Create Interactive Tour

Analysis Report CVE-2017-0213_x64.exe

Overview

General Information

Sample Name:CVE-2017-0213_x64.exe
Analysis ID:356155
MD5:25e62ef07aa497ff4b13549bc6639e19
SHA1:c8cee35f713031ca109dffae4fbede766d427e08
SHA256:aac0c5ad612fb9a0ac3b4bbfd71b8931fc762f8e11fdf3ffb33ef22076f9c4bc

Most interesting Screenshot:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Yara signature match

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • CVE-2017-0213_x64.exe (PID: 2412 cmdline: 'C:\Users\user\Desktop\CVE-2017-0213_x64.exe' MD5: 25E62EF07AA497FF4B13549BC6639E19)
    • conhost.exe (PID: 5780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\Desktop\Windows\System32\tapi3.dllEXPL_Exploit_TLB_ScriptsDetects malicious TLB files which may be delivered via Visual Studio projectsRich Warren (slightly modified by Florian Roth)
  • 0x31f:$a: .sct
  • 0x2fe:$b: script:

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: CVE-2017-0213_x64.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: CVE-2017-0213_x64.exeVirustotal: Detection: 81%Perma Link
Source: CVE-2017-0213_x64.exeMetadefender: Detection: 63%Perma Link
Source: CVE-2017-0213_x64.exeReversingLabs: Detection: 87%

Compliance:

barindex
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: CVE-2017-0213_x64.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Binary contains paths to debug symbols
Source: Binary string: C:\Users\User\Documents\Visual Studio 2017\Projects\ConsoleApplication2\x64\Release\ConsoleApplication2.pdb source: CVE-2017-0213_x64.exe
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C90E44 FindFirstFileExW,0_2_00007FF7D8C90E44
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C82040 GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,NtCreateSymbolicLinkObject,CloseHandle,0_2_00007FF7D8C82040
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C84370 GetCurrentProcess,OpenProcessToken,_CxxThrowException,DuplicateTokenEx,_CxxThrowException,SetTokenInformation,CreateProcessAsUserW,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_00007FF7D8C84370
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C829E00_2_00007FF7D8C829E0
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C826500_2_00007FF7D8C82650
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C979B80_2_00007FF7D8C979B8
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C93ADC0_2_00007FF7D8C93ADC
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C936200_2_00007FF7D8C93620
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C85A4C0_2_00007FF7D8C85A4C
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C8D7F00_2_00007FF7D8C8D7F0
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C90C140_2_00007FF7D8C90C14
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C843700_2_00007FF7D8C84370
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C8A7440_2_00007FF7D8C8A744
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C8A4B00_2_00007FF7D8C8A4B0
Source: C:\Users\user\Desktop\Windows\System32\tapi3.dll, type: DROPPEDMatched rule: EXPL_Exploit_TLB_Scripts date = 2021-01-26, author = Rich Warren (slightly modified by Florian Roth), description = Detects malicious TLB files which may be delivered via Visual Studio projects, reference = https://github.com/outflanknl/Presentations/blob/master/Nullcon2020_COM-promise_-_Attacking_Windows_development_environments.pdf
Source: ConDrv.0.drBinary string: Opened Link \??\C: -> \Device\HarddiskVolume4\Users\user\Desktop: 00000000000001F0
Source: classification engineClassification label: mal56.winEXE@2/5@0/0
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C82650 CoCreateInstance,_CxxThrowException,new,new,_com_issue_error,CoGetStdMarshalEx,_CxxThrowException,_com_issue_error,_CxxThrowException,new,SysFreeString,_com_issue_error,FindCloseChangeNotification,0_2_00007FF7D8C82650
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeFile created: C:\Users\user\Desktop\run.sctJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5780:120:WilError_01
Source: CVE-2017-0213_x64.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: CVE-2017-0213_x64.exeVirustotal: Detection: 81%
Source: CVE-2017-0213_x64.exeMetadefender: Detection: 63%
Source: CVE-2017-0213_x64.exeReversingLabs: Detection: 87%
Source: unknownProcess created: C:\Users\user\Desktop\CVE-2017-0213_x64.exe 'C:\Users\user\Desktop\CVE-2017-0213_x64.exe'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CE34C0D-0DC9-4C1F-897C-DAA1B78CEE7C}\InProcServer32Jump to behavior
Source: CVE-2017-0213_x64.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: CVE-2017-0213_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: CVE-2017-0213_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: CVE-2017-0213_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: CVE-2017-0213_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: CVE-2017-0213_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: CVE-2017-0213_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: CVE-2017-0213_x64.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: CVE-2017-0213_x64.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\User\Documents\Visual Studio 2017\Projects\ConsoleApplication2\x64\Release\ConsoleApplication2.pdb source: CVE-2017-0213_x64.exe
Source: CVE-2017-0213_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: CVE-2017-0213_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: CVE-2017-0213_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: CVE-2017-0213_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: CVE-2017-0213_x64.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C90E44 FindFirstFileExW,0_2_00007FF7D8C90E44
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C8C7EC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D8C8C7EC
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C92D38 GetProcessHeap,0_2_00007FF7D8C92D38
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C850D4 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,0_2_00007FF7D8C850D4
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C84E14 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7D8C84E14
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C85968 SetUnhandledExceptionFilter,0_2_00007FF7D8C85968
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C8C7EC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D8C8C7EC
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C857CC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7D8C857CC
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C976D0 cpuid 0_2_00007FF7D8C976D0
Source: C:\Users\user\Desktop\CVE-2017-0213_x64.exeCode function: 0_2_00007FF7D8C856B4 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7D8C856B4

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1Windows Management InstrumentationValid Accounts1Valid Accounts1Masquerading1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsAccess Token Manipulation1Valid Accounts1LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Process Injection1Access Token Manipulation1Security Account ManagerSecurity Software Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection1NTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 356155 Sample: CVE-2017-0213_x64.exe Startdate: 22/02/2021 Architecture: WINDOWS Score: 56 10 Antivirus / Scanner detection for submitted sample 2->10 12 Multi AV Scanner detection for submitted file 2->12 6 CVE-2017-0213_x64.exe 12 7 2->6         started        process3 process4 8 conhost.exe 6->8         started       

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand
SourceDetectionScannerLabelLink
CVE-2017-0213_x64.exe82%VirustotalBrowse
CVE-2017-0213_x64.exe64%MetadefenderBrowse
CVE-2017-0213_x64.exe87%ReversingLabsWin64.Exploit.CVE-2017-0213
CVE-2017-0213_x64.exe100%AviraEXP/CVE-2017-0213.lsswl
No Antivirus matches
SourceDetectionScannerLabelLinkDownload
0.0.CVE-2017-0213_x64.exe.7ff7d8c80000.0.unpack100%AviraHEUR/AGEN.1110012Download File
0.2.CVE-2017-0213_x64.exe.7ff7d8c80000.0.unpack100%AviraHEUR/AGEN.1110012Download File
No Antivirus matches
No Antivirus matches
No contacted domains info
No contacted IP infos

General Information

Joe Sandbox Version:31.0.0 Emerald
Analysis ID:356155
Start date:22.02.2021
Start time:17:08:19
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 4m 14s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:CVE-2017-0213_x64.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:24
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:MAL
Classification:mal56.winEXE@2/5@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:
  • Successful, ratio: 100% (good quality ratio 88.1%)
  • Quality average: 66.8%
  • Quality standard deviation: 34.1%
HCA Information:Failed
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .exe
Warnings:
  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
No simulations
No context
No context
No context
No context
No context
C:\Users\user\Desktop\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Process:C:\Users\user\Desktop\CVE-2017-0213_x64.exe
File Type:data
Category:dropped
Size (bytes):1652
Entropy (8bit):2.0304814982445825
Encrypted:false
SSDEEP:12:o/q0xoMlfs8GCiTtVtiiiiiEITaiAjTHrCGilZW81/q0xoMlRnq+Dc7SIuiiiiif:dRTWBg81q+0
MD5:0EDBFF99CA4BAD230CAEB2DC417FF5B7
SHA1:6AE027C6D24DB2FFE99B37B0CC47350E8C8C87DA
SHA-256:88944215295259748AB72525B7AC5480822A37B055E7DD2951840CAEA3DBB1F0
SHA-512:46927A23209CF1649620A076BFD70F057A978BC97266E7809EA4B473C7BA11F8886B68C9D9AE528E5190D71C95988CAEA5DAB72F4783878849A3B2301F5745BF
Malicious:false
Reputation:low
Preview: MSFT................A............................................... .......................d...............................$...................................................`.......................................................................................................................................................4!..........................................H...@...........................................................0.......................................................................................H...............................3.ll...N.-D.............0..............F.......................F.........x..2"N.j......................0...............-.stdole2.tlbWWW....................................................................................................................................................................................................................................................................................................................
C:\Users\user\Desktop\Windows\System32\tapi3.dll
Process:C:\Users\user\Desktop\CVE-2017-0213_x64.exe
File Type:data
Category:dropped
Size (bytes):1344
Entropy (8bit):2.501902083499124
Encrypted:false
SSDEEP:12:o/q0ssXK0c7yTcADiiiiiiEHauuUFGzCx8us1zil/pMAlbl:kGA4uUFvWusq/2ybl
MD5:3C77DEDDD0073F1F5E23A1F9B00C42D1
SHA1:61BF1176261594F46EF8B7E98EC946EF1004E4F1
SHA-256:0687DB49092048F3CFFFDB4B41E6BBDE59373A31BE3079F68EBFD44420538B72
SHA-512:2B94D9C4EA5904C5CFDBCD90D4EF472F88428536A9A8C27BD6C14C0BA176750025780E45B20EE2FD170EF81F542AA76FE0CEA79597E5857B1C3E5750FAC8BA93
Malicious:false
Yara Hits:
  • Rule: EXPL_Exploit_TLB_Scripts, Description: Detects malicious TLB files which may be delivered via Visual Studio projects, Source: C:\Users\user\Desktop\Windows\System32\tapi3.dll, Author: Rich Warren (slightly modified by Florian Roth)
Reputation:low
Preview: MSFT................A............................................... ...................H...d...............................P...........................................,...............$...............$...............................................................................................................................4!..@.......................................x...@...........................................................0.......................x...............H...............................................`..................................!.........<.........0..............F.......................F........3.ll...N.-D..............x..2"N.j................E.Q.K.._.....................0...........`...............-.stdole2.tlbWWWH.............script:C:\Users\user\Desktop\run.sctW....................................................................................................................................................................................................
C:\Users\user\Desktop\output.tlb
Process:C:\Users\user\Desktop\CVE-2017-0213_x64.exe
File Type:data
Category:dropped
Size (bytes):1772
Entropy (8bit):2.380028278955225
Encrypted:false
SSDEEP:12:o/q0s8sovi4FtGCiiiiiEIDauuUFGzCx8us1zil/pMA56y/q0ssXK0c7yTcADii8:RluUFvWusq/2c6WGA4uc
MD5:B738824C0FFEE4218E4981C8CBBBB0D5
SHA1:034487900E356934D0248E64316A201B3ABA3FC1
SHA-256:BFFAD0BD518D2B340FD43BCA88FE19771D48412D9E735BA85B8C0A6659F19585
SHA-512:782022B244EF5082937DB3AD26F69F7F85CFE4477E902656465F365147B1E8BD92F860410024019F5CBC0976240E3AE98A72FF2C5820C830A0DBE0E355D34D09
Malicious:false
Reputation:low
Preview: MSFT................A............................................... .......................d...............(...............`...P...........................................................................$...........................................................................................................................4!..........................................x...@...........................................................0.......................x...............H...............................................`..................................!.........<.........0..............F.......................F........3.ll...N.-D..............x..2"N.j................E.Q.K.._.....................0...........`...............-.stdole2.tlbWWWH.............AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW....................................................................................................................................................................................................
C:\Users\user\Desktop\run.sct
Process:C:\Users\user\Desktop\CVE-2017-0213_x64.exe
File Type:XML 1.0 document text
Category:dropped
Size (bytes):340
Entropy (8bit):5.359036859891913
Encrypted:false
SSDEEP:6:TM3ZUoBGdpoF47z7ZG1zf3gIpNXn4Op7aiCF/isVVIKB1K+imPG1MiOzov:TM3ZUoWp98FfwIzIOpAwSBEGG1MiAov
MD5:CE77490E168BB55CF52ABE4790356B22
SHA1:ED1CA456AEFCADCE74E22055B88BFA580A7097FA
SHA-256:0BD8A9E9FEC8A77673A3F062E7FB0398453D17BA81F011227348BF486273B46A
SHA-512:38D28210E0D5DAEFC8E90FEEE83E8104FE97AC613142A6FA20A3163456CF1790D8BED0D363D00336103EF98DCBC79B88AABA4987E4E0DDE2378782CC04DF9A93
Malicious:false
Reputation:low
Preview: <?xml version='1.0'?>..<package>..<component id='giffile'>..<registration description='Dummy' progid='giffile' version='1.00' remotable='True'>..</registration>..<script language='JScript'>..<![CDATA[.. new ActiveXObject('Wscript.Shell').exec('"C:/Users/user/Desktop/CVE-2017-0213_x64.exe" 1');.. ..</script>..</component>..</package>..
\Device\ConDrv
Process:C:\Users\user\Desktop\CVE-2017-0213_x64.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):7636
Entropy (8bit):4.854134449168197
Encrypted:false
SSDEEP:96:xmbdi+H9i9W1VVgnuGVdu79OOOpddu79MhtX:xmbdJH9i9WdgpVQ79OVpdQ79MrX
MD5:F79C2677707825EAFE1F590D87D791A5
SHA1:8FE1A45DD0B29F29DD2BDC1167734A80EED6E471
SHA-256:0871ED8B24678BE26726F1FE2BADF567B2EFC8B75295F20F5C96AE9E50418E34
SHA-512:0663D951911E245DC995E557CAB0DE331BC495694907F0B1D3203A547A4C011112B4028936DAE54FB24C908C991705A4D2CC06F5F905F7178F8D15683A659366
Malicious:false
Reputation:low
Preview: Building Library with path: script:C:\Users\user\Desktop\run.sct..Found TLB name at offset 766..QI - Marshaller: {00000000-0000-0000-C000-000000000046} 0000011A5F2703C0..Queried Success: 0000011A5F2703C0..AddRef: 1..QI - Marshaller: {0000001B-0000-0000-C000-000000000046} 0000011A5F2703C0..QI - Marshaller: {ECC8691B-C1DB-4DC0-855E-65F6C551AF49} 0000011A5F2703C0..QI - Marshaller: {00000000-0000-0000-C000-000000000046} 0000011A5F2703C0..Queried Success: 0000011A5F2703C0..AddRef: 2..QI - Marshaller: {00000018-0000-0000-C000-000000000046} 0000011A5F2703C0..QI - Marshaller: {334D391F-0E79-3B15-C9FF-EAC65DD07C42} 0000011A5F2703C0..QI - Marshaller: {00000040-0000-0000-C000-000000000046} 0000011A5F2703C0..QI - Marshaller: {334D391F-0E79-3B15-C9FF-EAC65DD07C42} 0000011A5F2703C0..QI - Marshaller: {94EA2B94-E9CC-49E0-C0FF-EE64CA8F5B90} 0000011A5F2703C0..QI - Marshaller: {334D391F-0E79-3B15-C9FF-EAC65DD07C42} 0000011A5F2703C0..QI - Marshaller: {77DD1250-139C-2BC3-BD95-900ACED61BE5} 0000011A5F2703C

Static File Info

General

File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):6.15875815513617
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:CVE-2017-0213_x64.exe
File size:160768
MD5:25e62ef07aa497ff4b13549bc6639e19
SHA1:c8cee35f713031ca109dffae4fbede766d427e08
SHA256:aac0c5ad612fb9a0ac3b4bbfd71b8931fc762f8e11fdf3ffb33ef22076f9c4bc
SHA512:281a723c3ebfb369ad5bb73e18de0654e9ed1df25af49fcceaafe5afe425975c688eb4df4934b386b5532949f4bea6e688e33b599739e40ac381484e766fce5f
SSDEEP:3072:xcvrKSBuRWy3ALuEG8IFtMH673vxuElWazC9qPldFvsE8iw7c:Yfgwy3ALtI/G6rvAEl+9qPmEPMc
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Uv.q;%.q;%.q;%..8$.q;%..?$.q;%..>$.q;%..8$.q;%..?$.q;%..>$.q;%..=$.q;%..:$.q;%.q:%.q;%-.2$.q;%-..%.q;%-.9$.q;%Rich.q;%.......

File Icon

Icon Hash:00828e8e8686b000

General

Entrypoint:0x140005268
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Time Stamp:0x59367272 [Tue Jun 6 09:14:26 2017 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:910202062831ea4355f35cff4b6c74d4
Instruction
dec eax
sub esp, 28h
call 00007F778CD7ABB8h
dec eax
add esp, 28h
jmp 00007F778CD7A5EBh
int3
int3
dec eax
jmp dword ptr [000140B5h]
int3
jmp 00007F778CD7A47Ch
int3
int3
int3
dec eax
sub esp, 28h
call 00007F778CD7B0E8h
test eax, eax
je 00007F778CD7A793h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007F778CD7A777h
dec eax
cmp ecx, eax
je 00007F778CD7A786h
xor eax, eax
dec eax
cmpxchg dword ptr [00021E30h], ecx
jne 00007F778CD7A760h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007F778CD7A769h
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
movzx eax, byte ptr [00021E4Bh]
test ecx, ecx
mov ebx, 00000001h
cmove eax, ebx
mov byte ptr [00021E3Bh], al
call 00007F778CD7AED7h
call 00007F778CD7D622h
test al, al
jne 00007F778CD7A776h
xor al, al
jmp 00007F778CD7A786h
call 00007F778CD83181h
test al, al
jne 00007F778CD7A77Bh
xor ecx, ecx
call 00007F778CD7D63Eh
jmp 00007F778CD7A75Ch
mov al, bl
dec eax
add esp, 20h
pop ebx
ret
int3
int3
int3
dec eax
mov dword ptr [esp+08h], ebx
push ebp
dec eax
mov ebp, esp
dec eax
sub esp, 40h
cmp byte ptr [00021DBCh], 00000000h
mov ebx, ecx
jne 00007F778CD7A821h
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x247fc0x78.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x2a0000x1e0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x280000x171c.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x2b0000x680.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x21d600x70.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x21dd00xa0.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x190000x338.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x17d0e0x17e00False0.553184309555data6.43357407224IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata0x190000xc2920xc400False0.455855389031data4.97134017407IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x260000x1e500xc00False0.193359375data2.59145204102IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.pdata0x280000x171c0x1800False0.463216145833PEX Binary Archive5.0832833246IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x2a0000x1e00x200False0.53125data4.71767883295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x2b0000x6800x800False0.52294921875data4.90905240913IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountry
RT_MANIFEST0x2a0600x17dXML 1.0 document textEnglishUnited States
DLLImport
KERNEL32.dllGetModuleFileNameW, LocalAlloc, CreateFileW, ProcessIdToSessionId, FormatMessageW, DeleteFileW, WriteFile, GetProcAddress, LocalFree, GetFileSize, GetCurrentProcessId, GetModuleHandleW, GetCurrentProcess, QueryDosDeviceW, ReadFile, CloseHandle, CreateDirectoryW, WriteConsoleW, SetFilePointerEx, HeapReAlloc, HeapSize, GetConsoleMode, GetConsoleCP, FlushFileBuffers, GetProcessHeap, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, IsValidCodePage, FindNextFileW, GetLastError, MultiByteToWideChar, WideCharToMultiByte, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwindEx, RtlPcToFileHeader, EncodePointer, RaiseException, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetStdHandle, GetCommandLineA, GetCommandLineW, GetACP, HeapFree, HeapAlloc, GetFileType, CompareStringW, LCMapStringW, GetStringTypeW, FindClose, FindFirstFileExW
ADVAPI32.dllOpenProcessToken, CreateProcessAsUserW, DuplicateTokenEx, SetTokenInformation
ole32.dllCoCreateInstance, CoUninitialize, CoInitialize, CoTaskMemFree, CoMarshalInterface, CoInitializeSecurity, CoGetStdMarshalEx, StringFromIID
OLEAUT32.dllVariantClear, LoadTypeLib, SysFreeString, CreateTypeLib2, SysAllocStringByteLen, SysAllocString, SysStringLen
SHLWAPI.dllPathRemoveFileSpecW
Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

050100s020406080100

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Start time:17:09:02
Start date:22/02/2021
Path:C:\Users\user\Desktop\CVE-2017-0213_x64.exe
Wow64 process (32bit):false
Commandline:'C:\Users\user\Desktop\CVE-2017-0213_x64.exe'
Imagebase:0x7ff7d8c80000
File size:160768 bytes
MD5 hash:25E62EF07AA497FF4B13549BC6639E19
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Start time:17:09:02
Start date:22/02/2021
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff6b2800000
File size:625664 bytes
MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high

Disassembly

Code Analysis

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:12.8%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:8.8%
Total number of Nodes:1148
Total number of Limit Nodes:17

