fuzzy Hash: 92d6418423355d8314ef6e3732ed53f47abfbc63526a58c66444b589371c7a5e
Instruction Fuzzy Hash: EB618073A1864396E735AF11DA802BAB7A1FB44760FA08135C75D83691DF3CE661C720

Function 00007FF7C6BBE354 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF7C6BBA6DA), ref: 00007FF7C6BBE3C8

Strings

GetLocaleInfoEx, xrefs: 00007FF7C6BBE370, 00007FF7C6BBE381

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: f15e76d6e855b28a7bafbdc5ca666a80898fff7fb5e5d42698dac467ec48329f
Instruction ID: 15af9b3e19ac5db90d44cd9b10450c50946123c1480a84812b4844d1f6d597b7
Opcode Fuzzy Hash: f15e76d6e855b28a7bafbdc5ca666a80898fff7fb5e5d42698dac467ec48329f
Instruction Fuzzy Hash: 0901AC20B0868195E701AF57BC804ABE764FF88BE0FE48035EE4D47765CE3CD5428354

Function 00007FF7C6BC15A0 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF7C6BC17EF
RaiseException.KERNEL32 ref: 00007FF7C6BC1800

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: c708c24bb35013bb7bdb1e2621b49e645dd4763db2aed20d5418e663672de887
Instruction ID: 44a9a1f0b6556e58db40399542cac9acbc9c218e08f778d3c491bb78c233853a
Opcode Fuzzy Hash: c708c24bb35013bb7bdb1e2621b49e645dd4763db2aed20d5418e663672de887
Instruction Fuzzy Hash: 78B19F73604B848BE716DF2AC88636D7BE0F744B58F688822DB5D937A4CB39D451C710

Function 00007FF7C6BABD28 Relevance: 2.0, APIs: 1, Instructions: 540COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C6BAC4D8

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 238ee77b4b42b418bce7edc90a1a7eabbcaf1b3457ba01408fd08da84169fb79
Instruction ID: 8032957bc9733fc3bc11994394880749d861a39b7f84eb122d8b727cbce73e2e
Opcode Fuzzy Hash: 238ee77b4b42b418bce7edc90a1a7eabbcaf1b3457ba01408fd08da84169fb79
Instruction Fuzzy Hash: 0D22C672B0864286FA6BAE25C9907BEB7A1FB45BA0FA44131DB5D47796CF38F450C310

Function 00007FF7C6BB75DC Relevance: 1.9, APIs: 1, Instructions: 373COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF7C6BB7724

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: eb912bc076c4651410f1f807135b2de7a5736efec1f6849bd158a2a389d2cc83
Instruction ID: 105bf0393f6d2a6c877128bc18ae5b446a7585960a40a1dba379c9429de3122a
Opcode Fuzzy Hash: eb912bc076c4651410f1f807135b2de7a5736efec1f6849bd158a2a389d2cc83
Instruction Fuzzy Hash: 7512C322A08BC586E752DF3898952FEB3A4FB99758F559235EF8C43252DF38E181C710

Function 00007FF7C6BC3D68 Relevance: 1.8, APIs: 1, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e954d66a7babcac885fdb59602c755f6187e6d08d64ffabe0be64fba41a2f2f
Instruction ID: 67a094d14c7e32f2c2a2fd0852bf61561dd18b36c2a818ae48a1499f3308a994
Opcode Fuzzy Hash: 1e954d66a7babcac885fdb59602c755f6187e6d08d64ffabe0be64fba41a2f2f
Instruction Fuzzy Hash: A7E17E22A04B8186E721EF61E8912EEB7A4FB95798F904631DF8D53B56EF3CD245C310

Function 00007FF7C6BC5F14 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7C6BBC4EC: GetLastError.KERNEL32 ref: 00007FF7C6BBC4FB
Part of subcall function 00007FF7C6BBC4EC: FlsGetValue.KERNEL32 ref: 00007FF7C6BBC510
Part of subcall function 00007FF7C6BBC4EC: SetLastError.KERNEL32 ref: 00007FF7C6BBC59B

Part of subcall function 00007FF7C6BBC4EC: FlsSetValue.KERNEL32 ref: 00007FF7C6BBC531

GetLocaleInfoW.KERNEL32 ref: 00007FF7C6BC5F7C

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: 4588f150d22ce24f224f6be4c08b9b4783216d4540ea3b4a57068b8ff2d23c7f
Instruction ID: c2a4f8e32aff082afe14c967eddc9556675541e1b67bf687ee6b6912edf44358
Opcode Fuzzy Hash: 4588f150d22ce24f224f6be4c08b9b4783216d4540ea3b4a57068b8ff2d23c7f
Instruction Fuzzy Hash: 7231D632B0868296EB29AF21D9817BFB7A1FB48754F908035DA4DC7685DF3CE650C710

Function 00007FF7C6BC5B64 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF7C6BBC4EC: GetLastError.KERNEL32 ref: 00007FF7C6BBC4FB
Part of subcall function 00007FF7C6BBC4EC: FlsGetValue.KERNEL32 ref: 00007FF7C6BBC510
Part of subcall function 00007FF7C6BBC4EC: SetLastError.KERNEL32 ref: 00007FF7C6BBC59B

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7C6BC6353,?,00000000,00000092,?,?,00000000,?,00007FF7C6BBA501), ref: 00007FF7C6BC5C02

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: c887938fb4a37e1bc8cd3e13e4edcd669c0b7bc5127d781b011fd1bfa64565a2
Instruction ID: 521319fed2f6b06bf2d55ded9eac5bdda66d42c39337661010394ab53b2470be
Opcode Fuzzy Hash: c887938fb4a37e1bc8cd3e13e4edcd669c0b7bc5127d781b011fd1bfa64565a2
Instruction Fuzzy Hash: 4C112B63A0864599EB15AF15D9802BEBFA0FB40BB0F944131C65D433C0CF78D6E1C750

Function 00007FF7C6BC611C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7C6BBC4EC: GetLastError.KERNEL32 ref: 00007FF7C6BBC4FB
Part of subcall function 00007FF7C6BBC4EC: FlsGetValue.KERNEL32 ref: 00007FF7C6BBC510
Part of subcall function 00007FF7C6BBC4EC: SetLastError.KERNEL32 ref: 00007FF7C6BBC59B

