Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report NI License Activator 1.1.exe

Overview

General Information

Sample Name:NI License Activator 1.1.exe
Analysis ID:494150
MD5:4996a8ee6e6d88ec1d84b6a82e3ce8c4
SHA1:c1bf05826cd7b06216fc67321fa6c45231c1ccc6
SHA256:9cff2c27f5540c58601b4615fbdcda506e031b34a4d4afe6dd85993557f861fb
Infos:

Most interesting Screenshot:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Contains functionality to detect sleep reduction / modifications
Uses 32bit PE files
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Found large amount of non-executed APIs
May check if the current machine is a sandbox (GetTickCount - Sleep)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • NI License Activator 1.1.exe (PID: 5380 cmdline: 'C:\Users\user\Desktop\NI License Activator 1.1.exe' MD5: 4996A8EE6E6D88EC1D84B6A82E3CE8C4)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

  • Compliance
  • Spreading
  • Networking
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results
Source: NI License Activator 1.1.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: NI License Activator 1.1.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00DB50D4 FindFirstFileA,FindFirstFileW,0_2_00DB50D4
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E6A1E4 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_wcslen,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__wsopen_s,__fstat32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,0_2_00E6A1E4
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E5D260 FindFirstFileExA,GetLastError,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,_strcpy_s,__invoke_watson,0_2_00E5D260
Source: NI License Activator 1.1.exe, 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmpString found in binary or memory: http://www.sonsivri.com
Source: NI License Activator 1.1.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: NI License Activator 1.1.exe, 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameNI License Activator.exeJ vs NI License Activator 1.1.exe
Source: NI License Activator 1.1.exeBinary or memory string: OriginalFilenameNI License Activator.exeJ vs NI License Activator 1.1.exe
Source: NI License Activator 1.1.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: NI License Activator 1.1.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D43EB00_2_00D43EB0
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D621BB0_2_00D621BB
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D9E2080_2_00D9E208
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00DA93400_2_00DA9340
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D583360_2_00D58336
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D424E00_2_00D424E0
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E254000_2_00E25400
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D5A6340_2_00D5A634
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D867D90_2_00D867D9
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D7A7950_2_00D7A795
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E577B00_2_00E577B0
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E4F7200_2_00E4F720
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D8C7100_2_00D8C710
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: String function: 00E5700E appears 44 times
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00DBD280: DeviceIoControl,0_2_00DBD280
Source: NI License Activator 1.1.exeStatic PE information: Section: UPX1 ZLIB complexity 0.993666116924
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: classification engineClassification label: sus26.evad.winEXE@1/0@0/0
Source: NI License Activator 1.1.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E62115 push ecx; ret 0_2_00E62128
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E5F6E2 push ecx; ret 0_2_00E5F6F5
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D6B20C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00D6B20C
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Malware Analysis System Evasion:

barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00DA553F0_2_00DA553F
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeAPI coverage: 4.8 %
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00DA553F0_2_00DA553F
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00DB50D4 FindFirstFileA,FindFirstFileW,0_2_00DB50D4
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E6A1E4 _wcspbrk,__getdrive,FindFirstFileExW,_wcspbrk,__wfullpath_helper,_wcslen,_IsRootUNCName,GetDriveTypeW,_free,___loctotime32_t,_free,__wsopen_s,__fstat32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime32_t,FindClose,___wdtoxmode,GetLastError,__dosmaperr,FindClose,0_2_00E6A1E4
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E5D260 FindFirstFileExA,GetLastError,___time64_t_from_ft,___time64_t_from_ft,___time64_t_from_ft,_strcpy_s,__invoke_watson,0_2_00E5D260
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D6B20C LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00D6B20C
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E69592 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,RtlAllocateHeap,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_00E69592
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: NI License Activator 1.1.exe, 00000000.00000002.925002092.0000000001C20000.00000002.00020000.sdmpBinary or memory string: Program Manager
Source: NI License Activator 1.1.exe, 00000000.00000002.925002092.0000000001C20000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
Source: NI License Activator 1.1.exe, 00000000.00000002.925002092.0000000001C20000.00000002.00020000.sdmpBinary or memory string: Progman
Source: NI License Activator 1.1.exe, 00000000.00000002.925002092.0000000001C20000.00000002.00020000.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00E6C5ED
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: GetLocaleInfoA,0_2_00E61754
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E6E721 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_00E6E721
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00D44EE0 GetDlgItem,SetWindowPos,DestroyMenu,PostQuitMessage,LoadIconA,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreatePopupMenu,InsertMenuA,LoadBitmapA,DeleteObject,SendDlgItemMessageA,GetVersionExA,ExpandEnvironmentStringsA,SendMessageA,GetDesktopWindow,GetClientRect,GetClientRect,GetWindowRect,SetWindowPos,SetWindowPos,GetClientRect,SetWindowPos,SendMessageA,SendMessageA,SendMessageA,ShellExecuteA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetMenuInfo,SetMenuItemInfoA,GetCursorPos,TrackPopupMenu,SetMenuInfo,SetMenuItemInfoA,GetCursorPos,TrackPopupMenu,0_2_00D44EE0
Source: C:\Users\user\Desktop\NI License Activator 1.1.exeCode function: 0_2_00E58398 GetSystemTimeAsFileTime,__aulldiv,0_2_00E58398

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsNative API1Path InterceptionProcess Injection1Virtualization/Sandbox Evasion1OS Credential DumpingSystem Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemorySecurity Software Discovery12Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerVirtualization/Sandbox Evasion1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information21NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing11LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 494150 Sample: NI License Activator 1.1.exe Startdate: 30/09/2021 Architecture: WINDOWS Score: 26 7 Contains functionality to detect sleep reduction / modifications 2->7 5 NI License Activator 1.1.exe 2->5         started        process3

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
NI License Activator 1.1.exe6%VirustotalBrowse
NI License Activator 1.1.exe6%MetadefenderBrowse
NI License Activator 1.1.exe5%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
0.2.NI License Activator 1.1.exe.d40000.0.unpack100%AviraHEUR/AGEN.1110374Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.sonsivri.com1%VirustotalBrowse
http://www.sonsivri.com0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.sonsivri.comNI License Activator 1.1.exe, 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:33.0.0 White Diamond
Analysis ID:494150
Start date:30.09.2021
Start time:11:29:08
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 46s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:NI License Activator 1.1.exe
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:14
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:SUS
Classification:sus26.evad.winEXE@1/0@0/0
EGA Information:
  • Successful, ratio: 100%
HDC Information:Failed
HCA Information:
  • Successful, ratio: 77%
  • Number of executed functions: 8
  • Number of non-executed functions: 119
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Found application associated with file extension: .exe
Warnings:
  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
  • Excluded IPs from analysis (whitelisted): 13.107.253.254, 13.107.3.254, 52.113.196.254, 20.82.209.183, 20.54.110.249, 40.112.88.60, 23.0.174.185, 23.0.174.200, 20.82.210.154, 23.10.249.43, 23.10.249.26
  • Excluded domains from analysis (whitelisted): s-ring.msedge.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, teams-9999.teams-msedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, t-ring.msedge.net, s-ring.s-9999.s-msedge.net, download.windowsupdate.com.edgesuite.net, t-9999.fb-t-msedge.net, ris.api.iris.microsoft.com, s-9999.s-msedge.net, teams-ring.teams-9999.teams-msedge.net, t-ring.t-9999.t-msedge.net, teams-ring.msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net

Simulations

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Entropy (8bit):7.9261436027069
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.39%
  • UPX compressed Win32 Executable (30571/9) 0.30%
  • Win32 EXE Yoda's Crypter (26571/9) 0.26%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
File name:NI License Activator 1.1.exe
File size:574464
MD5:4996a8ee6e6d88ec1d84b6a82e3ce8c4
SHA1:c1bf05826cd7b06216fc67321fa6c45231c1ccc6
SHA256:9cff2c27f5540c58601b4615fbdcda506e031b34a4d4afe6dd85993557f861fb
SHA512:487809399beb51f19d3f977aa03eccbdfaa94b5666b8f2a892e522f9956ffc23bca57e76ab4b2cf1ff04717c379ac7e1befd6ffbb07ab93ddf14b78fbef46bf5
SSDEEP:12288:dQiYHdcZHnZqUsoP2COHKSYVEuWIRWG98rov1PLVu89EAMn:dQQ5q9ssK3VeIMG98y1PJu8KAMn
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........5.~.f.~.f.~.f..ef.~.f..Pf.~.f..Qf.~.f..hf.~.f.~.f...fJ0cf.~.f.~.fH~.f1a.fK~.f..Tf.~.f..af.~.f..ff.~.fRich.~.f...............

File Icon

Icon Hash:c09894b4f4aea646

Static PE Info

General

Entrypoint:0x5cf380
Entrypoint Section:UPX1
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:0x4D037F3E [Sat Dec 11 13:40:14 2010 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:5
OS Version Minor:1
File Version Major:5
File Version Minor:1
Subsystem Version Major:5
Subsystem Version Minor:1
Import Hash:d79b2e0ed734a3fff9dca7f276233181
Instruction
pushad
mov esi, 00546000h
lea edi, dword ptr [esi-00145000h]
push edi
or ebp, FFFFFFFFh
jmp 00007F6D74E46982h
nop
nop
nop
nop
nop
nop
mov al, byte ptr [esi]
inc esi
mov byte ptr [edi], al
inc edi
add ebx, ebx
jne 00007F6D74E46979h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007F6D74E4695Fh
mov eax, 00000001h
add ebx, ebx
jne 00007F6D74E46979h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc eax, eax
add ebx, ebx
jnc 00007F6D74E4697Dh
jne 00007F6D74E4699Ah
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007F6D74E46991h
dec eax
add ebx, ebx
jne 00007F6D74E46979h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc eax, eax
jmp 00007F6D74E46946h
add ebx, ebx
jne 00007F6D74E46979h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
jmp 00007F6D74E469C4h
xor ecx, ecx
sub eax, 03h
jc 00007F6D74E46983h
shl eax, 08h
mov al, byte ptr [esi]
inc esi
xor eax, FFFFFFFFh
je 00007F6D74E469E7h
sar eax, 1
mov ebp, eax
jmp 00007F6D74E4697Dh
add ebx, ebx
jne 00007F6D74E46979h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007F6D74E4693Eh
inc ecx
add ebx, ebx
jne 00007F6D74E46979h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jc 00007F6D74E46930h
add ebx, ebx
jne 00007F6D74E46979h
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
adc ecx, ecx
add ebx, ebx
jnc 00007F6D74E46961h
jne 00007F6D74E4697Bh
mov ebx, dword ptr [esi]
sub esi, FFFFFFFCh
adc ebx, ebx
jnc 00007F6D74E46956h
add ecx, 02h
cmp ebp, FFFFFB00h
adc ecx, 02h
lea edx, dword ptr [eax+eax]
Programming Language:
  • [LNK] VS2010 build 30319
  • [ C ] VS98 (6.0) build 8168
  • [ASM] VS2010 build 30319
  • [ C ] VS2010 build 30319
  • [C++] VS2010 build 30319
  • [RES] VS2010 build 30319
  • [IMP] VS2008 SP1 build 30729
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x1d273c0x274.rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d00000x273c.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x1d29b00xc.rsrc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x00x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
UPX00x10000x1450000x0False0empty0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
UPX10x1460000x8a0000x89600False0.993666116924data7.94096922371IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc0x1d00000x30000x2a00False0.306733630952data4.71495372309IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountry
RT_BITMAP0x1af3280x6028dataEnglishGreat Britain
RT_ICON0x1d032c0x568GLS_BINARY_LSB_FIRSTEnglishGreat Britain
RT_ICON0x1d08980x368GLS_BINARY_LSB_FIRSTEnglishGreat Britain
RT_ICON0x1d0c040x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 16776176, next used block 10526884EnglishGreat Britain
RT_ICON0x1d14b00xca8dBase IV DBT of @.DBF, block length 3072, next free block index 40, next free block 1097896257, next used block 2436984977EnglishGreat Britain
RT_MENU0x1b71700x32dataEnglishGreat Britain
RT_MENU0x1b71a40x110dataEnglishGreat Britain
RT_DIALOG0x1b72b40xacdataEnglishGreat Britain
RT_DIALOG0x1b73600x80dataEnglishGreat Britain
RT_DIALOG0x1b73e00x184dataEnglishGreat Britain
RT_GROUP_ICON0x1d215c0x3edataEnglishGreat Britain
RT_VERSION0x1d21a00x328dataEnglishGreat Britain
RT_MANIFEST0x1d24cc0x26eASCII text, with CRLF line terminatorsEnglishUnited States
DLLImport
KERNEL32.DLLLoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
ADVAPI32.dllRegCloseKey
COMCTL32.dll
COMDLG32.dllGetOpenFileNameA
GDI32.dllCreateFontA
NETAPI32.dllNetbios
ole32.dllCoInitialize
SHELL32.dllShellExecuteA
USER32.dllSetFocus
WSOCK32.dllhtonl
DescriptionData
LegalCopyrightCopyright (C) 2010 Top
InternalNameNI License Activator.exe
FileVersion1.1.0.0
CompanyNamewww.sonsivri.com
ProductNameNI License Activator
ProductVersion1.1.0.0
FileDescriptionNI License Activator
OriginalFilenameNI License Activator.exe
Translation0x0809 0x04b0

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishGreat Britain
EnglishUnited States

Network Behavior

Download Network PCAP: filteredfull

TimestampSource PortDest PortSource IPDest IP
Sep 30, 2021 11:30:19.067550898 CEST5453153192.168.2.48.8.8.8
Sep 30, 2021 11:30:19.088700056 CEST53545318.8.8.8192.168.2.4
Sep 30, 2021 11:30:19.491703033 CEST4971453192.168.2.48.8.8.8
Sep 30, 2021 11:30:19.504646063 CEST53497148.8.8.8192.168.2.4
Sep 30, 2021 11:30:20.918378115 CEST5802853192.168.2.48.8.8.8
Sep 30, 2021 11:30:20.932174921 CEST53580288.8.8.8192.168.2.4
Sep 30, 2021 11:30:27.002650023 CEST5309753192.168.2.48.8.8.8
Sep 30, 2021 11:30:27.016304970 CEST53530978.8.8.8192.168.2.4
Sep 30, 2021 11:30:45.875773907 CEST4925753192.168.2.48.8.8.8
Sep 30, 2021 11:30:45.960896015 CEST53492578.8.8.8192.168.2.4
Sep 30, 2021 11:30:46.354562044 CEST6238953192.168.2.48.8.8.8
Sep 30, 2021 11:30:46.385173082 CEST53623898.8.8.8192.168.2.4
Sep 30, 2021 11:30:46.413266897 CEST4991053192.168.2.48.8.8.8
Sep 30, 2021 11:30:46.495412111 CEST53499108.8.8.8192.168.2.4
Sep 30, 2021 11:30:46.974106073 CEST5585453192.168.2.48.8.8.8
Sep 30, 2021 11:30:46.988001108 CEST53558548.8.8.8192.168.2.4
Sep 30, 2021 11:30:47.343030930 CEST6454953192.168.2.48.8.8.8
Sep 30, 2021 11:30:47.356249094 CEST53645498.8.8.8192.168.2.4
Sep 30, 2021 11:30:47.837497950 CEST6315353192.168.2.48.8.8.8
Sep 30, 2021 11:30:47.852705002 CEST53631538.8.8.8192.168.2.4
Sep 30, 2021 11:30:48.236336946 CEST5299153192.168.2.48.8.8.8
Sep 30, 2021 11:30:48.248943090 CEST53529918.8.8.8192.168.2.4
Sep 30, 2021 11:30:48.334547997 CEST5370053192.168.2.48.8.8.8
Sep 30, 2021 11:30:48.355341911 CEST53537008.8.8.8192.168.2.4
Sep 30, 2021 11:30:48.763148069 CEST5172653192.168.2.48.8.8.8
Sep 30, 2021 11:30:48.872308969 CEST53517268.8.8.8192.168.2.4
Sep 30, 2021 11:30:49.841659069 CEST5679453192.168.2.48.8.8.8
Sep 30, 2021 11:30:49.911953926 CEST53567948.8.8.8192.168.2.4
Sep 30, 2021 11:30:50.647990942 CEST5653453192.168.2.48.8.8.8
Sep 30, 2021 11:30:50.661669970 CEST53565348.8.8.8192.168.2.4
Sep 30, 2021 11:30:51.129290104 CEST5662753192.168.2.48.8.8.8
Sep 30, 2021 11:30:51.201580048 CEST53566278.8.8.8192.168.2.4
Sep 30, 2021 11:31:02.621279001 CEST5662153192.168.2.48.8.8.8
Sep 30, 2021 11:31:02.625509024 CEST6311653192.168.2.48.8.8.8
Sep 30, 2021 11:31:02.654305935 CEST53631168.8.8.8192.168.2.4
Sep 30, 2021 11:31:02.655036926 CEST53566218.8.8.8192.168.2.4
Sep 30, 2021 11:31:05.767478943 CEST6407853192.168.2.48.8.8.8
Sep 30, 2021 11:31:05.787758112 CEST53640788.8.8.8192.168.2.4
Sep 30, 2021 11:31:37.480890989 CEST6480153192.168.2.48.8.8.8
Sep 30, 2021 11:31:37.494092941 CEST53648018.8.8.8192.168.2.4
Sep 30, 2021 11:31:38.368653059 CEST6172153192.168.2.48.8.8.8
Sep 30, 2021 11:31:38.401387930 CEST53617218.8.8.8192.168.2.4
Sep 30, 2021 11:32:10.768266916 CEST5125553192.168.2.48.8.8.8
Sep 30, 2021 11:32:10.794362068 CEST53512558.8.8.8192.168.2.4

Code Manipulations

Statistics

CPU Usage

050100s020406080100

Click to jump to process

Memory Usage

050100s0.0051015MB

Click to jump to process

System Behavior

Analysis Process: NI License Activator 1.1.exe PID: 5380 Parent PID: 6480

Function Logs

General

Start time:11:30:02
Start date:30/09/2021
Path:C:\Users\user\Desktop\NI License Activator 1.1.exe
Wow64 process (32bit):true
Commandline:'C:\Users\user\Desktop\NI License Activator 1.1.exe'
Imagebase:0xd40000
File size:574464 bytes
MD5 hash:4996A8EE6E6D88EC1D84B6A82E3CE8C4
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

Show Windows behavior

System Activities

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Show Windows behavior

LPC Port Activities

Disassembly

Code Analysis

Analysis Process: NI License Activator 1.1.exe PID: 5380 Parent PID: 6480 NI License Activator 1.1.exeCOMMON

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:0.6%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:26.7%
Total number of Nodes:266
Total number of Limit Nodes:9