Graph

Show Legend
Hide Nodes/Edges
execution_graph 11986 7ff7d8c8bcf4 11987 7ff7d8c8bcff 11986->11987 11995 7ff7d8c9055c 11987->11995 12008 7ff7d8c8df94 EnterCriticalSection 11995->12008 9888 7ff7d8c850f0 9909 7ff7d8c852c8 9888->9909 9892 7ff7d8c85117 __scrt_acquire_startup_lock 9893 7ff7d8c8513c 9892->9893 9894 7ff7d8c857cc __scrt_fastfail 7 API calls 9892->9894 9899 7ff7d8c8517e __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 9893->9899 9917 7ff7d8c8d56c 9893->9917 9894->9893 9897 7ff7d8c85161 9900 7ff7d8c851eb 9899->9900 9966 7ff7d8c88d14 9899->9966 9925 7ff7d8c8d4b0 9900->9925 9905 7ff7d8c8520d 9957 7ff7d8c85914 GetModuleHandleW 9905->9957 9907 7ff7d8c85214 9971 7ff7d8c854b4 9907->9971 9910 7ff7d8c852ea __scrt_initialize_crt 9909->9910 9975 7ff7d8c8819c 9910->9975 9913 7ff7d8c85109 9913->9892 9959 7ff7d8c857cc IsProcessorFeaturePresent 9913->9959 9918 7ff7d8c8d57f 9917->9918 9919 7ff7d8c8515d 9918->9919 10062 7ff7d8c85008 9918->10062 9919->9897 9921 7ff7d8c8d508 9919->9921 9922 7ff7d8c8d557 9921->9922 9923 7ff7d8c8d53d 9921->9923 9922->9899 9923->9922 10144 7ff7d8c850d4 9923->10144 9926 7ff7d8c8d4c0 9925->9926 9929 7ff7d8c85200 9925->9929 9926->9929 10152 7ff7d8c8d190 9926->10152 9931 7ff7d8c84540 CoInitialize 9929->9931 9932 7ff7d8c84591 CoInitializeSecurity 9931->9932 9933 7ff7d8c84571 _com_raise_error 9931->9933 9934 7ff7d8c845c7 _com_raise_error 9932->9934 9935 7ff7d8c845f0 9932->9935 9940 7ff7d8c87d14 _CxxThrowException 2 API calls 9933->9940 9943 7ff7d8c87d14 _CxxThrowException 2 API calls 9934->9943 9936 7ff7d8c845f6 9935->9936 9937 7ff7d8c84604 9935->9937 10453 7ff7d8c84370 9936->10453 10217 7ff7d8c83c90 9937->10217 9940->9932 9943->9935 9944 7ff7d8c846f8 CoUninitialize 9944->9905 9949 7ff7d8c8464d SysFreeString 9953 7ff7d8c84656 _com_util::ConvertBSTRToString 9949->9953 9950 7ff7d8c84696 10299 7ff7d8c83130 LoadTypeLib 9950->10299 9951 7ff7d8c846a8 10417 7ff7d8c82650 CoCreateInstance 9951->10417 9953->9950 10474 7ff7d8c84ae0 9953->10474 9955 7ff7d8c846cf SysFreeString 9956 7ff7d8c846d8 _com_util::ConvertBSTRToString 9955->9956 9956->9944 9958 7ff7d8c85928 9957->9958 9958->9907 9960 7ff7d8c857f1 memcpy_s 9959->9960 9961 7ff7d8c8580d RtlCaptureContext RtlLookupFunctionEntry 9960->9961 9962 7ff7d8c85836 RtlVirtualUnwind 9961->9962 9963 7ff7d8c85872 memcpy_s 9961->9963 9962->9963 9964 7ff7d8c858a4 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9963->9964 9965 7ff7d8c858f6 9964->9965 9965->9892 9967 7ff7d8c88d40 9966->9967 9968 7ff7d8c88d52 9966->9968 9967->9900 10851 7ff7d8c8dd30 9968->10851 9972 7ff7d8c854c5 __scrt_uninitialize_crt 9971->9972 9973 7ff7d8c854d7 9972->9973 9974 7ff7d8c881d0 __vcrt_uninitialize 8 API calls 9972->9974 9973->9897 9974->9973 9976 7ff7d8c881a5 __vcrt_initialize_pure_virtual_call_handler __vcrt_initialize 9975->9976 9995 7ff7d8c88584 9976->9995 9981 7ff7d8c852ef 9981->9913 9983 7ff7d8c8dd08 9981->9983 9984 7ff7d8c92d60 9983->9984 9985 7ff7d8c852fc 9984->9985 10046 7ff7d8c8fe94 9984->10046 9985->9913 9987 7ff7d8c881d0 9985->9987 9988 7ff7d8c881d8 9987->9988 9989 7ff7d8c881e9 9987->9989 9990 7ff7d8c8834c __vcrt_uninitialize_ptd 6 API calls 9988->9990 9989->9913 9991 7ff7d8c881dd 9990->9991 9992 7ff7d8c885cc __vcrt_uninitialize_locks DeleteCriticalSection 9991->9992 9993 7ff7d8c881e2 9992->9993 10058 7ff7d8c889fc 9993->10058 9997 7ff7d8c8858c 9995->9997 9998 7ff7d8c885bd 9997->9998 9999 7ff7d8c881af 9997->9999 10012 7ff7d8c88940 9997->10012 10000 7ff7d8c885cc __vcrt_uninitialize_locks DeleteCriticalSection 9998->10000 9999->9981 10001 7ff7d8c8830c 9999->10001 10000->9999 10027 7ff7d8c887dc 10001->10027 10003 7ff7d8c8831c 10006 7ff7d8c881bc 10003->10006 10032 7ff7d8c888d8 10003->10032 10005 7ff7d8c88339 10005->10006 10037 7ff7d8c8834c 10005->10037 10006->9981 10008 7ff7d8c885cc 10006->10008 10009 7ff7d8c885f7 10008->10009 10010 7ff7d8c885da DeleteCriticalSection 10009->10010 10011 7ff7d8c885fb 10009->10011 10010->10009 10011->9981 10017 7ff7d8c88604 10012->10017 10015 7ff7d8c88983 10015->9997 10016 7ff7d8c88997 InitializeCriticalSectionAndSpinCount 10016->10015 10018 7ff7d8c88665 10017->10018 10025 7ff7d8c88660 try_get_function 10017->10025 10018->10015 10018->10016 10019 7ff7d8c88694 LoadLibraryExW 10021 7ff7d8c886b5 GetLastError 10019->10021 10019->10025 10020 7ff7d8c88748 10020->10018 10022 7ff7d8c88756 GetProcAddress 10020->10022 10021->10025 10023 7ff7d8c88767 10022->10023 10023->10018 10024 7ff7d8c8872d FreeLibrary 10024->10025 10025->10018 10025->10019 10025->10020 10025->10024 10026 7ff7d8c886ef LoadLibraryExW 10025->10026 10026->10025 10028 7ff7d8c88604 try_get_function 5 API calls 10027->10028 10029 7ff7d8c88805 10028->10029 10030 7ff7d8c8881c TlsAlloc 10029->10030 10031 7ff7d8c8880d 10029->10031 10030->10031 10031->10003 10033 7ff7d8c88604 try_get_function 5 API calls 10032->10033 10034 7ff7d8c8890b 10033->10034 10035 7ff7d8c88924 TlsSetValue 10034->10035 10036 7ff7d8c88913 10034->10036 10035->10036 10036->10005 10038 7ff7d8c88360 10037->10038 10039 7ff7d8c8835b 10037->10039 10038->10006 10041 7ff7d8c88830 10039->10041 10042 7ff7d8c88604 try_get_function 5 API calls 10041->10042 10043 7ff7d8c8885b 10042->10043 10044 7ff7d8c88871 TlsFree 10043->10044 10045 7ff7d8c88863 10043->10045 10044->10045 10045->10038 10057 7ff7d8c8df94 EnterCriticalSection 10046->10057 10048 7ff7d8c8fea4 10049 7ff7d8c9219c 33 API calls 10048->10049 10050 7ff7d8c8fead 10049->10050 10051 7ff7d8c8febb 10050->10051 10052 7ff7d8c8fcac 35 API calls 10050->10052 10053 7ff7d8c8dfe8 _onexit LeaveCriticalSection 10051->10053 10054 7ff7d8c8feb6 10052->10054 10055 7ff7d8c8fec7 10053->10055 10056 7ff7d8c8fd98 GetStdHandle GetFileType 10054->10056 10055->9984 10056->10051 10059 7ff7d8c88a34 10058->10059 10060 7ff7d8c88a00 10058->10060 10059->9989 10060->10059 10061 7ff7d8c88a1a FreeLibrary 10060->10061 10061->10060 10063 7ff7d8c85018 pre_c_initialization 10062->10063 10083 7ff7d8c8d5ac 10063->10083 10065 7ff7d8c85024 pre_c_initialization 10089 7ff7d8c85314 10065->10089 10067 7ff7d8c8503d 10068 7ff7d8c850ad 10067->10068 10069 7ff7d8c85041 _RTC_Initialize 10067->10069 10070 7ff7d8c857cc __scrt_fastfail 7 API calls 10068->10070 10094 7ff7d8c85530 10069->10094 10071 7ff7d8c850b7 10070->10071 10073 7ff7d8c857cc __scrt_fastfail 7 API calls 10071->10073 10075 7ff7d8c850c2 __scrt_initialize_default_local_stdio_options 10073->10075 10074 7ff7d8c85052 pre_c_initialization 10097 7ff7d8c8d00c 10074->10097 10075->9918 10078 7ff7d8c85062 10122 7ff7d8c85770 InitializeSListHead 10078->10122 10080 7ff7d8c85067 pre_c_initialization 10081 7ff7d8c8d6d0 pre_c_initialization 36 API calls 10080->10081 10082 7ff7d8c85092 pre_c_initialization 10081->10082 10082->9918 10084 7ff7d8c8d5bd 10083->10084 10085 7ff7d8c8d5c5 10084->10085 10086 7ff7d8c8cb50 memcpy_s 15 API calls 10084->10086 10085->10065 10087 7ff7d8c8d5d4 10086->10087 10088 7ff7d8c8ca00 _invalid_parameter_noinfo 32 API calls 10087->10088 10088->10085 10090 7ff7d8c85330 10089->10090 10093 7ff7d8c85339 pre_c_initialization __scrt_release_startup_lock 10089->10093 10091 7ff7d8c857cc __scrt_fastfail 7 API calls 10090->10091 10090->10093 10092 7ff7d8c853f2 10091->10092 10093->10067 10123 7ff7d8c854e0 10094->10123 10096 7ff7d8c85539 10096->10074 10098 7ff7d8c8505e 10097->10098 10099 7ff7d8c8d02c 10097->10099 10098->10071 10098->10078 10100 7ff7d8c8d034 10099->10100 10101 7ff7d8c8d04a GetModuleFileNameW 10099->10101 10102 7ff7d8c8cb50 memcpy_s 15 API calls 10100->10102 10105 7ff7d8c8d075 pre_c_initialization 10101->10105 10103 7ff7d8c8d039 10102->10103 10104 7ff7d8c8ca00 _invalid_parameter_noinfo 32 API calls 10103->10104 10104->10098 10138 7ff7d8c8cfac 10105->10138 10108 7ff7d8c8d0d5 pre_c_initialization 10115 7ff7d8c8d123 10108->10115 10116 7ff7d8c8d13c 10108->10116 10120 7ff7d8c8d0f7 10108->10120 10109 7ff7d8c8d0bd 10110 7ff7d8c8cb50 memcpy_s 15 API calls 10109->10110 10111 7ff7d8c8d0c2 10110->10111 10112 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10111->10112 10113 7ff7d8c8d0d0 10112->10113 10113->10098 10114 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10114->10098 10117 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10115->10117 10118 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10116->10118 10119 7ff7d8c8d12c 10117->10119 10118->10120 10121 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10119->10121 10120->10114 10121->10113 10124 7ff7d8c8550f 10123->10124 10126 7ff7d8c85505 _onexit 10123->10126 10127 7ff7d8c8db8c 10124->10127 10126->10096 10130 7ff7d8c8d7b4 10127->10130 10137 7ff7d8c8df94 EnterCriticalSection 10130->10137 10139 7ff7d8c8cfc8 10138->10139 10143 7ff7d8c8cfc4 10138->10143 10140 7ff7d8c8dea8 __vcrt_getptd_noexit 15 API calls 10139->10140 10139->10143 10141 7ff7d8c8cff6 10140->10141 10142 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10141->10142 10142->10143 10143->10108 10143->10109 10151 7ff7d8c85968 SetUnhandledExceptionFilter 10144->10151 10153 7ff7d8c8d1a9 10152->10153 10159 7ff7d8c8d1a5 10152->10159 10171 7ff7d8c91bf8 GetEnvironmentStringsW 10153->10171 10156 7ff7d8c8d1b6 10158 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10156->10158 10158->10159 10159->9929 10162 7ff7d8c8d354 10159->10162 10161 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10161->10156 10163 7ff7d8c8d397 10162->10163 10165 7ff7d8c8d36f 10162->10165 10164 7ff7d8c8d374 MultiByteToWideChar 10163->10164 10163->10165 10166 7ff7d8c8dea8 __vcrt_getptd_noexit 15 API calls 10163->10166 10167 7ff7d8c8d3f7 10163->10167 10168 7ff7d8c8d3ac MultiByteToWideChar 10163->10168 10170 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10163->10170 10164->10163 10164->10165 10165->9929 10166->10163 10169 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10167->10169 10168->10163 10168->10167 10169->10165 10170->10163 10172 7ff7d8c8d1ae 10171->10172 10173 7ff7d8c91c1c 10171->10173 10172->10156 10178 7ff7d8c8d1f8 10172->10178 10195 7ff7d8c8ddf0 10173->10195 10175 7ff7d8c91c56 memcpy_s 10176 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10175->10176 10177 7ff7d8c91c76 FreeEnvironmentStringsW 10176->10177 10177->10172 10179 7ff7d8c8d220 10178->10179 10180 7ff7d8c8dea8 __vcrt_getptd_noexit 15 API calls 10179->10180 10189 7ff7d8c8d25f 10180->10189 10181 7ff7d8c8d2d2 10182 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10181->10182 10183 7ff7d8c8d1c3 10182->10183 10183->10161 10184 7ff7d8c8dea8 __vcrt_getptd_noexit 15 API calls 10184->10189 10185 7ff7d8c8d2c3 10211 7ff7d8c8d310 10185->10211 10189->10181 10189->10184 10189->10185 10190 7ff7d8c8d2fa 10189->10190 10193 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10189->10193 10202 7ff7d8c90ab4 10189->10202 10192 7ff7d8c8ca50 _invalid_parameter_noinfo_noreturn 17 API calls 10190->10192 10191 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10191->10181 10194 7ff7d8c8d30c 10192->10194 10193->10189 10196 7ff7d8c8de3b 10195->10196 10201 7ff7d8c8ddff __vcrt_getptd_noexit 10195->10201 10197 7ff7d8c8cb50 memcpy_s 15 API calls 10196->10197 10199 7ff7d8c8de39 10197->10199 10198 7ff7d8c8de22 RtlAllocateHeap 10198->10199 10198->10201 10199->10175 10200 7ff7d8c8cb94 new 2 API calls 10200->10201 10201->10196 10201->10198 10201->10200 10203 7ff7d8c90ac1 10202->10203 10204 7ff7d8c90acb 10202->10204 10203->10204 10206 7ff7d8c90ae7 10203->10206 10205 7ff7d8c8cb50 memcpy_s 15 API calls 10204->10205 10210 7ff7d8c90ad3 10205->10210 10208 7ff7d8c90adf 10206->10208 10209 7ff7d8c8cb50 memcpy_s 15 API calls 10206->10209 10207 7ff7d8c8ca00 _invalid_parameter_noinfo 32 API calls 10207->10208 10208->10189 10209->10210 10210->10207 10212 7ff7d8c8d2cb 10211->10212 10213 7ff7d8c8d315 10211->10213 10212->10191 10214 7ff7d8c8d33e 10213->10214 10215 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10213->10215 10216 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10214->10216 10215->10213 10216->10212 10218 7ff7d8c84f90 new 4 API calls 10217->10218 10219 7ff7d8c83ce1 10218->10219 10220 7ff7d8c83ced SysAllocString 10219->10220 10221 7ff7d8c83d0d _com_issue_error 10219->10221 10220->10221 10483 7ff7d8c82390 10221->10483 10225 7ff7d8c83db7 SysFreeString 10228 7ff7d8c83dc0 _com_util::ConvertBSTRToString 10225->10228 10227 7ff7d8c84f90 new 4 API calls 10231 7ff7d8c83de9 10227->10231 10228->10227 10229 7ff7d8c83d76 SysFreeString 10230 7ff7d8c83d7f _com_util::ConvertBSTRToString 10229->10230 10230->10225 10230->10228 10232 7ff7d8c83df5 SysAllocString 10231->10232 10233 7ff7d8c83e15 _com_issue_error 10231->10233 10232->10233 10500 7ff7d8c822b0 10233->10500 10237 7ff7d8c83e9e 10238 7ff7d8c84f90 new 4 API calls 10237->10238 10239 7ff7d8c83ea8 10238->10239 10240 7ff7d8c83eb4 SysAllocString 10239->10240 10241 7ff7d8c83ed4 _com_issue_error 10239->10241 10240->10241 10242 7ff7d8c84f90 new 4 API calls 10241->10242 10243 7ff7d8c83f00 10242->10243 10244 7ff7d8c83f0c SysAllocString 10243->10244 10245 7ff7d8c83f29 _com_issue_error 10243->10245 10244->10245 10246 7ff7d8c84f90 new 4 API calls 10245->10246 10247 7ff7d8c83f55 10246->10247 10248 7ff7d8c83f61 SysAllocString 10247->10248 10249 7ff7d8c83f81 _com_issue_error 10247->10249 10248->10249 10250 7ff7d8c813c0 39 API calls 10249->10250 10251 7ff7d8c83fb7 10250->10251 10252 7ff7d8c81320 38 API calls 10251->10252 10253 7ff7d8c83fc8 10252->10253 10254 7ff7d8c81320 38 API calls 10253->10254 10255 7ff7d8c83fd9 10254->10255 10256 7ff7d8c81320 38 API calls 10255->10256 10257 7ff7d8c83fea 10256->10257 10258 7ff7d8c84f90 new 4 API calls 10257->10258 10259 7ff7d8c83ff7 10258->10259 10261 7ff7d8c8400f _com_issue_error 10259->10261 10527 7ff7d8c81510 10259->10527 10262 7ff7d8c81190 std::locale::global SysFreeString 10261->10262 10263 7ff7d8c84030 10262->10263 10264 7ff7d8c84068 _com_util::ConvertBSTRToString 10263->10264 10265 7ff7d8c8405a SysFreeString 10263->10265 10266 7ff7d8c840bb SysFreeString 10264->10266 10268 7ff7d8c840c9 _com_util::ConvertBSTRToString 10264->10268 10265->10264 10266->10268 10267 7ff7d8c8411c SysFreeString 10275 7ff7d8c8412a _com_util::ConvertBSTRToString 10267->10275 10268->10267 10268->10275 10269 7ff7d8c841cc SysFreeString 10273 7ff7d8c841d5 _com_util::ConvertBSTRToString 10269->10273 10270 7ff7d8c8417d SysFreeString 10271 7ff7d8c8418b _com_util::ConvertBSTRToString 10270->10271 10271->10269 10271->10273 10272 7ff7d8c8420a SysFreeString 10274 7ff7d8c84213 _com_util::ConvertBSTRToString 10272->10274 10273->10272 10273->10274 10276 7ff7d8c84248 SysFreeString 10274->10276 10277 7ff7d8c84251 _com_util::ConvertBSTRToString 10274->10277 10275->10270 10275->10271 10276->10277 10278 7ff7d8c84298 10277->10278 10279 7ff7d8c84ae0 _com_util::ConvertBSTRToString 4 API calls 10277->10279 10509 7ff7d8c82ff0 10278->10509 10279->10278 10281 7ff7d8c842a9 10282 7ff7d8c842cc SysFreeString 10281->10282 10285 7ff7d8c842d5 _com_util::ConvertBSTRToString 10281->10285 10282->10285 10283 7ff7d8c84309 SysFreeString 10286 7ff7d8c84312 _com_util::ConvertBSTRToString 10283->10286 10284 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 10287 7ff7d8c84340 10284->10287 10285->10283 10285->10286 10286->10284 10288 7ff7d8c813c0 10287->10288 10289 7ff7d8c84f90 new 4 API calls 10288->10289 10290 7ff7d8c813f7 10289->10290 10291 7ff7d8c81404 SysAllocString 10290->10291 10292 7ff7d8c81420 _com_issue_error 10290->10292 10291->10292 10293 7ff7d8c84f90 new 4 API calls 10292->10293 10294 7ff7d8c81458 10293->10294 10295 7ff7d8c81470 _com_issue_error 10294->10295 10296 7ff7d8c81510 35 API calls 10294->10296 10297 7ff7d8c81190 std::locale::global SysFreeString 10295->10297 10296->10295 10298 7ff7d8c8148b 10297->10298 10298->9949 10298->9953 10300 7ff7d8c8319a 10299->10300 10301 7ff7d8c83179 _com_raise_error 10299->10301 10302 7ff7d8c81130 74 API calls 10300->10302 10304 7ff7d8c87d14 _CxxThrowException 2 API calls 10301->10304 10303 7ff7d8c831aa 10302->10303 10305 7ff7d8c84f90 new 4 API calls 10303->10305 10304->10300 10306 7ff7d8c831c4 10305->10306 10307 7ff7d8c831d3 SysAllocString 10306->10307 10308 7ff7d8c831f3 _com_issue_error 10306->10308 10307->10308 10309 7ff7d8c82390 15 API calls 10308->10309 10310 7ff7d8c8321f 10309->10310 10311 7ff7d8c81320 38 API calls 10310->10311 10313 7ff7d8c83233 10311->10313 10312 7ff7d8c8329a SysFreeString 10336 7ff7d8c832a3 _com_util::ConvertBSTRToString 10312->10336 10315 7ff7d8c83258 SysFreeString 10313->10315 10316 7ff7d8c83261 _com_util::ConvertBSTRToString 10313->10316 10314 7ff7d8c84f90 new 4 API calls 10317 7ff7d8c833d6 10314->10317 10315->10316 10316->10312 10316->10336 10318 7ff7d8c84c00 _com_util::ConvertStringToBSTR 13 API calls 10317->10318 10320 7ff7d8c833fc _com_issue_error 10317->10320 10318->10320 10319 7ff7d8c832e6 SysAllocString 10324 7ff7d8c833ab _com_issue_error 10319->10324 10319->10336 10603 7ff7d8c829e0 10320->10603 10321 7ff7d8c84f90 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection new 10321->10336 10323 7ff7d8c83464 LoadTypeLib 10327 7ff7d8c8348d _com_raise_error 10323->10327 10328 7ff7d8c834ae 10323->10328 10324->10314 10326 7ff7d8c81510 35 API calls 10326->10336 10332 7ff7d8c87d14 _CxxThrowException 2 API calls 10327->10332 10329 7ff7d8c84f90 new 4 API calls 10328->10329 10331 7ff7d8c834b9 10329->10331 10330 7ff7d8c81190 std::locale::global SysFreeString 10330->10336 10333 7ff7d8c834c8 SysAllocString 10331->10333 10334 7ff7d8c834e8 _com_issue_error 10331->10334 10332->10328 10333->10334 10337 7ff7d8c82390 15 API calls 10334->10337 10335 7ff7d8c83377 SysFreeString 10335->10336 10336->10319 10336->10321 10336->10324 10336->10326 10336->10330 10336->10335 10338 7ff7d8c83514 10337->10338 10339 7ff7d8c81320 38 API calls 10338->10339 10341 7ff7d8c83528 10339->10341 10340 7ff7d8c8358f SysFreeString 10344 7ff7d8c83598 _com_util::ConvertBSTRToString 10340->10344 10345 7ff7d8c8354d SysFreeString 10341->10345 10346 7ff7d8c83556 _com_util::ConvertBSTRToString 10341->10346 10342 7ff7d8c84f90 new 4 API calls 10343 7ff7d8c835c1 10342->10343 10347 7ff7d8c84c00 _com_util::ConvertStringToBSTR 13 API calls 10343->10347 10348 7ff7d8c835e7 _com_issue_error 10343->10348 10344->10342 10345->10346 