GetLocaleInfoW.KERNEL32(?,?,?,00007FF7C6BC5EC6), ref: 00007FF7C6BC6153

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: 2201f97147862c275546d1a65b0f63e2fc243d5b3d43f8eef933fad15bf94eab
Instruction ID: 1a74202e8be620d0e5400194d26be472f0f59f3b0eaa41aa10147c1e7f75a2e2
Opcode Fuzzy Hash: 2201f97147862c275546d1a65b0f63e2fc243d5b3d43f8eef933fad15bf94eab
Instruction Fuzzy Hash: 9B115B31B1812353E735AE19A880E7FA261EB80B71FA45231D66D476C6FF29E6408310

Function 00007FF7C6BC5C34 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF7C6BBC4EC: GetLastError.KERNEL32 ref: 00007FF7C6BBC4FB
Part of subcall function 00007FF7C6BBC4EC: FlsGetValue.KERNEL32 ref: 00007FF7C6BBC510
Part of subcall function 00007FF7C6BBC4EC: SetLastError.KERNEL32 ref: 00007FF7C6BBC59B

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF7C6BC630F,?,00000000,00000092,?,?,00000000,?,00007FF7C6BBA501), ref: 00007FF7C6BC5CB2

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: fb9e70061f9454bdf4dfd69dda33c59ded4b3e02d44b7d369b15ad2070437982
Instruction ID: d9f84637827c9a9a3500b613d543a6dae143f29004a41e6516e0acfc6084e489
Opcode Fuzzy Hash: fb9e70061f9454bdf4dfd69dda33c59ded4b3e02d44b7d369b15ad2070437982
Instruction Fuzzy Hash: E301F573F0824156E7166F15EA807BBBA91EB407B0FA58231D67D472C4CF6896908710

Function 00007FF7C6BBDFC0 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF7C6BBE323,?,?,?,?,?,?,?,?,00000000,00007FF7C6BC51B4), ref: 00007FF7C6BBE00F

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 8d9dd42306da5125309a9bc46ecfd08a448bbfacd4485c87034d631c15510ceb
Instruction ID: da72cd80b7be12d7bd5b5845850698d663dc75c1b67f9723343fac5649216021
Opcode Fuzzy Hash: 8d9dd42306da5125309a9bc46ecfd08a448bbfacd4485c87034d631c15510ceb
Instruction Fuzzy Hash: C3F06D72708B4182E605EF15ECD01AAA365EB88790FA49035EA0D873A9CE3CE4528314

Function 00007FF7C6BBFF7C Relevance: 1.4, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7C6BC0021

Part of subcall function 00007FF7C6BBDF10: HeapAlloc.KERNEL32(?,?,00000000,00007FF7C6BBC6C6,?,?,8000000000000000,00007FF7C6BB8411,?,?,?,?,00007FF7C6BBD8DC), ref: 00007FF7C6BBDF65

Part of subcall function 00007FF7C6BBD8A8: HeapFree.KERNEL32 ref: 00007FF7C6BBD8BE
Part of subcall function 00007FF7C6BBD8A8: GetLastError.KERNEL32 ref: 00007FF7C6BBD8C8

Part of subcall function 00007FF7C6BC68E0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BC6913

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
String ID:
API String ID: 916656526-0
Opcode ID: eeca50d074c0a531bd5a1a244eef28eacd6f7651627bfea427eade9577dc6069
Instruction ID: 35f4505c365d3ad688dbbfb0381716debe92587171a9c0e53988b07db81f82d2
Opcode Fuzzy Hash: eeca50d074c0a531bd5a1a244eef28eacd6f7651627bfea427eade9577dc6069
Instruction Fuzzy Hash: 1A41E521B0964311FA627F266C9277BE2D0BF857E4FE44135EE8D47786DE3DE5018620

Function 00007FF7C6BC34A4 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF7C6BC34A8

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 029dfcd14a4f579f43b3cbeaac2bc55aea181f50d690abcdde2cc191421cc009
Instruction ID: bf98be8943988706b4cb79767cc6d7e49c313fdfc1a42c753579b0f65b5da1de
Opcode Fuzzy Hash: 029dfcd14a4f579f43b3cbeaac2bc55aea181f50d690abcdde2cc191421cc009
Instruction Fuzzy Hash: FDB09224F07A06C2EA0A3F116CC221967A4BF48721FEC0138C10C48320DF2C21B65720

Function 00007FF7C6BA9460 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cae3adf7fbac91320012ab16532260f0aa30efb7dd90cca7ff8292f0ba493c03
Instruction ID: e47d99fa0bbcf60e56cff7441edfa6d274507c73b6681a8e3ccaa1e02a16ee0a
Opcode Fuzzy Hash: cae3adf7fbac91320012ab16532260f0aa30efb7dd90cca7ff8292f0ba493c03
Instruction Fuzzy Hash: 94E1A121E2814247EA77BE2598D12BFE391AF45770FB04235D76E47AD3CE2CF442A621

Function 00007FF7C6BADA78 Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08c9dd133e6468ba80f0366311fa496fb00e70f8319ea936cf9032a9658e574b
Instruction ID: f07c9be28e96eb9f47bd4acfb4cfd33cafa55159d90a8524be8dd047daef77a0
Opcode Fuzzy Hash: 08c9dd133e6468ba80f0366311fa496fb00e70f8319ea936cf9032a9658e574b
Instruction Fuzzy Hash: E5B13373B2858587DB17DF29D99417AB7E1B754BE8B558231EE5E43B80DA3CE808C700

Function 00007FF7C6BBA350 Relevance: .3, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: aeb893f807a164511336be8fb668a02362ef3396e49cfcee77405b01a9b323c0
Instruction ID: 096c02b3cb71abc4bad6a5afa8852545269331a1b76b069f64896a086408dc0b
Opcode Fuzzy Hash: aeb893f807a164511336be8fb668a02362ef3396e49cfcee77405b01a9b323c0
Instruction Fuzzy Hash: EAC1E665E0868245EB61AF669C903BFA7A0FBD47A8FE04032DE4E47794EE3CD505C314

Function 00007FF7C6BC5278 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$Value_invalid_parameter_noinfo
String ID:
API String ID: 1500699246-0
Opcode ID: eab00eb692c8d8a89824e34906ddcee93f3974e9b307a53620d81c849ffb5913
Instruction ID: 9902b3b89733caaf2976f4a0b6061c59e087fbfd584618f48109dd2bafc7f8d9
Opcode Fuzzy Hash: eab00eb692c8d8a89824e34906ddcee93f3974e9b307a53620d81c849ffb5913
Instruction Fuzzy Hash: 53B10C33A0864692E765AF21DD916BB7791FB80B64FA04131DB4D836C9DF3CE661C360