Graph

Show Legend
Hide Nodes/Edges
execution_graph 26139 e6b0e5 50 API calls __mbctolower_l 26142 d744d3 59 API calls _memmove 26247 d415d0 32 API calls _free 26144 e700e1 33 API calls 2 library calls 26249 d6a7d0 __localtime64 _swscanf GetSystemTimeAsFileTime __aulldiv 26145 d9a4d0 8 API calls 26250 e6c5ed GetLocaleInfoW GetLocaleInfoW GetACP __tzset_nolock 26147 db50d4 FindFirstFileA FindFirstFileW 26079 e41df0 26080 e41dfc GetFileAttributesA 26079->26080 26081 e41dfa 26079->26081 26082 e41e94 26080->26082 26083 e41e0c 26080->26083 26081->26080 26087 e422a0 6 API calls std::locale::_Init 26083->26087 26085 e41e12 GetLastError 26086 e41e29 26085->26086 26087->26085 26148 e420f0 8 API calls 26149 e464f0 43 API calls 2 library calls 26150 e540f0 48 API calls 3 library calls 26151 e522f0 48 API calls 26152 d722c0 44 API calls 3 library calls 26153 d7a6c0 71 API calls 26154 dad0c0 55 API calls _sprintf 26155 e6a6fc 48 API calls 2 library calls 26156 d9f0c2 13 API calls 2 library calls 26253 d7c5cb 68 API calls _memmove 26254 d6a3c9 40 API calls 2 library calls 26255 e5b7c1 45 API calls 2 library calls 26256 e687c2 51 API calls 4 library calls 26159 d7c6f0 _memcmp _swscanf __tzset_nolock __setjmp3 26160 db52f2 FindNextFileA FindNextFileW 26121 e645cd RtlEncodePointer 26161 dbe2f0 46 API calls 4 library calls 26257 db65f6 40 API calls 4 library calls 26258 e5d7cb 37 API calls 3 library calls 26260 e647d4 43 API calls 5 library calls 26162 d752e4 _strncmp _strncmp _strncmp _strncmp __setjmp3 26163 d9f4ea WSAGetLastError ioctlsocket 25963 d44ee0 25964 d44f51 25963->25964 25965 d44f2f 25963->25965 25967 d44f60 25964->25967 25968 d4500c 25964->25968 26005 e57dbc 25965->26005 25971 d44f6b 25967->25971 25977 d44f70 25967->25977 25992 d44faf 25967->25992 25969 d45664 25968->25969 25970 d45015 25968->25970 25969->25977 25978 d45737 SendMessageA 25969->25978 25979 d4567b 25969->25979 25972 d453df LoadIconA 25970->25972 25970->25977 25976 d44f85 GetDlgItem SetWindowPos 25971->25976 25971->25977 25974 d453fc SendMessageA SendMessageA 25972->25974 25975 d45418 GetDlgItem CreatePopupMenu InsertMenuA LoadBitmapA 25972->25975 25973 d44fdf DestroyMenu PostQuitMessage 25973->25977 25974->25975 25985 d4546d DeleteObject SendDlgItemMessageA GetVersionExA 25975->25985 25976->25977 25981 d45754 SendMessageA 25978->25981 25982 d45767 SendMessageA 25978->25982 25979->25977 25980 d45687 SendMessageA 25979->25980 25986 d456a2 SendMessageA 25980->25986 25989 d456b3 25980->25989 25981->25982 25983 d45784 SetMenuInfo SetMenuItemInfoA GetCursorPos TrackPopupMenu 25982->25983 25984 d4581e 25982->25984 25983->25977 25984->25977 25987 d45850 SetMenuInfo 25984->25987 26000 d456ed 25984->26000 25993 d454c9 ExpandEnvironmentStringsA 25985->25993 25986->25989 25990 d458a3 SetMenuItemInfoA GetCursorPos TrackPopupMenu 25987->25990 25991 d4589b 25987->25991 25989->25977 25989->26000 26050 d4a620 44 API calls std::_Xinvalid_argument 25989->26050 25990->25977 25991->25990 25992->25973 26008 d4a530 25993->26008 25996 d45707 ShellExecuteA 25996->26000 26000->25977 26002 d4552c 26003 d45577 7 API calls 26002->26003 26004 d4554c 26002->26004 26003->25977 26004->26002 26004->26003 26051 e57d80 26005->26051 26007 e57dc9 26007->25964 26014 d4a53f 26008->26014 26009 d4550e 26015 d43eb0 GetDlgItem GetDlgItem SendMessageA 26009->26015 26010 d4a609 26069 e4175a std::exception::exception RaiseException __CxxThrowException@8 26010->26069 26012 d4a613 26014->26009 26014->26010 26068 d49370 43 API calls 3 library calls 26014->26068 26016 d43f54 26015->26016 26017 d448e4 26016->26017 26018 d43f5f 26016->26018 26070 d43df0 26017->26070 26074 d46290 44 API calls 26018->26074 26020 d43f67 26021 d43df0 2 API calls 26020->26021 26023 d43f7b 26021->26023 26075 d4b640 43 API calls std::locale::_Init 26023->26075 26025 d44919 26025->26002 26026 d447b0 SendMessageA 26027 d44874 SendMessageA SendMessageA 26026->26027 26036 d447d9 26026->26036 26033 d448b0 26027->26033 26028 d447e0 SendMessageA 26029 d44813 SendMessageA 26028->26029 26030 d447f8 SendMessageA SendMessageA 26028->26030 26029->26036 26030->26029 26031 d446b2 26031->26026 26034 d44738 26031->26034 26035 d4473b _strcpy_s SendMessageA 26031->26035 26032 d4486e 26032->26027 26033->26025 26034->26035 26037 d4479c 26035->26037 26036->26028 26036->26032 26037->26026 26038 d43260 44 API calls 26044 d43fb0 26038->26044 26039 e583e9 42 API calls std::locale::_Init 26039->26044 26040 d44485 _strcpy_s SendMessageA 26048 d44409 26040->26048 26041 d43df0 2 API calls 26041->26044 26044->26031 26044->26038 26044->26039 26044->26041 26044->26048 26076 d48590 44 API calls std::_Xinvalid_argument 26044->26076 26077 d48590 44 API calls std::_Xinvalid_argument 26044->26077 26045 d4452b _strcpy_s SendMessageA 26045->26048 26046 d446a8 26078 e4175a std::exception::exception RaiseException __CxxThrowException@8 26046->26078 26048->26040 26048->26044 26048->26045 26048->26046 26049 d49680 44 API calls 26048->26049 26049->26048 26050->25996 26052 e57d8c __initptd 26051->26052 26055 e57c99 RtlDecodePointer RtlDecodePointer 26052->26055 26054 e57d9d __initptd 26054->26007 26056 e57d48 26055->26056 26057 e57cc7 26055->26057 26056->26054 26057->26056 26058 e57d2b RtlEncodePointer RtlEncodePointer 26057->26058 26059 e57cf4 26057->26059 26060 e57d03 26057->26060 26058->26056 26066 e616b4 Sleep 26059->26066 26060->26056 26062 e57cfd 26060->26062 26062->26060 26064 e57d19 RtlEncodePointer 26062->26064 26067 e616b4 Sleep 26062->26067 26064->26058 26065 e57d13 26065->26056 26065->26064 26066->26062 26067->26065 26068->26014 26069->26012 26071 d43e04 26070->26071 26072 d43e15 _strcpy_s SendMessageA 26071->26072 26073 d43e5e 26072->26073 26073->26025 26074->26020 26075->26044 26076->26048 26077->26048 26078->26031 26164 d424e0 84 API calls 26165 e456d0 std::exception::exception RaiseException std::_Xinvalid_argument 26261 d485e0 std::exception::exception std::exception::exception std::exception::exception RaiseException 26166 d532e3 _memset _memmove 26168 d8a6e5 _strncmp _invalid_parameter 26264 d6c19e 36 API calls 26265 db3390 34 API calls __beginthread 26173 d93695 94 API calls 5 library calls 26267 d57599 52 API calls __ftelli64_nolock 26174 daf297 GetSystemTimeAsFileTime __aulldiv __time32 26175 d86695 _swscanf 26176 d9c096 inet_addr __isctype_l _invalid_parameter __tzset_nolock _memmove 26177 d5d487 58 API calls 4 library calls 26268 da5189 56 API calls 3 library calls 26088 d45980 26089 d459aa CreateDialogParamA ShowWindow GetMessageA 26088->26089 26090 d45a17 26089->26090 26091 d459dd 26089->26091 26092 d45a22 26091->26092 26093 d459e8 IsDialogMessage 26091->26093 26094 d45a07 KiUserCallbackDispatcher 26093->26094 26095 d459f3 TranslateMessage DispatchMessageA 26093->26095 26094->26090 26094->26091 26095->26094 26178 d4c680 RaiseException __CxxThrowException@8 26181 d9628c _memset _memcmp 26270 d9d783 RegSetValueExA RegSetValueExA 26271 e6b1bd 45 API calls __mbspbrk_l 26183 d632b2 67 API calls 26184 d414b0 __Tolower 26272 d491b0 45 API calls std::_Xinvalid_argument 26186 d562b2 53 API calls 4 library calls 26274 d741be 57 API calls 26187 dba4b0 GetVersion 26275 db81b0 GetPrivateProfileStringA 26276 dbc5b0 GetTickCount 26189 d6c4ba 36 API calls 26277 d545b9 58 API calls _invalid_parameter 26190 e66092 RtlLeaveCriticalSection __wdupenv_s 26191 d422a0 100 API calls 26280 e69592 43 API calls 3 library calls 26281 d4b7a0 68 API calls 2 library calls 26284 d5e1a0 121 API calls __setjmp3 26192 e64091 __unlock_fhandle 26285 d577ac _memset _memset _memset _invalid_parameter __ftelli64_nolock 26193 e6849c 54 API calls 8 library calls 26286 da37a0 GetDriveTypeA GetVolumeInformationA _invalid_parameter 26195 e64099 36 API calls 4 library calls 26196 d6c054 63 API calls 26197 d8625a 59 API calls 26288 d52756 11 API calls _memmove 26198 d47450 _setvbuf 26201 d48650 std::_Lockit::_Lockit std::_Lockit::_Lockit 26289 d9b150 59 API calls 26202 e5b06f 34 API calls 3 library calls 26205 e6906d 44 API calls __isleadbyte_l 26122 e61668 26124 e61671 26122->26124 26125 e616ae 26124->26125 26126 e6168f Sleep 26124->26126 26128 e665c2 26124->26128 26127 e616a4 26126->26127 26127->26124 26127->26125 26129 e665ce 26128->26129 26135 e665e9 26128->26135 26130 e665da 26129->26130 26129->26135 26137 e5956d 32 API calls __getptd_noexit 26130->26137 26132 e665fc RtlAllocateHeap 26132->26135 26136 e66623 26132->26136 26133 e665df 26133->26124 26135->26132 26135->26136 26138 e65007 RtlDecodePointer 26135->26138 26136->26124 26137->26133 26138->26135 26291 d9274a char_traits 26206 d6c043 37 API calls __close 26292 e5e370 38 API calls 3 library calls 26293 d5354f 107 API calls 4 library calls 26209 db8440 GetPrivateProfileIntA 26210 d96442 _rand GetSystemTimeAsFileTime __aulldiv __time32 26295 d6e149 37 API calls 3 library calls 26212 d42070 103 API calls 26213 d47270 42 API calls 26296 d4c370 64 API calls std::locale::_Init 26215 d9a07c 51 API calls 26216 d68470 6 API calls __setjmp3 26299 d6c37c 34 API calls 26300 e69748 42 API calls 6 library calls 26301 e5a74b 54 API calls 5 library calls 26218 d8b677 34 API calls __CrtDbgReportV 26220 d68061 66 API calls __setjmp3 26304 d9f56e 34 API calls 26221 d9c663 33 API calls 3 library calls 26222 d4c010 80 API calls 26305 d41310 std::_Lockit::_Lockit 26096 e61623 26099 e6162c 26096->26099 26098 e61662 26099->26098 26100 e61643 Sleep 26099->26100 26102 e59bee 26099->26102 26101 e61658 26100->26101 26101->26098 26101->26099 26103 e59c6b 26102->26103 26107 e59bfc 26102->26107 26119 e65007 RtlDecodePointer 26103->26119 26105 e59c07 __FF_MSGBANNER __NMSG_WRITE 26105->26107 26106 e59c71 26120 e5956d 32 API calls __getptd_noexit 26106->26120 26107->26105 26109 e59c2a RtlAllocateHeap 26107->26109 26110 e59c57 26107->26110 26113 e59c55 26107->26113 26116 e65007 RtlDecodePointer 26107->26116 26109->26107 26115 e59c63 26109->26115 26117 e5956d 32 API calls __getptd_noexit 26110->26117 26118 e5956d 32 API calls __getptd_noexit 26113->26118 26115->26099 26116->26107 26117->26113 26118->26115 26119->26106 26120->26115 26224 d77011 65 API calls 26307 e6e721 51 API calls 8 library calls 26308 d8c710 80 API calls 6 library calls 26225 e5a02c 36 API calls 7 library calls 26226 d7e21a __CrtDbgReportV _strlen 26310 e5a734 42 API calls __wfsopen 26227 d46200 44 API calls 26228 d4c600 42 API calls std::locale::_Init 26311 d41500 __Toupper 26312 d49700 48 API calls _strcspn 26231 d8020f 65 API calls 26313 dbd300 CreateFileA CreateFileA DeviceIoControl DeviceIoControl CloseHandle 26315 d57735 51 API calls _sprintf 26316 d55137 12 API calls 26233 d55236 70 API calls 2 library calls 26317 d58336 53 API calls 4 library calls 26235 d6e033 37 API calls _fseek 26236 d9e630 __localtime64 26237 d7523d _strncmp _strncmp __setjmp3 26238 db502a FindClose FindClose 26239 d5a426 _calloc 26243 da8620 58 API calls 3 library calls 26244 d7a02b __isctype_l 26319 daf127 _memset _swscanf

Executed Functions

Download Yara Rule

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 0 d44ee0-d44f2d 1 d44f54-d44f5a 0->1 2 d44f2f-d44f4c call e57dbc 0->2 4 d44f60 1->4 5 d4500c-d4500f 1->5 6 d44f51 2->6 7 d44f66-d44f69 4->7 8 d44ff9-d45007 4->8 9 d45664-d4566c 5->9 10 d45015-d4501a 5->10 6->1 11 d44faf-d44fbb 7->11 12 d44f6b-d44f6e 7->12 15 d45929 8->15 13 d45672-d45675 9->13 14 d458ed-d458fa 9->14 16 d45020-d45021 10->16 17 d453df-d453fa LoadIconA 10->17 18 d44fbd 11->18 19 d44fdf-d44ff4 DestroyMenu PostQuitMessage 11->19 24 d44f85-d44faa GetDlgItem SetWindowPos 12->24 25 d44f70-d44f73 12->25 26 d45737-d45752 SendMessageA 13->26 27 d4567b-d4567e 13->27 14->15 23 d458fc-d458ff 14->23 20 d4592e-d45951 call e56d3a 15->20 28 d45027-d45033 16->28 29 d45680-d45682 16->29 21 d453fc-d45416 SendMessageA * 2 17->21 22 d45418-d454c7 GetDlgItem CreatePopupMenu InsertMenuA LoadBitmapA DeleteObject SendDlgItemMessageA GetVersionExA 17->22 31 d44fc0-d44fc4 18->31 19->15 21->22 66 d454d0 22->66 67 d454c9-d454ce 22->67 33 d45900-d45908 23->33 24->15 25->29 34 d44f79-d44f80 25->34 36 d45754-d45765 SendMessageA 26->36 37 d45767-d4577e SendMessageA 26->37 27->29 35 d45687-d456a0 SendMessageA 27->35 28->29 30 d45039 28->30 29->20 30->17 40 d44fd4-d44fdd 31->40 41 d44fc6-d44fd1 call d41e10 call e57fcb 31->41 44 d45913-d4591f 33->44 45 d4590a-d4590f 33->45 34->15 46 d456a2-d456b1 SendMessageA 35->46 47 d456b3-d456c1 35->47 36->37 38 d45784-d45819 SetMenuInfo SetMenuItemInfoA GetCursorPos TrackPopupMenu 37->38 39 d4581e-d4582c 37->39 38->15 39->15 49 d45832-d4583a 39->49 40->19 40->31 41->40 52 d45926 44->52 53 d45921 44->53 45->33 51 d45911 45->51 46->47 47->15 48 d456c7 47->48 55 d456d0-d456d8 48->55 56 d45850-d45899 SetMenuInfo 49->56 57 d4583c-d45842 49->57 51->15 52->15 53->52 60 d456f2-d4570b call d4a620 55->60 61 d456da-d456e0 55->61 63 d458a3-d458eb SetMenuItemInfoA GetCursorPos TrackPopupMenu 56->63 64 d4589b 56->64 57->56 62 d45844-d45849 57->62 76 d4570d 60->76 77 d4570f-d45732 ShellExecuteA call d46260 60->77 61->15 68 d456e6-d456eb 61->68 62->49 69 d4584b 62->69 63->15 64->63 72 d454d5-d45527 ExpandEnvironmentStringsA call d4a530 call d43eb0 66->72 67->72 68->55 73 d456ed 68->73 69->15 82 d4552c-d45544 call d475b0 72->82 73->15 76->77 77->15 85 d45546-d45547 call e57fcb 82->85 86 d4554f-d45565 82->86 90 d4554c 85->90 88 d45577-d4565f SendMessageA GetDesktopWindow GetClientRect GetWindowRect SetWindowPos GetClientRect SetWindowPos 86->88 89 d45567-d45574 call e57fcb 86->89 88->15 89->88 90->86
APIs
  • GetDlgItem.USER32(?,000003E9), ref: 00D44F9D
  • SetWindowPos.USER32(00000000,?,?,00000004,E739FF75), ref: 00D44FA4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: ItemWindow
  • String ID: %ProgramData%\National Instruments\License Manager\Licenses$%ProgramFiles%\National Instruments\Shared\License Manager\Licenses$0$0$@$@$Activate...$C:\ProgramData\National Instruments\License Manager\Licenses$Deactivate...$Open License Folder...$Right-click to activate$Right-click to deactivate$c:\windows\notepad.exe$open
  • API String ID: 1669990519-397551973
  • Opcode ID: 96b059e6a6d9f372e01164abd48c2076fe2dd37b65ae26baf77147ae1f1f3315
  • Instruction ID: 095a81683f700539e7466827f5ed116a6d00defc89912b26fa62dc5ae57a4ac5
  • Opcode Fuzzy Hash: 96b059e6a6d9f372e01164abd48c2076fe2dd37b65ae26baf77147ae1f1f3315
  • Instruction Fuzzy Hash: E302E170644785EFE724CF29EC89F6B77A4BB44B10F044A1DF649AB2D1DB70A848CB61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • GetDlgItem.USER32(?,000003E9), ref: 00D43F2D
  • GetDlgItem.USER32(?,000003E9), ref: 00D43F44
  • _strcpy_s.LIBCMT ref: 00D4448F
  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00D444DB
  • _strcpy_s.LIBCMT ref: 00D44532
  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00D4457D
  • std::_Xinvalid_argument.LIBCPMT ref: 00D446AD
    • Part of subcall function 00D48590: std::_Xinvalid_argument.LIBCPMT ref: 00D485A9
  • _strcpy_s.LIBCMT ref: 00D44742
  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00D44790
  • SendMessageA.USER32(?,00001102,00000002,?), ref: 00D447C5
  • SendMessageA.USER32(?,00001102,00000002), ref: 00D447ED
  • SendMessageA.USER32(?,00001102,00000002,?), ref: 00D44801
  • SendMessageA.USER32(?,00001113,00000001,?), ref: 00D44811
  • SendMessageA.USER32(?,00001113,00000001), ref: 00D44820
  • SendMessageA.USER32(?,00001113,00000001,?), ref: 00D44880
  • SendMessageA.USER32(?,0000110B,00000009,?), ref: 00D4488E
  • SendMessageA.USER32(00000000,?,000003E9,00001101), ref: 00D43F47
    • Part of subcall function 00D43DF0: _strcpy_s.LIBCMT ref: 00D43E1C
    • Part of subcall function 00D43DF0: SendMessageA.USER32(?,00001100,00000000,?), ref: 00D43E50
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: MessageSend$_strcpy_s$ItemXinvalid_argumentstd::_
  • String ID: #$.lc$.lic$LabVIEW$Modules$Multisim$No Licenses Found$Right-click to open license folder$Toolkits$Ultiboard$nilm$vector<T> too long
  • API String ID: 1421272713-303924008
  • Opcode ID: a3c6d7c70c4ca092a42cf7495b8fcd3c133a24fecdedaa571b49e10ae8720ba3
  • Instruction ID: ad9ea684d64fef618ef5c6d0afa90722e0ea5b90886dd4d0ef0237938d5f6b25
  • Opcode Fuzzy Hash: a3c6d7c70c4ca092a42cf7495b8fcd3c133a24fecdedaa571b49e10ae8720ba3
  • Instruction Fuzzy Hash: F662D071E002149BDF24DF68D881BAEB7B5AF45300F1485A9E949B7382DB709D85CFB1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 380 d45980-d459db CreateDialogParamA ShowWindow GetMessageA 382 d45a17-d45a1f 380->382 383 d459dd 380->383 384 d459e3-d459e6 383->384 385 d45a22-d45a2b 384->385 386 d459e8-d459f1 IsDialogMessage 384->386 387 d45a07-d45a15 KiUserCallbackDispatcher 386->387 388 d459f3-d45a01 TranslateMessage DispatchMessageA 386->388 387->382 387->384 388->387
APIs
  • CreateDialogParamA.USER32(?,00000065,00000000,Function_00004EE0,00000000), ref: 00D459B6
  • ShowWindow.USER32(00000000,00000005), ref: 00D459C1
  • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00D459D7
  • IsDialogMessage.USER32(00000000,?), ref: 00D459ED
  • TranslateMessage.USER32(?), ref: 00D459F7
  • DispatchMessageA.USER32(?), ref: 00D45A01
  • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00D45A11
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Message$Dialog$CallbackCreateDispatchDispatcherParamShowTranslateUserWindow
  • String ID:
  • API String ID: 4262919457-0
  • Opcode ID: 22a2ff6ce7f0cfd977826c38b736a59853e4af16f6af7ff037698402aefcb474
  • Instruction ID: 6eb90516d1abcb94b05d63657c57a72ab2ad5b657579e413dc396f83ba89939f
  • Opcode Fuzzy Hash: 22a2ff6ce7f0cfd977826c38b736a59853e4af16f6af7ff037698402aefcb474
  • Instruction Fuzzy Hash: 4C11B9726407087FD710DBA9ED49FDE73A8AB58B21F100255F604F61C0EB71AD498BB0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 389 d43df0-d43e0d call e419e5 392 d43e13 389->392 393 d43e0f-d43e11 389->393 394 d43e15-d43e59 _strcpy_s SendMessageA call e57f04 392->394 393->394 396 d43e5e-d43e68 394->396
APIs
  • _strcpy_s.LIBCMT ref: 00D43E1C
  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00D43E50
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: MessageSend_strcpy_s
  • String ID: #
  • API String ID: 2660681648-1885708031
  • Opcode ID: f9bd8f4727bc9bd603b79ca7249d1fdb80517a72b7c6bf354e961b71d9c02f52
  • Instruction ID: 35b7ebd5314b92247e5916009b778e3bf141663b934b744bc05d2c878e802d19
  • Opcode Fuzzy Hash: f9bd8f4727bc9bd603b79ca7249d1fdb80517a72b7c6bf354e961b71d9c02f52
  • Instruction Fuzzy Hash: 0C0171B1E00204ABDB10DF6DEC45A9EB7B8EB48350F004525F949E7340D771AD658BE5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 397 e41df0-e41df8 398 e41dfc-e41e06 GetFileAttributesA 397->398 399 e41dfa 397->399 400 e41e94-e41eb7 398->400 401 e41e0c-e41e27 call e422a0 GetLastError 398->401 399->398 402 e41ec1-e41ec9 400->402 403 e41eb9 400->403 406 e41e79-e41e93 401->406 407 e41e29-e41e2c 401->407 403->402 407->406 408 e41e2e-e41e31 407->408 408->406 409 e41e33-e41e36 408->409 409->406 410 e41e38-e41e3b 409->410 410->406 411 e41e3d-e41e40 410->411 411->406 412 e41e42-e41e47 411->412 412->406 413 e41e49-e41e4c 412->413 413->406 414 e41e4e-e41e51 413->414 415 e41e53-e41e6d 414->415 416 e41e6e-e41e78 414->416
APIs
  • GetFileAttributesA.KERNELBASE(?,00E41EE5,?,?,?,?,00D4AA42,?,00000000,745D48C0,E739FF75,?,?,745D48C0), ref: 00E41DFD
  • GetLastError.KERNEL32(?,?,00D4AA42,?,00000000,745D48C0,E739FF75,?,?,745D48C0), ref: 00E41E14
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: AttributesErrorFileLast
  • String ID:
  • API String ID: 1799206407-0
  • Opcode ID: 3dc73f6c60a09fcbc29a45417d31f725170d7863238388c3585a763d29e063bb
  • Instruction ID: df128c1f497a458203701c391fd2154abfdb6aed9a79403181aac2641750841d
  • Opcode Fuzzy Hash: 3dc73f6c60a09fcbc29a45417d31f725170d7863238388c3585a763d29e063bb
  • Instruction Fuzzy Hash: 41213C781013409FDB15CF18E5946197BE1EF86328F689A9DE858EB374C335DC85DB42
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 417 e665c2-e665cc 418 e665ce-e665d8 417->418 419 e665e9-e665f2 417->419 418->419 422 e665da-e665e8 call e5956d 418->422 420 e665f4 419->420 421 e665f5-e665fa 419->421 420->421 424 e6660f-e66616 421->424 425 e665fc-e6660d RtlAllocateHeap 421->425 428 e66634-e66639 424->428 429 e66618-e66621 call e65007 424->429 425->424 427 e66641-e66643 425->427 428->427 431 e6663b 428->431 429->421 433 e66623-e66628 429->433 431->427 434 e66630-e66632 433->434 435 e6662a 433->435 434->427 435->434
APIs
  • RtlAllocateHeap.NTDLL(00000008,?,00000000), ref: 00E66605
    • Part of subcall function 00E5956D: __getptd_noexit.LIBCMT ref: 00E5956D
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: AllocateHeap__getptd_noexit
  • String ID:
  • API String ID: 328603210-0
  • Opcode ID: b5232c625d7299e74a5f7ead9df79c9965749dbce68c35472b816f64868195e2
  • Instruction ID: a446037070ba31ef60acf71faebcb53b62023d3d3a85a01326ab3878531d781a
  • Opcode Fuzzy Hash: b5232c625d7299e74a5f7ead9df79c9965749dbce68c35472b816f64868195e2
  • Instruction Fuzzy Hash: BE01D4312A12159FEF259F25FC15B6B3794AB917A8F04A92DF816FB1A0DB70DC108690
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule

Control-flow Graph

APIs
    • Part of subcall function 00E58B49: __lock.LIBCMT ref: 00E58B4B
  • __onexit_nolock.LIBCMT ref: 00E57D98
    • Part of subcall function 00E57C99: RtlDecodePointer.NTDLL(00EEA720), ref: 00E57CAE
    • Part of subcall function 00E57C99: RtlDecodePointer.NTDLL ref: 00E57CBB
    • Part of subcall function 00E57C99: __realloc_crt.LIBCMT ref: 00E57CF8
    • Part of subcall function 00E57C99: __realloc_crt.LIBCMT ref: 00E57D0E
    • Part of subcall function 00E57C99: RtlEncodePointer.NTDLL(00000000), ref: 00E57D20
    • Part of subcall function 00E57C99: RtlEncodePointer.NTDLL(?), ref: 00E57D34
    • Part of subcall function 00E57C99: RtlEncodePointer.NTDLL(-00000004), ref: 00E57D3C
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Pointer$Encode$Decode__realloc_crt$__lock__onexit_nolock
  • String ID:
  • API String ID: 3536590627-0
  • Opcode ID: ed7a07745cc843eddc849db346ad83210d747eef20666cd0c4b112f7e42ea4ae
  • Instruction ID: 87f23a592822e79b7183ad68689e6ed3754420b55674752f0e400b4ab26dbba2
  • Opcode Fuzzy Hash: ed7a07745cc843eddc849db346ad83210d747eef20666cd0c4b112f7e42ea4ae
  • Instruction Fuzzy Hash: A1D05E71946B09EBCB90FFA4E90BB9CBBF0AF05312F606548F5587A1E2CE750A459B10
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 447 e645cd-e645d5 RtlEncodePointer
APIs
  • RtlEncodePointer.NTDLL(00000000), ref: 00E645CF
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: EncodePointer
  • String ID:
  • API String ID: 2118026453-0
  • Opcode ID: 031def122dd370b9f5f1adc438ef1b6ebdeec698d80859f6b5e1c05d8edce38e
  • Instruction ID: ffcf974bf3ca2d0e36724c479143aaf3f66c12cacc3239d19ab8d11e106b34eb
  • Opcode Fuzzy Hash: 031def122dd370b9f5f1adc438ef1b6ebdeec698d80859f6b5e1c05d8edce38e
  • Instruction Fuzzy Hash:
Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Download Yara Rule
APIs
  • _sprintf.LIBCMT ref: 00D7AAFF
  • _sprintf.LIBCMT ref: 00D7AB6B
  • _strlen.LIBCMT ref: 00D7AB77
  • _sprintf.LIBCMT ref: 00D7ABD0
  • _sprintf.LIBCMT ref: 00D7ABF2
  • _strlen.LIBCMT ref: 00D7ABFE
  • _sprintf.LIBCMT ref: 00D7AC4A
  • _strlen.LIBCMT ref: 00D7AC56
  • _sprintf.LIBCMT ref: 00D7AE34
  • _sprintf.LIBCMT ref: 00D7AE7C
  • _strlen.LIBCMT ref: 00D7B052
  • _strlen.LIBCMT ref: 00D7B0AC
  • _strlen.LIBCMT ref: 00D7B42E
  • _strlen.LIBCMT ref: 00D7B660
    • Part of subcall function 00D7BC7E: _sprintf.LIBCMT ref: 00D7BC9F
    • Part of subcall function 00D7BB2C: _sprintf.LIBCMT ref: 00D7BB7B
    • Part of subcall function 00D7BB2C: _sprintf.LIBCMT ref: 00D7BC25
    • Part of subcall function 00D7BB2C: _sprintf.LIBCMT ref: 00D7BC46
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf$_strlen
  • String ID: %s %s$%s %s$%s %s %s %s$%s %s %s %s$%s %s %s %s %s$($02.0$02.0$06.0$06.0$06.0$06.0$06.0$1-jan-0$1-jan-0$1-jan-0$1-jan-0$1-jul-2004$BORROW$BORROW$CAPACITY$COMPONENTS$DAEMON$DIST_CONSTRAINT$DUP_GROUP$FLOAT_OK$HOSTID$HOST_BASED$HOST_BASED$ISSUED$ISSUED$ISSUER$LINGER$METERED$MINIMUM$NOTICE$OPTIONS$OPTIONS$OVERDRAFT$PACKAGE$PACKAGE$PLATFORMS$PREREQ$SERVER$START$SUBLIC$SUITE$SUITE_DUP_GROUP$SUITE_RESERVED$SUPERSEDE$SUPERSEDE$TS_OK$UPGRADE$USER_BASED$USER_BASED$VENDOR$VENDOR_STRING$W_LIC_LOSS$asset_info$dist_info$first$last$permanent$permanent$sort$sort$sort$user_info$vendor_info$w_argv$w_binary$w_queue$w_term_signal
  • API String ID: 4048706883-2062855575
  • Opcode ID: 4695187c5112dd348b78e62fa2943d48cc5e4091593283a91a13c07810425d91
  • Instruction ID: 9b7938752c0f26c56dc934714638c9f540c51401363b23e9b4dd99e3b99b1168
  • Opcode Fuzzy Hash: 4695187c5112dd348b78e62fa2943d48cc5e4091593283a91a13c07810425d91
  • Instruction Fuzzy Hash: A9C24C75A00208AFDB14DF54C885BAE73B5EF88315F18C2A9F91D9B342E731EA45CB61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strlen$_sprintf$_memset$__time32_memmove
  • String ID: %04x%08lx$%d > %d$%lx%s%x%s%s%s%s%s%s%s%s%s%s%s%s$%s=%s$-+!-$-+!-$-+!-$-+!-$-+!-$-+#-$-+#-$borrow-%s-%s$x\$|\
  • API String ID: 3017877299-2855894329
  • Opcode ID: 1d878416ce6508a8b9374e44533d8e549be0c36ea303a3510a3d9d451d864daf
  • Instruction ID: ee69c0b8eb390f5071919599f3dbaedb590ddae3f11103c228e5fef38e69eccd
  • Opcode Fuzzy Hash: 1d878416ce6508a8b9374e44533d8e549be0c36ea303a3510a3d9d451d864daf
  • Instruction Fuzzy Hash: 1A5265B5A10214ABEB28EF14CC45FE97375BF48700F5485A9FA0D6B2C1DB71AA84CF64
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _sprintf.LIBCMT ref: 00DA9498
  • _strlen.LIBCMT ref: 00DA94A4
  • _memset.LIBCMT ref: 00DA94C2
  • _strlen.LIBCMT ref: 00DA9516
  • _strlen.LIBCMT ref: 00DA9530
  • _swscanf.LIBCMT ref: 00DA95EB
  • _swscanf.LIBCMT ref: 00DA9806
  • _swscanf.LIBCMT ref: 00DA98ED
    • Part of subcall function 00D70BF7: _strncpy.LIBCMT ref: 00D70C18
  • _swscanf.LIBCMT ref: 00DA9872
  • _strlen.LIBCMT ref: 00DA9C07
  • _swscanf.LIBCMT ref: 00DA9C7A
    • Part of subcall function 00DAADDD: _strlen.LIBCMT ref: 00DAAE67
    • Part of subcall function 00DAADDD: _strlen.LIBCMT ref: 00DAAF4B
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strlen$_swscanf$_memset_sprintf_strncpy
  • String ID: %d-%[^-]-%d$%d-%[^-]-%d$%lx$%lx$%lx$%s%c%s%c$C201$C201$JAN$JAN
  • API String ID: 1078417849-572994088
  • Opcode ID: 7325f617562674d9ee007fc6eadee0ace5f28fe73e17536591a4ce0f6ad0c62d
  • Instruction ID: 3a1a930779f295baaeed8159c4c35c0ed359e662ed4316cf8c23af444075442c
  • Opcode Fuzzy Hash: 7325f617562674d9ee007fc6eadee0ace5f28fe73e17536591a4ce0f6ad0c62d
  • Instruction Fuzzy Hash: 01A230B1901218ABDB15DF54CCA5FEBB379FB48300F0886E9E9199B281D7719B84CF61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • LoadLibraryA.KERNEL32(IBFS32.DLL), ref: 00D6B26C
  • GetProcAddress.KERNEL32(00000000,TMExtendedStartSession), ref: 00D6B28E
  • GetProcAddress.KERNEL32(00000000,TMEndSession), ref: 00D6B2A5
  • GetProcAddress.KERNEL32(00000000,TMFirst), ref: 00D6B2BC
  • GetProcAddress.KERNEL32(00000000,TMNext), ref: 00D6B2D3
  • GetProcAddress.KERNEL32(00000000,TMRom), ref: 00D6B2EA
  • GetProcAddress.KERNEL32(00000000,TMSetup), ref: 00D6B301
  • GetProcAddress.KERNEL32(00000000,TMTouchByte), ref: 00D6B318
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: AddressProc$LibraryLoad
  • String ID: IBFS32.DLL$TMEndSession$TMExtendedStartSession$TMFirst$TMNext$TMRom$TMSetup$TMTouchByte
  • API String ID: 2238633743-2864274381
  • Opcode ID: 2625256e7c1daa7596f866554edf813dd1452e9cc65d581e647168c8381ebbf8
  • Instruction ID: efd5cfb18b6e5a327a99959a3bdd0f07d393b4e6bb7e9e1fa1356beb791c15ca
  • Opcode Fuzzy Hash: 2625256e7c1daa7596f866554edf813dd1452e9cc65d581e647168c8381ebbf8
  • Instruction Fuzzy Hash: 7B41FA74A00308EFDB04DF94C588AADBFB1FB49310F5485A9E849AB390D7759AC2CF90
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00E583E9: _malloc.LIBCMT ref: 00E58403
  • std::exception::exception.LIBCMT ref: 00E4F7BC
  • __CxxThrowException@8.LIBCMT ref: 00E4F7D3
  • std::exception::exception.LIBCMT ref: 00E4F7E5
  • __CxxThrowException@8.LIBCMT ref: 00E4F7FC
    • Part of subcall function 00E583E9: std::exception::exception.LIBCMT ref: 00E58438
    • Part of subcall function 00E583E9: __CxxThrowException@8.LIBCMT ref: 00E58463
    • Part of subcall function 00E583E9: __FF_MSGBANNER.LIBCMT ref: 00E58477
    • Part of subcall function 00E583E9: __NMSG_WRITE.LIBCMT ref: 00E5847F
Strings
  • Invalid octal escape sequence., xrefs: 00E4FC51
  • ASCII escape sequence terminated prematurely., xrefs: 00E4F961
  • Escape sequence terminated prematurely., xrefs: 00E4F863
  • Hexadecimal escape sequence was invalid., xrefs: 00E4FB03
  • Hexadecimal escape sequence terminated prematurely., xrefs: 00E4F9E3
  • Octal escape sequence is invalid., xrefs: 00E4FCE1
  • Missing } in hexadecimal escape sequence., xrefs: 00E4FA65
  • Escape sequence did not encode a valid character., xrefs: 00E4FBA2
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Exception@8Throwstd::exception::exception$_malloc
  • String ID: ASCII escape sequence terminated prematurely.$Escape sequence did not encode a valid character.$Escape sequence terminated prematurely.$Hexadecimal escape sequence terminated prematurely.$Hexadecimal escape sequence was invalid.$Invalid octal escape sequence.$Missing } in hexadecimal escape sequence.$Octal escape sequence is invalid.
  • API String ID: 3153320871-4010590958
  • Opcode ID: c32a7e33ada4ba8ef6f25faff0a32b4616499596a89ed77243b6cc4de14ddfd7
  • Instruction ID: eecc01ed483307f2347ecc613e89629f38d63d71dd64d361855f5495077fff2b
  • Opcode Fuzzy Hash: c32a7e33ada4ba8ef6f25faff0a32b4616499596a89ed77243b6cc4de14ddfd7
  • Instruction Fuzzy Hash: DF124670108381AFC724CF24D891BA6FBE5FF8A704F14596DE5DA97392D731A908CB62
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _sprintf.LIBCMT ref: 00D5873D
  • _memset.LIBCMT ref: 00D5878B
  • _malloc.LIBCMT ref: 00D58BAF
  • _malloc.LIBCMT ref: 00D58BED
    • Part of subcall function 00E59BEE: __FF_MSGBANNER.LIBCMT ref: 00E59C07
    • Part of subcall function 00E59BEE: __NMSG_WRITE.LIBCMT ref: 00E59C0E
    • Part of subcall function 00E59BEE: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 00E59C33
  • _memset.LIBCMT ref: 00D58C25
  • _memmove.LIBCMT ref: 00D58C3C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _malloc_memset$AllocateHeap_memmove_sprintf
  • String ID: %02X$demo
  • API String ID: 236341444-3083089830
  • Opcode ID: 9ef84a07b1c9a1a25527f9e0b3f301a10ce0c54ae4e9bb4ac3780f06ae0899bd
  • Instruction ID: 223cf2198e64a3cea2a743d33245663edbaeeddb228e07812bda0f9f25c55a17
  • Opcode Fuzzy Hash: 9ef84a07b1c9a1a25527f9e0b3f301a10ce0c54ae4e9bb4ac3780f06ae0899bd
  • Instruction Fuzzy Hash: 6BA21A74900258DFDB24CF14CC94BEAB7B1BB49309F1481E9D94D6B381DB76AA89CF90
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _sprintf.LIBCMT ref: 00D86BE0
  • _memset.LIBCMT ref: 00D86C2E
  • _malloc.LIBCMT ref: 00D87052
  • _malloc.LIBCMT ref: 00D87090
    • Part of subcall function 00E59BEE: __FF_MSGBANNER.LIBCMT ref: 00E59C07
    • Part of subcall function 00E59BEE: __NMSG_WRITE.LIBCMT ref: 00E59C0E
    • Part of subcall function 00E59BEE: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 00E59C33
  • _memset.LIBCMT ref: 00D870C8
  • _memmove.LIBCMT ref: 00D870DF
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _malloc_memset$AllocateHeap_memmove_sprintf
  • String ID: %02X$demo
  • API String ID: 236341444-3083089830
  • Opcode ID: c174b548bbf2c94957611fc3229de29f50975a66e0cd46d1de632a2e61610046
  • Instruction ID: 3af164d2546b9585a1ccc5f5c2faa82ebb877304ef41db72174e3f7250d1d414
  • Opcode Fuzzy Hash: c174b548bbf2c94957611fc3229de29f50975a66e0cd46d1de632a2e61610046
  • Instruction Fuzzy Hash: 6EA23874904258DFDB24DF14CC94BEABBB1BB49308F1481E8D94D6B381DB76AA85CF60
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Strings
  • TYPE=Module, xrefs: 00D429ED
  • LABEL=(.+?)( [A-Z]{3,}=|"), xrefs: 00D427B8
  • VERSION_STRING=([0-9]+), xrefs: 00D42A7F
  • ^INCREMENT ([a-zA-Z0-9]+)[^ ]+ ([^ ]+) ([^ ]+) ([^ ]+), xrefs: 00D4256B
  • ([0-9]+).([0-9]{2})([0-9]{2}), xrefs: 00D42B80
  • TYPE=Toolkit, xrefs: 00D4295B
  • HOSTID=(DEMO|"DEMO"), xrefs: 00D428B9
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: std::exception::exception
  • String ID: ([0-9]+).([0-9]{2})([0-9]{2})$HOSTID=(DEMO|"DEMO")$LABEL=(.+?)( [A-Z]{3,}=|")$TYPE=Module$TYPE=Toolkit$VERSION_STRING=([0-9]+)$^INCREMENT ([a-zA-Z0-9]+)[^ ]+ ([^ ]+) ([^ ]+) ([^ ]+)
  • API String ID: 2807920213-2389355231
  • Opcode ID: da2e83b2d828ad6921fd7107c2c28b934e95ec7ad7954bf6331854831856fe5f
  • Instruction ID: 80d30bb2b49f109e3dc1789e7a1f5c0ae57e21920ab72d43dcd4e925b8b82fad
  • Opcode Fuzzy Hash: da2e83b2d828ad6921fd7107c2c28b934e95ec7ad7954bf6331854831856fe5f
  • Instruction Fuzzy Hash: 4E62C271A002189FDF28DB68CC41BEEB7B5AF95300F684599F545A7282DB70AE44CFB1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • GetLocaleInfoW.KERNEL32(?,2000000B,00000000,00000002,?,?,00E6CC2A,?,00E5FCC4,?,000000BC,?,00000001,00000000,00000000), ref: 00E6C62C
  • GetLocaleInfoW.KERNEL32(?,20001004,00000000,00000002,?,?,00E6CC2A,?,00E5FCC4,?,000000BC,?,00000001,00000000,00000000), ref: 00E6C655
  • GetACP.KERNEL32(?,?,00E6CC2A,?,00E5FCC4,?,000000BC,?,00000001,00000000), ref: 00E6C669
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: InfoLocale
  • String ID: ACP$OCP
  • API String ID: 2299586839-711371036
  • Opcode ID: 01f87b6759de2b94ecc64039e2a508c6fe97cc920a39136b6a2b2460eaa03607
  • Instruction ID: 3c3c048bb6109ecc1bf7c584b99e2b99b89be6d68a2a82efd9153cf6ab02d49e
  • Opcode Fuzzy Hash: 01f87b6759de2b94ecc64039e2a508c6fe97cc920a39136b6a2b2460eaa03607
  • Instruction Fuzzy Hash: 39012830581606BAE7219B21FC09BAE37A8AB10B99F307455F549F1092EB60CE41C69C
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset
  • String ID: a001
  • API String ID: 2102423945-137206819
  • Opcode ID: b8d4ecda7a35de1505d3360d58cf572c2f3e3857602e5771ba00c13dc8597344
  • Instruction ID: 4bd2f19ce10f5320530ce3494ea68f05870fe671bc50c4d4068c2eb58fc92733
  • Opcode Fuzzy Hash: b8d4ecda7a35de1505d3360d58cf572c2f3e3857602e5771ba00c13dc8597344
  • Instruction Fuzzy Hash: 91323B38A102059FDF14CF48C495BE9B7B2BF84315F2882B9ED095F385DB31A986CB95
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: CountTick$Sleep
  • String ID:
  • API String ID: 4250438611-0
  • Opcode ID: 4369dd6c40f7828998d4f1728900f894e49b1195d46a841f3eab7f51011c165b
  • Instruction ID: a035175734fd053e695bd3e730dc3a1564708d9c0dfb4ca8a9abf2d6f43d7d49
  • Opcode Fuzzy Hash: 4369dd6c40f7828998d4f1728900f894e49b1195d46a841f3eab7f51011c165b
  • Instruction Fuzzy Hash: 74211778901608EFDB04CF85E1587E9BBB2FB05305F18C2AAE9095B684C7759AC9CF90
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D9C800: _memset.LIBCMT ref: 00D9C820
    • Part of subcall function 00D9C800: GetVersionExA.KERNEL32(00000094), ref: 00D9C839
  • FindFirstFileA.KERNEL32(00000000,00000000), ref: 00DB5138
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: FileFindFirstVersion_memset
  • String ID:
  • API String ID: 693731853-0
  • Opcode ID: fb76e35311ecf77bb7aedab521c8de713d8873be1fbf2dcfab0f729f8fe0dd8e
  • Instruction ID: 562f486d7b3ab5e63ad001750f1accb58d4ac2ba3cfa784afb15628c582759fb
  • Opcode Fuzzy Hash: fb76e35311ecf77bb7aedab521c8de713d8873be1fbf2dcfab0f729f8fe0dd8e
  • Instruction Fuzzy Hash: 59314AB4D00709EFDB14DF98D949BEEBBB0EB04311F248268E41A6B284D7349A44CFA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • DeviceIoControl.KERNEL32(?,0022001C,?,?,?,?,?,00000000), ref: 00DBD2AF
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: ControlDevice
  • String ID:
  • API String ID: 2352790924-0
  • Opcode ID: a89a7ec463c28671e5158a4406bd24f652b4da5ba34b9a237eac1a5d623f68ec
  • Instruction ID: 28ec629d315b1fa090a8f8f9fad90c4fc6e8b3541d540980bba67e9383801b76
  • Opcode Fuzzy Hash: a89a7ec463c28671e5158a4406bd24f652b4da5ba34b9a237eac1a5d623f68ec
  • Instruction Fuzzy Hash: 5CE0A065420711B5E620EBA89C02EE7F2ECEF09700F009809F59AA2950E260F805C7B6
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID:
  • String ID: 5/(
  • API String ID: 0-4199051006
  • Opcode ID: 0ec0d84a77dcd29c9a8f17e0435ab86158752167acdedd9f19be57db621a15f9
  • Instruction ID: b976c2781850b10373321bab0d94cb2ebc5d564d8fb3e5a1d1dae6ac6d5a6b78
  • Opcode Fuzzy Hash: 0ec0d84a77dcd29c9a8f17e0435ab86158752167acdedd9f19be57db621a15f9
  • Instruction Fuzzy Hash: 59514866D192CAAADF16CBE8C8617FEFF728F56200F0890E8C0946B783D5354705DB69
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 2b732c9c24f4cf8bfc09fa9a8e79abd019c07797d91d34323c2150e14af440d9
  • Instruction ID: df7b5db98a539d28ea0becb843ef4e5b4bce9af749ff1c121c98d0e34737989c
  • Opcode Fuzzy Hash: 2b732c9c24f4cf8bfc09fa9a8e79abd019c07797d91d34323c2150e14af440d9
  • Instruction Fuzzy Hash: C05130749046899FDB04CFA8C8A4AFFBBB1FF89304F188599D854AB341C735DA45CBA4
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 0f4d9b5897f84f59395c3ebc9e24cc29d59beca06564966eb5cf5215bf26c78e
  • Instruction ID: d0c409fe654a236446a5d3fddaefb04859a9854d7bd38d206e5c170d977c840c
  • Opcode Fuzzy Hash: 0f4d9b5897f84f59395c3ebc9e24cc29d59beca06564966eb5cf5215bf26c78e
  • Instruction Fuzzy Hash: 0931B436604BC08FC329CA2D9450297BFE69FA6204B444A6CD4C787B86D974E90ACB61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
  • Instruction ID: de947ca9978d942ad9f10e503e6d33f37ac7de740c2512b8d8b734718164d8c6
  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
  • Instruction Fuzzy Hash: 2611527720806143D50D863DF8FC5B69796EBC931B72C6B7AD8C16B754D122D56CD500