10346->10340 10346->10344 10347->10348 10349 7ff7d8c829e0 6 API calls 10348->10349 10350 7ff7d8c83645 10349->10350 10629 7ff7d8c82d90 10350->10629 10352 7ff7d8c836c9 memcpy_s 10353 7ff7d8c84f90 new 4 API calls 10352->10353 10355 7ff7d8c836f6 10353->10355 10356 7ff7d8c83705 SysAllocString 10355->10356 10358 7ff7d8c83725 _com_issue_error 10355->10358 10356->10358 10357 7ff7d8c81130 74 API calls 10357->10352 10359 7ff7d8c82390 15 API calls 10358->10359 10360 7ff7d8c83750 10359->10360 10361 7ff7d8c81320 38 API calls 10360->10361 10362 7ff7d8c83761 CreateDirectoryW 10361->10362 10364 7ff7d8c83782 10362->10364 10368 7ff7d8c837a5 _com_util::ConvertBSTRToString 10362->10368 10366 7ff7d8c8379c SysFreeString 10364->10366 10364->10368 10365 7ff7d8c84f90 new 4 API calls 10371 7ff7d8c8385e 10365->10371 10366->10368 10367 7ff7d8c8382c SysFreeString 10372 7ff7d8c83835 _com_util::ConvertBSTRToString 10367->10372 10369 7ff7d8c837eb SysFreeString 10368->10369 10370 7ff7d8c837f4 _com_util::ConvertBSTRToString 10368->10370 10369->10370 10370->10367 10370->10372 10373 7ff7d8c8386d SysAllocString 10371->10373 10374 7ff7d8c8388d _com_issue_error 10371->10374 10372->10365 10373->10374 10375 7ff7d8c82390 15 API calls 10374->10375 10376 7ff7d8c838b8 10375->10376 10377 7ff7d8c81320 38 API calls 10376->10377 10378 7ff7d8c838c9 CreateDirectoryW 10377->10378 10380 7ff7d8c838ea 10378->10380 10382 7ff7d8c8390d _com_util::ConvertBSTRToString 10378->10382 10380->10382 10383 7ff7d8c83904 SysFreeString 10380->10383 10381 7ff7d8c84f90 new 4 API calls 10388 7ff7d8c839c6 10381->10388 10386 7ff7d8c8395c _com_util::ConvertBSTRToString 10382->10386 10387 7ff7d8c83953 SysFreeString 10382->10387 10383->10382 10384 7ff7d8c83994 SysFreeString 10385 7ff7d8c8399d _com_util::ConvertBSTRToString 10384->10385 10385->10381 10386->10384 10386->10385 10387->10386 10389 7ff7d8c839d5 SysAllocString 10388->10389 10390 7ff7d8c839f5 _com_issue_error 10388->10390 10389->10390 10391 7ff7d8c82390 15 API calls 10390->10391 10392 7ff7d8c83a20 10391->10392 10393 7ff7d8c81320 38 API calls 10392->10393 10395 7ff7d8c83a32 10393->10395 10394 7ff7d8c83a97 SysFreeString 10397 7ff7d8c83aa0 _com_util::ConvertBSTRToString 10394->10397 10398 7ff7d8c83a56 SysFreeString 10395->10398 10399 7ff7d8c83a5f _com_util::ConvertBSTRToString 10395->10399 10396 7ff7d8c84790 4 API calls 10400 7ff7d8c83acc 10396->10400 10397->10396 10398->10399 10399->10394 10399->10397 10401 7ff7d8c82ec0 38 API calls 10400->10401 10402 7ff7d8c83aea 10401->10402 10403 7ff7d8c83b0f SysFreeString 10402->10403 10404 7ff7d8c83b18 _com_util::ConvertBSTRToString 10402->10404 10403->10404 10405 7ff7d8c83b5e 10404->10405 10406 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10404->10406 10416 7ff7d8c83b88 10404->10416 10407 7ff7d8c83b6d 10405->10407 10408 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10405->10408 10406->10405 10411 7ff7d8c83b7c 10407->10411 10412 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10407->10412 10408->10407 10409 7ff7d8c83bcc _com_util::ConvertBSTRToString 10413 7ff7d8c83c28 SysFreeString 10409->10413 10414 7ff7d8c83c31 _com_util::ConvertBSTRToString 10409->10414 10410 7ff7d8c83bc3 SysFreeString 10410->10409 10415 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10411->10415 10411->10416 10412->10411 10413->10414 10414->9951 10415->10416 10416->10409 10416->10410 10418 7ff7d8c826d4 10417->10418 10419 7ff7d8c826b3 _com_raise_error 10417->10419 10420 7ff7d8c84f90 new 4 API calls 10418->10420 10423 7ff7d8c87d14 _CxxThrowException 2 API calls 10419->10423 10421 7ff7d8c826df 10420->10421 10422 7ff7d8c84f90 new 4 API calls 10421->10422 10424 7ff7d8c826f0 10422->10424 10423->10418 10656 7ff7d8c81a10 10424->10656 10425 7ff7d8c8278e CoGetStdMarshalEx 10426 7ff7d8c827aa _com_raise_error 10425->10426 10430 7ff7d8c827cb _com_raise_error _com_issue_error 10425->10430 10428 7ff7d8c87d14 _CxxThrowException 2 API calls 10426->10428 10427 7ff7d8c82765 _com_issue_error 10427->10425 10428->10430 10429 7ff7d8c8282d 10431 7ff7d8c84f90 new 4 API calls 10429->10431 10430->10429 10433 7ff7d8c87d14 _CxxThrowException 2 API calls 10430->10433 10432 7ff7d8c8283c 10431->10432 10669 7ff7d8c82480 10432->10669 10433->10429 10435 7ff7d8c82888 10690 7ff7d8c82040 GetModuleHandleW GetProcAddress GetModuleHandleW GetProcAddress 10435->10690 10438 7ff7d8c828c6 SysFreeString 10439 7ff7d8c828cf _com_util::ConvertBSTRToString _com_issue_error 10438->10439 10440 7ff7d8c81130 74 API calls 10439->10440 10441 7ff7d8c82921 10440->10441 10442 7ff7d8c82936 10441->10442 10443 7ff7d8c82930 FindCloseChangeNotification 10441->10443 10444 7ff7d8c81130 74 API calls 10442->10444 10443->10442 10445 7ff7d8c82952 10444->10445 10700 7ff7d8c81b80 10445->10700 10446 7ff7d8c8298d 10448 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 10446->10448 10447 7ff7d8c8295c 10447->10446 10450 7ff7d8c81b80 74 API calls 10447->10450 10449 7ff7d8c829a9 10448->10449 10449->9944 10449->9955 10449->9956 10450->10446 10720 7ff7d8c8c7bc 10453->10720 10456 7ff7d8c843f4 DuplicateTokenEx 10458 7ff7d8c8444a SetTokenInformation 10456->10458 10459 7ff7d8c84425 _com_raise_error 10456->10459 10457 7ff7d8c843cf _com_raise_error 10462 7ff7d8c87d14 _CxxThrowException 2 API calls 10457->10462 10460 7ff7d8c87e00 memcpy_s 10458->10460 10464 7ff7d8c87d14 _CxxThrowException 2 API calls 10459->10464 10461 7ff7d8c84473 CreateProcessAsUserW 10460->10461 10465 7ff7d8c844ea 10461->10465 10466 7ff7d8c844d5 CloseHandle CloseHandle 10461->10466 10463 7ff7d8c843f3 10462->10463 10463->10456 10467 7ff7d8c84449 10464->10467 10468 7ff7d8c844f9 CloseHandle 10465->10468 10469 7ff7d8c84504 10465->10469 10466->10465 10467->10458 10468->10469 10470 7ff7d8c84519 10469->10470 10471 7ff7d8c84513 CloseHandle 10469->10471 10472 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 10470->10472 10471->10470 10473 7ff7d8c84525 10472->10473 10473->9944 10475 7ff7d8c84b12 WideCharToMultiByte 10474->10475 10482 7ff7d8c84b0b _com_issue_error 10474->10482 10477 7ff7d8c84b5a GetLastError 10475->10477 10478 7ff7d8c84b64 _com_issue_error 10475->10478 10477->10478 10479 7ff7d8c84b84 WideCharToMultiByte 10478->10479 10478->10482 10480 7ff7d8c84bad _com_util::ConvertBSTRToString 10479->10480 10479->10482 10481 7ff7d8c84bb5 GetLastError 10480->10481 10481->10482 10482->9950 10539 7ff7d8c87e00 10483->10539 10486 7ff7d8c84f90 new 4 API calls 10487 7ff7d8c82401 10486->10487 10488 7ff7d8c8240e SysAllocString 10487->10488 10489 7ff7d8c82430 _com_issue_error 10487->10489 10488->10489 10490 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 10489->10490 10491 7ff7d8c82463 10490->10491 10492 7ff7d8c81320 10491->10492 10493 7ff7d8c81354 10492->10493 10494 7ff7d8c84f90 new 4 API calls 10493->10494 10495 7ff7d8c8136a 10494->10495 10496 7ff7d8c81382 _com_issue_error 10495->10496 10497 7ff7d8c81510 35 API calls 10495->10497 10498 7ff7d8c81190 std::locale::global SysFreeString 10496->10498 10497->10496 10499 7ff7d8c8139d 10498->10499 10499->10229 10499->10230 10501 7ff7d8c87e00 memcpy_s 10500->10501 10502 7ff7d8c822f9 GetModuleFileNameW 10501->10502 10503 7ff7d8c84f90 new 4 API calls 10502->10503 10504 7ff7d8c82316 10503->10504 10505 7ff7d8c82323 SysAllocString 10504->10505 10506 7ff7d8c82345 _com_issue_error 10504->10506 10505->10506 10507 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 10506->10507 10508 7ff7d8c82378 GetCurrentProcessId ProcessIdToSessionId 10507->10508 10508->10237 10510 7ff7d8c83020 10509->10510 10510->10510 10541 7ff7d8c84900 10510->10541 10512 7ff7d8c83047 10552 7ff7d8c84790 10512->10552 10514 7ff7d8c83057 10563 7ff7d8c82ec0 10514->10563 10516 7ff7d8c830ca 10522 7ff7d8c830f3 SysFreeString 10516->10522 10525 7ff7d8c830fc _com_util::ConvertBSTRToString 10516->10525 10517 7ff7d8c8307b 10517->10516 10518 7ff7d8c830a0 10517->10518 10585 7ff7d8c8ca20 10517->10585 10519 7ff7d8c830af 10518->10519 10521 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10518->10521 10523 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10519->10523 10524 7ff7d8c830be 10519->10524 10521->10519 10522->10525 10523->10524 10524->10516 10526 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10524->10526 10525->10281 10526->10516 10528 7ff7d8c81558 10527->10528 10529 7ff7d8c81546 10527->10529 10531 7ff7d8c81572 10528->10531 10532 7ff7d8c8156a SysStringLen 10528->10532 10529->10528 10530 7ff7d8c8154e SysStringLen 10529->10530 10530->10528 10533 7ff7d8c815a6 _com_issue_error 10531->10533 10534 7ff7d8c81590 SysAllocStringByteLen 10531->10534 10532->10531 10533->10261 10534->10533 10535 7ff7d8c815ac 10534->10535 10536 7ff7d8c815cf 10535->10536 10590 7ff7d8c81010 10535->10590 10536->10533 10538 7ff7d8c81010 32 API calls 10536->10538 10538->10533 10540 7ff7d8c823d9 GetModuleFileNameW PathRemoveFileSpecW 10539->10540 10540->10486 10542 7ff7d8c8492a 10541->10542 10551 7ff7d8c84941 memcpy_s 10541->10551 10543 7ff7d8c84933 10542->10543 10544 7ff7d8c8494f 10542->10544 10546 7ff7d8c8499e 10543->10546 10547 7ff7d8c8493c 10543->10547 10545 7ff7d8c84f90 new 4 API calls 10544->10545 10545->10551 10549 7ff7d8c84a74 Concurrency::cancel_current_task 2 API calls 10546->10549 10548 7ff7d8c84f90 new 4 API calls 10547->10548 10548->10551 10550 7ff7d8c849a3 10549->10550 10551->10512 10553 7ff7d8c847c7 10552->10553 10562 7ff7d8c847de memcpy_s 10552->10562 10554 7ff7d8c847ec 10553->10554 10555 7ff7d8c847d0 10553->10555 10558 7ff7d8c84f90 new 4 API calls 10554->10558 10556 7ff7d8c847d9 10555->10556 10557 7ff7d8c84846 10555->10557 10560 7ff7d8c84f90 new 4 API calls 10556->10560 10559 7ff7d8c84a74 Concurrency::cancel_current_task 2 API calls 10557->10559 10558->10562 10561 7ff7d8c8484b 10559->10561 10560->10562 10562->10514 10564 7ff7d8c82ee8 CreateFileW 10563->10564 10566 7ff7d8c82f55 10564->10566 10567 7ff7d8c82f2f _com_raise_error 10564->10567 10568 7ff7d8c82f62 WriteFile 10566->10568 10569 7ff7d8c82fc0 CloseHandle 10566->10569 10572 7ff7d8c87d14 _CxxThrowException 2 API calls 10567->10572 10571 7ff7d8c82f86 _com_raise_error 10568->10571 10570 7ff7d8c81190 std::locale::global SysFreeString 10569->10570 10575 7ff7d8c82fd2 10570->10575 10571->10569 10573 7ff7d8c87d14 _CxxThrowException 2 API calls 10571->10573 10572->10566 10574 7ff7d8c82fbf 10573->10574 10574->10569 10576 7ff7d8c84745 10575->10576 10577 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10575->10577 10582 7ff7d8c8475d 10575->10582 10578 7ff7d8c8474e 10576->10578 10579 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10576->10579 10577->10576 10580 7ff7d8c84757 10578->10580 10581 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10578->10581 10579->10578 10580->10582 10583 7ff7d8c8ca20 _invalid_parameter_noinfo_noreturn 32 API calls 10580->10583 10581->10580 10582->10517 10584 7ff7d8c8478f 10583->10584 10586 7ff7d8c8c950 _invalid_parameter_noinfo 32 API calls 10585->10586 10587 7ff7d8c8ca39 10586->10587 10588 7ff7d8c8ca50 _invalid_parameter_noinfo_noreturn 17 API calls 10587->10588 10589 7ff7d8c8ca4e 10588->10589 10591 7ff7d8c81061 memcpy_s 10590->10591 10595 7ff7d8c8102d memcpy_s 10590->10595 10591->10536 10592 7ff7d8c81032 10593 7ff7d8c8cb50 memcpy_s 15 API calls 10592->10593 10594 7ff7d8c81037 10593->10594 10596 7ff7d8c8ca00 _invalid_parameter_noinfo 32 API calls 10594->10596 10595->10591 10595->10592 10598 7ff7d8c8108d 10595->10598 10597 7ff7d8c81042 10596->10597 10597->10536 10598->10597 10599 7ff7d8c8cb50 memcpy_s 15 API calls 10598->10599 10600 7ff7d8c81097 10599->10600 10601 7ff7d8c8ca00 _invalid_parameter_noinfo 32 API calls 10600->10601 10602 7ff7d8c810a2 10601->10602 10602->10536 10604 7ff7d8c82a21 DeleteFileW 10603->10604 10606 7ff7d8c82a3d CreateTypeLib2 10604->10606 10608 7ff7d8c82a59 _com_raise_error 10606->10608 10610 7ff7d8c82a7c _com_raise_error _com_issue_error 10606->10610 10609 7ff7d8c87d14 _CxxThrowException 2 API calls 10608->10609 10609->10610 10611 7ff7d8c87d14 _CxxThrowException 2 API calls 10610->10611 10612 7ff7d8c82ae1 _com_raise_error _com_issue_error 10610->10612 10611->10612 10613 7ff7d8c87d14 _CxxThrowException 2 API calls 10612->10613 10614 7ff7d8c82b47 _com_raise_error _com_issue_error 10612->10614 10613->10614 10615 7ff7d8c87d14 _CxxThrowException 2 API calls 10614->10615 10616 7ff7d8c82b8d _com_raise_error _com_issue_error 10614->10616 10615->10616 10617 7ff7d8c87d14 _CxxThrowException 2 API calls 10616->10617 10618 7ff7d8c82bd8 _com_raise_error _com_issue_error 10616->10618 10617->10618 10619 7ff7d8c87d14 _CxxThrowException 2 API calls 10618->10619 10620 7ff7d8c82c20 _com_raise_error _com_issue_error 10618->10620 10619->10620 10621 7ff7d8c87d14 _CxxThrowException 2 API calls 10620->10621 10622 7ff7d8c82c64 _com_raise_error _com_issue_error 10620->10622 10621->10622 10623 7ff7d8c87d14 _CxxThrowException 2 API calls 10622->10623 10624 7ff7d8c82ca5 10622->10624 10623->10624 10625 7ff7d8c82cfd SysFreeString 10624->10625 10626 7ff7d8c82d06 _com_util::ConvertBSTRToString 10624->10626 10625->10626 10627 7ff7d8c82d47 SysFreeString 10626->10627 10628 7ff7d8c82d50 _com_util::ConvertBSTRToString 10626->10628 10627->10628 10628->10323 10630 7ff7d8c82dc3 CreateFileW 10629->10630 10632 7ff7d8c82e2b GetFileSize 10630->10632 10633 7ff7d8c82e04 _com_raise_error 10630->10633 10645 7ff7d8c84850 10632->10645 10636 7ff7d8c87d14 _CxxThrowException 2 API calls 10633->10636 10635 7ff7d8c82e42 10637 7ff7d8c82e9e CloseHandle 10635->10637 10638 7ff7d8c82e4e ReadFile 10635->10638 10640 7ff7d8c82e2a 10636->10640 10639 7ff7d8c81190 std::locale::global SysFreeString 10637->10639 10642 7ff7d8c82e6e _com_raise_error 10638->10642 10641 7ff7d8c82eb0 10639->10641 10640->10632 10641->10352 10641->10357 10642->10637 10643 7ff7d8c87d14 _CxxThrowException 2 API calls 10642->10643 10644 7ff7d8c82e9d 10643->10644 10644->10637 10646 7ff7d8c84872 10645->10646 10655 7ff7d8c84889 memcpy_s 10645->10655 10647 7ff7d8c8487b 10646->10647 10648 7ff7d8c84897 10646->10648 10649 7ff7d8c84884 10647->10649 10650 7ff7d8c848e3 10647->10650 10651 7ff7d8c84f90 new 4 API calls 10648->10651 10653 7ff7d8c84f90 new 4 API calls 10649->10653 10652 7ff7d8c84a74 Concurrency::cancel_current_task 2 API calls 10650->10652 10651->10655 10654 7ff7d8c848e8 10652->10654 10653->10655 10654->10635 10655->10635 10657 7ff7d8c81960 21 API calls 10656->10657 10658 7ff7d8c81a44 10657->10658 10659 7ff7d8c84f90 new 4 API calls 10658->10659 10661 7ff7d8c81a54 _com_issue_error 10658->10661 10659->10661 10660 7ff7d8c81130 74 API calls 10662 7ff7d8c81a99 10660->10662 10661->10660 10665 7ff7d8c81abe SysFreeString 10662->10665 10666 7ff7d8c81ac7 _com_util::ConvertBSTRToString 10662->10666 10663 7ff7d8c81b33 10663->10427 10664 7ff7d8c81130 74 API calls 10667 7ff7d8c81b2a 10664->10667 10665->10666 10666->10663 10666->10664 10705 7ff7d8c81b50 10667->10705 10670 7ff7d8c82390 15 API calls 10669->10670 10671 7ff7d8c824a9 10670->10671 10708 7ff7d8c82190 10671->10708 10674 7ff7d8c84f90 new 4 API calls 10676 7ff7d8c8251f 10674->10676 10675 7ff7d8c84f90 new 4 API calls 10678 7ff7d8c824d9 _com_issue_error 10675->10678 10677 7ff7d8c8252c SysAllocString 10676->10677 10679 7ff7d8c82548 _com_issue_error 10676->10679 10677->10679 10678->10674 10680 7ff7d8c84f90 new 4 API calls 10679->10680 10681 7ff7d8c8257a 10680->10681 10682 7ff7d8c81510 35 API calls 10681->10682 10684 7ff7d8c82594 _com_issue_error 10681->10684 10682->10684 10683 7ff7d8c81190 std::locale::global SysFreeString 10685 7ff7d8c825b4 10683->10685 10684->10683 10686 7ff7d8c825ce SysFreeString 10685->10686 10687 7ff7d8c825d7 _com_util::ConvertBSTRToString 10685->10687 10686->10687 10688 7ff7d8c82613 SysFreeString 10687->10688 10689 7ff7d8c8261c _com_util::ConvertBSTRToString 10687->10689 10688->10689 10689->10435 10691 7ff7d8c820be NtCreateSymbolicLinkObject 10690->10691 10693 7ff7d8c8211c 10691->10693 10694 7ff7d8c82140 10691->10694 10695 7ff7d8c81130 74 API calls 10693->10695 10696 7ff7d8c81130 74 API calls 10694->10696 10697 7ff7d8c82133 10695->10697 10698 7ff7d8c8214f 10696->10698 10697->10438 10697->10439 10698->10697 10699 7ff7d8c82164 CloseHandle 10698->10699 10699->10697 10701 7ff7d8c81130 74 API calls 10700->10701 10702 7ff7d8c81b9c 10701->10702 10703 7ff7d8c81130 74 API calls 10702->10703 10704 7ff7d8c81bb8 _com_util::ConvertBSTRToString 10702->10704 10703->10704 10704->10447 10706 7ff7d8c81130 74 API calls 10705->10706 10707 7ff7d8c81b68 10706->10707 10707->10663 10709 7ff7d8c87e00 memcpy_s 10708->10709 10710 7ff7d8c821f8 QueryDosDeviceW 10709->10710 10711 7ff7d8c8226b 10710->10711 10712 7ff7d8c82212 10710->10712 10713 7ff7d8c81130 74 API calls 10711->10713 10714 7ff7d8c84f90 new 4 API calls 10712->10714 10717 7ff7d8c82245 _com_issue_error 10713->10717 10715 7ff7d8c8221a 10714->10715 10716 7ff7d8c82227 SysAllocString 10715->10716 10715->10717 10716->10717 10718 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 10717->10718 10719 7ff7d8c82295 10718->10719 10719->10675 10719->10678 10721 7ff7d8c8c7d5 10720->10721 10724 7ff7d8c8c098 10721->10724 10725 7ff7d8c8c0bf 10724->10725 10728 7ff7d8c8c0e5 10724->10728 10726 7ff7d8c8cb50 memcpy_s 15 API calls 10725->10726 10729 7ff7d8c8c0c4 10726->10729 10727 7ff7d8c8c0f3 10745 7ff7d8c895ec 10727->10745 10728->10725 10728->10727 10731 7ff7d8c8ca00 _invalid_parameter_noinfo 32 API calls 10729->10731 10744 7ff7d8c843a7 GetCurrentProcess OpenProcessToken 10731->10744 10733 7ff7d8c8c100 10735 7ff7d8c8c133 10733->10735 10753 7ff7d8c90934 10733->10753 10734 7ff7d8c8c390 10736 7ff7d8c8cb50 memcpy_s 15 API calls 10734->10736 10740 7ff7d8c8c664 10734->10740 10735->10734 10737 7ff7d8c8cb50 memcpy_s 15 API calls 10735->10737 10739 7ff7d8c8c659 10736->10739 10741 7ff7d8c8c3d8 10737->10741 10738 7ff7d8c8cb50 memcpy_s 15 API calls 10738->10744 10742 7ff7d8c8ca00 _invalid_parameter_noinfo 32 API calls 10739->10742 10740->10738 10740->10744 10743 7ff7d8c8ca00 _invalid_parameter_noinfo 32 API calls 10741->10743 10742->10740 10743->10734 10744->10456 10744->10457 10746 7ff7d8c89602 10745->10746 10747 7ff7d8c89607 10745->10747 10746->10733 10747->10746 10757 7ff7d8c8ebd4 GetLastError 10747->10757 