Function 00007FF7C6BAAD00 Relevance: .3, Instructions: 256COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c460685fd67758052ea2b7dce6c978d9c479210279eca324e6e8b4d07f8538b
Instruction ID: a8fa44c5971484eabc96260c9a0531a2bf07eb60cbad8d03d8fd9da2ed0d94cb
Opcode Fuzzy Hash: 1c460685fd67758052ea2b7dce6c978d9c479210279eca324e6e8b4d07f8538b
Instruction Fuzzy Hash: 6E91D563B18A8542EB16DF19D8911BAE350FB547E4FA48235DF9E47B92EE3CE150C320

Function 00007FF7C6BB7D6C Relevance: .2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: a8b64890f8a5c68d8385ce03da0778d4774394f66062af822aaa3bba0e4bfb5c
Instruction ID: 9ee177c9732ca890af528f29dfdd717d5d3dae0570397e90265504581883813d
Opcode Fuzzy Hash: a8b64890f8a5c68d8385ce03da0778d4774394f66062af822aaa3bba0e4bfb5c
Instruction Fuzzy Hash: C781E332A04A4186EB25EF25D8C137E63A0FB84BA8FA45636EE1D87794DF38D441C318

Function 00007FF7C6BC6F1C Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f5c9fa3cca629cf5d8793f39275e1d762ffb1edc1acd4677815cd10845c10586
Instruction ID: d9eff51f00d9bb4b622a9feb7da99d7677111560051a829aedabb0f130e73ce7
Opcode Fuzzy Hash: f5c9fa3cca629cf5d8793f39275e1d762ffb1edc1acd4677815cd10845c10586
Instruction Fuzzy Hash: D461F922E0825256F766AD388CD067FE690EF41770FB40235DA2D867D5EF7DEA008720

Function 00007FF7C6BB949C Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: c69eabad792825c5f6511685fc167655e0992adfed19b0812a01b8ee0a2a676b
Instruction ID: ebcd66ab4a5db786f121f9f3bd381926538a1bfc8e10b2c872ba98ae4e0433d1
Opcode Fuzzy Hash: c69eabad792825c5f6511685fc167655e0992adfed19b0812a01b8ee0a2a676b
Instruction Fuzzy Hash: C741D462714A5582EF08EF2ADD5416AB3A1BB88FE4B999037DE0D87B58DF3CD4428304

Function 00007FF7C6BC9040 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d33683f98f197dc21d68b29f391e5934b2ff1920e6effd4f5691da30b931023
Instruction ID: 4fdda48174ec0c65362700a726aa82abc8e43a4c5176b218cbddfc204f9d7c40
Opcode Fuzzy Hash: 8d33683f98f197dc21d68b29f391e5934b2ff1920e6effd4f5691da30b931023
Instruction Fuzzy Hash: 50F068717192558AEBA5DF2CA84266A7BD0F748390F948039F68D87B08DA3C90628F14

Function 00007FF7C6BB0994 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fe86df744f2ff4f81e95c621db372488a3b0e6b943bb028424438111a8b8076
Instruction ID: 15d9f33dfe9c012100ed1024ce0a432467a0d6fe86cb5ee17b583fef6e925363
Opcode Fuzzy Hash: 9fe86df744f2ff4f81e95c621db372488a3b0e6b943bb028424438111a8b8076
Instruction Fuzzy Hash: 01A00221A0DC46E4F606AF04EED0136A336FFD0321BE10031C49D45061EF3CA600D32E

Function 00007FF7C6BB2940 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF7C6BB299D

Part of subcall function 00007FF7C6BB4D00: __GetUnwindTryBlock.LIBCMT ref: 00007FF7C6BB4D43
Part of subcall function 00007FF7C6BB4D00: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF7C6BB4D68

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF7C6BB2A75
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF7C6BB2CC3
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7C6BB2DD0

Strings

csm, xrefs: 00007FF7C6BB2A1E
csm, xrefs: 00007FF7C6BB29B7
csm, xrefs: 00007FF7C6BB2A98

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: d27a991ab0389ce6a1b21555a8b89e6d26dc1bc5bf5d7869a115a3ad2456b0fa
Instruction ID: 54cf092391439db030edc1e28d05a9eae84bf0b7d94560c1fb2bd7f06ab70285
Opcode Fuzzy Hash: d27a991ab0389ce6a1b21555a8b89e6d26dc1bc5bf5d7869a115a3ad2456b0fa
Instruction Fuzzy Hash: 1BD1A532A08B4186EB21EF65D8813BEB7A0FB857A8F600235EE4D57B55DF38E441C754

Function 00007FF7C6BB526C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB5473,?,?,00000000,00007FF7C6BB1F7A,?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB1BB1), ref: 00007FF7C6BB52F1
GetLastError.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB5473,?,?,00000000,00007FF7C6BB1F7A,?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB1BB1), ref: 00007FF7C6BB52FF
LoadLibraryExW.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB5473,?,?,00000000,00007FF7C6BB1F7A,?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB1BB1), ref: 00007FF7C6BB5329
FreeLibrary.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB5473,?,?,00000000,00007FF7C6BB1F7A,?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB1BB1), ref: 00007FF7C6BB5397
GetProcAddress.KERNEL32(?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB5473,?,?,00000000,00007FF7C6BB1F7A,?,?,7FFFFFFFFFFFFFFF,00007FF7C6BB1BB1), ref: 00007FF7C6BB53A3

Strings

api-ms-, xrefs: 00007FF7C6BB5311
btc, xrefs: 00007FF7C6BB5280

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-$btc
API String ID: 2559590344-994717500
Opcode ID: 7752c46d701261b92908a059a399f55efe9df7d0bad221ac0cb651ebb6a12407
Instruction ID: 7f30a0d84c9bcae27ef446c94b1f9f8a737a1ac07844f9ab52b12cfbff04fe88
Opcode Fuzzy Hash: 7752c46d701261b92908a059a399f55efe9df7d0bad221ac0cb651ebb6a12407
Instruction Fuzzy Hash: 7F31A332B1A78191EE27AF16AD8057AA398BF84B70FA90535DD1E07390EE7CE4448725

Function 00007FF7C6BBB600 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BBB643
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BBBA30
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BBBCCC