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1233 d73260-d732d2 call e595c0 1236 d732d4-d732d6 1233->1236 1237 d732db-d732e8 1233->1237 1238 d73a5d-d73a61 1236->1238 1239 d7331c-d7332a call d73ce8 1237->1239 1240 d732ea-d732f4 1237->1240 1244 d73333-d7333d 1239->1244 1245 d7332c-d7332e 1239->1245 1240->1239 1241 d732f6-d73316 1240->1241 1241->1239 1246 d73364 1244->1246 1247 d7333f-d73356 1244->1247 1245->1238 1249 d7336e-d73375 1246->1249 1247->1246 1248 d73358-d73362 1247->1248 1248->1249 1250 d73377-d73381 1249->1250 1251 d73392-d73399 1249->1251 1250->1251 1254 d73383-d7338c 1250->1254 1252 d733b6-d733bd 1251->1252 1253 d7339b-d733b1 call d73d37 1251->1253 1256 d73427-d73433 1252->1256 1257 d733bf-d733cb 1252->1257 1263 d73465-d7346c 1253->1263 1254->1251 1258 d73435-d7344c call e59640 1256->1258 1259 d7344e-d73462 call e59640 1256->1259 1257->1256 1261 d733cd-d733ea call d73d37 1257->1261 1258->1263 1259->1263 1273 d73425 1261->1273 1274 d733ec-d733f6 1261->1274 1268 d73472-d73486 1263->1268 1269 d738cd-d738d7 1263->1269 1271 d7349a-d734a6 1268->1271 1272 d73488-d73494 1268->1272 1275 d739a7-d739ae 1269->1275 1276 d738dd-d738ee 1269->1276 1280 d734f1-d734fb 1271->1280 1281 d734a8-d734b9 1271->1281 1272->1271 1273->1263 1274->1273 1279 d733f8-d73422 call e59650 call d73d37 1274->1279 1277 d739b4-d739bb 1275->1277 1278 d73a3a-d73a41 1275->1278 1276->1275 1282 d738f4-d738fb 1276->1282 1287 d739ff-d73a37 call e5700e call d73d37 1277->1287 1288 d739bd-d739fd call e5700e call d73d37 1277->1288 1285 d73a54-d73a57 1278->1285 1286 d73a43-d73a51 call d73d37 1278->1286 1279->1273 1283 d73501-d7350c 1280->1283 1284 d73589-d73593 1280->1284 1281->1280 1290 d734bb-d734ee call e5700e call d73d37 1281->1290 1291 d73953-d7399f call e5700e call d73d37 1282->1291 1292 d738fd-d73951 call e5700e call d73d37 1282->1292 1294 d73520 1283->1294 1295 d7350e-d7351e 1283->1295 1284->1269 1299 d73599-d735aa 1284->1299 1285->1238 1286->1285 1287->1278 1288->1278 1290->1280 1328 d739a2 1291->1328 1292->1328 1305 d7352a-d73586 call e5700e * 2 call d73d37 1294->1305 1295->1305 1299->1269 1309 d735b0-d73676 call e597d0 call e5700e call e597d0 1299->1309 1305->1284 1309->1269 1337 d7367c-d736b5 call e597d0 1309->1337 1328->1278 1340 d736b7-d736cb call e5700e 1337->1340 1341 d736d0-d736db 1337->1341 1340->1269 1343 d73823-d7382d 1341->1343 1344 d736e1-d736ed 1341->1344 1348 d73833-d73870 1343->1348 1349 d738c8 1343->1349 1346 d736ef-d73736 1344->1346 1347 d73738-d7373f 1344->1347 1346->1341 1350 d73773-d7377a 1347->1350 1351 d73741-d73755 call d79e30 1347->1351 1348->1349 1352 d73872-d738c2 call e59650 call e597d0 * 2 1348->1352 1349->1269 1355 d737d2-d7381e 1350->1355 1356 d7377c-d737cc call e59650 call e597d0 * 2 1350->1356 1351->1350 1360 d73757-d73763 1351->1360 1352->1349 1355->1341 1356->1355 1360->1350 1363 d73765-d73771 1360->1363 1363->1350 1363->1356
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3
  • String ID: $%-15s$%-15s%d,%d$%-15s%d,%d. System Error: %d "%s"$%-15s%s$%s:$For further information, refer to the FLEXnet Licensing End User Guide,available at "www.macrovision.com".$ (%d,%d)$ (%d,%d:%d "%s")$ - $ - $ - $%-15s %s$D$FLEXnet Licensing error:$FLEXnet Licensing error:$Feature:$INVALID error code$License path:$[...]
  • API String ID: 3396615879-3035847534
  • Opcode ID: 72a3794e03af8652b6b4cf98d9444bf92635941e653c11f8a0dac95d10539191
  • Instruction ID: a118927738ffb791cfec7d14bcfeb8606791921ca601d517626599fae4590fda
  • Opcode Fuzzy Hash: 72a3794e03af8652b6b4cf98d9444bf92635941e653c11f8a0dac95d10539191
  • Instruction Fuzzy Hash: 29221DB5900218DBEB18DF18C991F99B7B1BF48304F14C6E9E84D6B642EB719B84DF90
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strlen$__wgetenv_sprintf$_calloc
  • String ID: %s%s%s$%s%s%s$LM_BORROW$LM_LICENSE_FILE$LM_LICENSE_FILE$_LICENSE_FILE$_LICENSE_FILE$I
  • API String ID: 2160952428-2015368932
  • Opcode ID: e910f22645685f5116ffba2d2a9c5ec70a0e6211aa39111673f06af6b7670b30
  • Instruction ID: 3e840589331221877cc6f8411002244b083fd28fbbdf7395c60909cf712141f3
  • Opcode Fuzzy Hash: e910f22645685f5116ffba2d2a9c5ec70a0e6211aa39111673f06af6b7670b30
  • Instruction Fuzzy Hash: 0CE1C3B1D00209EFDF04DF94C855BEEB7B9AB48304F148529E8096B281E775EB49CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D7C742
Strings
  • ISSUED Invalid date format, xrefs: 00D7CB34
  • FLOAT_OK only valid with node-locked license, xrefs: 00D7C90B
  • Illegal char in feature name: only alpha-num and '_' allowed, xrefs: 00D7C9C2
  • DUP_GROUP not valid with uncounted license, xrefs: 00D7C778
  • The FLOAT_OK=hostid should be the Server's permanent hostid, xrefs: 00D7C89F
  • PACKAGE and COMPONENT name can't be identical, xrefs: 00D7CAE5
  • lm_chk_conf.c, xrefs: 00D7CB83
  • Can't combine USER_BASED and HOST_BASED, xrefs: 00D7CA86
  • ISSUED Can't have year 0, xrefs: 00D7CB51
  • 08.0, xrefs: 00D7C92A
  • %d-%[^-]-%d, xrefs: 00D7CB14
  • Do not use same hostid for FLOAT_OK=hostid as HOSTID=, xrefs: 00D7C88A
  • FLOAT_OK only valid with node-locked license, xrefs: 00D7C83A
  • Hostid required for uncounted feature, xrefs: 00D7C7A4
  • lm_chk_conf.c, xrefs: 00D7C720
  • HOST or USER BASED licenses must be counted, xrefs: 00D7C8E4
  • SUPERSEDE missing START= or ISSUED=, xrefs: 00D7CA51
  • SUITE only applies to PACKAGE lines, xrefs: 00D7C9F6
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: %d-%[^-]-%d$08.0$Can't combine USER_BASED and HOST_BASED$DUP_GROUP not valid with uncounted license$Do not use same hostid for FLOAT_OK=hostid as HOSTID=$FLOAT_OK only valid with node-locked license$FLOAT_OK only valid with node-locked license$HOST or USER BASED licenses must be counted$Hostid required for uncounted feature$ISSUED Can't have year 0$ISSUED Invalid date format$Illegal char in feature name: only alpha-num and '_' allowed$PACKAGE and COMPONENT name can't be identical$SUITE only applies to PACKAGE lines$SUPERSEDE missing START= or ISSUED=$The FLOAT_OK=hostid should be the Server's permanent hostid$lm_chk_conf.c$lm_chk_conf.c
  • API String ID: 1597570620-3540758302
  • Opcode ID: 6b1589d248973e905987dfd023062e08aa75560d086ade7bfae468d55db6d3f0
  • Instruction ID: a8797a27b8a4a9153ee96852ee01b46721fff045d908fb1b2fe550ddeea3eccf
  • Opcode Fuzzy Hash: 6b1589d248973e905987dfd023062e08aa75560d086ade7bfae468d55db6d3f0
  • Instruction Fuzzy Hash: 3CE15CB5A10208AFDB14DF54C882AAA73B5EF48305F18D16DFD1DAB245F731EA41CBA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf$_strlen$_memset_swscanf
  • String ID: %s %d$%s %d$%s %s %s$%s %s %s$06.0$06.0$DAEMON$DAEMON$DAEMON$SERVER %s %s$VENDOR$VENDOR
  • API String ID: 609576402-790908284
  • Opcode ID: 962584680677f1a9455c7a6302807c169d6d00cf801ab597643aabd6fc62effc
  • Instruction ID: c8dc99b9530e18d65ea0682de8b5d7270306a4b01c907cb3fe012a13224b52fa
  • Opcode Fuzzy Hash: 962584680677f1a9455c7a6302807c169d6d00cf801ab597643aabd6fc62effc
  • Instruction Fuzzy Hash: CFC153F5A012149BCB14DB14DD81FD9B3B9AB88315F4485D8FA0DA7242EB31EE85CFA4
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memmove
  • String ID: '$)$+$3$6$6$8$R$R$U$`$b$h$j$k$r$t$t
  • API String ID: 4104443479-45658433
  • Opcode ID: cf13eaae6cda7ecd0ae346cdb1c594b4afbe6fcc02a8ae7106516b45f081c09d
  • Instruction ID: 129b157337a1bc69a8621b318e92e1b0bb1d5fe2b2cd0ec9b9ddd2b7b7f85cc8
  • Opcode Fuzzy Hash: cf13eaae6cda7ecd0ae346cdb1c594b4afbe6fcc02a8ae7106516b45f081c09d
  • Instruction Fuzzy Hash: 95417710D08BCED9DB22C6BC99486DEBF615B27234F084388E4F43B2D2D7A50616C7B6
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D9F54A: closesocket.WS2_32(E8AE843D), ref: 00D9F55D
  • inet_addr.WS2_32(00000000), ref: 00D9F0FC
  • getprotobyname.WS2_32(tcp), ref: 00D9F121
  • _memset.LIBCMT ref: 00D9F131
  • htons.WS2_32(00000000), ref: 00D9F13E
  • _memmove.LIBCMT ref: 00D9F157
  • socket.WS2_32(00000002,00000001,00000000), ref: 00D9F16B
    • Part of subcall function 00D9F4C6: WSAGetLastError.WS2_32(?,00D9BF48), ref: 00D9F4C9
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: ErrorLast_memmove_memsetclosesocketgetprotobynamehtonsinet_addrsocket
  • String ID: 3'$@$tcp
  • API String ID: 2930924231-3267961393
  • Opcode ID: 53af9e3dabe81118a0d40c9e589d4952d412d88977ffeb2f29dcf6def532f1cb
  • Instruction ID: c4712e27c979bb940e75efefee0071e378efa9135589ad3b730b41cfc76c47fb
  • Opcode Fuzzy Hash: 53af9e3dabe81118a0d40c9e589d4952d412d88977ffeb2f29dcf6def532f1cb
  • Instruction Fuzzy Hash: ACA12B74900209DFDF14DF64C885BDEBBB1EF48314F1485A9E909EB281D7759A81CFA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strlen$_sprintf
  • String ID: %s$%s%s: %s%s$%s%s:%s$%s%s:line %d: %s%s$%s%s:line %d:%s
  • API String ID: 3136941662-4244557989
  • Opcode ID: 4305aab765b7c306d87d86921de830e870aba176f3888911fd2a6242056dc901
  • Instruction ID: 9e1d1ce04640c3ea86205d3f9f097ea3c9d3e90974b84541781974068983c7d1
  • Opcode Fuzzy Hash: 4305aab765b7c306d87d86921de830e870aba176f3888911fd2a6242056dc901
  • Instruction Fuzzy Hash: 11518EB5D00208EFDB50EF98DC85AAE77F9AB48301F548559FD19A7291D330FA48CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf$_strlen
  • String ID: Beta release %d$ build %lu$.%u$v%u.%u.%s$v%u.%u.%u
  • API String ID: 4048706883-2252101716
  • Opcode ID: 6859e000b54d51ab3fa563c5da6b271c5f3e8f70401ce18164fa4b01249ef8ed
  • Instruction ID: aeb90744b683b1e8939ff2e3b2e344e1c3e2079f538540798bafb44e43053888
  • Opcode Fuzzy Hash: 6859e000b54d51ab3fa563c5da6b271c5f3e8f70401ce18164fa4b01249ef8ed
  • Instruction Fuzzy Hash: E74154B5E00204EBDF08EF98D841AAEB7F5EF48701F5885A9E809AB341E631DF55DB50
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memmoveinet_addr
  • String ID: 000$000$000$000$000$000$255$255$255$255
  • API String ID: 3098433320-4144259334
  • Opcode ID: c3b311f260c13fd895372a9db8d4949fe0b53597ba09652c17a561c5057408cd
  • Instruction ID: fcb23de9b11cbe7de3aa8c34454a20409c72498491b5c98bf05056bf6b854de9
  • Opcode Fuzzy Hash: c3b311f260c13fd895372a9db8d4949fe0b53597ba09652c17a561c5057408cd
  • Instruction Fuzzy Hash: 12A181B5D10309EBCF14EFE0D881BEEBBB4AF14309F14A52AE91576242E3759648CB71
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000000,00020019,?), ref: 00DB64A8
  • RegEnumKeyExA.ADVAPI32(?,?,?,00000104,00000000,00000000,00000000,00000000), ref: 00DB6502
  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 00DB6529
  • RegQueryValueExA.ADVAPI32(?,ServiceName,00000000,00DB669A,00000000,00000000), ref: 00DB655E
  • _malloc.LIBCMT ref: 00DB6571
  • RegQueryValueExA.ADVAPI32(?,ServiceName,00000000,00DB669A,00000000,00000000), ref: 00DB6596
  • _free.LIBCMT ref: 00DB65B9
  • RegCloseKey.ADVAPI32(?), ref: 00DB65C5
  • RegCloseKey.ADVAPI32(?), ref: 00DB65E1
Strings
  • ServiceName, xrefs: 00DB6555
  • ServiceName, xrefs: 00DB658D
  • Software\Microsoft\Windows NT\CurrentVersion\NetworkCards, xrefs: 00DB649E
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: CloseOpenQueryValue$Enum_free_malloc
  • String ID: ServiceName$ServiceName$Software\Microsoft\Windows NT\CurrentVersion\NetworkCards
  • API String ID: 2809444472-3770772933
  • Opcode ID: 8626e4b2231f78053aeb354071c2dbc82cd2665ff0450b039329a7a13638fc6b
  • Instruction ID: 7f507c50ea47d1332077954339a225e96b267e75c3a24e3180409a09c83dd148
  • Opcode Fuzzy Hash: 8626e4b2231f78053aeb354071c2dbc82cd2665ff0450b039329a7a13638fc6b
  • Instruction Fuzzy Hash: E64111B1D40218EFDB24DFA5DD49FEEB7B8BB08700F104598E609B6281DB749A58CF61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strlen$_sprintf
  • String ID: %s%s%s%s%s$%s_LICENSE_FILE$8$LM_LICENSE_FILE
  • API String ID: 3136941662-996450542
  • Opcode ID: 0bd1fac67796e13a4f2994af4669e4337866e99e82c72d848b399cab86d3db26
  • Instruction ID: d7687377a33208693b0695acde2392d3e1501fc1cc185630b0381018805d5bcd
  • Opcode Fuzzy Hash: 0bd1fac67796e13a4f2994af4669e4337866e99e82c72d848b399cab86d3db26
  • Instruction Fuzzy Hash: D6123D74900309DBDF24CF54C849BAAB7B1BF48305F1482A9EC4D6B382D7759A89CFA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D6A77F: __time32.LIBCMT ref: 00D6A787
    • Part of subcall function 00D6A77F: __localtime64.LIBCMT ref: 00D6A7A0
  • _sprintf.LIBCMT ref: 00D9227F
  • _sprintf.LIBCMT ref: 00D92299
  • __findfirst64i32.LIBCMT ref: 00D922AF
  • __findnext64i32.LIBCMT ref: 00D922CE
  • _sprintf.LIBCMT ref: 00D92319
  • _sprintf.LIBCMT ref: 00D9233A
  • __stat32.LIBCMT ref: 00D92350
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf$__findfirst64i32__findnext64i32__localtime64__stat32__time32
  • String ID: %s%s$%s*.*$%s\%s$%s\*.*
  • API String ID: 1530504666-4043038045
  • Opcode ID: afc7439d22d216798eee21841f47915f14a681b2ab0a79c61d2c2e7280fda21b
  • Instruction ID: 95bf3d7b9ac0b97123f1125f2a393161a3207e851d994b9320b14303c7041d66
  • Opcode Fuzzy Hash: afc7439d22d216798eee21841f47915f14a681b2ab0a79c61d2c2e7280fda21b
  • Instruction Fuzzy Hash: 284170B5D00209BBCF10EF94CC45BFE73B8AB44311F1485A9E9196A281E7749B48CFA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strncpy_swscanf$_memset
  • String ID: %[^ ]$%s %s %s %[^]$1-jan-0$ANYVER$start
  • API String ID: 1255566270-975841356
  • Opcode ID: 27e84df39595fd10fa7831687540cdcea0204730e4526bcce9137534209f81b9
  • Instruction ID: 05fed61f1409ce849a3a1bab91c014027b455859ed51b45606ade0b37c0cafd8
  • Opcode Fuzzy Hash: 27e84df39595fd10fa7831687540cdcea0204730e4526bcce9137534209f81b9
  • Instruction Fuzzy Hash: 63E14DB4A00348DBDB24CF14C889BAA77B5BF45304F1885E9EC49AB342D735DA94DF61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
  • LM_STRENGTH in lm_code.h has invalid value %d, xrefs: 00D52833
  • Use only LM_STRENGTH_[113|163|239]BIT, LM_STRENGTH_DEFAULT, OR LM_STRENGTH_LICENSE_KEY, exiting, xrefs: 00D52845
  • , xrefs: 00D528F6
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _calloc_fprintf_memset$_memmove
  • String ID: $LM_STRENGTH in lm_code.h has invalid value %d$Use only LM_STRENGTH_[113|163|239]BIT, LM_STRENGTH_DEFAULT, OR LM_STRENGTH_LICENSE_KEY, exiting
  • API String ID: 2404368895-3520366028
  • Opcode ID: 4d317d99b481c8bc7a811a7d20bc7058be4150225e8bcfeddbf122133fd2c9dd
  • Instruction ID: 7a44e9b92780aba3ff09721584cd183fbd6dd33c642f8511fac13862afe0414e
  • Opcode Fuzzy Hash: 4d317d99b481c8bc7a811a7d20bc7058be4150225e8bcfeddbf122133fd2c9dd
  • Instruction Fuzzy Hash: 3E916AB5E00218EBDF04DFD4D846BBEB7B5AF44305F148918E9197B282D7719A48CFA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf$_strlen
  • String ID: $$%02x%02x%-30s%s%03d%c%c%01d%01d%c%21.21s%08lx%08x$%02x%0x2%08x$($0$2$2
  • API String ID: 4048706883-2496067447
  • Opcode ID: f107f802d6318c0306bf240cf4319b95cd0182adf03b9d279374fa6e626431f8
  • Instruction ID: 25c43cac760a09d6a93d46e812cac7bc711c3a257c087bcb2a900e6e85040db6
  • Opcode Fuzzy Hash: f107f802d6318c0306bf240cf4319b95cd0182adf03b9d279374fa6e626431f8
  • Instruction Fuzzy Hash: AD917F75904248EFCB04DF99C884BEEB7F5AF49310F28C169F859AB241D735EA45CB60
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf
  • String ID: %s%c%s$%s_LICENSE_FILE$05.1$05.1$LM_LICENSE_FILE$LM_LICENSE_FILE
  • API String ID: 1467051239-2637433318
  • Opcode ID: e5c8aa0d2cdf7d9b3db79dc218ee4318195b09fc65daf4dcebcc531ae2f2d882
  • Instruction ID: 6a5dbfdad35ede10efab93a80c8371afbca5a7bcf8aa6c80ad758511f42b97ef
  • Opcode Fuzzy Hash: e5c8aa0d2cdf7d9b3db79dc218ee4318195b09fc65daf4dcebcc531ae2f2d882
  • Instruction Fuzzy Hash: C571A5B5A00204BBDB10DB94DC51FEE7375AF48710F188628FD0AAB281EB71E944DBB1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • __CxxThrowException@8.LIBCMT ref: 00D41632
    • Part of subcall function 00E5F249: RaiseException.KERNEL32(00D411EF,E739FF75,00000000,00E7D34C,00D411EF,E739FF75,00E85AA0,?,00000000), ref: 00E5F28B
  • std::exception::exception.LIBCMT ref: 00D4165B
  • __CxxThrowException@8.LIBCMT ref: 00D41676
  • std::exception::exception.LIBCMT ref: 00D41694
  • __CxxThrowException@8.LIBCMT ref: 00D416AF
  • std::exception::exception.LIBCMT ref: 00D416C9
  • __CxxThrowException@8.LIBCMT ref: 00D416E4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Exception@8Throw$std::exception::exception$ExceptionRaise
  • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
  • API String ID: 4237746311-1866435925
  • Opcode ID: edc055db0190db1d3da3fad4d05dc6d8e891f574d0210545d9cbe18b4894b386
  • Instruction ID: d4db27e68d5638017f31df474feb69eb4ba93657224f884e641e36e047c8479d
  • Opcode Fuzzy Hash: edc055db0190db1d3da3fad4d05dc6d8e891f574d0210545d9cbe18b4894b386
  • Instruction Fuzzy Hash: 1E2181B5800208AACF04EF98C586BDEBBF8AF84340F249159E909B7141DBF05B49CBB1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memmove$_memset$__ld12tod
  • String ID: u$x$x
  • API String ID: 3291720140-764707211
  • Opcode ID: 52d986a9c2341da4d2b53a7e8e5a2798d0a606a4de06298c2e4ca76dce8dbc66
  • Instruction ID: 9d45559cc94433d52114999a3bf9e37ca7dfe8f8911e2828b80d8ee89f776784
  • Opcode Fuzzy Hash: 52d986a9c2341da4d2b53a7e8e5a2798d0a606a4de06298c2e4ca76dce8dbc66
  • Instruction Fuzzy Hash: 9F4192B6D04158EBCB20DF54DC85AD973B9AB48300F048599F94CA7281E7B4DBC48FB1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memmove$_memset
  • String ID: %O9M$($08.0$\r\n$nilm
  • API String ID: 1357608183-470343974
  • Opcode ID: 3200f5d3a005bccdbbd2a10bc7748d41cf581b1b2d67d20eefd22ec739acb052
  • Instruction ID: 8ee72bec7bee013d895a1423e1f35639b6aa9f87cc916fd9b16a93abc4b45eb7
  • Opcode Fuzzy Hash: 3200f5d3a005bccdbbd2a10bc7748d41cf581b1b2d67d20eefd22ec739acb052
  • Instruction Fuzzy Hash: DDB18EB19012159FDB24DF18D888A9EB7B5FF48300F1446AEE85DA7351E731AE85CFA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D624BD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: lm_ckout.c$lm_ckout.c$lm_ckout.c$lm_ckout.c$lm_ckout.c$lm_ckout.c$lm_ckout.c
  • API String ID: 1597570620-52609489
  • Opcode ID: efba74e41b702f3e030cf721c87102ee07e76ebdae470619de182e3e464b1c1d
  • Instruction ID: ed729313036cc47ccd4e0093ab984183a8bd6d961296e7a4674321d5faa73c0d
  • Opcode Fuzzy Hash: efba74e41b702f3e030cf721c87102ee07e76ebdae470619de182e3e464b1c1d
  • Instruction Fuzzy Hash: D1911779A00609ABDB14CF54C895FE977B1BB48360F188278FD599F381D731EA45CBA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memset.LIBCMT ref: 00D93768
  • _memset.LIBCMT ref: 00D9377E
  • _strncpy.LIBCMT ref: 00D9379D
  • _sprintf.LIBCMT ref: 00D937DF
    • Part of subcall function 00D92C66: __ld12tod.LIBCMTD ref: 00D92C76
  • _strncpy.LIBCMT ref: 00D937FB
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset_strncpy$__ld12tod_sprintf
  • String ID: P=%s$PORT_AT_HOST_PLUS $k
  • API String ID: 1419126824-3810665741
  • Opcode ID: 703ad03c6fcec927b33ce0a95697be463dc16a35675e0dc6961e50ad369c0a9e
  • Instruction ID: b8d43d69f2292cd99c5eac74eb23f33e5224fb10a27fb1f25b592c5f7795c0df
  • Opcode Fuzzy Hash: 703ad03c6fcec927b33ce0a95697be463dc16a35675e0dc6961e50ad369c0a9e
  • Instruction Fuzzy Hash: 8691CFB5900258ABDF24DB54CC85BEA73B5AB08305F0885E9E94DAB241E7B49BC4CF71
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memset.LIBCMT ref: 00DB6680
  • _free.LIBCMT ref: 00DB6950
  • _free.LIBCMT ref: 00DB696C