10749 7ff7d8c89623 10784 7ff7d8c8ee78 10749->10784 10754 7ff7d8c9094f 10753->10754 10755 7ff7d8c9094b 10753->10755 10754->10755 10756 7ff7d8c90969 GetStringTypeW 10754->10756 10755->10733 10756->10755 10758 7ff7d8c8ebf6 10757->10758 10759 7ff7d8c8ebf1 10757->10759 10761 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 10758->10761 10763 7ff7d8c8ebfe 10758->10763 10760 7ff7d8c902a4 _GetRangeOfTrysToCheck 6 API calls 10759->10760 10760->10758 10762 7ff7d8c8ec18 10761->10762 10764 7ff7d8c8ec91 SetLastError 10762->10764 10766 7ff7d8c8dea8 __vcrt_getptd_noexit 15 API calls 10762->10766 10763->10764 10767 7ff7d8c8ec7b SetLastError 10763->10767 10781 7ff7d8c8ec04 10763->10781 10792 7ff7d8c8de50 10764->10792 10769 7ff7d8c8ec2b 10766->10769 10767->10749 10770 7ff7d8c8ec49 10769->10770 10771 7ff7d8c8ec39 10769->10771 10773 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 10770->10773 10772 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 10771->10772 10775 7ff7d8c8ec40 10772->10775 10774 7ff7d8c8ec51 10773->10774 10776 7ff7d8c8ec55 10774->10776 10777 7ff7d8c8ec67 10774->10777 10778 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10775->10778 10779 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 10776->10779 10780 7ff7d8c8e984 _GetRangeOfTrysToCheck 15 API calls 10777->10780 10778->10781 10779->10775 10782 7ff7d8c8ec6f 10780->10782 10781->10764 10783 7ff7d8c8ddb0 __free_lconv_num 15 API calls 10782->10783 10783->10763 10785 7ff7d8c89647 10784->10785 10786 7ff7d8c8ee8d 10784->10786 10788 7ff7d8c8eeac 10785->10788 10786->10785 10836 7ff7d8c92bc0 10786->10836 10789 7ff7d8c8eec1 10788->10789 10790 7ff7d8c8eed4 10788->10790 10789->10790 10848 7ff7d8c9193c 10789->10848 10790->10746 10801 7ff7d8c92e68 10792->10801 10827 7ff7d8c92e20 10801->10827 10832 7ff7d8c8df94 EnterCriticalSection 10827->10832 10837 7ff7d8c8ebd4 _GetRangeOfTrysToCheck 36 API calls 10836->10837 10838 7ff7d8c92bcf 10837->10838 10846 7ff7d8c92c21 10838->10846 10847 7ff7d8c8df94 EnterCriticalSection 10838->10847 10846->10785 10849 7ff7d8c8ebd4 _GetRangeOfTrysToCheck 36 API calls 10848->10849 10850 7ff7d8c91945 10849->10850 10852 7ff7d8c8ebd4 _GetRangeOfTrysToCheck 36 API calls 10851->10852 10853 7ff7d8c8dd39 10852->10853 10854 7ff7d8c8de50 _GetRangeOfTrysToCheck 36 API calls 10853->10854 10855 7ff7d8c8dd4f 10854->10855 9671 7ff7d8c81de0 9672 7ff7d8c81e27 9671->9672 9673 7ff7d8c81e06 9671->9673 9675 7ff7d8c81e54 9672->9675 9678 7ff7d8c81e40 9672->9678 9673->9672 9674 7ff7d8c81e13 9673->9674 9693 7ff7d8c81130 9674->9693 9676 7ff7d8c81e7e 9675->9676 9679 7ff7d8c81e6d 9675->9679 9682 7ff7d8c81e97 9676->9682 9683 7ff7d8c81ee2 9676->9683 9680 7ff7d8c81130 74 API calls 9678->9680 9681 7ff7d8c81130 74 API calls 9679->9681 9687 7ff7d8c81e1f 9680->9687 9681->9687 9686 7ff7d8c81130 74 API calls 9682->9686 9697 7ff7d8c81960 9683->9697 9686->9687 9689 7ff7d8c81ef5 9690 7ff7d8c81130 74 API calls 9689->9690 9691 7ff7d8c81f07 9690->9691 9711 7ff7d8c81190 9691->9711 9694 7ff7d8c8115d __scrt_initialize_default_local_stdio_options 9693->9694 9715 7ff7d8c8babc 9694->9715 9848 7ff7d8c84f90 9697->9848 9700 7ff7d8c819b5 _com_issue_error 9702 7ff7d8c819cf StringFromIID 9700->9702 9703 7ff7d8c819e9 9702->9703 9704 7ff7d8c81a01 9702->9704 9867 7ff7d8c81210 9703->9867 9707 7ff7d8c814b0 9704->9707 9706 7ff7d8c819f6 CoTaskMemFree 9706->9704 9708 7ff7d8c814c8 9707->9708 9710 7ff7d8c814d2 _com_issue_error 9707->9710 9709 7ff7d8c84f90 new 4 API calls 9708->9709 9709->9710 9710->9689 9712 7ff7d8c811a5 9711->9712 9713 7ff7d8c811cc _com_util::ConvertBSTRToString 9711->9713 9712->9713 9714 7ff7d8c811bf SysFreeString 9712->9714 9713->9687 9714->9713 9716 7ff7d8c8bae2 9715->9716 9717 7ff7d8c8baf7 9715->9717 9731 7ff7d8c8cb50 9716->9731 9717->9716 9718 7ff7d8c8bafc 9717->9718 9724 7ff7d8c88d64 9718->9724 9722 7ff7d8c8117b 9722->9687 9737 7ff7d8c8bd50 EnterCriticalSection 9724->9737 9726 7ff7d8c88d81 9727 7ff7d8c8967c 72 API calls 9726->9727 9728 7ff7d8c88d8a 9727->9728 9729 7ff7d8c8bd5c LeaveCriticalSection 9728->9729 9730 7ff7d8c88d94 9729->9730 9730->9722 9738 7ff7d8c8ed48 GetLastError 9731->9738 9734 7ff7d8c8ca00 9814 7ff7d8c8c950 9734->9814 9739 7ff7d8c8ed65 9738->9739 9740 7ff7d8c8ed6a 9738->9740 9764 7ff7d8c902a4 9739->9764 9745 7ff7d8c8ed72 9740->9745 9768 7ff7d8c902ec 9740->9768 9744 7ff7d8c8ed7c SetLastError 9747 7ff7d8c8bae7 9744->9747 9745->9744 9749 7ff7d8c8ee0a SetLastError 9745->9749 9747->9734 9749->9747 9750 7ff7d8c8edd4 9753 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 9750->9753 9751 7ff7d8c8edc4 9752 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 9751->9752 9754 7ff7d8c8edcb 9752->9754 9755 7ff7d8c8eddc 9753->9755 9780 7ff7d8c8ddb0 9754->9780 9756 7ff7d8c8ede0 9755->9756 9757 7ff7d8c8edf2 9755->9757 9760 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 9756->9760 9786 7ff7d8c8e984 9757->9786 9760->9754 9762 7ff7d8c8edd2 9762->9744 9765 7ff7d8c8ff10 try_get_function 5 API calls 9764->9765 9766 7ff7d8c902cb TlsGetValue 9765->9766 9769 7ff7d8c8ff10 try_get_function 5 API calls 9768->9769 9770 7ff7d8c9031a 9769->9770 9771 7ff7d8c8eda3 9770->9771 9772 7ff7d8c9032c TlsSetValue 9770->9772 9771->9744 9773 7ff7d8c8dea8 9771->9773 9772->9771 9774 7ff7d8c8deb9 __vcrt_getptd_noexit 9773->9774 9775 7ff7d8c8df0a 9774->9775 9776 7ff7d8c8deee RtlAllocateHeap 9774->9776 9791 7ff7d8c8cb94 9774->9791 9778 7ff7d8c8cb50 memcpy_s 14 API calls 9775->9778 9776->9774 9777 7ff7d8c8df08 9776->9777 9777->9750 9777->9751 9778->9777 9781 7ff7d8c8ddb5 HeapFree 9780->9781 9785 7ff7d8c8dde5 __free_lconv_num 9780->9785 9782 7ff7d8c8ddd0 9781->9782 9781->9785 9783 7ff7d8c8cb50 memcpy_s 13 API calls 9782->9783 9784 7ff7d8c8ddd5 GetLastError 9783->9784 9784->9785 9785->9762 9800 7ff7d8c8e85c 9786->9800 9794 7ff7d8c8cbc4 9791->9794 9799 7ff7d8c8df94 EnterCriticalSection 9794->9799 9812 7ff7d8c8df94 EnterCriticalSection 9800->9812 9815 7ff7d8c8ed48 _invalid_parameter_noinfo 15 API calls 9814->9815 9816 7ff7d8c8c975 9815->9816 9817 7ff7d8c8c986 9816->9817 9822 7ff7d8c8ca50 IsProcessorFeaturePresent 9816->9822 9817->9722 9823 7ff7d8c8ca63 9822->9823 9826 7ff7d8c8c7ec 9823->9826 9827 7ff7d8c8c826 memcpy_s _invalid_parameter_noinfo_noreturn 9826->9827 9828 7ff7d8c8c84e RtlCaptureContext RtlLookupFunctionEntry 9827->9828 9829 7ff7d8c8c888 RtlVirtualUnwind 9828->9829 9830 7ff7d8c8c8be IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 9828->9830 9829->9830 9832 7ff7d8c8c910 _invalid_parameter_noinfo_noreturn 9830->9832 9834 7ff7d8c84df0 9832->9834 9835 7ff7d8c84dfa 9834->9835 9836 7ff7d8c84e06 GetCurrentProcess TerminateProcess 9835->9836 9837 7ff7d8c84e48 IsProcessorFeaturePresent 9835->9837 9838 7ff7d8c84e5f 9837->9838 9843 7ff7d8c84f1c RtlCaptureContext 9838->9843 9844 7ff7d8c84f36 RtlLookupFunctionEntry 9843->9844 9845 7ff7d8c84f4c RtlVirtualUnwind 9844->9845 9846 7ff7d8c84e72 9844->9846 9845->9844 9845->9846 9847 7ff7d8c84e14 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 9846->9847 9849 7ff7d8c84f9b _com_util::ConvertStringToBSTR 9848->9849 9850 7ff7d8c8198d 9849->9850 9851 7ff7d8c8cb94 new 2 API calls 9849->9851 9875 7ff7d8c85694 9849->9875 9879 7ff7d8c84a74 9849->9879 9850->9700 9854 7ff7d8c84c00 9850->9854 9851->9849 9857 7ff7d8c84c37 _com_issue_error 9854->9857 9865 7ff7d8c84c30 _com_issue_error _com_util::ConvertStringToBSTR 9854->9865 9855 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 9856 7ff7d8c84d97 9855->9856 9856->9700 9858 7ff7d8c84c64 MultiByteToWideChar 9857->9858 9859 7ff7d8c84c8a GetLastError 9858->9859 9860 7ff7d8c84c94 _com_issue_error _com_util::ConvertStringToBSTR 9858->9860 9859->9860 9861 7ff7d8c84d12 MultiByteToWideChar 9860->9861 9862 7ff7d8c84d5b SysAllocString 9861->9862 9863 7ff7d8c84d30 _com_util::ConvertStringToBSTR 9861->9863 9862->9865 9864 7ff7d8c84d41 GetLastError 9863->9864 9866 7ff7d8c84d4b _com_issue_error 9864->9866 9865->9855 9866->9862 9868 7ff7d8c8123b 9867->9868 9872 7ff7d8c81276 SysFreeString 9868->9872 9873 7ff7d8c8127f _com_util::ConvertBSTRToString 9868->9873 9874 7ff7d8c812d4 _com_issue_error 9868->9874 9869 7ff7d8c84f90 new 4 API calls 9870 7ff7d8c812ab 9869->9870 9871 7ff7d8c812b8 SysAllocString 9870->9871 9870->9874 9871->9874 9872->9873 9873->9869 9874->9706 9876 7ff7d8c856a2 std::bad_alloc::bad_alloc 9875->9876 9883 7ff7d8c87d14 9876->9883 9878 7ff7d8c856b3 9880 7ff7d8c84a82 std::bad_alloc::bad_alloc 9879->9880 9881 7ff7d8c87d14 _CxxThrowException 2 API calls 9880->9881 9882 7ff7d8c84a93 9881->9882 9882->9849 9884 7ff7d8c87d82 RtlPcToFileHeader 9883->9884 9887 7ff7d8c87d60 9883->9887 9885 7ff7d8c87dc2 RaiseException 9884->9885 9886 7ff7d8c87da7 9884->9886 9885->9878 9886->9885 9887->9884 9624 7ff7d8c88b7c 9625 7ff7d8c88be3 9624->9625 9626 7ff7d8c88b99 GetModuleHandleW 9624->9626 9634 7ff7d8c88a60 9625->9634 9626->9625 9627 7ff7d8c88ba6 9626->9627 9627->9625 9648 7ff7d8c88c84 GetModuleHandleExW 9627->9648 9630 7ff7d8c88c25 9632 7ff7d8c88c37 9654 7ff7d8c8df94 EnterCriticalSection 9634->9654 9636 7ff7d8c88a7c 9637 7ff7d8c88a98 33 API calls 9636->9637 9638 7ff7d8c88a85 9637->9638 9639 7ff7d8c8dfe8 _onexit LeaveCriticalSection 9638->9639 9640 7ff7d8c88a8d 9639->9640 9640->9630 9641 7ff7d8c88c38 9640->9641 9655 7ff7d8c8e004 9641->9655 9644 7ff7d8c88c72 9646 7ff7d8c88c84 3 API calls 9644->9646 9645 7ff7d8c88c61 GetCurrentProcess TerminateProcess 9645->9644 9647 7ff7d8c88c79 ExitProcess 9646->9647 9649 7ff7d8c88cc9 9648->9649 9650 7ff7d8c88caa GetProcAddress 9648->9650 9651 7ff7d8c88cd3 FreeLibrary 9649->9651 9652 7ff7d8c88cd9 9649->9652 9650->9649 9653 7ff7d8c88cc1 9650->9653 9651->9652 9652->9625 9653->9649 9656 7ff7d8c8e022 9655->9656 9657 7ff7d8c88c45 9655->9657 9659 7ff7d8c900e8 9656->9659 9657->9644 9657->9645 9662 7ff7d8c8ff10 9659->9662 9663 7ff7d8c8ff6c try_get_function 9662->9663 9668 7ff7d8c8ff71 9662->9668 9664 7ff7d8c8ffa0 LoadLibraryExW 9663->9664 9667 7ff7d8c90054 9663->9667 9663->9668 9669 7ff7d8c90039 FreeLibrary 9663->9669 9670 7ff7d8c8fffb LoadLibraryExW 9663->9670 9664->9663 9665 7ff7d8c8ffc1 GetLastError 9664->9665 9665->9663 9666 7ff7d8c90062 GetProcAddress 9666->9668 9667->9666 9667->9668 9668->9657 9669->9663 9670->9663 12076 7ff7d8c8d6a0 12079 7ff7d8c8d624 12076->12079 12086 7ff7d8c8df94 EnterCriticalSection 12079->12086 10856 7ff7d8c81c20 10857 7ff7d8c81960 21 API calls 10856->10857 10858 7ff7d8c81c6a 10857->10858 10859 7ff7d8c84f90 new 4 API calls 10858->10859 10867 7ff7d8c81c7e _com_issue_error 10858->10867 10859->10867 10860 7ff7d8c81130 74 API calls 10861 7ff7d8c81cc0 10860->10861 10865 7ff7d8c81cee _com_util::ConvertBSTRToString 10861->10865 10866 7ff7d8c81ce5 SysFreeString 10861->10866 10862 7ff7d8c81d5b CoMarshalInterface 10864 7ff7d8c81130 74 API calls 10862->10864 10863 7ff7d8c81130 74 API calls 10868 7ff7d8c81d4f 10863->10868 10869 7ff7d8c81d95 10864->10869 10865->10862 10865->10863 10866->10865 10867->10860 10868->10862 10870 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 10869->10870 10871 7ff7d8c81da4 10870->10871 11312 7ff7d8c961d0 11315 7ff7d8c918dc 11312->11315 11316 7ff7d8c9192e 11315->11316 11317 7ff7d8c918e9 11315->11317 11321 7ff7d8c8eca0 11317->11321 11322 7ff7d8c8ecb1 11321->11322 11323 7ff7d8c8ecb6 11321->11323 11324 7ff7d8c902a4 _GetRangeOfTrysToCheck 6 API calls 11322->11324 11325 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 11323->11325 11327 7ff7d8c8ecbe 11323->11327 11324->11323 11326 7ff7d8c8ecd5 11325->11326 11326->11327 11329 7ff7d8c8dea8 __vcrt_getptd_noexit 15 API calls 11326->11329 11328 7ff7d8c8de50 _GetRangeOfTrysToCheck 36 API calls 11327->11328 11331 7ff7d8c8ed38 11327->11331 11332 7ff7d8c8ed46 11328->11332 11330 7ff7d8c8ece8 11329->11330 11333 7ff7d8c8ed06 11330->11333 11334 7ff7d8c8ecf6 11330->11334 11346 7ff7d8c91660 11331->11346 11336 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 11333->11336 11335 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 11334->11335 11343 7ff7d8c8ecfd 11335->11343 11337 7ff7d8c8ed0e 11336->11337 11338 7ff7d8c8ed12 11337->11338 11339 7ff7d8c8ed24 11337->11339 11341 7ff7d8c902ec _GetRangeOfTrysToCheck 6 API calls 11338->11341 11342 7ff7d8c8e984 _GetRangeOfTrysToCheck 15 API calls 11339->11342 11340 7ff7d8c8ddb0 __free_lconv_num 15 API calls 11340->11327 11341->11343 11344 7ff7d8c8ed2c 11342->11344 11343->11340 11345 7ff7d8c8ddb0 __free_lconv_num 15 API calls 11344->11345 11345->11327 11364 7ff7d8c91824 11346->11364 11351 7ff7d8c916a3 11351->11316 11352 7ff7d8c8ddf0 _onexit 16 API calls 11354 7ff7d8c916b4 11352->11354 11353 7ff7d8c8ddb0 __free_lconv_num 15 API calls 11353->11351 11359 7ff7d8c9174f 11354->11359 11381 7ff7d8c91958 11354->11381 11357 7ff7d8c9174a 11358 7ff7d8c8cb50 memcpy_s 15 API calls 11357->11358 11358->11359 11359->11353 11360 7ff7d8c9176f 11361 7ff7d8c8ddb0 __free_lconv_num 15 API calls 11360->11361 11362 7ff7d8c917ac 11360->11362 11361->11362 11362->11359 11391 7ff7d8c91198 11362->11391 11365 7ff7d8c91847 11364->11365 11366 7ff7d8c91851 11365->11366 11406 7ff7d8c8df94 EnterCriticalSection 11365->11406 11369 7ff7d8c91689 11366->11369 11371 7ff7d8c8de50 _GetRangeOfTrysToCheck 36 API calls 11366->11371 11374 7ff7d8c9136c 11369->11374 11371->11369 11375 7ff7d8c895ec 36 API calls 11374->11375 11376 7ff7d8c91380 11375->11376 11377 7ff7d8c9138c GetOEMCP 11376->11377 11378 7ff7d8c9139e 11376->11378 11379 7ff7d8c913b3 11377->11379 11378->11379 11380 7ff7d8c913a3 GetACP 11378->11380 11379->11351 11379->11352 11380->11379 11382 7ff7d8c9136c 38 API calls 11381->11382 11383 7ff7d8c91983 11382->11383 11384 7ff7d8c9198b 11383->11384 11385 7ff7d8c919cd IsValidCodePage 11383->11385 11389 7ff7d8c919f3 memcpy_s 11383->11389 11387 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 11384->11387 11385->11384 11386 7ff7d8c919de GetCPInfo 11385->11386 11386->11384 11386->11389 11388 7ff7d8c91743 11387->11388 11388->11357 11388->11360 11407 7ff7d8c9147c GetCPInfo 11389->11407 11472 7ff7d8c8df94 EnterCriticalSection 11391->11472 11408 7ff7d8c915a5 11407->11408 11413 7ff7d8c914c5 11407->11413 11410 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 11408->11410 11412 7ff7d8c91649 11410->11412 11412->11384 11417 7ff7d8c926dc 11413->11417 11416 7ff7d8c934c0 41 API calls 11416->11408 11418 7ff7d8c895ec 36 API calls 11417->11418 11419 7ff7d8c9271e MultiByteToWideChar 11418->11419 11421 7ff7d8c9275c 11419->11421 11422 7ff7d8c92763 11419->11422 11425 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 11421->11425 11423 7ff7d8c9278d memcpy_s _com_util::ConvertStringToBSTR 11422->11423 11424 7ff7d8c8ddf0 _onexit 16 API calls 11422->11424 11427 7ff7d8c927fd MultiByteToWideChar 11423->11427 11428 7ff7d8c92838 11423->11428 11424->11423 11426 7ff7d8c91539 11425->11426 11431 7ff7d8c934c0 11426->11431 11427->11428 11429 7ff7d8c9281e GetStringTypeW 11427->11429 11428->11421 11430 7ff7d8c8ddb0 __free_lconv_num 15 API calls 11428->11430 11429->11428 11430->11421 11432 7ff7d8c895ec 36 API calls 11431->11432 11433 7ff7d8c934e5 11432->11433 11436 7ff7d8c9316c 11433->11436 11437 7ff7d8c931ae 11436->11437 11438 7ff7d8c931d2 MultiByteToWideChar 11437->11438 11439 7ff7d8c93204 11438->11439 11440 7ff7d8c93475 11438->11440 11444 7ff7d8c8ddf0 _onexit 16 API calls 11439->11444 11447 7ff7d8c93238 _com_util::ConvertStringToBSTR 11439->11447 11441 7ff7d8c84df0 _com_util::ConvertStringToBSTR 8 API calls 11440->11441 11442 7ff7d8c9156c 11441->11442 11442->11416 11443 7ff7d8c9329c MultiByteToWideChar 11445 7ff7d8c932c2 11443->11445 11449 7ff7d8c9334d 11443->11449 11444->11447 11463 7ff7d8c903a4 11445->11463 11447->11443 11447->11449 11449->11440 11450 7ff7d8c8ddb0 __free_lconv_num 15 API calls 11449->11450 11450->11440 11451 7ff7d8c9330a 11451->11449 11454 7ff7d8c903a4 6 API calls 11451->11454 11452 7ff7d8c9335c 11453 7ff7d8c8ddf0 _onexit 16 API calls 11452->11453 11455 7ff7d8c93383 _com_util::ConvertStringToBSTR 11452->11455 11453->11455 11454->11449 11455->11449 11456 7ff7d8c903a4 6 API calls 11455->11456 11457 7ff7d8c93416 11456->11457 11458 7ff7d8c9344c 11457->11458 11460 7ff7d8c93440 WideCharToMultiByte 11457->11460 11458->11449 11459 7ff7d8c8ddb0 __free_lconv_num 15 API calls 11458->11459 11459->11449 11460->11458 11461 7ff7d8c934ac 11460->11461 11461->11449 11462 7ff7d8c8ddb0 __free_lconv_num 15 API calls 11461->11462 11462->11449 11464 7ff7d8c8ff10 try_get_function 5 API calls 11463->11464 11465 7ff7d8c903e2 11464->11465 11467 7ff7d8c903e7 11465->11467 11469 7ff7d8c90480 11465->11469 11467->11449 11467->11451 11467->11452 11468 7ff7d8c90443 LCMapStringW 11468->11467 11470 7ff7d8c8ff10 try_get_function 5 API calls 11469->11470 11471 7ff7d8c904ae __crtDownlevelLocaleNameToLCID 11470->11471 11471->11468 12373 7ff7d8c8ea54 12374 7ff7d8c8ea6e 12373->12374 12375 7ff7d8c8ea59 12373->12375 12379 7ff7d8c8ea74 12375->12379 12380 7ff7d8c8eabe 12379->12380 12381 7ff7d8c8eab6 12379->12381 12383 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12380->12383 12382 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12381->12382 12382->12380 12384 7ff7d8c8eacb 12383->12384 12385 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12384->12385 12386 7ff7d8c8ead8 12385->12386 12387 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12386->12387 12388 7ff7d8c8eae5 12387->12388 12389 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12388->12389 12390 7ff7d8c8eaf2 12389->12390 12391 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12390->12391 12392 7ff7d8c8eaff 12391->12392 12393 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12392->12393 12394 7ff7d8c8eb0c 12393->12394 12395 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12394->12395 12396 7ff7d8c8eb19 12395->12396 12397 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12396->12397 12398 7ff7d8c8eb29 12397->12398 12399 7ff7d8c8ddb0 __free_lconv_num 15 API calls 12398->12399 12400 7ff7d8c8eb39 12399->12400 12405 7ff7d8c8e924 12400->12405 12419 7ff7d8c8df94 EnterCriticalSection 12405->12419 12444 7ff7d8c98c3c 12445 7ff7d8c98c55 12444->12445 12446 7ff7d8c98c4b 12444->12446 12448 7ff7d8c8dfe8 LeaveCriticalSection 12446->12448