Strings

p, xrefs: 00007FF7C6BBB76D
p, xrefs: 00007FF7C6BBB6F5
f, xrefs: 00007FF7C6BBB765

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: 62848ba5f44f271a4da2666373930817cbbe369541c32e4d2495745b2fc7bc00
Instruction ID: 3d269acd085592efc4244ee1fb4bc75b4bbcf7ab9623527b44e57c5a6e80bada
Opcode Fuzzy Hash: 62848ba5f44f271a4da2666373930817cbbe369541c32e4d2495745b2fc7bc00
Instruction Fuzzy Hash: 8B127261E0854386FB26BE14D8D4A7BF691FBD0B60FE44135DA9D466C4DF3CE9808B28

Function 00007FF7C6BBF69C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BBFAC9

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e15b5cf98dc30e3f65ce3e3bb69fb3c5160b80e48adda0960393153b55cb3a6f
Instruction ID: 919b8650b165475aa06b03f2ce402b57ce8d6b66d089eda38968aaba103a8840
Opcode Fuzzy Hash: e15b5cf98dc30e3f65ce3e3bb69fb3c5160b80e48adda0960393153b55cb3a6f
Instruction Fuzzy Hash: 42C1D52290C78691E6667F159CC02BFBB68EBC1BA0FE54131EE4D07392DE7CE8458724

Function 00007FF7C6BBC4EC Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7C6BBC4FB
FlsGetValue.KERNEL32 ref: 00007FF7C6BBC510
FlsSetValue.KERNEL32 ref: 00007FF7C6BBC531
FlsSetValue.KERNEL32 ref: 00007FF7C6BBC55E
FlsSetValue.KERNEL32 ref: 00007FF7C6BBC56F
FlsSetValue.KERNEL32 ref: 00007FF7C6BBC580
SetLastError.KERNEL32 ref: 00007FF7C6BBC59B

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 2551cdd154a5609d4ca11e3405d1723823922fbe6af19826a7bd5426ca246490
Instruction ID: 1bd721057e6c7c5a90bb751e14096b01ea1aad50f60543e00aff00d38b649995
Opcode Fuzzy Hash: 2551cdd154a5609d4ca11e3405d1723823922fbe6af19826a7bd5426ca246490
Instruction Fuzzy Hash: B321FA20B0864241F56BBF616DD617B92955F847B0FA84634EE3E066D6DE2CF4024668

Function 00007FF7C6BC8408 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF7C6BC8439
GetLastError.KERNEL32 ref: 00007FF7C6BC8445
CloseHandle.KERNEL32 ref: 00007FF7C6BC845D
CreateFileW.KERNEL32 ref: 00007FF7C6BC8488
WriteConsoleW.KERNEL32 ref: 00007FF7C6BC84A7

Strings

CONOUT$, xrefs: 00007FF7C6BC8469

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 6fdf5d222f80571ce6e4eabdb7f13ae867475ea6ef0378db38161a61cb0ba77b
Instruction ID: a0baec703d2dc649399e150296a2af9545794693db9df9f82bdc70c9d3f01289
Opcode Fuzzy Hash: 6fdf5d222f80571ce6e4eabdb7f13ae867475ea6ef0378db38161a61cb0ba77b
Instruction Fuzzy Hash: 81119321B18B5186E351AF06EC9432AA6A4FB88FF4FA40234EB1D8B7A4CF3CD5448750

Function 00007FF7C6BAF730 Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF7C6BAF7DD
MultiByteToWideChar.KERNEL32 ref: 00007FF7C6BAF879
MultiByteToWideChar.KERNEL32 ref: 00007FF7C6BAF922
MultiByteToWideChar.KERNEL32 ref: 00007FF7C6BAF94C
MultiByteToWideChar.KERNEL32 ref: 00007FF7C6BAF9F4
CompareStringEx.KERNEL32 ref: 00007FF7C6BAFA41

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 44659eeeb4a105ce3f31a6b8163e69338e01b869477deb4ba4134cbc3fa3635c
Instruction ID: 53cbaa8629b74cbf40047fe816a102b48049e85815da0b13d8bb9424515c0246
Opcode Fuzzy Hash: 44659eeeb4a105ce3f31a6b8163e69338e01b869477deb4ba4134cbc3fa3635c
Instruction Fuzzy Hash: 1FA18422A0868286EB23AF11D8903FBA6AAAF417B4FA44631D95D476C6DF3CD5448330

Function 00007FF7C6BAF3C8 Relevance: 9.2, APIs: 6, Instructions: 206COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF7C6BAF438
MultiByteToWideChar.KERNEL32 ref: 00007FF7C6BAF4D6
LCMapStringEx.KERNEL32 ref: 00007FF7C6BAF53F
LCMapStringEx.KERNEL32 ref: 00007FF7C6BAF591
LCMapStringEx.KERNEL32 ref: 00007FF7C6BAF636
WideCharToMultiByte.KERNEL32 ref: 00007FF7C6BAF690

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 651ad62222eed2a762eac88c53dfcd039c255ea8ebba40e0f5c98765f1e48ed2
Instruction ID: 3e1c703bfc1c23a672abc75739159cec88e8cce3e573da41cb752792be9b2ef0
Opcode Fuzzy Hash: 651ad62222eed2a762eac88c53dfcd039c255ea8ebba40e0f5c98765f1e48ed2
Instruction Fuzzy Hash: 56819572A0874186EB169F25E9803BAB3A9FB447F8FA44235DA5D47BD5DF3CD4048720

Function 00007FF7C6BB2E10 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMONLIBRARYCODE

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF7C6BB2FAE
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF7C6BB32D7

Strings

csm, xrefs: 00007FF7C6BB2EF5
csm, xrefs: 00007FF7C6BB2F57
csm, xrefs: 00007FF7C6BB2FD5

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 9a37e15862fbcc270d420a3857259dbb884f865d5a94a355de2b5c4d6b98c3e1
Instruction ID: 2a7137c0146892375ec6fc59dbb69771d9016760997e08c0b89d764fb8e48827
Opcode Fuzzy Hash: 9a37e15862fbcc270d420a3857259dbb884f865d5a94a355de2b5c4d6b98c3e1
Instruction Fuzzy Hash: A6E1A4729086818AE712EF24D8C02BEB7A0FF85768F644235DF4D57656CF38E481C764

Function 00007FF7C6BBC664 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,8000000000000000,00007FF7C6BB8411,?,?,?,?,00007FF7C6BBD8DC), ref: 00007FF7C6BBC673
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF7C6BB8411,?,?,?,?,00007FF7C6BBD8DC), ref: 00007FF7C6BBC6A9
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF7C6BB8411,?,?,?,?,00007FF7C6BBD8DC), ref: 00007FF7C6BBC6D6
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF7C6BB8411,?,?,?,?,00007FF7C6BBD8DC), ref: 00007FF7C6BBC6E7
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF7C6BB8411,?,?,?,?,00007FF7C6BBD8DC), ref: 00007FF7C6BBC6F8
SetLastError.KERNEL32(?,?,8000000000000000,00007FF7C6BB8411,?,?,?,?,00007FF7C6BBD8DC), ref: 00007FF7C6BBC713