    • Part of subcall function 00DB6480: RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000000,00020019,?), ref: 00DB64A8
    • Part of subcall function 00DB6480: RegEnumKeyExA.ADVAPI32(?,?,?,00000104,00000000,00000000,00000000,00000000), ref: 00DB6502
    • Part of subcall function 00DB6480: RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 00DB6529
    • Part of subcall function 00DB6480: RegQueryValueExA.ADVAPI32(?,ServiceName,00000000,00DB669A,00000000,00000000), ref: 00DB655E
    • Part of subcall function 00DB6480: _malloc.LIBCMT ref: 00DB6571
    • Part of subcall function 00DB6480: RegQueryValueExA.ADVAPI32(?,ServiceName,00000000,00DB669A,00000000,00000000), ref: 00DB6596
    • Part of subcall function 00DB6480: _free.LIBCMT ref: 00DB65B9
    • Part of subcall function 00DB6480: RegCloseKey.ADVAPI32(?), ref: 00DB65C5
    • Part of subcall function 00DB6480: RegCloseKey.ADVAPI32(?), ref: 00DB65E1
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _free$CloseOpenQueryValue$Enum_malloc_memset
  • String ID: MS LoopBack Driver$Microsoft Loopback Adapter$o
  • API String ID: 815590091-1132655155
  • Opcode ID: 4e86e2d0275099b2181ebdff8b3faa109860765375478d346066c7c0e7e6db06
  • Instruction ID: 57d3f973a0120d41727b5a58983cc19e8ebcf2838795d0c4a4a5b85db43f2fc6
  • Opcode Fuzzy Hash: 4e86e2d0275099b2181ebdff8b3faa109860765375478d346066c7c0e7e6db06
  • Instruction Fuzzy Hash: E0A134B4C05228DFDF24CF50C849BE9B7B0FB08309F0445E9D54A6B281D779AA98CFA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D4A41C
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D4A43F
  • std::bad_exception::bad_exception.LIBCMT ref: 00D4A4C0
  • __CxxThrowException@8.LIBCMT ref: 00D4A4CE
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D4A4E1
  • std::locale::facet::_Facet_Register.LIBCPMT ref: 00D4A4FB
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
  • String ID: P!$bad cast
  • API String ID: 2427920155-342360549
  • Opcode ID: c5fd1fcd5a6d7b696abbd93e4c5448d1e1dac59aec7b308af138a40e243933c0
  • Instruction ID: 82aa604d3fce547e6a562ce881a278126096a0d4171b164ffd6003271008ad5f
  • Opcode Fuzzy Hash: c5fd1fcd5a6d7b696abbd93e4c5448d1e1dac59aec7b308af138a40e243933c0
  • Instruction Fuzzy Hash: 6431B3719402558FCF14DF68E985BAE73B4EB14320F140269F92ABB2D1DB706D48CBA2
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _fprintf.LIBCMT ref: 00D53293
  • _fprintf.LIBCMT ref: 00D532A9
    • Part of subcall function 00E589FA: __lock_file.LIBCMT ref: 00E58A41
    • Part of subcall function 00E589FA: __stbuf.LIBCMT ref: 00E58AC5
    • Part of subcall function 00E589FA: __output_l.LIBCMT ref: 00E58AD5
    • Part of subcall function 00E589FA: __ftbuf.LIBCMT ref: 00E58ADF
  • _fprintf.LIBCMT ref: 00D532BD
  • _fprintf.LIBCMT ref: 00D532D7
Strings
  • Terminated due to a fatal error., xrefs: 00D532B3
  • Terminated due to a fatal error., xrefs: 00D53289
  • Security Builder error status %d, message:%s., xrefs: 00D532CD
  • Security Builder sb_errorMessage() error status: %d., xrefs: 00D5329F
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _fprintf$__ftbuf__lock_file__output_l__stbuf
  • String ID: Terminated due to a fatal error.$Terminated due to a fatal error.$Security Builder error status %d, message:%s.$Security Builder sb_errorMessage() error status: %d.
  • API String ID: 868309879-345378047
  • Opcode ID: 6fbafe957534dc30568343a99f9bbb67448a1da5d89caa18eaf124c437ac58c0
  • Instruction ID: aab5ddf4799758dc2419fc0e1f2567a7a4f17e41a9112cad87de6473f2596feb
  • Opcode Fuzzy Hash: 6fbafe957534dc30568343a99f9bbb67448a1da5d89caa18eaf124c437ac58c0
  • Instruction Fuzzy Hash: 0EF044B2E40314F6CA09EA909D03D7D72A88754705F086A14FE0D72383F9619F1887A7
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _malloc.LIBCMT ref: 00D9C669
    • Part of subcall function 00E59BEE: __FF_MSGBANNER.LIBCMT ref: 00E59C07
    • Part of subcall function 00E59BEE: __NMSG_WRITE.LIBCMT ref: 00E59C0E
    • Part of subcall function 00E59BEE: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 00E59C33
  • _memset.LIBCMT ref: 00D9C689
  • _strlen.LIBCMT ref: 00D9C6A4
  • _malloc.LIBCMT ref: 00D9C6B0
  • _strlen.LIBCMT ref: 00D9C6D9
  • _malloc.LIBCMT ref: 00D9C6E5
  • _strlen.LIBCMT ref: 00D9C710
  • _strlen.LIBCMT ref: 00D9C720
  • _malloc.LIBCMT ref: 00D9C72C
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _malloc_strlen$AllocateHeap_memset
  • String ID:
  • API String ID: 2192146556-0
  • Opcode ID: 0c334b7aefc9d640d7b863b75f6f5bce27293a76bb8e3c0b08bc5dc54e720562
  • Instruction ID: e61f693334dff1cfd009467d30635e15d5ae68b36e79e9e44da4d8c5013e4d74
  • Opcode Fuzzy Hash: 0c334b7aefc9d640d7b863b75f6f5bce27293a76bb8e3c0b08bc5dc54e720562
  • Instruction Fuzzy Hash: A03173F5D10204EBDF00EFA4D946A9E73E5AB58301F149464FD09A7342E732EE18DB61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D6A417
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: l_date.c$l_date.c$l_date.c$l_date.c$l_date.c
  • API String ID: 1597570620-2913811202
  • Opcode ID: 9ff89faccf8e6539b8f51b42a361c824803354e989fcd97691d75f4df16b4a26
  • Instruction ID: 35da12ca432214c7b379dae793e6403add669522c89001697205a361f78b3afe
  • Opcode Fuzzy Hash: 9ff89faccf8e6539b8f51b42a361c824803354e989fcd97691d75f4df16b4a26
  • Instruction Fuzzy Hash: B3614D74A00209EBDB14DF58C986BE977B1BB44360F148268FD596F3C1EB70EA41CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D4B7CC
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D4B7EF
  • std::bad_exception::bad_exception.LIBCMT ref: 00D4B870
  • __CxxThrowException@8.LIBCMT ref: 00D4B87E
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D4B891
  • std::locale::facet::_Facet_Register.LIBCPMT ref: 00D4B8AB
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
  • String ID: bad cast
  • API String ID: 2427920155-3145022300
  • Opcode ID: fe1b6c064aa1ee60a8485ee20d09a0d55f95868330ffdb1f7952b849c2a761fb
  • Instruction ID: a443ab6a06136c190334c5cee28c3dd27a5a53acfd73c7717eb25afa1dc9324e
  • Opcode Fuzzy Hash: fe1b6c064aa1ee60a8485ee20d09a0d55f95868330ffdb1f7952b849c2a761fb
  • Instruction Fuzzy Hash: 48318475D002458FDF18DF55D881BAA77B8FB28734F14025AE826772D1DB30AD44CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • GetVersionExA.KERNEL32(00000094), ref: 00D5531C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Version
  • String ID: FLEXLM_DIAGNOSTICS$flex%i.log$stderr$stdout
  • API String ID: 1889659487-2597289574
  • Opcode ID: 0cc90ecd27330961ec36314c3a1a11183b76d6441d3bb0ed04cbb974aac8b21f
  • Instruction ID: 163a09a25fac7add730cf7df7ee8fe381f92390941c5ad79516aeab031e104de
  • Opcode Fuzzy Hash: 0cc90ecd27330961ec36314c3a1a11183b76d6441d3bb0ed04cbb974aac8b21f
  • Instruction Fuzzy Hash: 7121F5B1C00304EBDF14EB60ED96BAE77B89744302F0444A8EE0D76242E7B45A8CCBA5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strncmp$_strncpy
  • String ID:
  • API String ID: 4170286768-0
  • Opcode ID: 44e7a7a5d35bbd56998dead6b557ec4197fd49068f7fd5c0658508a832126f85
  • Instruction ID: 4b87c4a5395a7f4d47bfe5f1b9f3ee384ce34bba05ec5073379786d09028cb89
  • Opcode Fuzzy Hash: 44e7a7a5d35bbd56998dead6b557ec4197fd49068f7fd5c0658508a832126f85
  • Instruction Fuzzy Hash: 46419FB5A40208BBDF04DF64DC42BAA37A8EF04309F08C524FE1DDA282E775D614CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memset.LIBCMT ref: 00DAD0D2
  • _memset.LIBCMT ref: 00DAD0E2
  • GetCurrentProcess.KERNEL32(?,?,?,?,?,?), ref: 00DAD0F3
  • GetProcessTimes.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00DAD110
  • _sprintf.LIBCMT ref: 00DAD15A
  • _sprintf.LIBCMT ref: 00DAD172
    • Part of subcall function 00E5700E: __output_l.LIBCMT ref: 00E57069
  • _sprintf.LIBCMT ref: 00DAD18A
    • Part of subcall function 00E5700E: __flsbuf.LIBCMT ref: 00E57084
  • _sprintf.LIBCMT ref: 00DAD1A2
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf$Process_memset$CurrentTimes__flsbuf__output_l
  • String ID:
  • API String ID: 3617345755-0
  • Opcode ID: 43c14fe3274b2d88364d7394fe56df70be7cfe22cf211fe5e6c098141dea7063
  • Instruction ID: bfd2dd578a9bd06d187ca70b3a0b26006cf2bd52e545e53daa892278a0bdce22
  • Opcode Fuzzy Hash: 43c14fe3274b2d88364d7394fe56df70be7cfe22cf211fe5e6c098141dea7063
  • Instruction Fuzzy Hash: 48219CB1E001086BCB08EB98DC51EEF77B9DF88314F04C569F909BB381D975D9148B94
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memset.LIBCMT ref: 00D791EF
  • _malloc.LIBCMT ref: 00D79613
  • _malloc.LIBCMT ref: 00D79651
    • Part of subcall function 00E59BEE: __FF_MSGBANNER.LIBCMT ref: 00E59C07
    • Part of subcall function 00E59BEE: __NMSG_WRITE.LIBCMT ref: 00E59C0E
    • Part of subcall function 00E59BEE: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 00E59C33
  • _memset.LIBCMT ref: 00D7968A
  • _memmove.LIBCMT ref: 00D796A1
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _malloc_memset$AllocateHeap_memmove
  • String ID: demo
  • API String ID: 1287286150-3594706848
  • Opcode ID: da75401f97a994871838fd0d795f9382748c4949835e4d802a070e90b148b6c4
  • Instruction ID: ea83797d1170fed36775812ebee285664b9763370d7a55f46ffada9c80e7c70e
  • Opcode Fuzzy Hash: da75401f97a994871838fd0d795f9382748c4949835e4d802a070e90b148b6c4
  • Instruction Fuzzy Hash: DB022BB1900259CFEB24CF54CC58BDDBBB1BB49309F1481A8D94C6B381D7B69A89CF50
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _swscanf$_strlen
  • String ID: $%ld$%lx
  • API String ID: 4858752-293966833
  • Opcode ID: 77bb3f3343f4f0d664f8d2dc0dc1562e92dacab76f0203f505a70a88810e680d
  • Instruction ID: c16607d01586b2f1ca557214ac8f5c30e67494a6a6ff815696937b0c13db5cb1
  • Opcode Fuzzy Hash: 77bb3f3343f4f0d664f8d2dc0dc1562e92dacab76f0203f505a70a88810e680d
  • Instruction Fuzzy Hash: F8A14CB5D002099BEF04CF98C981BBFB7B5EF45305F288159E815AB241E7799E41CBB2
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memset.LIBCMT ref: 00D4377E
  • _memset.LIBCMT ref: 00D43859
    • Part of subcall function 00D47940: _memmove.LIBCMT ref: 00D4797D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset$_memmove
  • String ID: ([=_a-zA-Z0-9]+)$08.0$HOSTID=ERROR$nilm
  • API String ID: 2532777613-4137177851
  • Opcode ID: 8a17b99befdae9c83ebe77c8653060fd9ac69400e92645f0b0f2fde6beac5a6d
  • Instruction ID: 1ad7cf3db9ed65a396d868eae1e0cfe431fefde836eb0020d04a3316090eb676
  • Opcode Fuzzy Hash: 8a17b99befdae9c83ebe77c8653060fd9ac69400e92645f0b0f2fde6beac5a6d
  • Instruction Fuzzy Hash: FEB178B19042989BDB24DF58C891AEDB7B5AF04300F4445EEE59DA3281D7B49FD8CFA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D7230E
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: l_master_lis.c$l_master_lis.c$l_master_lis.c$l_master_lis.c
  • API String ID: 1597570620-1955162629
  • Opcode ID: 429a4c662f47e67b7c78329a40b9f8fd17cbfa38ec2ee2e7568abd1757a78bba
  • Instruction ID: 4674c88650b5ea9c271ce84ac94bf3abbd2e836d0b3a53394e0810857f19d79d
  • Opcode Fuzzy Hash: 429a4c662f47e67b7c78329a40b9f8fd17cbfa38ec2ee2e7568abd1757a78bba
  • Instruction Fuzzy Hash: E5910EB5A00208ABDB04DF54C895BE977B5BB44355F18C2B8EE4C5F382D771EA85CBA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D70BF7: _strncpy.LIBCMT ref: 00D70C18
  • _strlen.LIBCMT ref: 00DB43C0
  • _strlen.LIBCMT ref: 00DB43DC
  • _memset.LIBCMT ref: 00DB4473
  • _strlen.LIBCMT ref: 00DB4482
  • _swscanf.LIBCMT ref: 00DB44E8
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strlen$_memset_strncpy_swscanf
  • String ID: %05d
  • API String ID: 2924102989-2049770103
  • Opcode ID: 466b54d42737e7f31f7f51d11588c0e19e9dab777c5660437aafe71e78036042
  • Instruction ID: a0396987b8404e9579ee68c21a3a7a71a90623d8266152cc7c082980d37414b0
  • Opcode Fuzzy Hash: 466b54d42737e7f31f7f51d11588c0e19e9dab777c5660437aafe71e78036042
  • Instruction Fuzzy Hash: 05717A74900299DBDB31CF14CC90BE977B1AF09301F1881E9E989AB382D7B59AC4DF61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strncmp
  • String ID: END_LICENSE$END_LICENSE$START_LICENSE$START_LICENSE
  • API String ID: 909875538-1394126991
  • Opcode ID: e81839782f3c4b789370dc413d66e87c3267028d60ca3de3b2dc617d5267a96b
  • Instruction ID: e0ba73a5e94fcfdee3d678d4eaffa24a48de71a0f2f6d04a5abbba4a09c153da
  • Opcode Fuzzy Hash: e81839782f3c4b789370dc413d66e87c3267028d60ca3de3b2dc617d5267a96b
  • Instruction Fuzzy Hash: 06416D70A05248EBDB18CF94C1F06BEBBBAAF42345F288099EC465F215D235DF41CB90
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf$_strncpy
  • String ID: %s%d$SIGN$SIGN
  • API String ID: 1849356164-3430300620
  • Opcode ID: 333bb5cd7ac8ab7ce3da80988352eef84fd8142c4c7f88f3a8e57280ba4d35bb
  • Instruction ID: 525acb8cdc9fa4eae70bbbfa2a03edfdab4bed70b6e370d0e37e7d5f0de48c77
  • Opcode Fuzzy Hash: 333bb5cd7ac8ab7ce3da80988352eef84fd8142c4c7f88f3a8e57280ba4d35bb
  • Instruction Fuzzy Hash: 16413BB5A10209AFDB14EF94C885EAEB3B5BB48304F18D51DFC096B281E731DA45CBB1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Xinvalid_argument.LIBCPMT ref: 00D49286
    • Part of subcall function 00E417A7: std::exception::exception.LIBCMT ref: 00E417BC
    • Part of subcall function 00E417A7: __CxxThrowException@8.LIBCMT ref: 00E417D1
  • std::_Xinvalid_argument.LIBCPMT ref: 00D4929C
  • std::_Xinvalid_argument.LIBCPMT ref: 00D492B7
  • _memmove.LIBCMT ref: 00D49322
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Xinvalid_argumentstd::_$Exception@8Throw_memmovestd::exception::exception
  • String ID: invalid string position$string too long
  • API String ID: 1253240057-4289949731
  • Opcode ID: e946b9393916e267bf8e60ca89f0d5922bec4409a55e11ca799f97ed7661ecd4
  • Instruction ID: 1527abd4e5812ce08a87f2591c35825dc0575016b5c5eaf58c0d5c4cbdaf1c9e
  • Opcode Fuzzy Hash: e946b9393916e267bf8e60ca89f0d5922bec4409a55e11ca799f97ed7661ecd4
  • Instruction Fuzzy Hash: 5631D7323042005FD7249E5DE8A5E6FF3EAEB96760B144A2EF495D76D1C7B1AC4083B4
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _malloc.LIBCMT ref: 00E58403
    • Part of subcall function 00E59BEE: __FF_MSGBANNER.LIBCMT ref: 00E59C07
    • Part of subcall function 00E59BEE: __NMSG_WRITE.LIBCMT ref: 00E59C0E
    • Part of subcall function 00E59BEE: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 00E59C33
  • std::exception::exception.LIBCMT ref: 00E58438
  • __CxxThrowException@8.LIBCMT ref: 00E58463
  • __FF_MSGBANNER.LIBCMT ref: 00E58477
  • __NMSG_WRITE.LIBCMT ref: 00E5847F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: AllocateException@8HeapThrow_mallocstd::exception::exception
  • String ID: bad allocation
  • API String ID: 1264268182-2104205924
  • Opcode ID: 95ded3885d560f316b29cc0e436808671962d3ac7eb827cd0d749259f48f6f2a
  • Instruction ID: cc58534aba95e93b9a88b0dd2ebbca655ad49b5655d3f582263bbbb8f873333b
  • Opcode Fuzzy Hash: 95ded3885d560f316b29cc0e436808671962d3ac7eb827cd0d749259f48f6f2a
  • Instruction Fuzzy Hash: 30012B75404349AACF00FB61ED4796E3BF9EF40365F146429FC187A1A1DFB0A90E8766
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _fgetc$_fgets
  • String ID: #$USE_SERVER
  • API String ID: 3774966629-2573919625
  • Opcode ID: 275af112aa75366a14760bd1255bdb51a6e5eb761af085b56a1127e51dc59c92
  • Instruction ID: 79f9285237ceb48728546fba3bc8cd03c74161835c235a7a526e29d44d0f733b
  • Opcode Fuzzy Hash: 275af112aa75366a14760bd1255bdb51a6e5eb761af085b56a1127e51dc59c92
  • Instruction Fuzzy Hash: E92247B8D00209DFCF14CF98D495AAEBBB1BF49305F288199E855AB341D335EA45CF61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memmove
  • String ID: demo$demo
  • API String ID: 4104443479-2936632075
  • Opcode ID: bbc9f4402c9ebf1113053bf8121f95b3e0f7d98fd3c8e6afc4271d510a64d4f6
  • Instruction ID: f02b968bf715e0f0988814661c5052d74a6aaeb99355cfabfb1c2b5d15e84457
  • Opcode Fuzzy Hash: bbc9f4402c9ebf1113053bf8121f95b3e0f7d98fd3c8e6afc4271d510a64d4f6
  • Instruction Fuzzy Hash: 8ED18074A00205ABDF24DF14CC46BAA7771BF8471AF188268FD599F2C1DB71D988CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memmove.LIBCMT ref: 00D6D415
    • Part of subcall function 00D6DD11: _memmove.LIBCMT ref: 00D6DD6C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memmove
  • String ID: (K$(K$,K
  • API String ID: 4104443479-4180014700
  • Opcode ID: 4ed0b849540ddd17141a3a602e017efee4ed3f797176ae9543a3cb02332b0f8a
  • Instruction ID: 04a6a3c8bc6a78d5593110dd03b01fa52d582af4579f14a2cd4b9f3190fc4f3c
  • Opcode Fuzzy Hash: 4ed0b849540ddd17141a3a602e017efee4ed3f797176ae9543a3cb02332b0f8a
  • Instruction Fuzzy Hash: 3DB159B4F0020ADFDB14CF54D881BAE77B2BF89300F148668E9196B391D775E945CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf
  • String ID: /var$BUG_B$FLEXLM_%c%c%sADDATE
  • API String ID: 1467051239-2776383463
  • Opcode ID: 1443a0806f0867b8daeb30b0d1618856aeba27697c9b84ec16af9c2000990849
  • Instruction ID: 3b1cdb212052548ce546c3ba6bab98c35f4527297133ffe4cc740dd471a3a233
  • Opcode Fuzzy Hash: 1443a0806f0867b8daeb30b0d1618856aeba27697c9b84ec16af9c2000990849
  • Instruction Fuzzy Hash: 15517174A00308EBEF24DB54D949BE977B4AF54300F1881E8E95C6F282D775AF84DBA4
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memset.LIBCMT ref: 00DB4226
  • _sprintf.LIBCMT ref: 00DB4316
  • _sprintf.LIBCMT ref: 00DB4335
    • Part of subcall function 00DB4660: _strlen.LIBCMT ref: 00DB466A
    • Part of subcall function 00DB4660: _sprintf.LIBCMT ref: 00DB46AC
  • _strlen.LIBCMT ref: 00DB4341
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf$_strlen$_memset
  • String ID: %05d%c
  • API String ID: 689995866-4091610826
  • Opcode ID: 0aaed0b91f19614bd1e14997665999f381649e7ed602b61bf001d7261d77019d
  • Instruction ID: 1eaebc7499d94fdd5bb96508826e7d1babfbb08eafbb03330aa6784d2f38bc7f
  • Opcode Fuzzy Hash: 0aaed0b91f19614bd1e14997665999f381649e7ed602b61bf001d7261d77019d
  • Instruction Fuzzy Hash: 02518DB4904249EFDB04CF98C851BEE77B2FF44318F18C199E8665B382D335AA45DB54