Executed Functions

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 615 7ff7d8c829e0-7ff7d8c82a1f 616 7ff7d8c82a26 615->616 617 7ff7d8c82a21-7ff7d8c82a24 615->617 618 7ff7d8c82a29-7ff7d8c82a3b DeleteFileW 616->618 617->618 619 7ff7d8c82a3d-7ff7d8c82a40 618->619 620 7ff7d8c82a42 618->620 621 7ff7d8c82a45-7ff7d8c82a57 CreateTypeLib2 619->621 620->621 622 7ff7d8c82a7d-7ff7d8c82a85 621->622 623 7ff7d8c82a59-7ff7d8c82a7c call 7ff7d8c81630 call 7ff7d8c87d14 621->623 625 7ff7d8c82a87-7ff7d8c82a91 call 7ff7d8c84ab0 622->625 626 7ff7d8c82a92-7ff7d8c82abc 622->626 623->622 625->626 634 7ff7d8c82abe-7ff7d8c82ae1 call 7ff7d8c81630 call 7ff7d8c87d14 626->634 635 7ff7d8c82ae2-7ff7d8c82aef 626->635 634->635 637 7ff7d8c82afc-7ff7d8c82b07 635->637 638 7ff7d8c82af1-7ff7d8c82afb call 7ff7d8c84ab0 635->638 641 7ff7d8c82b0e 637->641 642 7ff7d8c82b09-7ff7d8c82b0c 637->642 638->637 645 7ff7d8c82b11-7ff7d8c82b24 641->645 642->645 648 7ff7d8c82b48-7ff7d8c82b50 645->648 649 7ff7d8c82b26-7ff7d8c82b47 call 7ff7d8c81630 call 7ff7d8c87d14 645->649 651 7ff7d8c82b5d-7ff7d8c82b6a 648->651 652 7ff7d8c82b52-7ff7d8c82b5c call 7ff7d8c84ab0 648->652 649->648 659 7ff7d8c82b8e-7ff7d8c82b96 651->659 660 7ff7d8c82b6c-7ff7d8c82b8d call 7ff7d8c81630 call 7ff7d8c87d14 651->660 652->651 661 7ff7d8c82b98-7ff7d8c82ba2 call 7ff7d8c84ab0 659->661 662 7ff7d8c82ba3-7ff7d8c82bb5 659->662 660->659 661->662 669 7ff7d8c82bd9-7ff7d8c82be1 662->669 670 7ff7d8c82bb7-7ff7d8c82bd8 call 7ff7d8c81630 call 7ff7d8c87d14 662->670 673 7ff7d8c82bee-7ff7d8c82bfd 669->673 674 7ff7d8c82be3-7ff7d8c82bed call 7ff7d8c84ab0 669->674 670->669 680 7ff7d8c82c21-7ff7d8c82c29 673->680 681 7ff7d8c82bff-7ff7d8c82c20 call 7ff7d8c81630 call 7ff7d8c87d14 673->681 674->673 684 7ff7d8c82c2b-7ff7d8c82c35 call 7ff7d8c84ab0 680->684 685 7ff7d8c82c36-7ff7d8c82c41 680->685 681->680 684->685 692 7ff7d8c82c65-7ff7d8c82c6d 685->692 693 7ff7d8c82c43-7ff7d8c82c64 call 7ff7d8c81630 call 7ff7d8c87d14 685->693 695 7ff7d8c82c7a-7ff7d8c82c82 692->695 696 7ff7d8c82c6f-7ff7d8c82c79 call 7ff7d8c84ab0 692->696 693->692 703 7ff7d8c82ca6-7ff7d8c82cae 695->703 704 7ff7d8c82c84-7ff7d8c82ca5 call 7ff7d8c81630 call 7ff7d8c87d14 695->704 696->695 705 7ff7d8c82cb7-7ff7d8c82cbf 703->705 706 7ff7d8c82cb0-7ff7d8c82cb6 703->706 704->703 708 7ff7d8c82cc8-7ff7d8c82cd0 705->708 709 7ff7d8c82cc1-7ff7d8c82cc7 705->709 706->705 712 7ff7d8c82cd9-7ff7d8c82ce2 708->712 713 7ff7d8c82cd2-7ff7d8c82cd8 708->713 709->708 716 7ff7d8c82d28-7ff7d8c82d2e 712->716 717 7ff7d8c82ce4-7ff7d8c82cee 712->717 713->712 719 7ff7d8c82d72-7ff7d8c82d88 716->719 720 7ff7d8c82d30-7ff7d8c82d38 716->720 722 7ff7d8c82d25 717->722 723 7ff7d8c82cf0-7ff7d8c82cf3 717->723 724 7ff7d8c82d3a-7ff7d8c82d3d 720->724 725 7ff7d8c82d6f 720->725 722->716 723->722 726 7ff7d8c82cf5-7ff7d8c82cfb 723->726 724->725 729 7ff7d8c82d3f-7ff7d8c82d45 724->729 725->719 727 7ff7d8c82cfd-7ff7d8c82d03 SysFreeString 726->727 728 7ff7d8c82d06-7ff7d8c82d0d 726->728 727->728 730 7ff7d8c82d18-7ff7d8c82d20 call 7ff7d8c84fd4 728->730 731 7ff7d8c82d0f-7ff7d8c82d14 call 7ff7d8c84fd4 728->731 732 7ff7d8c82d47-7ff7d8c82d4d SysFreeString 729->732 733 7ff7d8c82d50-7ff7d8c82d57 729->733 730->722 731->730 732->733 736 7ff7d8c82d59-7ff7d8c82d5e call 7ff7d8c84fd4 733->736 737 7ff7d8c82d62-7ff7d8c82d6a call 7ff7d8c84fd4 733->737 736->737 737->725
APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ExceptionThrow$_com_issue_error$FreeString$CreateDeleteFileLib2Type
  • String ID:
  • API String ID: 765469567-0
  • Opcode ID: ab5588bce601e1110019ebb9a3df13f8cb642e2dfca371160a9a387234fbc748
  • Instruction ID: 868653c56ee72a6e89502326ee1a0566c071cd4049fd305f70d29ff0e9bf882a
  • Opcode Fuzzy Hash: ab5588bce601e1110019ebb9a3df13f8cb642e2dfca371160a9a387234fbc748
  • Instruction Fuzzy Hash: 98B19D22B48A42C6EB55AB21D494BBDE3A4EF80BC4FD44477DA4E47B99DE3CD405C328
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 742 7ff7d8c82650-7ff7d8c826b1 CoCreateInstance 743 7ff7d8c826d5-7ff7d8c8272e call 7ff7d8c84f90 * 2 742->743 744 7ff7d8c826b3-7ff7d8c826d4 call 7ff7d8c81630 call 7ff7d8c87d14 742->744 753 7ff7d8c8274e-7ff7d8c8277d call 7ff7d8c81a10 743->753 754 7ff7d8c82730-7ff7d8c82737 743->754 744->743 759 7ff7d8c8278e-7ff7d8c827a8 CoGetStdMarshalEx 753->759 760 7ff7d8c8277f-7ff7d8c82784 753->760 755 7ff7d8c82739 754->755 756 7ff7d8c8273f-7ff7d8c82742 754->756 755->756 756->753 757 7ff7d8c82744-7ff7d8c8274d 756->757 757->753 761 7ff7d8c827cc-7ff7d8c827d8 759->761 762 7ff7d8c827aa-7ff7d8c827cb call 7ff7d8c81630 call 7ff7d8c87d14 759->762 760->759 764 7ff7d8c82786-7ff7d8c8278d call 7ff7d8c84ab0 760->764 766 7ff7d8c827da-7ff7d8c827e4 call 7ff7d8c84ab0 761->766 767 7ff7d8c827e5-7ff7d8c8280a 761->767 762->761 764->759 766->767 776 7ff7d8c8282e-7ff7d8c8285c call 7ff7d8c84f90 767->776 777 7ff7d8c8280c-7ff7d8c8282d call 7ff7d8c81630 call 7ff7d8c87d14 767->777 783 7ff7d8c8285e-7ff7d8c82865 776->783 784 7ff7d8c8287b-7ff7d8c8288f call 7ff7d8c82480 776->784 777->776 786 7ff7d8c8286d-7ff7d8c82870 783->786 787 7ff7d8c82867 783->787 791 7ff7d8c82896 784->791 792 7ff7d8c82891-7ff7d8c82894 784->792 786->784 789 7ff7d8c82872-7ff7d8c82875 786->789 787->786 789->784 793 7ff7d8c82899-7ff7d8c828aa call 7ff7d8c82040 791->793 792->793 796 7ff7d8c828ac-7ff7d8c828b7 793->796 797 7ff7d8c828f2-7ff7d8c828fa 793->797 798 7ff7d8c828ee 796->798 799 7ff7d8c828b9-7ff7d8c828bc 796->799 800 7ff7d8c828fc-7ff7d8c82906 call 7ff7d8c84ab0 797->800 801 7ff7d8c82907-7ff7d8c8292e call 7ff7d8c81130 797->801 798->797 799->798 803 7ff7d8c828be-7ff7d8c828c4 799->803 800->801 814 7ff7d8c82936-7ff7d8c8293e 801->814 815 7ff7d8c82930 FindCloseChangeNotification 801->815 806 7ff7d8c828c6-7ff7d8c828cc SysFreeString 803->806 807 7ff7d8c828cf-7ff7d8c828d6 803->807 806->807 809 7ff7d8c828d8-7ff7d8c828dd call 7ff7d8c84fd4 807->809 810 7ff7d8c828e1-7ff7d8c828e9 call 7ff7d8c84fd4 807->810 809->810 810->798 817 7ff7d8c82946-7ff7d8c82965 call 7ff7d8c81130 call 7ff7d8c81b80 814->817 818 7ff7d8c82940 814->818 815->814 822 7ff7d8c8296e-7ff7d8c82976 817->822 823 7ff7d8c82967-7ff7d8c8296d 817->823 818->817 824 7ff7d8c82978-7ff7d8c8297e 822->824 825 7ff7d8c8297f-7ff7d8c82982 822->825 823->822 824->825 827 7ff7d8c8298e-7ff7d8c82995 825->827 828 7ff7d8c82984-7ff7d8c8298a call 7ff7d8c81b80 825->828 830 7ff7d8c8299d-7ff7d8c829c5 call 7ff7d8c84df0 827->830 831 7ff7d8c82997 827->831 832 7ff7d8c8298d 828->832 831->830 832->827
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Exception$Throw_com_issue_error$ChangeCloseCreateFileFindFreeHeaderInstanceMarshalNotificationRaiseString
  • String ID: BitsAuthSample$Done$Result: %08X
  • API String ID: 498065676-3455622388
  • Opcode ID: daebac6b2c55da8354908084f4bd76fa4d797aaa37273ea2daacc18c54a40bca
  • Instruction ID: d37f0d1d0ac5e8bd246543e19e79e7d2ca161f2f3bc67d106aece65deb5c4746
  • Opcode Fuzzy Hash: daebac6b2c55da8354908084f4bd76fa4d797aaa37273ea2daacc18c54a40bca
  • Instruction Fuzzy Hash: A4B15636B49A42C6EB04AB61D4546ACF3B4EF84B94FC44576DA0E57BA8DF38D405C328
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Handle$AddressModuleProc$CloseCreateLinkObjectSymbolic
  • String ID: 0$@$Error creating link %ls: %08X$NtCreateSymbolicLinkObject$Opened Link %ls -> %ls: %p$RtlInitUnicodeString$\??\C:$ntdll
  • API String ID: 174412082-143181697
  • Opcode ID: b770061aa3d23907e68847bb0746c9688e8d1a4fc78c6da1c3d2f96b47c03332
  • Instruction ID: aa5f6205cff698224ae713ec823b8c346956b34f23cfc7def67ee934096fba07
  • Opcode Fuzzy Hash: b770061aa3d23907e68847bb0746c9688e8d1a4fc78c6da1c3d2f96b47c03332
  • Instruction Fuzzy Hash: 74311226618B86D1E710AF11E8402AEE364FB84BE0FD042B3DAAD477A4EF3CD549C754
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
  • String ID:
  • API String ID: 59578552-0
  • Opcode ID: c10d09f96f5da1be23e37782ff9c5e51edc633346f5c64181bed73fb4c858f65
  • Instruction ID: 3f061ea2d24eeab34232fe9ac879250f9acee0ea580980ce565a80b6ff14c58b
  • Opcode Fuzzy Hash: c10d09f96f5da1be23e37782ff9c5e51edc633346f5c64181bed73fb4c858f65
  • Instruction Fuzzy Hash: F2E0EC30E9D102C6E659777569421BDD0B01F843E0FE003B7E21D473C6ED5D69925B7A
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: String$Free$_com_issue_error$Alloc$_invalid_parameter_noinfo_noreturn$Exception$ConvertCreateDirectoryLoadThrowType_com_util::$FileHeaderRaise
  • String ID: Building Library with path: %s$Found TLB name at offset %zu$IBadger$ITMediaControl$\Windows$\Windows\System32$\Windows\system32\tapi3.dll$\output.tlb$stdole2.tlb
  • API String ID: 967790245-2860110496
  • Opcode ID: b7dde250bcf95df638214198b087e4bb1574e5e63d960ee8f3df17dbc445db00
  • Instruction ID: 3f1cec21273acc1e6ff82bcd517957c92b1b0a5fee84db3a7462beee2fa5892d
  • Opcode Fuzzy Hash: b7dde250bcf95df638214198b087e4bb1574e5e63d960ee8f3df17dbc445db00
  • Instruction Fuzzy Hash: 96728C35A4AB42C5EB55BB60E5502BDE3B0AF44BC4FD454BADA0E07785EF3CE8148368
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
  • \run.sct, xrefs: 00007FF7D8C83CF8
  • <?xml version='1.0'?><package><component id='giffile'><registration description='Dummy' progid='giffile' version='1.00' remo, xrefs: 00007FF7D8C83E00
  • ');]]></script></component></package>, xrefs: 00007FF7D8C83EBF
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: String$_com_issue_error$Free$Alloc$Process$ByteConvertCurrentSession_com_util::
  • String ID: ');]]></script></component></package>$<?xml version='1.0'?><package><component id='giffile'><registration description='Dummy' progid='giffile' version='1.00' remo$\run.sct
  • API String ID: 3462197334-3795785930
  • Opcode ID: 686ff98bc42f5c961b92ddce6e90ebdc9a0a255bfa8964a9554471ed8dfc8906
  • Instruction ID: d31bcf320de95afd2abe83fd6ac839f8332fb96d341e573c3d7276e0b9cfffc0
  • Opcode Fuzzy Hash: 686ff98bc42f5c961b92ddce6e90ebdc9a0a255bfa8964a9554471ed8dfc8906
  • Instruction Fuzzy Hash: AE124A31A89B42C6EB55BB61D454BBCE2B4AF44B84FC444BADE0D17785EF3CA814C368
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 849 7ff7d8c84540-7ff7d8c8456f CoInitialize 850 7ff7d8c84591-7ff7d8c845c5 CoInitializeSecurity 849->850 851 7ff7d8c84571-7ff7d8c8458c call 7ff7d8c81630 call 7ff7d8c87d14 849->851 853 7ff7d8c845c7-7ff7d8c845f0 call 7ff7d8c81630 call 7ff7d8c87d14 850->853 854 7ff7d8c845f1-7ff7d8c845f4 850->854 851->850 853->854 855 7ff7d8c845f6-7ff7d8c845ff call 7ff7d8c84370 854->855 856 7ff7d8c84604-7ff7d8c84632 call 7ff7d8c83c90 call 7ff7d8c813c0 854->856 866 7ff7d8c846f8-7ff7d8c84714 CoUninitialize 855->866 870 7ff7d8c8467d-7ff7d8c84685 856->870 871 7ff7d8c84634-7ff7d8c8463e 856->871 872 7ff7d8c84687-7ff7d8c8468c 870->872 873 7ff7d8c846a0 870->873 874 7ff7d8c84675 871->874 875 7ff7d8c84640-7ff7d8c84643 871->875 876 7ff7d8c8468e-7ff7d8c84696 call 7ff7d8c84ae0 872->876 877 7ff7d8c8469a-7ff7d8c8469e 872->877 878 7ff7d8c846a3-7ff7d8c846b6 call 7ff7d8c83130 call 7ff7d8c82650 873->878 874->870 875->874 879 7ff7d8c84645-7ff7d8c8464b 875->879 876->877 877->878 878->866 893 7ff7d8c846b8-7ff7d8c846c0 878->893 882 7ff7d8c8464d-7ff7d8c84653 SysFreeString 879->882 883 7ff7d8c84656-7ff7d8c8465d 879->883 882->883 886 7ff7d8c84668-7ff7d8c84670 call 7ff7d8c84fd4 883->886 887 7ff7d8c8465f-7ff7d8c84664 call 7ff7d8c84fd4 883->887 886->874 887->886 893->866 894 7ff7d8c846c2-7ff7d8c846c5 893->894 894->866 895 7ff7d8c846c7-7ff7d8c846cd 894->895 896 7ff7d8c846d8-7ff7d8c846df 895->896 897 7ff7d8c846cf-7ff7d8c846d5 SysFreeString 895->897 898 7ff7d8c846ea-7ff7d8c846f7 call 7ff7d8c84fd4 896->898 899 7ff7d8c846e1-7ff7d8c846e6 call 7ff7d8c84fd4 896->899 897->896 898->866 899->898
APIs
  • CoInitialize.OLE32 ref: 00007FF7D8C84564
  • _CxxThrowException.LIBVCRUNTIME ref: 00007FF7D8C8458C
    • Part of subcall function 00007FF7D8C87D14: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7D8C84A93), ref: 00007FF7D8C87D91
    • Part of subcall function 00007FF7D8C87D14: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7D8C84A93), ref: 00007FF7D8C87DD0
    • Part of subcall function 00007FF7D8C83C90: new.LIBCMT ref: 00007FF7D8C83CDC
    • Part of subcall function 00007FF7D8C83C90: SysAllocString.OLEAUT32 ref: 00007FF7D8C83CFF
    • Part of subcall function 00007FF7D8C83C90: _com_issue_error.COMSUPP ref: 00007FF7D8C83D12
    • Part of subcall function 00007FF7D8C83C90: _com_issue_error.COMSUPP ref: 00007FF7D8C83D29
    • Part of subcall function 00007FF7D8C83C90: SysFreeString.OLEAUT32 ref: 00007FF7D8C83D76
    • Part of subcall function 00007FF7D8C83C90: SysFreeString.OLEAUT32 ref: 00007FF7D8C83DB7