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 1966e868160955348dfaf9e96579d318b020fc441c334623bbc965988e85fce8
Instruction ID: 4e5f025c34adebff430667ba0e47ea5d777575e472831b4d4d5c9b3918a3de68
Opcode Fuzzy Hash: 1966e868160955348dfaf9e96579d318b020fc441c334623bbc965988e85fce8
Instruction Fuzzy Hash: 21114C20A0824242F567BF215DD113B91955F847F0FB81634ED3E0B6D6DF2CB4424274

Function 00007FF7C6BB8D58 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF7C6BB8D7D
GetProcAddress.KERNEL32 ref: 00007FF7C6BB8D93
FreeLibrary.KERNEL32 ref: 00007FF7C6BB8DBA

Strings

mscoree.dll, xrefs: 00007FF7C6BB8D74
CorExitProcess, xrefs: 00007FF7C6BB8D8C

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: a73d66c831001cd2bd554d640b161791c14e3f3ccc047ace81b544153c50086f
Instruction ID: 6385bd23f569c72e892c3d0336e6e01209ab69be2fa648841747be14ae555387
Opcode Fuzzy Hash: a73d66c831001cd2bd554d640b161791c14e3f3ccc047ace81b544153c50086f
Instruction Fuzzy Hash: C4F04F61B18A0691EA15AF24AC8437FA360EF84771FE4063ADA6D462F4CF2CD545C720

Function 00007FF7C6BB2210 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FF7C6BB2333
__AdjustPointer.LIBCMT ref: 00007FF7C6BB237E

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 930144ff9b6462ddd6b08f97fed0d33d3da2547ceac4f915cc8ca7b0d9c71ac9
Instruction ID: 49325bfb511bf75399b5516741b271082ebd0fdfa98c9ee07e4dbe13c1034e48
Opcode Fuzzy Hash: 930144ff9b6462ddd6b08f97fed0d33d3da2547ceac4f915cc8ca7b0d9c71ac9
Instruction Fuzzy Hash: 1DB1B421A0DE8685EA67BF1598C057FE290EF84BE0FA98435DF4D07795DE3CE4428328

Function 00007FF7C6BA7014 Relevance: 7.6, APIs: 5, Instructions: 117COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7C6BA703F

Part of subcall function 00007FF7C6BA1F6C: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7C6BA1F91
Part of subcall function 00007FF7C6BA1F6C: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7C6BA1FB5

std::_Facet_Register.LIBCPMT ref: 00007FF7C6BA70CB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7C6BA70E5
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7C6BA710D

Part of subcall function 00007FF7C6BA72C4: _Getcoll.LIBCPMT ref: 00007FF7C6BA7346
Part of subcall function 00007FF7C6BA72C4: std::_Locinfo::~_Locinfo.LIBCPMT ref: 00007FF7C6BA735B

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7C6BA716C

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_GetcollLocinfoLocinfo::~_Register_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1991753141-0
Opcode ID: 8053cd6f63d67df124821716cdc35e9e19d1cfa386d9708e2718e4fcf9a69aea
Instruction ID: 631ab7b0a2762bc2505da97496aa7f658a2997024a7cfa47f7e9b4a902c0ff68
Opcode Fuzzy Hash: 8053cd6f63d67df124821716cdc35e9e19d1cfa386d9708e2718e4fcf9a69aea
Instruction Fuzzy Hash: 2941C866A18A4141EA27AF25D8943BBA361FB48BF4FA84631EE5D077D7DE3CD4818310

Function 00007FF7C6BC8E58 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF7C6BC8E80
_set_statfp.LIBCMT ref: 00007FF7C6BC8E9B
_set_statfp.LIBCMT ref: 00007FF7C6BC8EB7
_set_statfp.LIBCMT ref: 00007FF7C6BC8EF3

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: c02262ee2f2cd66e1d364d80464a93679a21a5a4cb8fd55b2b430f47eb87c8f0
Instruction ID: e836b95914c3277edbed105c0872ea6062507bf504b10d2fe66d88b66b66181f
Opcode Fuzzy Hash: c02262ee2f2cd66e1d364d80464a93679a21a5a4cb8fd55b2b430f47eb87c8f0
Instruction Fuzzy Hash: E5119832E6CA0371F7563E18DCD537798406F54370EF90634EA6E166D78E5C56424130

Function 00007FF7C6BBC72C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF7C6BB7173,?,?,00000000,00007FF7C6BB740E,?,?,?,?,8000000000000000,00007FF7C6BB739A), ref: 00007FF7C6BBC74B
FlsSetValue.KERNEL32(?,?,?,00007FF7C6BB7173,?,?,00000000,00007FF7C6BB740E,?,?,?,?,8000000000000000,00007FF7C6BB739A), ref: 00007FF7C6BBC76A
FlsSetValue.KERNEL32(?,?,?,00007FF7C6BB7173,?,?,00000000,00007FF7C6BB740E,?,?,?,?,8000000000000000,00007FF7C6BB739A), ref: 00007FF7C6BBC792
FlsSetValue.KERNEL32(?,?,?,00007FF7C6BB7173,?,?,00000000,00007FF7C6BB740E,?,?,?,?,8000000000000000,00007FF7C6BB739A), ref: 00007FF7C6BBC7A3
FlsSetValue.KERNEL32(?,?,?,00007FF7C6BB7173,?,?,00000000,00007FF7C6BB740E,?,?,?,?,8000000000000000,00007FF7C6BB739A), ref: 00007FF7C6BBC7B4

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 43ffeae2f24be8874fe5f45e5d28772aac1fa256c10feaa884fce4b7426b0804
Instruction ID: 63ede425f634e3b5102673a8ceb8845c0febd2a8e888c32f4671bd408e7dc9fc
Opcode Fuzzy Hash: 43ffeae2f24be8874fe5f45e5d28772aac1fa256c10feaa884fce4b7426b0804
Instruction Fuzzy Hash: 80112C60A0924241FA6ABF226DD117BA2555FC47F0FA85734ED3D066EADF6CB4028268