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memmove.LIBCMT ref: 00E580E6
  • __flush.LIBCMT ref: 00E58104
  • __write.LIBCMT ref: 00E5812B
  • __flsbuf.LIBCMT ref: 00E58156
    • Part of subcall function 00E5956D: __getptd_noexit.LIBCMT ref: 00E5956D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __flsbuf__flush__getptd_noexit__write_memmove
  • String ID: ement
  • API String ID: 2782032738-3166100025
  • Opcode ID: be126c5fe6c887d414ff3e5d4eca79ad10c003f48fc8a9333ce4407635996b6a
  • Instruction ID: 8649b4d1c078a0c1768938fbdd7c8c696577875e9d07f78ce535c146a4932d2c
  • Opcode Fuzzy Hash: be126c5fe6c887d414ff3e5d4eca79ad10c003f48fc8a9333ce4407635996b6a
  • Instruction Fuzzy Hash: E141D631A01A04DBEB24DF658B4469FB7B5AF80366F28AD2CEC55B7190DB70DD49CB40
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D5818E
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: $lm_crstr.c$lm_crstr.c$lm_crstr.c
  • API String ID: 1597570620-3072814489
  • Opcode ID: fce89e0577845af9ae07e6c6e7ea116431271c90c7b465e5b64ac7e91efaa805
  • Instruction ID: 1bb257df1bacb09d42a1767014ca80e0d2d289841b56cf6d53a931a49aeedaea
  • Opcode Fuzzy Hash: fce89e0577845af9ae07e6c6e7ea116431271c90c7b465e5b64ac7e91efaa805
  • Instruction Fuzzy Hash: 39412B74A40309ABDF04DF54C886FAA7BA5BB44351F148268FD486F381DB70EA45CBE5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Mutex::_Mutex.LIBCPMT ref: 00D495C2
    • Part of subcall function 00E583E9: _malloc.LIBCMT ref: 00E58403
  • std::locale::_Init.LIBCPMT ref: 00D495DE
    • Part of subcall function 00E416C6: __EH_prolog3.LIBCMT ref: 00E416CD
    • Part of subcall function 00E416C6: std::_Lockit::_Lockit.LIBCPMT ref: 00E416E3
    • Part of subcall function 00E416C6: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00E41705
    • Part of subcall function 00E416C6: std::locale::_Setgloballocale.LIBCPMT ref: 00E4170F
    • Part of subcall function 00E416C6: _Yarn.LIBCPMT ref: 00E41725
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D495F1
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: std::_std::locale::_$LockitLockit::_$H_prolog3InitLocimpLocimp::_MutexMutex::_SetgloballocaleYarn_malloc
  • String ID: P!$P!
  • API String ID: 3906141431-3503163932
  • Opcode ID: 54b14adb91f0a5170695444270e6ed3fa90a144aa09db0eae95577a30ab3262d
  • Instruction ID: a4a34e6f4063bf68101501a0babd444e5bdf11d2296d9d1cf9df52987a1ba57d
  • Opcode Fuzzy Hash: 54b14adb91f0a5170695444270e6ed3fa90a144aa09db0eae95577a30ab3262d
  • Instruction Fuzzy Hash: 743124B5500B008FD724CF65C991B96B7F4FB48720F104A6EE8969BB90EB75B904CB90
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D4119F
  • std::exception::exception.LIBCMT ref: 00D411D5
    • Part of subcall function 00E56F20: std::exception::_Copy_str.LIBCMT ref: 00E56F3B
  • __CxxThrowException@8.LIBCMT ref: 00D411EA
    • Part of subcall function 00E5F249: RaiseException.KERNEL32(00D411EF,E739FF75,00000000,00E7D34C,00D411EF,E739FF75,00E85AA0,?,00000000), ref: 00E5F28B
  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00D411F1
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
  • String ID: bad locale name
  • API String ID: 73090415-1405518554
  • Opcode ID: ee0b2e8d241c8593ed3db9ae61d6a9ca611c649b03e752c66cd8309328a0545e
  • Instruction ID: ba0cad9722f87ff273bffea5a1036a8ff13a2701f59fb7e491e810b2102d88f7
  • Opcode Fuzzy Hash: ee0b2e8d241c8593ed3db9ae61d6a9ca611c649b03e752c66cd8309328a0545e
  • Instruction Fuzzy Hash: F91194B2D047449FCB11DF99C881A9EFBF8FB19710F80866EE45AA3641D7346608CBA5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset_swscanf
  • String ID: %d-%[^-]-%d$;$;
  • API String ID: 2826912138-516639765
  • Opcode ID: 2c1d2b7717b8e9d9cb89a61464b21059c1b49dc1b5cfa6833612ce4e488eeec1
  • Instruction ID: 67615dffe96a1c5bfcebc33b7c34fa3ae305439a583ee5ce5ba892b795c60338
  • Opcode Fuzzy Hash: 2c1d2b7717b8e9d9cb89a61464b21059c1b49dc1b5cfa6833612ce4e488eeec1
  • Instruction Fuzzy Hash: 9E1121B1C00208EFDF14DFD8E985AEEB7B4AB44304F144619F52577291EB755908CF66
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _longjmp$_calloc_free_memmove
  • String ID:
  • API String ID: 874153074-0
  • Opcode ID: 23829ef7e638839252cdd9ca996eb8c6a06ef071355e06efb35f9b8b0320c1de
  • Instruction ID: a1c95fd9aa2d96120c7b8a180bcc32a1351413a21412d2f4668b50dbce0a5cd4
  • Opcode Fuzzy Hash: 23829ef7e638839252cdd9ca996eb8c6a06ef071355e06efb35f9b8b0320c1de
  • Instruction Fuzzy Hash: 26E161B5900209EFDB04CF94C895BAEB7B5FF48305F1485A8E9196B381E735DA45CFA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _fseek.LIBCMT ref: 00DBE327
  • _fseek.LIBCMT ref: 00DBE346
    • Part of subcall function 00E5B60D: __lock_file.LIBCMT ref: 00E5B64E
  • _malloc.LIBCMT ref: 00DBE355
    • Part of subcall function 00E59BEE: __FF_MSGBANNER.LIBCMT ref: 00E59C07
    • Part of subcall function 00E59BEE: __NMSG_WRITE.LIBCMT ref: 00E59C0E
    • Part of subcall function 00E59BEE: RtlAllocateHeap.NTDLL(00000000,00000001,00000001), ref: 00E59C33
  • _memset.LIBCMT ref: 00DBE377
  • __fread_nolock.LIBCMT ref: 00DBE38D
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _fseek$AllocateHeap__fread_nolock__lock_file_malloc_memset
  • String ID:
  • API String ID: 1358338167-0
  • Opcode ID: 7a08a81df77f7f8b18567731d9759521cd10e769e44648f13c3069c3a88c41db
  • Instruction ID: ee301c0aeb43a316c00450c62d89b02f6f57ce85a8a1ae75f80f619b6b89d171
  • Opcode Fuzzy Hash: 7a08a81df77f7f8b18567731d9759521cd10e769e44648f13c3069c3a88c41db
  • Instruction Fuzzy Hash: 7E613174E04209EFDB14DF98C891BEEB7B1BF48701F288568E9556B381D731DA44CB61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memset.LIBCMT ref: 00E5D826
  • _memcpy_s.LIBCMT ref: 00E5D897
  • __read.LIBCMT ref: 00E5D8FA
  • __filbuf.LIBCMT ref: 00E5D916
    • Part of subcall function 00E5956D: __getptd_noexit.LIBCMT ref: 00E5956D
  • _memset.LIBCMT ref: 00E5D957
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
  • String ID:
  • API String ID: 4048096073-0
  • Opcode ID: ec079c8bebdf166df128c25d3f390c4613e318406321532cca97712e8ae1f553
  • Instruction ID: 043f07963b6247d73d7c88f3327b50e1545d40179f6927fd3df8ade4ba95d9c9
  • Opcode Fuzzy Hash: ec079c8bebdf166df128c25d3f390c4613e318406321532cca97712e8ae1f553
  • Instruction Fuzzy Hash: 43510931E04309EBCB35DFA9CC4469EB7B1EF80325F249A69EC24B6191D3709D58DB50
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strlen_swscanf$_strncpy
  • String ID:
  • API String ID: 3771623585-0
  • Opcode ID: 32f8281004efb0e334984ba3cafcd8ce46802f6439783721c4d1756866b93dd8
  • Instruction ID: bc31cffd73ffaed00054b93f37229a750791280be03907dd0db457dca6984ad3
  • Opcode Fuzzy Hash: 32f8281004efb0e334984ba3cafcd8ce46802f6439783721c4d1756866b93dd8
  • Instruction Fuzzy Hash: 6A5126B590030ADFDB04DFA4C886BBEBBB1FF45304F244559E905AB341E775AA44CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strlen_swscanf$_strncpy
  • String ID:
  • API String ID: 3771623585-0
  • Opcode ID: 54025fbebd383032c9f7fb2115dc328e4cc24464757fa174ba46e0eea269bd14
  • Instruction ID: 2e77f6f0cbd790df692b6f63e214ebac7fde4d6ec71f41e43cfe2615eea09147
  • Opcode Fuzzy Hash: 54025fbebd383032c9f7fb2115dc328e4cc24464757fa174ba46e0eea269bd14
  • Instruction Fuzzy Hash: 3B5149B5D0020ADFDB04CFA4D896BEEBBB1FF48304F244459E905AB345D375AA84CBA5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strlen_swscanf$_strncpy
  • String ID:
  • API String ID: 3771623585-0
  • Opcode ID: 8ebeaf1e4f16554bd729ced51d4bada5492dad9283c18386b851167c521ed9c2
  • Instruction ID: c25d28d3953bf9a87dd9b1f609ed25af00b69c43fa362ce0dfc575762bcd7bf9
  • Opcode Fuzzy Hash: 8ebeaf1e4f16554bd729ced51d4bada5492dad9283c18386b851167c521ed9c2
  • Instruction Fuzzy Hash: 8A5139B5D0020ADFDB04DFA4C882BEEBBB1FF45304F244559E905AB341D775AA44CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00D4123F
    • Part of subcall function 00E41563: _setlocale.LIBCMT ref: 00E41575
  • _free.LIBCMT ref: 00D41251
    • Part of subcall function 00E57411: HeapFree.KERNEL32(00000000,00000000,?,00E56F15,?,?,00D41021), ref: 00E57427
    • Part of subcall function 00E57411: GetLastError.KERNEL32(?,?,00E56F15,?,?,00D41021), ref: 00E57439
  • _free.LIBCMT ref: 00D41264
  • _free.LIBCMT ref: 00D41277
  • _free.LIBCMT ref: 00D4128A
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
  • String ID:
  • API String ID: 3515823920-0
  • Opcode ID: a2d864c1da95a8e944b2a326c8aa7bce4dc54b592904bf9aa07f07349100cff0
  • Instruction ID: e93d6ad31efbb051d042bb521089c5f625fa94255d4fdc5013280710b935a5c4
  • Opcode Fuzzy Hash: a2d864c1da95a8e944b2a326c8aa7bce4dc54b592904bf9aa07f07349100cff0
  • Instruction Fuzzy Hash: 6411E7F1D046409BCB20DF59DC42A5BF7ECEF40B10F188A2AE466D3740E771E9048B91
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • __getptd.LIBCMT ref: 00E64560
    • Part of subcall function 00E647BA: __getptd_noexit.LIBCMT ref: 00E647BD
    • Part of subcall function 00E647BA: __amsg_exit.LIBCMT ref: 00E647CA
  • __getptd.LIBCMT ref: 00E64577
  • __amsg_exit.LIBCMT ref: 00E64585
  • __lock.LIBCMT ref: 00E64595
  • __updatetlocinfoEx_nolock.LIBCMT ref: 00E645A9
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
  • String ID:
  • API String ID: 938513278-0
  • Opcode ID: 39d7c955d22f1706589bf39e0d355fea4d1deb40a369a487513fb58d5772d3d4
  • Instruction ID: f70c924f46b027287b602cb3cd411e164a8a7770a594b276d1ff4b59c5b8b0bc
  • Opcode Fuzzy Hash: 39d7c955d22f1706589bf39e0d355fea4d1deb40a369a487513fb58d5772d3d4
  • Instruction Fuzzy Hash: 3EF0F0B29C4700DBD721BB74B807B4D36E0AF047A0F10610BF505762C2CF205A018A41
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D416F0: std::_Lockit::_Lockit.LIBCPMT ref: 00D41701
    • Part of subcall function 00D4BA80: std::_Lockit::_Lockit.LIBCPMT ref: 00D4BAAC
    • Part of subcall function 00D4BA80: std::_Lockit::_Lockit.LIBCPMT ref: 00D4BACF
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D49782
  • _localeconv.LIBCMT ref: 00D497F8
  • _strcspn.LIBCMT ref: 00D4990D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: LockitLockit::_std::_$_localeconv_strcspn
  • String ID: e
  • API String ID: 331173946-4024072794
  • Opcode ID: 94117feef72ae9e7b3f4c2ec43620d345da1a7b2a2fa1196c2daa7d46f604d51
  • Instruction ID: b1af47921d8a4125620f899feb77176f7225e833cabac91f74dad33a02cd4397
  • Opcode Fuzzy Hash: 94117feef72ae9e7b3f4c2ec43620d345da1a7b2a2fa1196c2daa7d46f604d51
  • Instruction Fuzzy Hash: A9123A75E002489FDB14CFA9C891AEEBBF5FF89304F158259E809AB355D770AD05CBA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memset.LIBCMT ref: 00DA52F6
    • Part of subcall function 00DA553F: GetTickCount.KERNEL32 ref: 00DA55AD
    • Part of subcall function 00DA553F: Sleep.KERNEL32(0000000A), ref: 00DA55D8
    • Part of subcall function 00DA553F: GetTickCount.KERNEL32 ref: 00DA55EE
  • _sprintf.LIBCMT ref: 00DA541B
  • _memmove.LIBCMT ref: 00DA549F
Strings
  • %2.2X%2.2X%2.2X%2.2X%2.2X%2.2X, xrefs: 00DA540F
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: CountTick$Sleep_memmove_memset_sprintf
  • String ID: %2.2X%2.2X%2.2X%2.2X%2.2X%2.2X
  • API String ID: 3210233218-3754946579
  • Opcode ID: 5ba8f0b94500ccf6c321868f48ee51aa072c98aa86142701d373f77ff4cbd177
  • Instruction ID: e4d7f1cd398c365c36188b8090f0d6d7eb1c3e4fddd5f1f2b712171f9ca6b6e6
  • Opcode Fuzzy Hash: 5ba8f0b94500ccf6c321868f48ee51aa072c98aa86142701d373f77ff4cbd177
  • Instruction Fuzzy Hash: DBB11574900618DFCB25CF04E898BEAB3B5BB49315F1881E9E80C5B295D775AEC1CFA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Xinvalid_argument.LIBCPMT ref: 00D4910C
  • std::_Xinvalid_argument.LIBCPMT ref: 00D49126
  • _memmove.LIBCMT ref: 00D4917C
    • Part of subcall function 00D48FA0: std::_Xinvalid_argument.LIBCPMT ref: 00D48FB9
    • Part of subcall function 00D48FA0: std::_Xinvalid_argument.LIBCPMT ref: 00D48FDA
    • Part of subcall function 00D48FA0: std::_Xinvalid_argument.LIBCPMT ref: 00D48FF5
    • Part of subcall function 00D48FA0: _memmove.LIBCMT ref: 00D4905D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Xinvalid_argumentstd::_$_memmove
  • String ID: string too long
  • API String ID: 2168136238-2556327735
  • Opcode ID: 4cc8db290c6e9147fa02fe245b5b94a126dab2ac041e51f26c45a2c3d032eb71
  • Instruction ID: 7e5a50fc897eae76d0aedf5722fdbac01b3689d9c7516eeef4f7952b5d1d0e5f
  • Opcode Fuzzy Hash: 4cc8db290c6e9147fa02fe245b5b94a126dab2ac041e51f26c45a2c3d032eb71
  • Instruction Fuzzy Hash: 803108323003104BDB24AE6EE8A496FF7EAEFE5760724492FF49687685C7719C4483B5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf_strlen
  • String ID: %d%s$xi
  • API String ID: 3493289842-267120433
  • Opcode ID: 73373c087667124e7ef04eefd25a2d433cec1f8cc786779f25d2a17eba7fea5f
  • Instruction ID: 1f92bc5d32d0d43568845e68bbf452286494874170b86668bd9b431f2dad5ac4
  • Opcode Fuzzy Hash: 73373c087667124e7ef04eefd25a2d433cec1f8cc786779f25d2a17eba7fea5f
  • Instruction Fuzzy Hash: A351FA74600208EFCB04CF49C594BED7BB2BF89314F6882A9E9499F345C775AE81CB90
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _strncpy
  • String ID: Unknown
  • API String ID: 2961919466-1654365787
  • Opcode ID: 2336d8a6b39a60020327d0541a81ed8d6e253a9dee6b16fc99096735a8756990
  • Instruction ID: 9d4421182688ac89057f6f1fba067095d969cd5833ab10d25f982ec45578dd6a
  • Opcode Fuzzy Hash: 2336d8a6b39a60020327d0541a81ed8d6e253a9dee6b16fc99096735a8756990
  • Instruction Fuzzy Hash: DD31C6B4600204ABDB14DF18C855BE937B6AF45349F0881B9FF4C6B382DA35DA81CBA5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset_sprintf_strlen
  • String ID: %s=%s
  • API String ID: 751656446-3150307001
  • Opcode ID: 57830770b648a87bf6172c5c059724c26110dcfdbf89e626f73db5a226fa0d50
  • Instruction ID: 40a93561bf16b8ec3d20cddc4b015cdae2e43e938c9056d530b0c1ff45b98652
  • Opcode Fuzzy Hash: 57830770b648a87bf6172c5c059724c26110dcfdbf89e626f73db5a226fa0d50
  • Instruction Fuzzy Hash: 553173B5900209ABDF04DF94E951BAE7BB5EF45305F288098FC05AB345D631DA54CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset_sprintf_strlen
  • String ID: %s=%s
  • API String ID: 751656446-3150307001
  • Opcode ID: 9f15f09851739c62c725ea873cc39a1e09d236d3db32a81a5096ecf26d0ccafe
  • Instruction ID: c7e7d10c79971af901429129ff45d0430722d5587de6aa38966968a2775a1317
  • Opcode Fuzzy Hash: 9f15f09851739c62c725ea873cc39a1e09d236d3db32a81a5096ecf26d0ccafe
  • Instruction Fuzzy Hash: CE3164B5A00208EBDF04EF94D991AAE7BB5EF44315F188098FD45AB342E631DE14DB61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Xinvalid_argument.LIBCPMT ref: 00D491C4
    • Part of subcall function 00E4175A: std::exception::exception.LIBCMT ref: 00E4176F
    • Part of subcall function 00E4175A: __CxxThrowException@8.LIBCMT ref: 00E41784
  • std::_Xinvalid_argument.LIBCPMT ref: 00D491D3
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Xinvalid_argumentstd::_$Exception@8Throwstd::exception::exception
  • String ID: string too long
  • API String ID: 3336028256-2556327735
  • Opcode ID: d48c21238c177523a47e045221e561a22130925ac11e4ae69be313c7f146c77c
  • Instruction ID: e3c25733d128684ddfa8faa39bf6755917e1ea58e7b63b9940c3128706650935
  • Opcode Fuzzy Hash: d48c21238c177523a47e045221e561a22130925ac11e4ae69be313c7f146c77c
  • Instruction Fuzzy Hash: 96210732304350ABC7319A9DA45066BFBE8DBA3720F54495BF8D4DB651C3B1D840C3B5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf
  • String ID: 06.0$uncounted
  • API String ID: 1467051239-2514625941
  • Opcode ID: 52c4ef5e4e7b4160b7c9bd23478cfd59e4d03b7d2e71c10daf8c472c64c529e8
  • Instruction ID: 151228d12bfd931d3b37b1beaf8ed31b67475d4548fb1e85dd1d32e13961bad1
  • Opcode Fuzzy Hash: 52c4ef5e4e7b4160b7c9bd23478cfd59e4d03b7d2e71c10daf8c472c64c529e8
  • Instruction Fuzzy Hash: FB219671A10204AFCB14DB54DC41BE973A9FB44312F14D16AFD4D5B242E771DA84C7A1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf$_strlen
  • String ID: %c%c
  • API String ID: 4048706883-3228636524
  • Opcode ID: db58ebbafb35278771885aff6ab4a942761112f3ba94a80743358b87ad439424
  • Instruction ID: c08cb0465eefa8815e0d1256e1d4a83c68b14431009f8cb2c473529d2670acea
  • Opcode Fuzzy Hash: db58ebbafb35278771885aff6ab4a942761112f3ba94a80743358b87ad439424
  • Instruction Fuzzy Hash: 6001A2B5D00208FBDB00EF98DC82EED7BB59F45305F548085F909BB342E630EA6087A5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memmove
  • String ID:
  • API String ID: 4104443479-0
  • Opcode ID: 71ffb3c24d37b0a1be897bfa299314dc7706556a770e1ee71792d250c253318b
  • Instruction ID: 6da090874a5ec758806cef41a3a9686a09946d6e1c84385fd44570bcb6accdc6
  • Opcode Fuzzy Hash: 71ffb3c24d37b0a1be897bfa299314dc7706556a770e1ee71792d250c253318b
  • Instruction Fuzzy Hash: EE021A74A00209EBDB08CF54C485BEE7BB1BF44314F28C168E9595F382E775AA85CFA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 05914e61c1eb54c328204a4bcb427b53644a0436a79c3af5d8f414878bc5bcb4
  • Instruction ID: fbe24292a6b1e6b58af1f1ffa133ac1e0b1113057ce59c147b1f7c4267aeffc4
  • Opcode Fuzzy Hash: 05914e61c1eb54c328204a4bcb427b53644a0436a79c3af5d8f414878bc5bcb4
  • Instruction Fuzzy Hash: 46619F75A006089FDB14CF14DC99FAA77B5AF45305F18C2A8F94C6B381EB30A985CFA5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • GetModuleHandleA.KERNEL32(00000000), ref: 00D9150A
  • _memset.LIBCMT ref: 00D91521
  • GetFocus.USER32 ref: 00D91577
  • GetFocus.USER32 ref: 00D91587
    • Part of subcall function 00D915F4: 6FA4DB20.COMCTL32(?,?,00D91593,00000000), ref: 00D915F8
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Focus$HandleModule_memset
  • String ID:
  • API String ID: 3672089127-0
  • Opcode ID: fdd59131237ace7cb676576735c863b7d87acaba6d257005bb3fa54343ba7c87
  • Instruction ID: dbe3f6e5761c7dcae3e91cc0801121889fa27d8b15b54d140e85c7f405400dce
  • Opcode Fuzzy Hash: fdd59131237ace7cb676576735c863b7d87acaba6d257005bb3fa54343ba7c87