    • Part of subcall function 00007FF7D8C83C90: new.LIBCMT ref: 00007FF7D8C83DE4
    • Part of subcall function 00007FF7D8C813C0: new.LIBCMT ref: 00007FF7D8C813F2
    • Part of subcall function 00007FF7D8C813C0: SysAllocString.OLEAUT32 ref: 00007FF7D8C81412
    • Part of subcall function 00007FF7D8C813C0: _com_issue_error.COMSUPP ref: 00007FF7D8C8142A
    • Part of subcall function 00007FF7D8C813C0: _com_issue_error.COMSUPP ref: 00007FF7D8C81440
    • Part of subcall function 00007FF7D8C813C0: new.LIBCMT ref: 00007FF7D8C81453
    • Part of subcall function 00007FF7D8C813C0: _com_issue_error.COMSUPP ref: 00007FF7D8C8147D
  • CoInitializeSecurity.OLE32 ref: 00007FF7D8C845BD
  • _CxxThrowException.LIBVCRUNTIME ref: 00007FF7D8C845EB
  • SysFreeString.OLEAUT32 ref: 00007FF7D8C8464D
  • _com_util::ConvertBSTRToString.COMSUPP ref: 00007FF7D8C84691
  • SysFreeString.OLEAUT32 ref: 00007FF7D8C846CF
  • CoUninitialize.OLE32 ref: 00007FF7D8C846F8
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: String$_com_issue_error$Free$Exception$AllocInitializeThrow$ConvertFileHeaderRaiseSecurityUninitialize_com_util::
  • String ID: @ $script:
  • API String ID: 2061607538-3448713389
  • Opcode ID: 1f77828d9d0992437b68294b71c0def6bc3c7f7ea94292a45c5ab38ebc53eca3
  • Instruction ID: 64c4bcd88d6450981e7e0d66f38a47d92daef1beeae714bc960b7782545336db
  • Opcode Fuzzy Hash: 1f77828d9d0992437b68294b71c0def6bc3c7f7ea94292a45c5ab38ebc53eca3
  • Instruction Fuzzy Hash: E3517E21A49682C2EB60BF20E450BBEE3A0EF847D4FC845B6DA4E46795DF3CD4458768
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
  • __scrt_initialize_crt.LIBCMT ref: 00007FF7D8C85104
    • Part of subcall function 00007FF7D8C852C8: __vcrt_initialize.LIBVCRUNTIME ref: 00007FF7D8C852EA
  • __scrt_fastfail.LIBCMT ref: 00007FF7D8C85112
    • Part of subcall function 00007FF7D8C857CC: IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7D8C857E8
    • Part of subcall function 00007FF7D8C857CC: RtlCaptureContext.KERNEL32 ref: 00007FF7D8C85811
    • Part of subcall function 00007FF7D8C857CC: RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7D8C8582B
    • Part of subcall function 00007FF7D8C857CC: RtlVirtualUnwind.KERNEL32 ref: 00007FF7D8C8586C
    • Part of subcall function 00007FF7D8C857CC: IsDebuggerPresent.KERNEL32 ref: 00007FF7D8C858C0
    • Part of subcall function 00007FF7D8C857CC: SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7D8C858E1
    • Part of subcall function 00007FF7D8C857CC: UnhandledExceptionFilter.KERNEL32 ref: 00007FF7D8C858EC
  • __scrt_acquire_startup_lock.LIBCMT ref: 00007FF7D8C85120
  • __scrt_fastfail.LIBCMT ref: 00007FF7D8C85137
  • __scrt_release_startup_lock.LIBCMT ref: 00007FF7D8C85194
  • __scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FF7D8C851AA
  • __scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FF7D8C851DA
  • __scrt_is_managed_app.LIBCMT ref: 00007FF7D8C8520F
  • __scrt_uninitialize_crt.LIBCMT ref: 00007FF7D8C8522D
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ExceptionFilterPresentUnhandled__scrt_fastfail__scrt_is_nonwritable_in_current_image$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt__vcrt_initialize
  • String ID:
  • API String ID: 18626834-0
  • Opcode ID: 61920868cbf6836cbe15d3a287e37cecff9d7a7e64933e26c7c11c6d1c18e017
  • Instruction ID: dbc40f68255705246965abed65548e887065f31db381143042766b72b85bea2e
  • Opcode Fuzzy Hash: 61920868cbf6836cbe15d3a287e37cecff9d7a7e64933e26c7c11c6d1c18e017
  • Instruction Fuzzy Hash: C9313B21A88603C1FA50BB61A4113BDD671AF457C4FC444B7EA4E0B7D7DEADA8058378
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: String$Free_com_issue_error$ConvertFromInterfaceMarshalTask_com_util::
  • String ID: Marshal Complete: %08X$Marshal Interface: %ls$Setting bad IID
  • API String ID: 2252854522-2320852833
  • Opcode ID: 41449b31dd4ed4fb7615f51a7059302ab422d24327bef5708dd148fbca357c52
  • Instruction ID: 297538780ccf9eafbe24f0951e170fe4593eae10fc008ac3bd878e71d41dfdff
  • Opcode Fuzzy Hash: 41449b31dd4ed4fb7615f51a7059302ab422d24327bef5708dd148fbca357c52
  • Instruction Fuzzy Hash: B7417C22A49A82C5EB61AF25E45027DE3F0EB84BD0FC44577DA4E477A5DF3CE4808728
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: File$ExceptionThrow$CloseCreateHandleReadSize
  • String ID:
  • API String ID: 1623680273-0
  • Opcode ID: 0ad02b94a208708122f949a3ae5fe4ce58466db095b3ce6fabc2cd7f359cd001
  • Instruction ID: f754c71f3e2e2d17fb37b93251ec81665b44ab8a95c64c0251c73798e70cc48b
  • Opcode Fuzzy Hash: 0ad02b94a208708122f949a3ae5fe4ce58466db095b3ce6fabc2cd7f359cd001
  • Instruction Fuzzy Hash: F431C022608682C2EB20AB10B850B7EE3A4EB857D1FD451B6DE5D03B98DF7CD415CB28
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1022 7ff7d8c81a10-7ff7d8c81a4a call 7ff7d8c81960 1025 7ff7d8c81a4c-7ff7d8c81a5c call 7ff7d8c84f90 1022->1025 1026 7ff7d8c81a84-7ff7d8c81aa2 call 7ff7d8c81130 1022->1026 1031 7ff7d8c81a6e 1025->1031 1032 7ff7d8c81a5e-7ff7d8c81a6c 1025->1032 1033 7ff7d8c81ae6-7ff7d8c81af0 1026->1033 1034 7ff7d8c81aa4-7ff7d8c81aaf 1026->1034 1035 7ff7d8c81a71-7ff7d8c81a77 1031->1035 1032->1035 1036 7ff7d8c81af2-7ff7d8c81afd 1033->1036 1037 7ff7d8c81aff-7ff7d8c81b09 1033->1037 1034->1033 1038 7ff7d8c81ab1-7ff7d8c81ab4 1034->1038 1035->1026 1039 7ff7d8c81a79-7ff7d8c81a83 call 7ff7d8c84ab0 1035->1039 1036->1037 1040 7ff7d8c81b18-7ff7d8c81b30 call 7ff7d8c81130 call 7ff7d8c81b50 1036->1040 1041 7ff7d8c81b0b-7ff7d8c81b16 1037->1041 1042 7ff7d8c81b37 1037->1042 1038->1033 1043 7ff7d8c81ab6-7ff7d8c81abc 1038->1043 1039->1026 1056 7ff7d8c81b33-7ff7d8c81b35 1040->1056 1041->1040 1041->1042 1048 7ff7d8c81b3c-7ff7d8c81b4e 1042->1048 1046 7ff7d8c81abe-7ff7d8c81ac4 SysFreeString 1043->1046 1047 7ff7d8c81ac7-7ff7d8c81ace 1043->1047 1046->1047 1049 7ff7d8c81ad9-7ff7d8c81ae1 call 7ff7d8c84fd4 1047->1049 1050 7ff7d8c81ad0-7ff7d8c81ad5 call 7ff7d8c84fd4 1047->1050 1049->1033 1050->1049 1056->1048
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: String$Free_com_issue_error$ConvertFromTask_com_util::
  • String ID: QI - Marshaller: %ls %p$Queried Success: %p
  • API String ID: 1489619410-3411412607
  • Opcode ID: 2ea5016e7fb9ce411b38c11aff320781f2f29399cab21e2537ed1f15e8bc1b91
  • Instruction ID: 48e3b0b582eb6dd04443cdbf96335bf539142e07ea066691f1def27d969f8ea5
  • Opcode Fuzzy Hash: 2ea5016e7fb9ce411b38c11aff320781f2f29399cab21e2537ed1f15e8bc1b91
  • Instruction Fuzzy Hash: 40311832A48A42C5EB50AF55E4501BDF3A4AB40BD4FC885B7DA5D477A4EF3CE8518328
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo_noreturn$FreeString
  • String ID:
  • API String ID: 1965679434-0
  • Opcode ID: 014845698cfab3c7f8b9a6386ce536e1c29ab8c53d5105a53b78ce770e70c288
  • Instruction ID: 4b7008427c5dea41ce89b732852ee9c1b827c97129f380e7661f3eb4bfe21165
  • Opcode Fuzzy Hash: 014845698cfab3c7f8b9a6386ce536e1c29ab8c53d5105a53b78ce770e70c288
  • Instruction Fuzzy Hash: A831A222A4968585EA64BFA5E0503BDE370AF84BE0FD85676DA9D027C5DF2CD4808328
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ExceptionFileThrow$CloseCreateHandleWrite
  • String ID:
  • API String ID: 2025026536-0
  • Opcode ID: fb493dc6aa3d85f8921e2714e3b88e5712f63b7ba33472f6c336327167ce48e3
  • Instruction ID: 854ec42962f6d6053fcb8be204bbedc2c236ca1c9feb1335fa2bc4ddb85cbb3f
  • Opcode Fuzzy Hash: fb493dc6aa3d85f8921e2714e3b88e5712f63b7ba33472f6c336327167ce48e3
  • Instruction Fuzzy Hash: FC31AF22608682C2EB20EB14E454B7EE3B0EB857D4FD05176EAAD43B98DF3CD405C728
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1182 7ff7d8c95b24-7ff7d8c95b47 1183 7ff7d8c95b50-7ff7d8c95b53 1182->1183 1184 7ff7d8c95b49-7ff7d8c95b4b 1182->1184 1186 7ff7d8c95b75-7ff7d8c95b9f 1183->1186 1187 7ff7d8c95b55-7ff7d8c95b70 call 7ff7d8c8cb30 call 7ff7d8c8cb50 call 7ff7d8c8ca00 1183->1187 1185 7ff7d8c95d9e-7ff7d8c95db5 1184->1185 1189 7ff7d8c95ba1-7ff7d8c95ba8 1186->1189 1190 7ff7d8c95baa-7ff7d8c95baf 1186->1190 1187->1185 1189->1187 1189->1190 1192 7ff7d8c95bbf-7ff7d8c95bcf call 7ff7d8c955ec 1190->1192 1193 7ff7d8c95bb1-7ff7d8c95bba call 7ff7d8c96d64 1190->1193 1199 7ff7d8c95bd5-7ff7d8c95bd8 1192->1199 1200 7ff7d8c95c77-7ff7d8c95c91 1192->1200 1193->1192 1202 7ff7d8c95c59-7ff7d8c95c66 call 7ff7d8c95388 1199->1202 1203 7ff7d8c95bda-7ff7d8c95be1 1199->1203 1204 7ff7d8c95ce2-7ff7d8c95d07 WriteFile 1200->1204 1205 7ff7d8c95c93-7ff7d8c95c9a 1200->1205 1215 7ff7d8c95c6b-7ff7d8c95c72 1202->1215 1208 7ff7d8c95d1f-7ff7d8c95d29 1203->1208 1209 7ff7d8c95be7-7ff7d8c95bf7 1203->1209 1210 7ff7d8c95d12 1204->1210 1211 7ff7d8c95d09-7ff7d8c95d0f GetLastError 1204->1211 1212 7ff7d8c95c9c-7ff7d8c95c9f 1205->1212 1213 7ff7d8c95cce-7ff7d8c95cdb call 7ff7d8c95690 1205->1213 1219 7ff7d8c95d99-7ff7d8c95d9c 1208->1219 1220 7ff7d8c95d2b-7ff7d8c95d30 1208->1220 1216 7ff7d8c95c52-7ff7d8c95c54 1209->1216 1217 7ff7d8c95bf9 1209->1217 1218 7ff7d8c95d15 1210->1218 1211->1210 1221 7ff7d8c95ca1-7ff7d8c95ca4 1212->1221 1222 7ff7d8c95cba-7ff7d8c95ccc call 7ff7d8c958b0 1212->1222 1223 7ff7d8c95ce0 1213->1223 1224 7ff7d8c95d1a 1215->1224 1216->1218 1225 7ff7d8c95bfc-7ff7d8c95c0d call 7ff7d8c96fc0 1217->1225 1218->1224 1219->1185 1226 7ff7d8c95d32-7ff7d8c95d35 1220->1226 1227 7ff7d8c95d5c-7ff7d8c95d76 1220->1227 1221->1208 1228 7ff7d8c95ca6-7ff7d8c95cb8 call 7ff7d8c95794 1221->1228 1222->1215 1223->1215 1224->1208 1244 7ff7d8c95c0f-7ff7d8c95c1a 1225->1244 1245 7ff7d8c95c42-7ff7d8c95c48 GetLastError 1225->1245 1233 7ff7d8c95d52-7ff7d8c95d57 call 7ff7d8c8cae0 1226->1233 1234 7ff7d8c95d37-7ff7d8c95d47 call 7ff7d8c8cb50 call 7ff7d8c8cb30 1226->1234 1230 7ff7d8c95d81-7ff7d8c95d91 call 7ff7d8c8cb50 call 7ff7d8c8cb30 1227->1230 1231 7ff7d8c95d78-7ff7d8c95d7b 1227->1231 1228->1215 1230->1219 1231->1184 1231->1230 1233->1227 1234->1233 1249 7ff7d8c95c37-7ff7d8c95c3e 1244->1249 1250 7ff7d8c95c1c-7ff7d8c95c2e call 7ff7d8c96fc0 1244->1250 1247 7ff7d8c95c4b 1245->1247 1247->1216 1249->1247 1254 7ff7d8c95c40 1249->1254 1250->1245 1257 7ff7d8c95c30-7ff7d8c95c35 1250->1257 1254->1225 1257->1249
APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID:
  • API String ID: 3215553584-0
  • Opcode ID: 9a03ce519a031ea76b1c77eb892a9a9c357174e4e99c595a4ea9cad4d02c79f4
  • Instruction ID: a61de0d96f65aa4565610d8fd25a22cf9e6701f6b01f9e6fae4a98b8c15807a1
  • Opcode Fuzzy Hash: 9a03ce519a031ea76b1c77eb892a9a9c357174e4e99c595a4ea9cad4d02c79f4
  • Instruction Fuzzy Hash: 2471B162F18602C9FB54BF6195446BDE6A4BB04BD9FC044F7CE0E17785EE3CA5458328
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1258 7ff7d8c8fd98-7ff7d8c8fdaf 1259 7ff7d8c8fdb2-7ff7d8c8fdda 1258->1259 1260 7ff7d8c8fde5-7ff7d8c8fded 1259->1260 1261 7ff7d8c8fddc-7ff7d8c8fde0 1259->1261 1263 7ff7d8c8fdef-7ff7d8c8fdf2 1260->1263 1264 7ff7d8c8fe05 1260->1264 1262 7ff7d8c8fe6e-7ff7d8c8fe77 1261->1262 1262->1259 1266 7ff7d8c8fe7d-7ff7d8c8fe92 1262->1266 1267 7ff7d8c8fdf4-7ff7d8c8fdfc 1263->1267 1268 7ff7d8c8fdfe-7ff7d8c8fe03 1263->1268 1265 7ff7d8c8fe0a-7ff7d8c8fe1b GetStdHandle 1264->1265 1269 7ff7d8c8fe28 1265->1269 1270 7ff7d8c8fe1d-7ff7d8c8fe26 GetFileType 1265->1270 1267->1265 1268->1265 1271 7ff7d8c8fe2a-7ff7d8c8fe2c 1269->1271 1270->1271 1272 7ff7d8c8fe4b-7ff7d8c8fe61 1271->1272 1273 7ff7d8c8fe2e-7ff7d8c8fe38 1271->1273 1272->1262 1276 7ff7d8c8fe63-7ff7d8c8fe67 1272->1276 1274 7ff7d8c8fe40-7ff7d8c8fe43 1273->1274 1275 7ff7d8c8fe3a-7ff7d8c8fe3e 1273->1275 1274->1262 1277 7ff7d8c8fe45-7ff7d8c8fe49 1274->1277 1275->1262 1276->1262 1277->1262
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: FileHandleType
  • String ID: @
  • API String ID: 3000768030-2766056989
  • Opcode ID: 32b2dfb4dfe11b05ee58dc0e385236b805c1886064c6190406d425d46032991a
  • Instruction ID: ffafdb11ac03c86558341bf1fe1b7b8b3630b45cdc6e25f293f1817a94796fe5
  • Opcode Fuzzy Hash: 32b2dfb4dfe11b05ee58dc0e385236b805c1886064c6190406d425d46032991a
  • Instruction Fuzzy Hash: 4221B422A68A42C2EB609B24949013DE660EB45BB4FE41377D6AE077D5CE3CDC81C368
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Process$CurrentExitTerminate
  • String ID:
  • API String ID: 1703294689-0
  • Opcode ID: 581f7afeac65e5f6a08937a8dd548188f56ea117b78fbf9a7cb238cffad4da39
  • Instruction ID: 8a1da5e743ebaadd82ce9d7ee6e20a477fe62991f4d02be23813b2ac804be100
  • Opcode Fuzzy Hash: 581f7afeac65e5f6a08937a8dd548188f56ea117b78fbf9a7cb238cffad4da39
  • Instruction Fuzzy Hash: 07E01220B84701C2FB547726588527DE261AF89781FC054FAC80F42366DE3DE4488225
Uniqueness