Function 00007FF7C6BBC5C0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF7C6BBC5D1
FlsSetValue.KERNEL32 ref: 00007FF7C6BBC5F0
FlsSetValue.KERNEL32 ref: 00007FF7C6BBC618
FlsSetValue.KERNEL32 ref: 00007FF7C6BBC629
FlsSetValue.KERNEL32 ref: 00007FF7C6BBC63A

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: f0c04397fb2190e6262e7a22f5cb64624b9fd9b60a89e5496fb87994e89112fa
Instruction ID: 968a155e10333c045294fc2601f70c974886b8a968cf54f899bcfadd6ea9cda9
Opcode Fuzzy Hash: f0c04397fb2190e6262e7a22f5cb64624b9fd9b60a89e5496fb87994e89112fa
Instruction Fuzzy Hash: 6F11EC50A0820705F96BBF255CD257BA1555FC43B0FB86B34ED3E4A2E6DE2CB84242B9

Function 00007FF7C6BC10A8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BC1351

Part of subcall function 00007FF7C6BC6D58: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BC6D75

Strings

UTF-16LEUNICODE, xrefs: 00007FF7C6BC12F5
ccs, xrefs: 00007FF7C6BC129D
UTF-8, xrefs: 00007FF7C6BC12D4

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 291d99f5026aec6b325bd30b7ab0a94a29543aa2c69d817a2efaa0f165dc7c44
Instruction ID: 03852d07d1afe7c4ad98248b7851c24e63185ed1f2c0d2a537527e4b2798cca0
Opcode Fuzzy Hash: 291d99f5026aec6b325bd30b7ab0a94a29543aa2c69d817a2efaa0f165dc7c44
Instruction Fuzzy Hash: 4981E535D0C252B5F7776E288DE033BAA909F52778FF44035C90EBA595CA1DAA029321

Function 00007FF7C6BA7A00 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 00007FF7C6BA7C94

Strings

ios_base::badbit set, xrefs: 00007FF7C6BA7C5C
ios_base::eofbit set, xrefs: 00007FF7C6BA7C6F
ios_base::failbit set, xrefs: 00007FF7C6BA7C68

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: bbe6685c03cd52e133eb001cfd541e6abb3c283f8bea2f52295279ae2328b473
Instruction ID: 970a9b9c3216bff8edb05c5487ddbf54759ed9a13bc226b071c381c48e35d2d8
Opcode Fuzzy Hash: bbe6685c03cd52e133eb001cfd541e6abb3c283f8bea2f52295279ae2328b473
Instruction Fuzzy Hash: 3D81A03660DA8196DB62DF1AD9D017EB7A1FB84FA4BA58132CE0E43762CF39D442C350

Function 00007FF7C6BB3584 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF7C6BB35F4
_CallSETranslator.LIBVCRUNTIME ref: 00007FF7C6BB363F

Strings

MOC, xrefs: 00007FF7C6BB3608
RCC, xrefs: 00007FF7C6BB3610

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 1d96fa7181670c94bd040ebf8979f6b8c91e5a9c606a6400767baf8e487eeb8a
Instruction ID: 58cc4a14ca2592cc1aa8254966bdf65e946d5023a67082f63e39ba21dee3e4b7
Opcode Fuzzy Hash: 1d96fa7181670c94bd040ebf8979f6b8c91e5a9c606a6400767baf8e487eeb8a
Instruction Fuzzy Hash: F291CF73A08B818AE712EF65D8802AEBBA0FB84798F60413AEF4D07755DF38D195C710

Function 00007FF7C6BB1BD0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7C6BB1BFB
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF7C6BB1C92
RtlUnwindEx.KERNEL32 ref: 00007FF7C6BB1CEC

Strings

csm, xrefs: 00007FF7C6BB1C79

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 87fecb4c19d7f374f51151fe647fe6a86feb1b6c3de8f60f5671d23c5a85ad02
Instruction ID: d930177a545637ad13832701c14066945f2e6ddccccc62ca0e70e022f68c58eb
Opcode Fuzzy Hash: 87fecb4c19d7f374f51151fe647fe6a86feb1b6c3de8f60f5671d23c5a85ad02
Instruction Fuzzy Hash: D351F932B196028ADB16EF15E88467EB395EB84BA4FB08131DE4E47788DF7DE441C714

Function 00007FF7C6BB3B04 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7C6BB3B2C
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF7C6BB3C14

Strings

csm, xrefs: 00007FF7C6BB3C66
csm, xrefs: 00007FF7C6BB3B4E

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: c42f88c54810ca32b05cdcb2320a4cf90955414e565f5cc8c7af55a5267144bd
Instruction ID: 602dfd176b3555ff34f707d96df172ca962bfe928452f7373123d1820259567f
Opcode Fuzzy Hash: c42f88c54810ca32b05cdcb2320a4cf90955414e565f5cc8c7af55a5267144bd
Instruction Fuzzy Hash: 5B51B132A087828AEB75AF1598C436AB7A1EF84BA4FA44135DF5C47789CF3CE450C718

Function 00007FF7C6BB3314 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF7C6BB3373
_CallSETranslator.LIBVCRUNTIME ref: 00007FF7C6BB33BF

Strings

MOC, xrefs: 00007FF7C6BB3387
RCC, xrefs: 00007FF7C6BB338F

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: a4f8b8c4ebd98fe0db67afa99fdf79c3740f6ba1bcc14b98c0367ead3b37ad59
Instruction ID: a9bac710cfc3ddb2de05b6c73aa25889e7065b8902f72f56c4db09e5a1d41d13
Opcode Fuzzy Hash: a4f8b8c4ebd98fe0db67afa99fdf79c3740f6ba1bcc14b98c0367ead3b37ad59
Instruction Fuzzy Hash: BA617F32908BC581E762AF15E8803AAB7A0FBC5BA4F544225EF9D03B95DF7CD194CB14

Function 00007FF7C6BA8290 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 00007FF7C6BA83CA

Strings

ios_base::badbit set, xrefs: 00007FF7C6BA8392
ios_base::eofbit set, xrefs: 00007FF7C6BA83A5
ios_base::failbit set, xrefs: 00007FF7C6BA839E

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: cd4cf638fca9e482345ec9218e7c3d066dd3142fa364015271f2780b454cd82e
Instruction ID: 3339ab44b33d321075523cff27b781c12f0b701e0cddaf69bfeeb05feee407ab
Opcode Fuzzy Hash: cd4cf638fca9e482345ec9218e7c3d066dd3142fa364015271f2780b454cd82e
Instruction Fuzzy Hash: 8D31E632608A4585EB62EF15D9D03BEB3A1FB84B94FA48131EA4D47A66CF3CD446C710