  • Instruction Fuzzy Hash: C13181B8D04249EFDF64CF90D945BEDBBB4AF45301F05809AEC09A6241E7748B88CF61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • GetEnvironmentStringsW.KERNEL32(00000000,00E681D5,00000000,00000000,73B75970,?,00E59EFD,00000000,00000000), ref: 00E6F43D
  • __malloc_crt.LIBCMT ref: 00E6F46C
  • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,00000000,?,00E59EFD,00000000,00000000), ref: 00E6F479
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: EnvironmentStrings$Free__malloc_crt
  • String ID:
  • API String ID: 237123855-0
  • Opcode ID: 20e83074cff0d6f989a9847d6e84e38a78ab65294c52e4776ab36b1e5292ef47
  • Instruction ID: 30a7217475dfdd724e4ebd90c94764212e987c5ede5b383f4565f78696cc83c7
  • Opcode Fuzzy Hash: 20e83074cff0d6f989a9847d6e84e38a78ab65294c52e4776ab36b1e5292ef47
  • Instruction Fuzzy Hash: EBF027779841105A8F31BB34BC498AB3778DBD53FA31A6876F415F3522FE208D8982A1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID:
  • String ID: c
  • API String ID: 0-112844655
  • Opcode ID: 455024906d53280087e75ad28170ca8b2d97e5affd777337145f3e675c286f90
  • Instruction ID: 86f088c64a3fddc075371acd5ea0d6c52fdd797d21ec1c6055cdaba7c2c4550e
  • Opcode Fuzzy Hash: 455024906d53280087e75ad28170ca8b2d97e5affd777337145f3e675c286f90
  • Instruction Fuzzy Hash: 00F12B74900209EFDB14DFD8C885BEEB7B1FF49310F288269E855AB291D7749985CFA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID:
  • String ID: +
  • API String ID: 0-2126386893
  • Opcode ID: a4705092296038480248b21052b4d5ddab0b2d0c57f3bc00b63388a6e24329d1
  • Instruction ID: 0ea934b4a6bccbd67eb65861123602015b73f76e773d3ee843132b1c136d38ac
  • Opcode Fuzzy Hash: a4705092296038480248b21052b4d5ddab0b2d0c57f3bc00b63388a6e24329d1
  • Instruction Fuzzy Hash: 0DD12AB5A00309EBDB44CF58C884BAB77B5FF88300F248568F9599B381D730EA51CBA5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID: 0-3916222277
  • Opcode ID: 776d39961a0b294f3e1b2ee46ab5c0f0125f25da16939bf7c6f6649df8ac4c80
  • Instruction ID: d78d1184cca8301d5e497ffb82890d503a9fac648b9e8ff12edcda07fb207999
  • Opcode Fuzzy Hash: 776d39961a0b294f3e1b2ee46ab5c0f0125f25da16939bf7c6f6649df8ac4c80
  • Instruction Fuzzy Hash: 95716AB1D00208EBDF04DFD8D849BEEB7B5EF44301F148528E9156B281E7759B48DBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,00000001,00000000), ref: 00D68628
  • RegCloseKey.ADVAPI32(00000000), ref: 00D686A8
Strings
  • LM_APP_DISABLE_CACHE_READ, xrefs: 00D68558
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: CloseOpen
  • String ID: LM_APP_DISABLE_CACHE_READ
  • API String ID: 47109696-2625039047
  • Opcode ID: ba219e5fa75eb781df870f6970c9c41381db2994a9fef38241a68f7929e498a5
  • Instruction ID: 63b7537f000df0f2574843b3b61da333e419f3d5b273ecaaf56a7f14d73b311b
  • Opcode Fuzzy Hash: ba219e5fa75eb781df870f6970c9c41381db2994a9fef38241a68f7929e498a5
  • Instruction Fuzzy Hash: 03712DB5A40209DFEF14CF54C899BEE77B1FB44304F288269E8095B380DB75DA84DBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • _memset.LIBCMT ref: 00D962C0
    • Part of subcall function 00D70B74: _sprintf.LIBCMT ref: 00D70B84
  • _memcmp.LIBCMT ref: 00D9637C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memcmp_memset_sprintf
  • String ID: a
  • API String ID: 3165542541-3904355907
  • Opcode ID: 7fccb8edd5f1724ab453790c957ed32badfb6d9aa823bf40f1ab4345ed0f068f
  • Instruction ID: f2e6439024c6be4b9ba0fc27f13469dc8089d80c300973d7e80622f88d0fd9b9
  • Opcode Fuzzy Hash: 7fccb8edd5f1724ab453790c957ed32badfb6d9aa823bf40f1ab4345ed0f068f
  • Instruction Fuzzy Hash: B3516F74A0030AEBDF14DF68CC45FAA7761BB44714F588268F9599F2C1E771D941CBA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf
  • String ID: AUTH={ $%s=%s
  • API String ID: 1467051239-2637525124
  • Opcode ID: ee75dbc16a05040297f7d710d2a56c996dac7c8b18d3fd50db45794f50c6dd55
  • Instruction ID: 08311829691f8d664d946063a461390850ee4d8653ade014eabbd595fa070fc7
  • Opcode Fuzzy Hash: ee75dbc16a05040297f7d710d2a56c996dac7c8b18d3fd50db45794f50c6dd55
  • Instruction Fuzzy Hash: A8515FB5A10204EFDB04DF54DC81EAA73A5AB48305F14D55CF91D9B342E671EA50CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID:
  • String ID: ,K$0K
  • API String ID: 0-798637755
  • Opcode ID: afb7c29d73fcfbd27efd2290eb8f9abd42c01104b327eae96a5d70fd1b667fb2
  • Instruction ID: 4798254be61130f72eac638f9c08ee9cb7e0c866f4387626eab7823ec03a3a42
  • Opcode Fuzzy Hash: afb7c29d73fcfbd27efd2290eb8f9abd42c01104b327eae96a5d70fd1b667fb2
  • Instruction Fuzzy Hash: C951FAB4E00208EFCB04DF95E885BADB7B2FF99304F248599D4166B390D775AA44CFA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D5E1F5
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: lm_ckout.c$lm_ckout.c
  • API String ID: 1597570620-4068308431
  • Opcode ID: 31d6a0225950658c9d7bc1b17adc7cfcc8734964571c4fb8736892f78614888f
  • Instruction ID: 3410d0f362a318a420545e04b4e937d9a1ae44f6c3d137a2abcddfa36fcc3c55
  • Opcode Fuzzy Hash: 31d6a0225950658c9d7bc1b17adc7cfcc8734964571c4fb8736892f78614888f
  • Instruction Fuzzy Hash: 03413CB5A00208AFDF04DF94C881FDA77B9AF88341F188168FD0C9B385D635EA55CBA5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset_swscanf
  • String ID: %ld-%[^-]-%ld
  • API String ID: 2826912138-4058720049
  • Opcode ID: 8671dd9e6e329a677653c55a32fd3c3d38a34649bcfc35889e65cc295b53560c
  • Instruction ID: 0514348678245a9f616e7920dfbe8c69a2cded09f157894302067859fefdf213
  • Opcode Fuzzy Hash: 8671dd9e6e329a677653c55a32fd3c3d38a34649bcfc35889e65cc295b53560c
  • Instruction Fuzzy Hash: 094173B5C04288AFDB05DFA4C851AEE7BB49F55310F08C4A9E969AB342E635D704CB62
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset_swscanf
  • String ID: %ld-%[^-]-%ld
  • API String ID: 2826912138-4058720049
  • Opcode ID: 3e4a3383e8137410f3647ef25d5271f82a42f8bd5f69ccc5af597b8b7990c8af
  • Instruction ID: 9b408157b98dee35f88a1f16e74eab38e32d5385d0d4512b111321089a266a09
  • Opcode Fuzzy Hash: 3e4a3383e8137410f3647ef25d5271f82a42f8bd5f69ccc5af597b8b7990c8af
  • Instruction Fuzzy Hash: EA4173B5C04288AEDB05DFA88851BEE7BB49F55310F08C499FD59AB342E635D704CB62
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _memset_swscanf
  • String ID: %ld-%[^-]-%ld
  • API String ID: 2826912138-4058720049
  • Opcode ID: d0de84d4b1878ae0ff6c26597aaa74a83570b7ecad4cc7632f5aeea40104f20a
  • Instruction ID: 5304e4614f95ee9ed323c40fd0588287302f26c20140253ddebdf6b125fed9bb
  • Opcode Fuzzy Hash: d0de84d4b1878ae0ff6c26597aaa74a83570b7ecad4cc7632f5aeea40104f20a
  • Instruction Fuzzy Hash: 544173B5C04288AEDB05DFA48841AEE7BB49F55310F08C499E959A7342E635D704CB62
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D4CA30: std::_Lockit::_Lockit.LIBCPMT ref: 00D4CA41
    • Part of subcall function 00D4B8E0: std::_Lockit::_Lockit.LIBCPMT ref: 00D4B90C
    • Part of subcall function 00D4B8E0: std::_Lockit::_Lockit.LIBCPMT ref: 00D4B92F
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D4C7F6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: LockitLockit::_std::_
  • String ID: P!$P!
  • API String ID: 3382485803-3503163932
  • Opcode ID: 651e03b41d413e214e74bf4df9611124c274000350ff80b965fe957dc74babee
  • Instruction ID: 120819e283adf561a327b972751d2dff0c1c7500a574c89fdf50ea8b7ec161a8
  • Opcode Fuzzy Hash: 651e03b41d413e214e74bf4df9611124c274000350ff80b965fe957dc74babee
  • Instruction Fuzzy Hash: 7321C772B102049FDB14DF58D881BAAB7E4EB84720F14466AE919DB3C1DB35E90087A4
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D416F0: std::_Lockit::_Lockit.LIBCPMT ref: 00D41701
    • Part of subcall function 00D4A3F0: std::_Lockit::_Lockit.LIBCPMT ref: 00D4A41C
    • Part of subcall function 00D4A3F0: std::_Lockit::_Lockit.LIBCPMT ref: 00D4A43F
  • std::_Lockit::_Lockit.LIBCPMT ref: 00D4A394
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: LockitLockit::_std::_
  • String ID: P!$P!
  • API String ID: 3382485803-3503163932
  • Opcode ID: 48fee2e408af2f4192cf12fe26bac5ba746edb584b864da4526b0926b6bf8fa0
  • Instruction ID: 85df635c22e5f859ee08af16bca26515ea8338107d2796c768bcba96c07d4574
  • Opcode Fuzzy Hash: 48fee2e408af2f4192cf12fe26bac5ba746edb584b864da4526b0926b6bf8fa0
  • Instruction Fuzzy Hash: 8B118E72640A14AFDB10DF9CCC41B9AB3A4FB49720F114729E929EB2D1EB31A904CBD0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D54437
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: lm_init.c$lm_init.c
  • API String ID: 1597570620-1128194275
  • Opcode ID: dbbf2d98960b62e7248fcf8254fe2003e51b04b788095275d164351023c16361
  • Instruction ID: f00b1912ae703978eea9212c50278ad8dd5542deffa42adc2ccf04bdcb0ee9fe
  • Opcode Fuzzy Hash: dbbf2d98960b62e7248fcf8254fe2003e51b04b788095275d164351023c16361
  • Instruction Fuzzy Hash: 1E114FB5640308ABDB04DF54DC82FDA37A9AB44754F048164BE4C5F382E675FA94CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D684BC
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: l_getenv.c$l_getenv.c
  • API String ID: 1597570620-2811871314
  • Opcode ID: 3c606ee285b99247350b7015b12bca221cff057716250ea3ea087ea0c73bf841
  • Instruction ID: 741a8df5ec991640c5180da0c89f7f23b9bc46c8caf967fb485d7106391d2e19
  • Opcode Fuzzy Hash: 3c606ee285b99247350b7015b12bca221cff057716250ea3ea087ea0c73bf841
  • Instruction Fuzzy Hash: 5D1133B5600208ABDB04DF54D852FDA77A5AB84351F148168FE4C5F381D631EA41CBA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D687C4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: l_getenv.c$l_getenv.c
  • API String ID: 1597570620-2811871314
  • Opcode ID: 970fb81a446f38cabed5374597726e5b48f8444649d94319617d35a9ad8d70d3
  • Instruction ID: 542dfd82931922accfed8bff9e22559811f9b951522b0257d25cadcfd0e8ea37
  • Opcode Fuzzy Hash: 970fb81a446f38cabed5374597726e5b48f8444649d94319617d35a9ad8d70d3
  • Instruction Fuzzy Hash: A0116DB5640208ABDB04DF54D882FDA77A5EF84354F148268FD4C9F382E632EA45CBE0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D680AD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: l_getenv.c$l_getenv.c
  • API String ID: 1597570620-2811871314
  • Opcode ID: 5cd280c26a6f885512fa05855d3fde6d682c3aa1733bd65a7d649303521f2401
  • Instruction ID: 720fe865e6c58abbc6952537a0133d05cb94e9da07291e797d7b9dbdb3b76eea
  • Opcode Fuzzy Hash: 5cd280c26a6f885512fa05855d3fde6d682c3aa1733bd65a7d649303521f2401
  • Instruction Fuzzy Hash: 4A111FB5A00208EBDB04DF54D892ED977A5EF44350F148268FD4C9F381EA36EA55CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D75330
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: l_cvd.c$l_cvd.c
  • API String ID: 1597570620-3253219655
  • Opcode ID: 7c1350e906002d01a3e9ffe575c1b2190bda8e2c8a8674ba93d52855a34bc5bb
  • Instruction ID: d99b6fdf5de3de5acf155b740f9b84c3820213c499c946b04781d71c647ac47c
  • Opcode Fuzzy Hash: 7c1350e906002d01a3e9ffe575c1b2190bda8e2c8a8674ba93d52855a34bc5bb
  • Instruction Fuzzy Hash: 071170B5A00208ABDB04DF64DC82EEA37A5AB44351F048264FE0C9F381E671EA44CBE1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D75289
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: l_cvd.c$l_cvd.c
  • API String ID: 1597570620-3253219655
  • Opcode ID: eeeb0f9728df2de77f7094d68b05df72df9ca936b4bb0113ed095a2859a96bdc
  • Instruction ID: f0290a6879e89d2dc6f7f9dafa42b50444a04ac04afb98de1b7afa738f18e3e2
  • Opcode Fuzzy Hash: eeeb0f9728df2de77f7094d68b05df72df9ca936b4bb0113ed095a2859a96bdc
  • Instruction Fuzzy Hash: 8B1156B5A40209ABDF04DF64DC82EDA37A5EF44350F048664FD4C9F381E671EA54CBA5
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D5B3C9
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: lm_set_attr.c$lm_set_attr.c
  • API String ID: 1597570620-3623871419
  • Opcode ID: 91784006f23ec07c47a06ad38802f93c014c83a15b598469390d84d69422a426
  • Instruction ID: 72a8cd1f0e1e68f7a840c322a6b61fae4cb5da74b8c8b5a8d90750e92e84d3ee
  • Opcode Fuzzy Hash: 91784006f23ec07c47a06ad38802f93c014c83a15b598469390d84d69422a426
  • Instruction Fuzzy Hash: 88116DB5600208ABDB04DF54C882EEA77A5AB44354F048168FD4C9F382E635EA44CBA0
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D753E7
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: l_cvd.c$l_cvd.c
  • API String ID: 1597570620-3253219655
  • Opcode ID: 6bd8597e1ca491e7295e669bc8b5692047fe6b3f9944ffc429564342fea41583
  • Instruction ID: 4adc9564f00b920ccdb4267de5626e66d5e2a652b9daae914878e4c96bf2d08f
  • Opcode Fuzzy Hash: 6bd8597e1ca491e7295e669bc8b5692047fe6b3f9944ffc429564342fea41583
  • Instruction Fuzzy Hash: 891170B5A00208ABDB04DF50DC82FDA37A5AF84355F048168FD4C5F3C1E676EA54CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
    • Part of subcall function 00D59F32: _memset.LIBCMT ref: 00D59F74
  • __setjmp3.LIBCMT ref: 00D6F7CB
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: __setjmp3_memset
  • String ID: lm_config.c$lm_config.c
  • API String ID: 1597570620-658273362
  • Opcode ID: 2d5b17352a98c0d6491f4997b7b2b5169040bae8da101eeac27d073b8b2cfaa3
  • Instruction ID: fa268ad6f131e8f214d9c81b3cca32eadbd003e131bcb8c9bffd89ed71e2e00b
  • Opcode Fuzzy Hash: 2d5b17352a98c0d6491f4997b7b2b5169040bae8da101eeac27d073b8b2cfaa3
  • Instruction Fuzzy Hash: 58113CB5A00208ABDB04DF54E896BEA37A5AB84355F048274BE4C5F391D635EA84CBA1
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _swscanf
  • String ID: %s %s %s$FEATURESET
  • API String ID: 2748852333-3138149660
  • Opcode ID: b2aa085c8ca630f1fdc28b2313c9fb752935f9a19009406fbd17f6975751038c
  • Instruction ID: 4bea6d39404d06b945ae2051e6b447bce50a97b1a3100a278e00ac6035234357
  • Opcode Fuzzy Hash: b2aa085c8ca630f1fdc28b2313c9fb752935f9a19009406fbd17f6975751038c
  • Instruction Fuzzy Hash: 700175B691021897DF11EA54DC85EDA73ACAB08301F044995BD1CE3142F771DA98CF70
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Xinvalid_argument.LIBCPMT ref: 00D49693
    • Part of subcall function 00E4175A: std::exception::exception.LIBCMT ref: 00E4176F
    • Part of subcall function 00E4175A: __CxxThrowException@8.LIBCMT ref: 00E41784
  • _memmove.LIBCMT ref: 00D496BE
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Exception@8ThrowXinvalid_argument_memmovestd::_std::exception::exception
  • String ID: vector<T> too long
  • API String ID: 22950630-3788999226
  • Opcode ID: 1949831ddadda3e0bd00ac57b819b959a346e3d4b2141d694f642e97f42c422e
  • Instruction ID: 35a028d0ce8cdfc3cb93095b07ff410b626767bd365622de5988d389259bca7f
  • Opcode Fuzzy Hash: 1949831ddadda3e0bd00ac57b819b959a346e3d4b2141d694f642e97f42c422e
  • Instruction Fuzzy Hash: F301A2B16042098FDB24DF69DCE286BB3D8EB54300718492DE89AC3744EA70F801CB61
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf
  • String ID: %s %s %s$FEATURESET
  • API String ID: 1467051239-2251578402
  • Opcode ID: 33c59f476b831bfed09639560ea8a747d8babd80520c816e9050ab67a93b65cf
  • Instruction ID: 0761f1e31c50bd7e748a510053d23925a1fa037026ef1d7d6aad2cba25e87f40
  • Opcode Fuzzy Hash: 33c59f476b831bfed09639560ea8a747d8babd80520c816e9050ab67a93b65cf
  • Instruction Fuzzy Hash: 1E011BB9A04108FFCB04DF98D980DAEB7B6AF89301F248198ED09A7341D631EE55DB60
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • GetDriveTypeA.KERNEL32(?), ref: 00DA37D3
  • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 00DA3802
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: DriveInformationTypeVolume
  • String ID: A:\
  • API String ID: 3149825354-3379428675
  • Opcode ID: d847bdd7aaca07f1faa0a4c1df0f6c620546833f079d64a289b92b454654d264
  • Instruction ID: 25cbeac043c3b52a003985652015acfe575f07227916278469e6d91591872af7
  • Opcode Fuzzy Hash: d847bdd7aaca07f1faa0a4c1df0f6c620546833f079d64a289b92b454654d264
  • Instruction Fuzzy Hash: 08014BB5D00209ABCB04CBE4CE85BFEB7B9AB19704F600449E90176181D676AA49CBB6
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
  • std::_Xinvalid_argument.LIBCPMT ref: 00E463A0
    • Part of subcall function 00E4175A: std::exception::exception.LIBCMT ref: 00E4176F
    • Part of subcall function 00E4175A: __CxxThrowException@8.LIBCMT ref: 00E41784
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
  • String ID: <$vector<T> too long
  • API String ID: 2884196479-1140003367
  • Opcode ID: 09a6d3a2ad3dfa1979fc8a6db7301aa83881bced9d6a2598c1ab99841635a8fe
  • Instruction ID: 45096025e9b7e1b48c76fca7266d0e13d753d411b1f29bb8558e6eca0e7fc79b
  • Opcode Fuzzy Hash: 09a6d3a2ad3dfa1979fc8a6db7301aa83881bced9d6a2598c1ab99841635a8fe
  • Instruction Fuzzy Hash: DEF0BE33B001214B4704987CED0405E7683A7EA72573AEB76E428E72C8F9319C475281
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: ErrorLast_sprintf
  • String ID: intrsrc%d
  • API String ID: 2964052951-446446589
  • Opcode ID: 6979657341826630313b1ba3e444f597454abd30ab5a8c25b9708d44431c0194
  • Instruction ID: 4b9f7cdbf86c6c881c005e68100033d3559e19eeeab715384c692c9e53a70a0b
  • Opcode Fuzzy Hash: 6979657341826630313b1ba3e444f597454abd30ab5a8c25b9708d44431c0194
  • Instruction Fuzzy Hash: 5FF090F5910209ABEB20EF64D982BB837B5DF54300F144178ED4997680E6B4DA98DA90
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf_strlen
  • String ID: %s=%d
  • API String ID: 3493289842-940989310
  • Opcode ID: 33cdef038a4e940da97ef622a687dfeefa0110f2da5fb415d3cb3af04664f95d
  • Instruction ID: 2a80e1de27d50a315584149bda4a8c35d9ee1e297029decd50c0c2a25b915737
  • Opcode Fuzzy Hash: 33cdef038a4e940da97ef622a687dfeefa0110f2da5fb415d3cb3af04664f95d
  • Instruction Fuzzy Hash: 0DD012F66043496BDB04EF98DC42CAB339DAB48611B445818FD2D97342E571F9208791
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf_strlen
  • String ID: %s=%d
  • API String ID: 3493289842-940989310
  • Opcode ID: 51dc508e6b5571a16e6203841e7870c5e8af9b8d956bed699eb113fec145391d
  • Instruction ID: 7cad48dabeefa7239c71d9223fc3f67e783e637bf9a0723ac7e9c38a30851fa7
  • Opcode Fuzzy Hash: 51dc508e6b5571a16e6203841e7870c5e8af9b8d956bed699eb113fec145391d
  • Instruction Fuzzy Hash: EFD012F66043486BDB04EF98DC42CAB33EDAB48611B485819BD1D97242E571F9208791
Uniqueness