Uniqueness Score: -1.00%

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1286 7ff7d8c95690-7ff7d8c956f7 call 7ff7d8c855e0 1289 7ff7d8c95768-7ff7d8c95792 call 7ff7d8c84df0 1286->1289 1290 7ff7d8c956f9 1286->1290 1291 7ff7d8c956fe-7ff7d8c95701 1290->1291 1293 7ff7d8c95703-7ff7d8c9570a 1291->1293 1294 7ff7d8c95727-7ff7d8c9574c WriteFile 1291->1294 1296 7ff7d8c95715-7ff7d8c95725 1293->1296 1297 7ff7d8c9570c-7ff7d8c95712 1293->1297 1298 7ff7d8c95760-7ff7d8c95766 GetLastError 1294->1298 1299 7ff7d8c9574e-7ff7d8c95757 1294->1299 1296->1291 1296->1294 1297->1296 1298->1289 1299->1289 1300 7ff7d8c95759-7ff7d8c9575c 1299->1300 1300->1290 1301 7ff7d8c9575e 1300->1301 1301->1289
APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ErrorFileLastWrite
  • String ID:
  • API String ID: 442123175-0
  • Opcode ID: a9e5955d5ac2f4d3aa1b11c17bba4d46be4927e1949d24f811b1f7b7cce1feaf
  • Instruction ID: 444cba857e3611d1c300b47605ffae3e3e573a754c6db994b74aef9b65e1d908
  • Opcode Fuzzy Hash: a9e5955d5ac2f4d3aa1b11c17bba4d46be4927e1949d24f811b1f7b7cce1feaf
  • Instruction Fuzzy Hash: EB21CE32A29A81C6EB10AF15E5406ADE7A0FB487C1FC440B2EB8D43B54EF3CD516CB19
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF7D8C8D1AE,?,?,?,00007FF7D8C8D4DE,?,?,?,?,00007FF7D8C85200), ref: 00007FF7D8C91C0C
  • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF7D8C8D1AE,?,?,?,00007FF7D8C8D4DE,?,?,?,?,00007FF7D8C85200), ref: 00007FF7D8C91C79
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: EnvironmentStrings$Free
  • String ID:
  • API String ID: 3328510275-0
  • Opcode ID: 93564d69d9f01e98a2df5a8dd77abf3338d0e4237f19757fdf6629fef30e76e3
  • Instruction ID: 9f7ee81fe6dd5b20849b09120b624c8a8d57a514bcff5001f18d817ab353b8ff
  • Opcode Fuzzy Hash: 93564d69d9f01e98a2df5a8dd77abf3338d0e4237f19757fdf6629fef30e76e3
  • Instruction Fuzzy Hash: 44016521A49651CAEA25BF2568450BEE260BB48BE0FCC46B6DE6D177C5EE2CE4408258
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 4ca1c096fcd7152774b337dee3ce30ee9fe5f2d7e7d86dc5e951fd557036ec0e
  • Instruction ID: 275346f405e92888cc5a5fea25b18f123c119a6fab2ce96bc6bd0fc815806c05
  • Opcode Fuzzy Hash: 4ca1c096fcd7152774b337dee3ce30ee9fe5f2d7e7d86dc5e951fd557036ec0e
  • Instruction Fuzzy Hash: 62218022A18642CAE6547F65A88137CE6A0AB40BE1FD545B7D92D073D2EE7CE841C338
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: HandleModule$AddressFreeLibraryProc
  • String ID:
  • API String ID: 3947729631-0
  • Opcode ID: 9e0312363fdca5e925b237fd81875fa7e65a4a98e3213f0093813417bb993387
  • Instruction ID: cdf0739d18b76c04867c49af5be1f727f24d5ef47f5ed1e007bed659e5334060
  • Opcode Fuzzy Hash: 9e0312363fdca5e925b237fd81875fa7e65a4a98e3213f0093813417bb993387
  • Instruction Fuzzy Hash: B8215C72E49706CDEB20AF65C4402BCB3B0EB88788FC44576D60D02B85DF78D585CBA4
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID:
  • API String ID: 3215553584-0
  • Opcode ID: 17518084776fd1060396f692b7319c9cc4ff388b09fbf7eca849d8142ad80152
  • Instruction ID: 97441695096378045966c8dec0158f1b2f9c4ddf0ac7c3577d95b940f257364e
  • Opcode Fuzzy Hash: 17518084776fd1060396f692b7319c9cc4ff388b09fbf7eca849d8142ad80152
  • Instruction Fuzzy Hash: 54119031A08642C2E314BB00B44027DE2A8FB403C4FC509F6EABD5B792EE3CE950C768
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID:
  • API String ID: 3215553584-0
  • Opcode ID: 624a8ee2c682cf8b675cf9497627ca01835c988eee9ee16e939466f39adc86e3
  • Instruction ID: e736945c1d9c9a3ae50206e6b0bc131088730a6186d114796008a407ddfdc882
  • Opcode Fuzzy Hash: 624a8ee2c682cf8b675cf9497627ca01835c988eee9ee16e939466f39adc86e3
  • Instruction Fuzzy Hash: EE11C572A00F55DCEB11DFA0E8810ED77B8FB1839CB904626EA5D12B59EF34C1A5C394
Uniqueness

Uniqueness Score: -1.00%

APIs
  • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF7D8C8EDB6,?,?,?,00007FF7D8C8CB59,?,?,?,?,00007FF7D8C9642A,?,?,00000000), ref: 00007FF7D8C8DEFD
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: AllocateHeap
  • String ID:
  • API String ID: 1279760036-0
  • Opcode ID: 017337ae68e2bad2b2f57ff8b4cac530c0787e630da99d6af268fbda7cc6b357
  • Instruction ID: b8af3e8bca31f0afaad01dab208180d034152f1b064867fcfacb6cd811eed102
  • Opcode Fuzzy Hash: 017337ae68e2bad2b2f57ff8b4cac530c0787e630da99d6af268fbda7cc6b357
  • Instruction Fuzzy Hash: 17F04F60B89607D1FE55766258102BDD2A05F54BC0FC845B3CA0E87386FE1CA8454338
Uniqueness

Uniqueness Score: -1.00%

APIs
  • RtlAllocateHeap.NTDLL(?,?,?,00007FF7D8C96411,?,?,00000000,00007FF7D8C92CFF,?,?,?,00007FF7D8C8D8B5,?,?,?,00007FF7D8C8D7D9), ref: 00007FF7D8C8DE2E
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: AllocateHeap
  • String ID:
  • API String ID: 1279760036-0
  • Opcode ID: 1cdc028b9920028676aa87015883dd120644fe1edb53becec6f5ec29434c4a7a
  • Instruction ID: 96a9f163f42226ad3233f5da8ea473d3006ce04a02f3428debdcb22e1ef97132
  • Opcode Fuzzy Hash: 1cdc028b9920028676aa87015883dd120644fe1edb53becec6f5ec29434c4a7a
  • Instruction Fuzzy Hash: EDF05840B8C602C6FA683662984127DD1A05F957E0FC807B6DA2F873C2EE2CA4418338
Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfomemcpy_s$fegetenv
  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
  • API String ID: 281475176-2761157908
  • Opcode ID: 59c60cee2e17381b2a11fa01abb45681b4f14cd52bd7d01f76562bc51ea1c686
  • Instruction ID: ecc6c9b639215de1b3405cc9bd4a4772f9e5d7d691d9fd7eb6e0df45b5d6c8b5
  • Opcode Fuzzy Hash: 59c60cee2e17381b2a11fa01abb45681b4f14cd52bd7d01f76562bc51ea1c686
  • Instruction Fuzzy Hash: 52B20472A18182CBE764AE64D440BFDE7A5FB447C9FC051B6DA0E57B84EF38E5008B18
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: CloseHandle$ExceptionProcessToken$Throw$CreateCurrentDuplicateFileHeaderInformationOpenRaiseUser
  • String ID: WinSta0\Default
  • API String ID: 1321875819-3000584429
  • Opcode ID: b8180e26783beb99599fef8a189a327f1cb8dc3e1d287e67499e5c2cbadc525a
  • Instruction ID: 4f922cffd10ceeebec2362e92138e764911f0d030bffe922d16bf18364dad9e9
  • Opcode Fuzzy Hash: b8180e26783beb99599fef8a189a327f1cb8dc3e1d287e67499e5c2cbadc525a
  • Instruction Fuzzy Hash: 55515232A18B41C6E710AF64E8506AEF3B0FB84794FD01276DA6D43B98EF38D449CB54
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
  • String ID:
  • API String ID: 1239891234-0
  • Opcode ID: a3909b05e25a66915f6bdcd811ba25642e44bbf13455112c5ba5225622fe0937
  • Instruction ID: 242c5c2cb80f5fb29fba83ea3b95369090ba5cd0346ee1877d5d47afa864650c
  • Opcode Fuzzy Hash: a3909b05e25a66915f6bdcd811ba25642e44bbf13455112c5ba5225622fe0937
  • Instruction Fuzzy Hash: 33317136608B81D6E760EB25E8442AEB3A4FB88794F900177EA9D43B55EF3CC545CB14
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D8C90C54
    • Part of subcall function 00007FF7D8C8CA50: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7D8C8C9FD), ref: 00007FF7D8C8CA59
    • Part of subcall function 00007FF7D8C8CA50: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7D8C8C9FD), ref: 00007FF7D8C8CA7E
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
  • String ID: *$.$.
  • API String ID: 4036615347-2112782162
  • Opcode ID: 08a19c1beae1c65b3bfae4ec425b4c154e3f5fb0dfe34044788cd964e8cb5c3b
  • Instruction ID: bcfde23e71d6da043b77c8203c4b9f989ca6f673a3bd48525035b8cf808da756
  • Opcode Fuzzy Hash: 08a19c1beae1c65b3bfae4ec425b4c154e3f5fb0dfe34044788cd964e8cb5c3b
  • Instruction Fuzzy Hash: BE51CE66B14A55C5FB10FBA6D8401BDE3B4AB44BC8FD44577CE4D17B85EE38E0428324
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
  • String ID:
  • API String ID: 2933794660-0
  • Opcode ID: be9c8bd8a7683cd048e2b862684b3bed42e89de6b71b39bb6d874c6797d6320c
  • Instruction ID: dee19a8bb49927d31cc51db292726f7f3f52ffd99840ed2f859abf04929c6983
  • Opcode Fuzzy Hash: be9c8bd8a7683cd048e2b862684b3bed42e89de6b71b39bb6d874c6797d6320c
  • Instruction Fuzzy Hash: 41117322604F41CAEB10EF61E8842B973A4F74C799FC01A72EA6D47794EF3CD1988354
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: memcpy_s
  • String ID:
  • API String ID: 1502251526-0
  • Opcode ID: 94eb1a2676c4d515ad96c7396ce0eef43794511ef224107950ac5aea6144a5e4
  • Instruction ID: df2648b149c5d86ddc9fa8dacd8ee7a1c5f980370c858114dad58dfbb8472bc3
  • Opcode Fuzzy Hash: 94eb1a2676c4d515ad96c7396ce0eef43794511ef224107950ac5aea6144a5e4
  • Instruction Fuzzy Hash: 5DD1DF72B19281C7DB24AF25E1846ADF7A1FB84B85F849176CB4E57B44EB3CE841CB04
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID:
  • String ID: .
  • API String ID: 0-248832578
  • Opcode ID: 129b801c65e1fd0145ebaacc0ebac3db73bd3deb81d1b6ea6e1dbf228598026d
  • Instruction ID: f4755a2610b048d480e9f48fd9dfe3f6d023012033606b4254c1d4660828ff57
  • Opcode Fuzzy Hash: 129b801c65e1fd0145ebaacc0ebac3db73bd3deb81d1b6ea6e1dbf228598026d
  • Instruction Fuzzy Hash: 7C315C25B14691C5E760BF22A8056BEF650FB84BE4FC48672EE6D07BC4EE3CD4018308
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ExceptionRaise_clrfp
  • String ID:
  • API String ID: 15204871-0
  • Opcode ID: aa3bef732de2af5854358f8f0a0022f3340439a3d70822dd1284e0d7b71878ac
  • Instruction ID: bd386aa35fd267c707a2aa064f4b598f2bcc9ab58480de3485a519d372d678fc
  • Opcode Fuzzy Hash: aa3bef732de2af5854358f8f0a0022f3340439a3d70822dd1284e0d7b71878ac
  • Instruction Fuzzy Hash: 2EB19CB3601B88CBEB15DF29C44636CBBA0F784B88F9488A2DB5D837A4DB39D451C714
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID:
  • String ID: 0
  • API String ID: 0-4108050209
  • Opcode ID: e628fe37c7dab26272761b297088ee399d1fae7ac0aa27f89eb80fba324eb7fb
  • Instruction ID: eee3110849b3b8bed51b8dd15525518be86d3bb28f34f61ec8a9b48c2456ef18
  • Opcode Fuzzy Hash: e628fe37c7dab26272761b297088ee399d1fae7ac0aa27f89eb80fba324eb7fb
  • Instruction Fuzzy Hash: 8F811412A5C202C6EA68BA15A04067DE2B0EF407C4FD415B3DD0D97B99CF3DE846D73A
Uniqueness

Uniqueness Score: -1.00%

Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID: 0
  • API String ID: 3215553584-4108050209
  • Opcode ID: 857bc4970e6b6886c21777aab5a248b5aad5bb4ad38bfccf8a7dc8ab45d80a9a
  • Instruction ID: a96dc2b5843002a614742dc0dbb5f4902ca8cd8a834ba708944612dd0b1a8311
  • Opcode Fuzzy Hash: 857bc4970e6b6886c21777aab5a248b5aad5bb4ad38bfccf8a7dc8ab45d80a9a
  • Instruction Fuzzy Hash: 49711461A4CA42C6EB68AA14804027DE7B1AF417C4FD405B7ED0D877D9CE3DE886877A
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: HeapProcess
  • String ID:
  • API String ID: 54951025-0
  • Opcode ID: 11cb60de713713678982d90cd50c5acdf08126f998d139c1b23db21f7377b327
  • Instruction ID: 77b9494562ad9f68355779d706a8339ce5ab3fd5ed68e33e2e5df32e96de9f60
  • Opcode Fuzzy Hash: 11cb60de713713678982d90cd50c5acdf08126f998d139c1b23db21f7377b327
  • Instruction Fuzzy Hash: 88B09220F07A02C6EA093B517C86228A2A57F48741FC890FAC44E40320EF2C25AA5724
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 8969e7ecac05c0038b4df619e54a90dde5c47419624ee4d93414d61b6f6d8a82
  • Instruction ID: 1e641e952b98e244480e38ea80be9709d8bca4308291099652d6945212476d84
  • Opcode Fuzzy Hash: 8969e7ecac05c0038b4df619e54a90dde5c47419624ee4d93414d61b6f6d8a82
  • Instruction Fuzzy Hash: 8641F322714B5482EF04DF2AEA601ADF3A1AB48FD0B899177DF0D97B58EE3CD4458304
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: dd8cf75e536376fbe108f984651ac3202d717b4e0a06882a2fd59b0b6b38df4e
  • Instruction ID: a34ac4244356bfcf2024e26a0a82b1ac20f730c00193c77209c1efb08d0f088f
  • Opcode Fuzzy Hash: dd8cf75e536376fbe108f984651ac3202d717b4e0a06882a2fd59b0b6b38df4e
  • Instruction Fuzzy Hash: CD41C3B291C252CAF764AF15B94473DFAA0EB143D0FC094BAD95E8A790DB7CD4504B28
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: e60490bd130751dac162732f183f8650cd0b492554d96f8a4235d9e21d773257
  • Instruction ID: b2fd77e4e62c01c20963297dde7448f2442c439ac40ae6ac5178838263e4ba41
  • Opcode Fuzzy Hash: e60490bd130751dac162732f183f8650cd0b492554d96f8a4235d9e21d773257
  • Instruction Fuzzy Hash: 18F0A4B27182918ADB94AF28A84263DB790F7083C4FD0847AD58C87B04D63C84508F58
Uniqueness