Function 00007FF7C6BA649C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 84COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7C6BAEAE8: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7C6BAEB05
Part of subcall function 00007FF7C6BAEAE8: std::locale::_Setgloballocale.LIBCPMT ref: 00007FF7C6BAEB28
Part of subcall function 00007FF7C6BAEAE8: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7C6BAEBBD

Part of subcall function 00007FF7C6BA65D8: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7C6BA6603
Part of subcall function 00007FF7C6BA65D8: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7C6BA66A9

std::ios_base::failure::failure.LIBCPMT ref: 00007FF7C6BA65C0

Strings

ios_base::badbit set, xrefs: 00007FF7C6BA6589
ios_base::eofbit set, xrefs: 00007FF7C6BA659B
ios_base::failbit set, xrefs: 00007FF7C6BA6594

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Setgloballocalestd::ios_base::failure::failurestd::locale::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3020186397-1866435925
Opcode ID: b213a7e8670e4a75538bf82afb7f021029c94d6e790a4811917c0cc032a61614
Instruction ID: 9a944a7740597d62e5e0acc80bde7258ffad58e7b084541419ff1d04b146e823
Opcode Fuzzy Hash: b213a7e8670e4a75538bf82afb7f021029c94d6e790a4811917c0cc032a61614
Instruction Fuzzy Hash: 53418C72A14B4586EB21DF14E4843AEA3A0FB54B98FA48135D78D4B666DF3DD486C310

Function 00007FF7C6BA83E4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 47COMMON

Download Yara Rule

APIs

std::ios_base::failure::failure.LIBCPMT ref: 00007FF7C6BA846E

Strings

ios_base::badbit set, xrefs: 00007FF7C6BA8437
ios_base::eofbit set, xrefs: 00007FF7C6BA8449
ios_base::failbit set, xrefs: 00007FF7C6BA8442

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: std::ios_base::failure::failure
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2264918676-1866435925
Opcode ID: c1b67620a7b75c3aa4e20ac1e83c0262429a4c599721bceff29da8b160b365f3
Instruction ID: c1c524cc28c4dab0b5cef5c80127b4fd35ccdedea9abd2614bf2c922e59818d1
Opcode Fuzzy Hash: c1b67620a7b75c3aa4e20ac1e83c0262429a4c599721bceff29da8b160b365f3
Instruction Fuzzy Hash: D111CB62908E0985EB56EF14D8C12B9A760EB40BA8FF44535CB1D4B6A6DF3CD446C310

Function 00007FF7C6BBCBE0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF7C6BBCC5F
WriteFile.KERNEL32 ref: 00007FF7C6BBCF27
WriteFile.KERNEL32 ref: 00007FF7C6BBCF6D
GetLastError.KERNEL32 ref: 00007FF7C6BBD023

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: ff04ec1ff6a6d2d4b6b83e9d1173d5f1996effd45d4a05bdea7f186a3231215c
Instruction ID: 80304d481ae26e91fb410fa91ed45e38f17b216fcccdab2c1cab6e64469ae016
Opcode Fuzzy Hash: ff04ec1ff6a6d2d4b6b83e9d1173d5f1996effd45d4a05bdea7f186a3231215c
Instruction Fuzzy Hash: BFD16932B18A8089E712DF74D8802ED77B5FB547A8BA04235DE5D97B89DF38E006C350

Function 00007FF7C6BBD5A0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF7C6BBD58B), ref: 00007FF7C6BBD6BC
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,00007FF7C6BBD58B), ref: 00007FF7C6BBD747

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: eef6b73cf427e12514af9276e4dc85e88e3c5314759b2a2d9083a048f42eb0d9
Instruction ID: 39e417376e05978d2b55f63f34362498f91706050d47fd521a34ba1d318b14af
Opcode Fuzzy Hash: eef6b73cf427e12514af9276e4dc85e88e3c5314759b2a2d9083a048f42eb0d9
Instruction Fuzzy Hash: 6191D622F1865285F752AF658CC02BEABE0BB847A8FA45179DE0E57684DE3CD442C724

Function 00007FF7C6BA65D8 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7C6BA6603

Part of subcall function 00007FF7C6BA1F6C: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7C6BA1F91
Part of subcall function 00007FF7C6BA1F6C: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7C6BA1FB5

std::_Facet_Register.LIBCPMT ref: 00007FF7C6BA668F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7C6BA66A9
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7C6BA66D1

Part of subcall function 00007FF7C6BA2154: _Getctype.LIBCPMT ref: 00007FF7C6BA21C8
Part of subcall function 00007FF7C6BA2154: std::_Locinfo::~_Locinfo.LIBCPMT ref: 00007FF7C6BA21E4

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_GetctypeLocinfoLocinfo::~_Register
String ID:
API String ID: 2057624243-0
Opcode ID: a92b4c26d587f5f1fc2496f27d7dceb480a43d144b282e3090050a36e41427ba
Instruction ID: e4cec953087d30d194ae339dfc43a6104402ee87ddf9224801882729b5c6e593
Opcode Fuzzy Hash: a92b4c26d587f5f1fc2496f27d7dceb480a43d144b282e3090050a36e41427ba
Instruction Fuzzy Hash: B4519462A08B4281EA17EF15E8803AAB760FB54BB0FA94631DB5D07796EF3CD452C310

Function 00007FF7C6BA6920 Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7C6BA694B

Part of subcall function 00007FF7C6BA1F6C: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7C6BA1F91
Part of subcall function 00007FF7C6BA1F6C: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7C6BA1FB5

std::_Facet_Register.LIBCPMT ref: 00007FF7C6BA69D7
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF7C6BA69F1
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7C6BA6A19

Part of subcall function 00007FF7C6BA73F0: std::_Locinfo::~_Locinfo.LIBCPMT ref: 00007FF7C6BA7467

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_LocinfoLocinfo::~_Register
String ID:
API String ID: 3980266963-0
Opcode ID: d762a71aa88d400ef3c37ebf0151fe8d117812f20a0dd84f47510d80cc9adabc
Instruction ID: 9479450b0e507dee61f58925b568fa901fa1b394e7810e64d56be3a95af5b02b
Opcode Fuzzy Hash: d762a71aa88d400ef3c37ebf0151fe8d117812f20a0dd84f47510d80cc9adabc
Instruction Fuzzy Hash: AB317761608A4281EA17AF11E98017BF760FB98BB4FA84531EA9D07797DE3CD442C710