Uniqueness Score: -1.00%

Download Yara Rule
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.924484479.0000000000D41000.00000040.00020000.sdmp, Offset: 00D40000, based on PE: true
  • Associated: 00000000.00000002.924475745.0000000000D40000.00000002.00020000.sdmp Download File
  • Associated: 00000000.00000002.924702740.0000000000E89000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924715971.0000000000E95000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924721930.0000000000E9A000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924730975.0000000000EEA000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924737120.0000000000EEF000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924745111.0000000000EF7000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924750026.0000000000F07000.00000040.00020000.sdmp Download File
  • Associated: 00000000.00000002.924758734.0000000000F0F000.00000080.00020000.sdmp Download File
  • Associated: 00000000.00000002.924766064.0000000000F10000.00000004.00020000.sdmp Download File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_d40000_NI License Activator 1.jbxd
Similarity
  • API ID: _sprintf_strlen
  • String ID: %s=%d
  • API String ID: 3493289842-940989310
  • Opcode ID: 5ea47597d81a3663f832d1a28ffecac0d1bc99cdd51a361210bf6c73fe96d4fd
  • Instruction ID: 53352c505996741c3875b474ea21dd8dfc18441dbf97e5a527286974b7a6f41a
  • Opcode Fuzzy Hash: 5ea47597d81a3663f832d1a28ffecac0d1bc99cdd51a361210bf6c73fe96d4fd
  • Instruction Fuzzy Hash: 4DD017F6614349ABDF04FF98DC82CAB33ADAB48A11B445818BD2D97342E671F920C791
Uniqueness

Uniqueness Score: -1.00%