Uniqueness Score: -1.00%

Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 623aec6bc267c583343b8e3084566bd72930a61e4c24f37c400d08a9d31da6c3
  • Instruction ID: f206731c6beec231d4f3951a49a5286c43d719f1a4a2aaffe9d7ca1167a097a4
  • Opcode Fuzzy Hash: 623aec6bc267c583343b8e3084566bd72930a61e4c24f37c400d08a9d31da6c3
  • Instruction Fuzzy Hash: 9BA00121949802D4F604AB10A8540B9E234AB51395BC100F3C00D41660AE7CA485C228
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
  • API String ID: 3215553584-2617248754
  • Opcode ID: 667924015f86f57f6733dcfe4df17c55ec30b89dd237ee296c204c924a7cb52a
  • Instruction ID: 443d09279c33237dd1be25ca2adbce168b19866ceff0ec68b7800b67ac81bd09
  • Opcode Fuzzy Hash: 667924015f86f57f6733dcfe4df17c55ec30b89dd237ee296c204c924a7cb52a
  • Instruction Fuzzy Hash: 3F418932B19B45D9E700EF25E8417AEB3A5FB44398F8042B6EE5C07B54EE38D425C358
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _com_issue_error$String$AllocFileFree$ModuleNamePathRemoveSpec
  • String ID:
  • API String ID: 955436156-0
  • Opcode ID: 6415969da43e30f65f938cb8ff18baa0dc98c520d466de4045ec9dc78eaf7475
  • Instruction ID: 8adfa68be7ee3e513f0d1f147506fd6be50e3c294b39d14b0ff2388e0e73e57a
  • Opcode Fuzzy Hash: 6415969da43e30f65f938cb8ff18baa0dc98c520d466de4045ec9dc78eaf7475
  • Instruction Fuzzy Hash: 7C51A231A89B42C6EA15BF25942437CF2E4AF84BD4FD84576EA4D07789DF3CE4008768
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _com_issue_error$AllocDeviceQueryString
  • String ID: Error getting device for %ls
  • API String ID: 2405517656-1841561064
  • Opcode ID: 8fac4cadd21f7c193e775c5631bf1f9085bc60c44351f7b4322a8015f9eea3e7
  • Instruction ID: 84a1f216e2d009d8a0db985b349086e56a3e0799666951b38ac6e6f994ab52a3
  • Opcode Fuzzy Hash: 8fac4cadd21f7c193e775c5631bf1f9085bc60c44351f7b4322a8015f9eea3e7
  • Instruction Fuzzy Hash: D6318D22618A41C2E760AB11E45436EF2B4FF88BD0FD04176EAAD47B95EF3CD841CB58
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
  • String ID: CONOUT$
  • API String ID: 3230265001-3130406586
  • Opcode ID: 054ee26f52f9bd9a014da94dc6fae955b2aca47b4a31ded479aa9c8f3ea69faa
  • Instruction ID: 3d2918f0161460a21a624da536a5d8e3d78bed9aacf50ceff68da01b989de74d
  • Opcode Fuzzy Hash: 054ee26f52f9bd9a014da94dc6fae955b2aca47b4a31ded479aa9c8f3ea69faa
  • Instruction Fuzzy Hash: 8711B121728A41C6E750AB12F84432DE2A0FB88FE1FC402B6EA2D87794DF3CD4148718
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: String$ConvertFreeFromTask_com_issue_error_com_util::
  • String ID: Unknown
  • API String ID: 980295685-1654365787
  • Opcode ID: 1365fe2937ccc4e006ad21671d757c895ff351f5e8bb5457709fe5086eb0716f
  • Instruction ID: 4971170a600fb19820ab3cd3cf4f8226bbe2c95c8de6fbdca157a43915ffa59f
  • Opcode Fuzzy Hash: 1365fe2937ccc4e006ad21671d757c895ff351f5e8bb5457709fe5086eb0716f
  • Instruction Fuzzy Hash: AB11A031648B41C6E710AB11E4503BEE2A1EF847E4FC48676DA9D067D8EF7CE4448768
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _com_issue_error$AllocString
  • String ID:
  • API String ID: 245909816-0
  • Opcode ID: e4d6452c6a0ed19e8bfcbd7883a5199d2dbddc49ab2f4926c879cc2ae8be6344
  • Instruction ID: 6da29e80328b693a56787546e1bebd8907c67d49b6b5bf7c4305976eb13686ba
  • Opcode Fuzzy Hash: e4d6452c6a0ed19e8bfcbd7883a5199d2dbddc49ab2f4926c879cc2ae8be6344
  • Instruction Fuzzy Hash: FE21F832948B42C5E6157B11B40026DE6E0AF84BE0FD8427AEE9D07BDAEE7CE4418358
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _com_issue_error$AllocByteCharErrorLastMultiStringWide
  • String ID:
  • API String ID: 1412949955-0
  • Opcode ID: 6a8bb7c3999f1b92ce04a12b350e16b83bdcc0938986eacf2d2433155d86d887
  • Instruction ID: 702a9cbcf1355fa4254c9ea6cb2236acc281dba007b7a45952e8859e2535995e
  • Opcode Fuzzy Hash: 6a8bb7c3999f1b92ce04a12b350e16b83bdcc0938986eacf2d2433155d86d887
  • Instruction Fuzzy Hash: C211B221A48542C6EB14BF22D5547FCD2A0AF487D4FD440F7EE0E57B9AEE2CD0414768
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: File_com_issue_error$AllocModuleNamePathRemoveSpecString
  • String ID:
  • API String ID: 1174310673-0
  • Opcode ID: d201c04541d8d37349ecb2837c6c508f638a7be4e5985adf5561f19a532b2ba6
  • Instruction ID: 00c57e0506c82c64e529ea76df9f0408331573aa6a76d956a3f9b1cc1d0775d1
  • Opcode Fuzzy Hash: d201c04541d8d37349ecb2837c6c508f638a7be4e5985adf5561f19a532b2ba6
  • Instruction Fuzzy Hash: FD119031608B81C2EB60AB20F4983AEE2B0EF88794FD04276D6AD477D5EF3DD4448718
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: AddressFreeHandleLibraryModuleProc
  • String ID: CorExitProcess$mscoree.dll
  • API String ID: 4061214504-1276376045
  • Opcode ID: e27683ef99685615e9f4ef51e1b143e6cc875bf7be39fe4964ebcfc297fcd1f1
  • Instruction ID: c11fea7374ff719d019645ffe19cb234d7c27650a1f73fefeba21dce371bab1e
  • Opcode Fuzzy Hash: e27683ef99685615e9f4ef51e1b143e6cc875bf7be39fe4964ebcfc297fcd1f1
  • Instruction Fuzzy Hash: 11F0B761A5AA42C1EB947B62A48437DE360AF48782FC414B7D50F46B68EF2CD59CC628
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: FileWrite$ByteCharConsoleMultiWide
  • String ID:
  • API String ID: 977765425-0
  • Opcode ID: 8993c08b424c09152f400d09c4fc73e05a78d1f387b7a61e5612023387887000
  • Instruction ID: 2ece874b8906b401881aacf482d43ad602b9ea2532273a4505ae204c0d81007f
  • Opcode Fuzzy Hash: 8993c08b424c09152f400d09c4fc73e05a78d1f387b7a61e5612023387887000
  • Instruction Fuzzy Hash: EC610462B14A91C9EB00EB35E8001ACB7B0FB08BD8F8441B7DE4E47795EE38D046C728
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: String$_com_issue_error$AllocByte
  • String ID:
  • API String ID: 2035283659-0
  • Opcode ID: a6aa6d66cf6cda6b4e525a1198b598f2e18c30abd582ca1570bef4275610cab6
  • Instruction ID: ed98feb772697eae7bceb7ef052cec20ed84ef9b9d264e997a83b393a8f5251e
  • Opcode Fuzzy Hash: a6aa6d66cf6cda6b4e525a1198b598f2e18c30abd582ca1570bef4275610cab6
  • Instruction Fuzzy Hash: DF318D32A49B42C2EA04EF55A45017CE3F1BF84BD0BD8857BEA1E07395EE3DE4408328
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: String_com_issue_error$AllocFree
  • String ID:
  • API String ID: 3737277060-0
  • Opcode ID: 37edd2ac86a4711eef689488bc6a6070db467b875990af5f63628bcfdaca512c
  • Instruction ID: 0b2ec33abfd57a46db7265d3fe3d4838b618c2505020617694b977270a0be4ed
  • Opcode Fuzzy Hash: 37edd2ac86a4711eef689488bc6a6070db467b875990af5f63628bcfdaca512c
  • Instruction Fuzzy Hash: 4D216D31A49B82C5EE55AF55901027CF3F0AF44BA0FD88576CA5D47785EF3CE4108328
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _set_statfp
  • String ID:
  • API String ID: 1156100317-0
  • Opcode ID: d1d10107198c09c3932fa6673c1dcca8ef673135442fdb47985b5f68ba886dfb
  • Instruction ID: 32a0eaa0426bcfc73c4e412ab7913498099f9b823206e8525308877fc696b487
  • Opcode Fuzzy Hash: d1d10107198c09c3932fa6673c1dcca8ef673135442fdb47985b5f68ba886dfb
  • Instruction Fuzzy Hash: 7011EFA2F4AA03C1F6953A68E84237CC4406F583F2EC446F2F92E467D6BE2CE8414128
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _com_issue_error$AllocFileModuleNameString
  • String ID:
  • API String ID: 2898727575-0
  • Opcode ID: 7d9219cc86a5abb8465721405bd22a3a8fe9bdd57959357b47568b0f8e8e2904
  • Instruction ID: d429476d982e9edd4d204725c4d21d89efd16698eee043be121ffb425b6e9c64
  • Opcode Fuzzy Hash: 7d9219cc86a5abb8465721405bd22a3a8fe9bdd57959357b47568b0f8e8e2904
  • Instruction Fuzzy Hash: 8611D631608B81C2EB60AB10F49836EE2B0EF88794FC44276D6AD077D5EF3DD4448718
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID: -
  • API String ID: 3215553584-2547889144
  • Opcode ID: db15431c9fbe63cda3f92210459d92817616c80e0360e583590dfd8e88d27675
  • Instruction ID: 149fab0f8250f3e61c197d328639b2ea8b7636f6084e7fda32dbaaf67f9cd336
  • Opcode Fuzzy Hash: db15431c9fbe63cda3f92210459d92817616c80e0360e583590dfd8e88d27675
  • Instruction Fuzzy Hash: B9127225E89143E5FBA4BA1590446BCE2B5EB50BE0FC84173D69D437D0DF2CEA91A32C
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID: $*
  • API String ID: 3215553584-3982473090
  • Opcode ID: 40c7e2d1d8628faae6631e67663d9f5171adad079137a667b689ccc3ed8103ac
  • Instruction ID: af935b58c2ba286934ff1b1bfe91d4c0bdcc7608ec8d7d45f1b17cf3d68600b4
  • Opcode Fuzzy Hash: 40c7e2d1d8628faae6631e67663d9f5171adad079137a667b689ccc3ed8103ac
  • Instruction Fuzzy Hash: 5D61617298C242CAE775AE2490443BCFFB0EB05B99FD451B7C64E46399CF2CE449C629
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ByteCharErrorFileLastMultiWideWrite
  • String ID: U
  • API String ID: 2456169464-4171548499
  • Opcode ID: 0e70e004ffe82df463091e58246cda05a18374e3a57dfdd7ba5c5b83e402891f
  • Instruction ID: 8a3e98f5df395b3342dfdd689664ab7f3e082a7b5221cb931e715732a0c79010
  • Opcode Fuzzy Hash: 0e70e004ffe82df463091e58246cda05a18374e3a57dfdd7ba5c5b83e402891f
  • Instruction Fuzzy Hash: 83417E22619A81C2EB20AB25E4457AEE7A1FB887D5FC14072EE4E87794EF3CD446C714
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: AllocFormatLocalMessage
  • String ID: IDispatch error #%d$Unknown error 0x%0lX
  • API String ID: 3960703613-2934499512
  • Opcode ID: a3933c064139a0d04030bf2a9de8d8f16a4338c5370af33dac2912d02e6952e9
  • Instruction ID: 7c371e76994e8fd6e1e51f3b6819e4eca71f12073e806a346c963bb133acd014
  • Opcode Fuzzy Hash: a3933c064139a0d04030bf2a9de8d8f16a4338c5370af33dac2912d02e6952e9
  • Instruction Fuzzy Hash: 1131A222A08A51C1EB109B55F04027EE3B0FB94BE8F984277DB5E03BA4DF7DD8868754
Uniqueness

Uniqueness Score: -1.00%

APIs
    • Part of subcall function 00007FF7D8C88238: __vcrt_getptd_noexit.LIBVCRUNTIME ref: 00007FF7D8C8823C
  • __DestructExceptionObject.LIBVCRUNTIME ref: 00007FF7D8C8761A
  • RaiseException.KERNEL32 ref: 00007FF7D8C87643
  • __DestructExceptionObject.LIBVCRUNTIME ref: 00007FF7D8C876A4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Exception$DestructObject$Raise__vcrt_getptd_noexit
  • String ID: csm
  • API String ID: 2280078643-1018135373
  • Opcode ID: 583de3535995d2fd4e2ac11e70df382c345585ac47da5996e2d3b17e0f8a3345
  • Instruction ID: be2a167ccb10d216ab5086a1c84fd7bc26cdaa08dfcbb9f3cd951c192c9b6783
  • Opcode Fuzzy Hash: 583de3535995d2fd4e2ac11e70df382c345585ac47da5996e2d3b17e0f8a3345
  • Instruction Fuzzy Hash: FC214B76648642C2E630AB16E04066EF770FB85BA1FC00276DE8D07795DF3CE882CB14
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
  • String ID:
  • API String ID: 4141327611-0
  • Opcode ID: 8d5fbc90452499b96f063e5f5ab13c794b193b24a3e2a84fa0ccf098661dd900
  • Instruction ID: d86e61cb48b65967b670d6c51294fbda3fb833eb5bc614d516483b83959394c5
  • Opcode Fuzzy Hash: 8d5fbc90452499b96f063e5f5ab13c794b193b24a3e2a84fa0ccf098661dd900
  • Instruction Fuzzy Hash: D4419232A48682C6FB69AA51A04037DF6B0AF84BD0FD441B6DA9D07BD5DF2CD8418728
Uniqueness

Uniqueness Score: -1.00%

APIs
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo_noreturn
  • String ID:
  • API String ID: 3668304517-0
  • Opcode ID: c21fe0945e57f91daf9cb8f90dbade8e8945f8339e91eb6f1cd8399c7f465459
  • Instruction ID: 48f1ea390bd8409b4dadf73f52df993493fd875121180036c8440a690116cc1a
  • Opcode Fuzzy Hash: c21fe0945e57f91daf9cb8f90dbade8e8945f8339e91eb6f1cd8399c7f465459
  • Instruction Fuzzy Hash: ADF0C831A5575BC9FE48FAB4E0587BDD2A09F0A7C0FD04877C65D41781EF2C90808228
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID: *
  • API String ID: 3215553584-163128923
  • Opcode ID: 0233e4d312705db6c57aaf3bd333dacf8b4472cdc2892e02e4889ab0464aeb1e
  • Instruction ID: 1e30dc2f7d824821a811e15c4e08a3e33d581206c35c0cdc6accae91f98277b6
  • Opcode Fuzzy Hash: 0233e4d312705db6c57aaf3bd333dacf8b4472cdc2892e02e4889ab0464aeb1e
  • Instruction Fuzzy Hash: C2817172948611C6D768AF28804413CFFB0EB45B88FD501BBDA0E46399DF39E485CB6D
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID: *
  • API String ID: 3215553584-163128923
  • Opcode ID: 78b42d6cff0cfb32bafc26badac3e6a41f6832a0fa55438c8b4fdd0081c47ddf
  • Instruction ID: 07d84097b795466d34c2125f13035855daa82c766fbdcbb0066be5dca6214019
  • Opcode Fuzzy Hash: 78b42d6cff0cfb32bafc26badac3e6a41f6832a0fa55438c8b4fdd0081c47ddf
  • Instruction Fuzzy Hash: 1B716E72948616C6E768AF28904407DFBB0FB05B88FE411B7DA0F42394DF29D885D77A
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: _invalid_parameter_noinfo
  • String ID: e+000$gfff
  • API String ID: 3215553584-3030954782
  • Opcode ID: cd06c5702038d2f0922052a2755c525f961f1d6f4a447434ef94868a280395b1
  • Instruction ID: 618abf65e23f6370fcb82c0faa169d1c1181f0e9fa09fb8e7e51f5373aa14cdc
  • Opcode Fuzzy Hash: cd06c5702038d2f0922052a2755c525f961f1d6f4a447434ef94868a280395b1
  • Instruction Fuzzy Hash: 61510762B686C1C6E7259F39E44036DEAA1E780BD0FC89273D79C47BD6DE2CE4448714
Uniqueness

Uniqueness Score: -1.00%

APIs
  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7D8C8D03E
    • Part of subcall function 00007FF7D8C8DDB0: HeapFree.KERNEL32(?,?,0000B9E800019856,00007FF7D8C9257E,?,?,?,00007FF7D8C925C3,?,?,?,00007FF7D8C92AE0,?,?,00007FF7D8C8DBCE,00007FF7D8C92A13), ref: 00007FF7D8C8DDC6
    • Part of subcall function 00007FF7D8C8DDB0: GetLastError.KERNEL32(?,?,0000B9E800019856,00007FF7D8C9257E,?,?,?,00007FF7D8C925C3,?,?,?,00007FF7D8C92AE0,?,?,00007FF7D8C8DBCE,00007FF7D8C92A13), ref: 00007FF7D8C8DDD8
  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7D8C8505E), ref: 00007FF7D8C8D05C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
  • String ID: C:\Users\user\Desktop\CVE-2017-0213_x64.exe
  • API String ID: 3580290477-1682872403
  • Opcode ID: e5731a4a9a4b1a4a1f854f78cb757613e670e6a700da3082970079582b9c3053
  • Instruction ID: b72dc2b2f8a1853c9fc0612c5764d2cd204ba8f372cda299d02da9b81a6de1b0
  • Opcode Fuzzy Hash: e5731a4a9a4b1a4a1f854f78cb757613e670e6a700da3082970079582b9c3053
  • Instruction Fuzzy Hash: 9B418B72A48B02C6EB14BF25A9400BDE3A4BF457D4BC441B7EA4E47B95EF3DE4418368
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: CompareStringtry_get_function
  • String ID: CompareStringEx
  • API String ID: 3328479835-2590796910
  • Opcode ID: d1777c9a35b8a33182a43b92f5788630493a9aef107b30ff6413dd45c551bbcf
  • Instruction ID: 4379dfc8225ee1d84a5c4eb8e1bd2e02a9f00de9a77c28a368664262f954c894
  • Opcode Fuzzy Hash: d1777c9a35b8a33182a43b92f5788630493a9aef107b30ff6413dd45c551bbcf
  • Instruction Fuzzy Hash: 43113B36608B81C6D760EB16F4402AAF7A0FB89BC0F9441B6EE8D53B59EF3CD4548B44
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Stringtry_get_function
  • String ID: LCMapStringEx
  • API String ID: 2588686239-3893581201
  • Opcode ID: 4b6be2a8ed27ba589d2d047e00ffd4ac192181aa9f0ffaa4deed7d095443a3e9
  • Instruction ID: 1bf43b3fe1978670b734719b39f7d6c384d044df0009239d5dff54a225e68939
  • Opcode Fuzzy Hash: 4b6be2a8ed27ba589d2d047e00ffd4ac192181aa9f0ffaa4deed7d095443a3e9
  • Instruction Fuzzy Hash: 3D113B36608B81C6D760EB16B4402AEF7A0FB89BC0F944176EE8D43B59EF3CD4448B44
Uniqueness

Uniqueness Score: -1.00%

APIs
  • try_get_function.LIBVCRUNTIME ref: 00007FF7D8C88976
  • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,00007FF7D8C885A8,?,?,00000001,00007FF7D8C881AF,?,?,?,?,00007FF7D8C852EF), ref: 00007FF7D8C8899C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: CountCriticalInitializeSectionSpintry_get_function
  • String ID: InitializeCriticalSectionEx
  • API String ID: 539475747-3084827643
  • Opcode ID: 9d69ab9cf99f18fa3a71c4974d3bd69428b855f13b8eacab1be28ed0fbffc972
  • Instruction ID: c3b6141e48cf89691ced6c916d5a9f18338a5f20aeb960377cbb1a52ef343d94
  • Opcode Fuzzy Hash: 9d69ab9cf99f18fa3a71c4974d3bd69428b855f13b8eacab1be28ed0fbffc972
  • Instruction Fuzzy Hash: A8F06921B19782C1EB10BB46B4400BDE6A0EB88BC0FC440B6EA4D03B19DE3CE446C718
Uniqueness

Uniqueness Score: -1.00%

APIs
  • try_get_function.LIBVCRUNTIME ref: 00007FF7D8C88906
  • TlsSetValue.KERNEL32(?,?,?,00007FF7D8C88339,?,?,?,?,00007FF7D8C881BC,?,?,?,?,00007FF7D8C852EF), ref: 00007FF7D8C88929
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Valuetry_get_function
  • String ID: FlsSetValue
  • API String ID: 738293619-3750699315
  • Opcode ID: f87387c791f75235b64694b12ef96f04941694f4b57c1566cc5ac01c68afc768
  • Instruction ID: 9066322d8d1e326061c14a34bd5b7735f2c241f578b4b10a40720a7d8b536fe6
  • Opcode Fuzzy Hash: f87387c791f75235b64694b12ef96f04941694f4b57c1566cc5ac01c68afc768
  • Instruction Fuzzy Hash: 58F03065A49641C2EA25BB12B4500BDE261EF887D0FC850B7D95D07755DF2CD546C318
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: CountCriticalInitializeSectionSpintry_get_function
  • String ID: InitializeCriticalSectionEx
  • API String ID: 539475747-3084827643
  • Opcode ID: 683fececbf4cfe34f634ae2329b7957db22170177d811f28db484e09f2cdd1a5
  • Instruction ID: a5847b0da03c18e26a79d2d3d3e84a1c54748a57776556236ff4e4b096bcd317
  • Opcode Fuzzy Hash: 683fececbf4cfe34f634ae2329b7957db22170177d811f28db484e09f2cdd1a5
  • Instruction Fuzzy Hash: 32F03A25A18A96D2E714BB52B4400BDE261FF48BC1FC440F7E95E03B55EE3CD859C768
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Valuetry_get_function
  • String ID: FlsGetValue
  • API String ID: 738293619-662576866
  • Opcode ID: 0acb3a749ffdff66b898eb13b9b9e1f75fe5c28a3dd72b203c3a681ab8f64801
  • Instruction ID: 751f9c860c4e13ef876e3a0b5a656c346e16e8eda0ed918a993aeae82961c3c8
  • Opcode Fuzzy Hash: 0acb3a749ffdff66b898eb13b9b9e1f75fe5c28a3dd72b203c3a681ab8f64801
  • Instruction Fuzzy Hash: 55E03060B49646C1EF54BB61A4500BCE221EF443C1FC454B7D51E06796EE3CD44DC718
Uniqueness

Uniqueness Score: -1.00%

APIs
  • try_get_function.LIBVCRUNTIME ref: 00007FF7D8C88856
  • TlsFree.KERNEL32(?,?,?,00007FF7D8C88360,?,?,?,?,00007FF7D8C88342,?,?,?,?,00007FF7D8C881BC), ref: 00007FF7D8C88873
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Freetry_get_function
  • String ID: FlsFree
  • API String ID: 2043475122-3081468905
  • Opcode ID: a9881168c7895085991caf0ab53c12c50a4c0873b7a467d22a1dc8ddf364ae0d
  • Instruction ID: 108cb6bd79dd57c49251c5b016f7839a870b7ecd7422d6ac926170c4c0943091
  • Opcode Fuzzy Hash: a9881168c7895085991caf0ab53c12c50a4c0873b7a467d22a1dc8ddf364ae0d
  • Instruction Fuzzy Hash: EBE03060B59647C1EF54BB61B4901BCE230AF443C1FC410B7D51E06BA1ED3CE858C328
Uniqueness

Uniqueness Score: -1.00%

APIs
  • try_get_function.LIBVCRUNTIME ref: 00007FF7D8C88800
  • TlsAlloc.KERNEL32(?,?,?,00007FF7D8C8831C,?,?,?,?,00007FF7D8C881BC,?,?,?,?,00007FF7D8C852EF), ref: 00007FF7D8C8881C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Alloctry_get_function
  • String ID: FlsAlloc
  • API String ID: 591514613-671089009
  • Opcode ID: 9d14fa2394c9a2bd381ff786640aa785d5b49a189d648b11788e99ba31d15a69
  • Instruction ID: 622daf91da27a75eb0fd4d5c99695afcd13db673c550d575ecaf144850a3a7e7
  • Opcode Fuzzy Hash: 9d14fa2394c9a2bd381ff786640aa785d5b49a189d648b11788e99ba31d15a69
  • Instruction Fuzzy Hash: 32E03950A09646C1EE54BB62B9450FCE260AF087C4FC840B7D92E06B61EE2CE098832C
Uniqueness

Uniqueness Score: -1.00%

APIs
  • try_get_function.LIBVCRUNTIME ref: 00007FF7D8C90315
  • TlsSetValue.KERNEL32(?,?,?,00007FF7D8C8EDA3,?,?,?,00007FF7D8C8CB59,?,?,?,?,00007FF7D8C9642A,?,?,00000000), ref: 00007FF7D8C9032C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: Valuetry_get_function
  • String ID: FlsSetValue
  • API String ID: 738293619-3750699315
  • Opcode ID: d1edf0fe2f894eaee3e9c20770278c488a912f87596cec14aa27f262267c7451
  • Instruction ID: f2903a2d079e57b34f6d2812731571606f49baa48212f0995179a3a09c104e4a
  • Opcode Fuzzy Hash: d1edf0fe2f894eaee3e9c20770278c488a912f87596cec14aa27f262267c7451
  • Instruction Fuzzy Hash: FCE06561A08542D2FB047B55F4400FDE261BF487C1FD840F7D55D06395EE3CD989C268
Uniqueness

Uniqueness Score: -1.00%

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.199302927.00007FF7D8C81000.00000020.00020000.sdmp, Offset: 00007FF7D8C80000, based on PE: true
  • Associated: 00000000.00000002.199298687.00007FF7D8C80000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199317234.00007FF7D8C99000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.199325305.00007FF7D8CA6000.00000004.00020000.sdmp Download File
  • Associated: 00000000.00000002.199329123.00007FF7D8CA8000.00000002.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff7d8c80000_CVE-2017-0213_x64.jbxd
Similarity
  • API ID: DownlevelLocaleName__crttry_get_function
  • String ID: LocaleNameToLCID
  • API String ID: 404522899-2050040251
  • Opcode ID: 9ae5cf6221d918ac8af6538a4cde900562ecade9963ea0b121e86b4a77f3ced8
  • Instruction ID: c94f4268af02e608af5dfba9ced6e6e4b004830c0f2f202c37de06da5f61b595
  • Opcode Fuzzy Hash: 9ae5cf6221d918ac8af6538a4cde900562ecade9963ea0b121e86b4a77f3ced8
  • Instruction Fuzzy Hash: 02E09221A08552E1EB05BB51F4400FDE222AF847C1FD940F3E51E07395FE3CE8848328
Uniqueness

Uniqueness Score: -1.00%