Function 00007FF7C6BB3D3C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7C6BB3D66

Strings

csm, xrefs: 00007FF7C6BB3D8B
csm, xrefs: 00007FF7C6BB3EFA

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 0560e5e2236336c234ea0b8be6ab1ce4c611589e81adc0c5d99d9f39cdf77d21
Instruction ID: c8ffb6a553977c99b1b98dee2590e0b7e7f7b43084ffb21a15d00ecfc3970398
Opcode Fuzzy Hash: 0560e5e2236336c234ea0b8be6ab1ce4c611589e81adc0c5d99d9f39cdf77d21
Instruction Fuzzy Hash: 9271A47290868186DB62AF25D89077EBBA0EF84BA4FA48135DF4C47A85CF3CE491C714

Function 00007FF7C6BB43D4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF7C6BB447E
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF7C6BB44A7

Strings

csm, xrefs: 00007FF7C6BB45A7

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 46a2ad83245cf6d7efc6605c8c4f88d4733f73d99b0de2d17a04f9ff24c83f0f
Instruction ID: 0b7932585db0c9523a735cd5836aab4d00e9f3f08146ed98a076ac55e9401e4e
Opcode Fuzzy Hash: 46a2ad83245cf6d7efc6605c8c4f88d4733f73d99b0de2d17a04f9ff24c83f0f
Instruction Fuzzy Hash: AA51503661874186E621EF15E88026EB7A4FBC9BA0F640135EF8D07B55CF38E461CB24

Function 00007FF7C6BB904C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7C6BB907E

Part of subcall function 00007FF7C6BBD8A8: HeapFree.KERNEL32 ref: 00007FF7C6BBD8BE
Part of subcall function 00007FF7C6BBD8A8: GetLastError.KERNEL32 ref: 00007FF7C6BBD8C8

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7C6BAFEBD), ref: 00007FF7C6BB909C

Strings

C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe, xrefs: 00007FF7C6BB908A

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe
API String ID: 3580290477-1472430217
Opcode ID: fb8983b3b5e5e9466b57d2ff6916d1b567982bc8b04b940e20eb30b24ef4965e
Instruction ID: 959de4d9ac80641dc693098736d7ce65044fb47402d681fa8d4c37024b27857f
Opcode Fuzzy Hash: fb8983b3b5e5e9466b57d2ff6916d1b567982bc8b04b940e20eb30b24ef4965e
Instruction Fuzzy Hash: 94416436A08B1295E716FF259CC10BEB7A5EF857A4BE84035EE0D47B55DE3CE4428324

Function 00007FF7C6BBD278 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF7C6BBD38F
GetLastError.KERNEL32 ref: 00007FF7C6BBD3B1

Strings

U, xrefs: 00007FF7C6BBD33B

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 32d3e78c01c43b2022bf2c965f2efe0706ff7ea1594ede922ccf26d9a22f7477
Instruction ID: 731008f54a84302206fa406fefef9ae86248ddfa31a742dbf7d4407d3c36e497
Opcode Fuzzy Hash: 32d3e78c01c43b2022bf2c965f2efe0706ff7ea1594ede922ccf26d9a22f7477
Instruction Fuzzy Hash: 7C41C522B28A4185DB21AF25E8843AEB7A4FB987A4FD04131EE4D87758DF3CD401C714

Function 00007FF7C6BB1B00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7C6BAE8FA), ref: 00007FF7C6BB1B50
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF7C6BAE8FA), ref: 00007FF7C6BB1B91

Strings

csm, xrefs: 00007FF7C6BB1B7E

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 685cf7f9216dc1c2b58ed291b228233822ec471b9a8c7a5f3f6fe7b455151c05
Instruction ID: aec02df848fbca9e3757bf21c638a789c5ee84db968b483fe48b79a7f0f31385
Opcode Fuzzy Hash: 685cf7f9216dc1c2b58ed291b228233822ec471b9a8c7a5f3f6fe7b455151c05
Instruction Fuzzy Hash: D5113032618B8582EB619F15F84026AB7E5FB88B94FA84235DECC07758EF3CD5518B04

Function 00007FF7C6BA1E64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7C6BA1E7B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7C6BA1EBA

Part of subcall function 00007FF7C6BAEC58: _Yarn.LIBCPMT ref: 00007FF7C6BAEC86

Strings

bad locale name, xrefs: 00007FF7C6BA1ECE

Memory Dump Source

Source File: 00000000.00000002.1338185903.00007FF7C6BA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7C6BA0000, based on PE: true

Associated: 00000000.00000002.1338170251.00007FF7C6BA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338210267.00007FF7C6BCB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338228780.00007FF7C6BDC000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1338243463.00007FF7C6BDF000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7c6ba0000_SecuriteInfo.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
String ID: bad locale name
API String ID: 1838369231-1405518554
Opcode ID: 9f2d4bba6482e44fbefb97c14935f5bc60200801a4d1a4bc911441947d06e13b
Instruction ID: 5aa2ea71c9b87da1723305f9b7c63afb7c5f80e3ad8df9650ca76b86f1555fd9
Opcode Fuzzy Hash: 9f2d4bba6482e44fbefb97c14935f5bc60200801a4d1a4bc911441947d06e13b
Instruction Fuzzy Hash: 6401A223105BC089C796EF74AD80159B7A5FB18B94B685138DB8C8370FEF38D491C350

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

System Summary

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exePID: 8388, Parent PID: 3084

General

File Activities

File Opened

File Attributes Queried

Volume Information Queried

Device IO

Section Activities

Sections loaded by Windows

Sections loaded by Program

Registry Activities

Key Opened

Key Value Queried

Mutex Activities

Mutex Created

Process Activities

Process Queried

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.23321.28745.exe

Function 00007FF7C6BA3518 Relevance: 39.5, APIs: 3, Strings: 19, Instructions: 1024
COMMON

Function 00007FF7C6BBE03C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Function 00007FF7C6BAFF4C Relevance: 4.6, APIs: 3, Instructions: 94
COMMON

Function 00007FF7C6BB8D00 Relevance: 4.5, APIs: 3, Instructions: 14
COMMON

Function 00007FF7C6BB8C31 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Function 00007FF7C6BA1000 Relevance: 15.4, Strings: 12, Instructions: 428
COMMON

Function 00007FF7C6BC75B8 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Function 00007FF7C6BB2940 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310
COMMON

Function 00007FF7C6BB526C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 88
libraryloaderCOMMONLIBRARYCODE

Function 00007FF7C6BBF69C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE