Create Interactive Tour

Windows Analysis Report jxplorer-3.3.1.2-windows-installer.exe

Overview

General Information

Sample Name:	jxplorer-3.3.1.2-windows-installer.exe
Analysis ID:	512641
MD5:	c23a27b06281cfa93641fdbb611c33ff
SHA1:	cac02ab7f94320ff7168ac30ca4da44df649dfa9
SHA256:	c1fe14a60bc6aa909ea8c1d5f09eb7426722bdd90634b451c12d1a32d10ff67b
Infos:
Most interesting Screenshot:

Detection

Score:	9
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Uses 32bit PE files

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Antivirus or Machine Learning detection for unpacked file

Sample file is different than original file name gathered from version info

PE file contains strange resources

Drops PE files

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Contains functionality to query CPU information (cpuid)

Queries time zone information

Contains functionality to call native functions

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

Creates a process in suspended mode (likely to inject code)

Contains functionality for read data from the clipboard

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")

Process Tree

System is w10x64

jxplorer-3.3.1.2-windows-installer.exe (PID: 4644 cmdline: 'C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe' MD5: C23A27B06281CFA93641FDBB611C33FF)

java.exe (PID: 5528 cmdline: 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -version MD5: 28733BA8C383E865338638DF5196E6FE)

icacls.exe (PID: 7072 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)

conhost.exe (PID: 7040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

java.exe (PID: 7124 cmdline: 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -d64 -version MD5: 28733BA8C383E865338638DF5196E6FE)

java.exe (PID: 7148 cmdline: 'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -version MD5: 28733BA8C383E865338638DF5196E6FE)

java.exe (PID: 7164 cmdline: 'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -d64 -version MD5: 28733BA8C383E865338638DF5196E6FE)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

• AV Detection
• Compliance
• Networking
• Key, Mouse, Clipboard, Microphone and Screen Capturing
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 0.2.jxplorer-3.3.1.2-windows-installer.exe.2990000.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 0.2.jxplorer-3.3.1.2-windows-installer.exe.62e80000.10.unpack	Avira: Label: TR/Crypt.XPACK.Gen2
Source: 0.2.jxplorer-3.3.1.2-windows-installer.exe.3900000.6.unpack	Avira: Label: TR/Patched.Ren.Gen

Source: jxplorer-3.3.1.2-windows-installer.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

File created: C:\Users\user\AppData\Local\Temp\bitrock_installer.log

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source:	Binary string: C:\Documents and Settings\ashok\My Documents\src\twapi\twapi\base\twapi.pdb source: twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll.0.dr
Source:	Binary string: Y:\temp\BUILD\Mauimarkshortcut.pdb source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.570337747.0000000072E19000.00000002.00020000.sdmp, BR2EE4.tmp.0.dr
Source:	Binary string: Y:\temp\BUILD\Mauimarkshortcut.pdbD source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.570337747.0000000072E19000.00000002.00020000.sdmp, BR2EE4.tmp.0.dr

Source: java.exe, 00000002.00000002.309186026.0000000005200000.00000004.00000001.sdmp, java.exe, 00000006.00000002.314145834.0000000004400000.00000004.00000001.sdmp	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568740606.0000000005873000.00000004.00000001.sdmp, jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.php
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563837311.00000000040E6000.00000004.00000001.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.php.
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568448075.00000000056E3000.00000004.00000001.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.phpile
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568448075.00000000056E3000.00000004.00000001.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.phpqyr
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.292351957.0000000004063000.00000004.00000001.sdmp, jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.560018508.0000000003700000.00000004.00000001.sdmp	String found in binary or memory: http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2826056
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.294808644.0000000004355000.00000004.00000001.sdmp	String found in binary or memory: http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063
Source: java.exe, 00000002.00000002.309186026.0000000005200000.00000004.00000001.sdmp, java.exe, 00000006.00000002.314145834.0000000004400000.00000004.00000001.sdmp	String found in binary or memory: http://java.oracle.com/
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.295544380.0000000004861000.00000004.00000001.sdmp	String found in binary or memory: http://tcl.sf.net
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564072090.0000000004280000.00000004.00000001.sdmp	String found in binary or memory: http://tkcon.sourceforge.net/
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	String found in binary or memory: http://update.bitrock.com/api/1_0
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	String found in binary or memory: http://update.bitrock.com/api/1_0%
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.295544380.0000000004861000.00000004.00000001.sdmp	String found in binary or memory: http://www.activestate.com/tcl/
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.294808644.0000000004355000.00000004.00000001.sdmp, jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.295544380.0000000004861000.00000004.00000001.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.294884819.0000000004128000.00000004.00000001.sdmp	String found in binary or memory: http://www.cs.wm.edu/~hallyn/des/weak
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564072090.0000000004280000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.558457606.0000000002890000.00000004.00000001.sdmp	String found in binary or memory: http://www.iana.org/assignments/character-sets
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563775781.0000000004042000.00000004.00000001.sdmp	String found in binary or memory: http://www.tdom.org

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Code function: 0_2_004351EC GetClipboardOwner,OpenClipboard,EmptyClipboard,CloseClipboard,

0_2_004351EC

Source: jxplorer-3.3.1.2-windows-installer.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED

Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.294804746.000000000431C000.00000004.00000001.sdmp	Binary or memory string: } windowsResourceOriginalFilename { vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563912146.0000000004183000.00000004.00000001.sdmp	Binary or memory string: maui::changeExecutableResources::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563912146.0000000004183000.00000004.00000001.sdmp	Binary or memory string: maui::changeExecutableResources::windowsResourceOriginalFilename] vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563912146.0000000004183000.00000004.00000001.sdmp	Binary or memory string: ::maui::changeExecutableResources::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563912146.0000000004183000.00000004.00000001.sdmp	Binary or memory string: ::maui::changeExecutableResources::windowsResourceOriginalFilename [e vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564771907.0000000004AC8000.00000004.00000001.sdmp	Binary or memory string: bTt5kRcr2ne9m5bVT6RcTkWb::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564771907.0000000004AC8000.00000004.00000001.sdmp	Binary or memory string: bTt5kRcr2ne9m5bVT6RcTkWb::windowsResourceOriginalFilenameQb vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564771907.0000000004AC8000.00000004.00000001.sdmp	Binary or memory string: maui::bTt5kRcr2ne9m5bVT6RcTkWb::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564672203.00000000049E1000.00000004.00000001.sdmp	Binary or memory string: maui::autoUpdateProject::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564672203.00000000049E1000.00000004.00000001.sdmp	Binary or memory string: ::maui::autoUpdateProject::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564672203.00000000049E1000.00000004.00000001.sdmp	Binary or memory string: changeExecutableResources::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564672203.00000000049E1000.00000004.00000001.sdmp	Binary or memory string: changeExecutableResources::windowsResourceOriginalFilenamee joi^ vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564672203.00000000049E1000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564672203.00000000049E1000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename1 vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564672203.00000000049E1000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename{ vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564672203.00000000049E1000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564656466.00000000049BF000.00000004.00000001.sdmp	Binary or memory string: ::maui::javaLauncher::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564656466.00000000049BF000.00000004.00000001.sdmp	Binary or memory string: ::maui::javaLauncher::windowsResourceOriginalFilename8 vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564626295.0000000004976000.00000004.00000001.sdmp	Binary or memory string: javaLauncher::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	Binary or memory string: maui::javaLauncher::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	Binary or memory string: maui::javaLauncher::windowsResourceOriginalFilenamew% vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	Binary or memory string: autoUpdateProject::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	Binary or memory string: ::maui::bTt5kRcr2ne9m5bVT6RcTkWb::windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	Binary or memory string: bTt5kRcr2ne9m5bVT6RcTkWb::windowsResourceOriginalFilename& vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	Binary or memory string: ::maui::bTt5kRcr2ne9m5bVT6RcTkWb::windowsResourceOriginalFilenameinheri vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	Binary or memory string: ::maui::bTt5kRcr2ne9m5bVT6RcTkWb::windowsResourceOriginalFilename not r vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.296076395.0000000004412000.00000004.00000001.sdmp	Binary or memory string: public variable windowsResourceOriginalFilename {} vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000000.289552014.0000000000688000.00000008.00020000.sdmp	Binary or memory string: OriginalFilenamesetup.exe vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp	Binary or memory string: OriginalFilenamewish85.exeP vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568798344.00000000058D2000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.doNotSerializeIfDefault vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568448075.00000000056E3000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.defaultValue vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568448075.00000000056E3000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.defaultValue?v vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563837311.00000000040E6000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilenameG vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563837311.00000000040E6000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename% vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563837311.00000000040E6000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilenamem vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563837311.00000000040E6000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename? vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.566193859.0000000004FAF000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename+ vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564496352.0000000004721000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenametwapi.dllD vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568123315.0000000005621000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.text vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568123315.0000000005621000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.tip vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568123315.0000000005621000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.tipe vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568123315.0000000005621000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.type vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568123315.0000000005621000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.width vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568123315.0000000005621000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.group vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568123315.0000000005621000.00000004.00000001.sdmp	Binary or memory string: windowsResourceOriginalFilename.groupm vs jxplorer-3.3.1.2-windows-installer.exe
Source: jxplorer-3.3.1.2-windows-installer.exe	Binary or memory string: OriginalFilenamesetup.exe vs jxplorer-3.3.1.2-windows-installer.exe

Source: jxplorer-3.3.1.2-windows-installer.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Code function: 0_2_004700F4

0_2_004700F4

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Code function: 0_2_0041832C SendMessageA,NtdllDefWindowProc_A,NtdllDefWindowProc_A,NtdllDefWindowProc_A,

0_2_0041832C

Source: jxplorer-3.3.1.2-windows-installer.exe

Static PE information: Section: UPX1 ZLIB complexity 0.998996230365

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

File read: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Jump to behavior

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe 'C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe'
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -version
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -d64 -version
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe 'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -version
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe 'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -d64 -version
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -version	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -d64 -version	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe 'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -version	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe 'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -d64 -version	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M	Jump to behavior

Source: jxplorer-3.3.1.2-windows-installer.exe

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7040:120:WilError_01

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

File created: C:\Users\user\AppData\Local\Temp\BR280A.tmp

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Section loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll

Jump to behavior

Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$QueryBroker.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$QueryBroker.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: >com/ca/directory/jxplorer/broker/StopMonitor$QueryBroker.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: >com/ca/directory/jxplorer/broker/StopMonitor$QueryBroker.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$1.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$1.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: Ccom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$1.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: Ccom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$1.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$2.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$2.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: Ccom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$2.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: Ccom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$2.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$3.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$3.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: Ccom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$3.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: Ccom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI$3.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: Acom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: Acom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorGUI.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorListRenderer.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor$StopMonitorListRenderer.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: &Jcom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorListRenderer.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: &Jcom/ca/directory/jxplorer/broker/StopMonitor$StopMonitorListRenderer.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: com/ca/directory/jxplorer/broker/StopMonitor.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: 2com/ca/directory/jxplorer/broker/StopMonitor.class
Source: jxplorer-3.3.1.2-windows-installer.exe	String found in binary or memory: 2com/ca/directory/jxplorer/broker/StopMonitor.class

Source: classification engine

Classification label: clean9.winEXE@12/18@0/0

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Javasoft\Java Development Kit

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: jxplorer-3.3.1.2-windows-installer.exe

Static file information: File size 7501332 > 1048576

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source:	Binary string: C:\Documents and Settings\ashok\My Documents\src\twapi\twapi\base\twapi.pdb source: twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll.0.dr
Source:	Binary string: Y:\temp\BUILD\Mauimarkshortcut.pdb source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.570337747.0000000072E19000.00000002.00020000.sdmp, BR2EE4.tmp.0.dr
Source:	Binary string: Y:\temp\BUILD\Mauimarkshortcut.pdbD source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.570337747.0000000072E19000.00000002.00020000.sdmp, BR2EE4.tmp.0.dr

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Code function: 0_3_028CB627 push A0028C21h; ret	0_3_028CB635
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Code function: 0_2_004FD268 push ecx; mov dword ptr [esp], 00000000h	0_2_004FD28E
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Code function: 0_2_004FD268 push edx; mov dword ptr [esp], eax	0_2_004FD29B
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_2_0300BB27 push 00000000h; mov dword ptr [esp], esp	2_2_0300BB4D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_2_0300B377 push 00000000h; mov dword ptr [esp], esp	2_2_0300B39D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_2_0300B907 push 00000000h; mov dword ptr [esp], esp	2_2_0300B92D
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_2_0300A1CA push ecx; ret	2_2_0300A1DA
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_2_0300A1DB push ecx; ret	2_2_0300A1E5
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_2_03012D44 push eax; retf	2_2_03012D45
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Code function: 2_2_0300C437 push 00000000h; mov dword ptr [esp], esp	2_2_0300C45D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 6_2_023FBB27 push 00000000h; mov dword ptr [esp], esp	6_2_023FBB4D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 6_2_023FB377 push 00000000h; mov dword ptr [esp], esp	6_2_023FB39D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 6_2_023FB907 push 00000000h; mov dword ptr [esp], esp	6_2_023FB92D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 6_2_023FA1DB push ecx; ret	6_2_023FA1E5
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 6_2_023FA1CA push ecx; ret	6_2_023FA1DA
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 6_2_023FC437 push 00000000h; mov dword ptr [esp], esp	6_2_023FC45D
Source: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe	Code function: 6_2_02402D44 push eax; retf	6_2_02402D45

Source: BR280A.tmp.0.dr	Static PE information: section name: .eh_fram
Source: BR2A3D.tmp.0.dr	Static PE information: section name: .eh_fram
Source: BR3434.tmp.0.dr	Static PE information: section name: .eh_fram
Source: BR352F.tmp.0.dr	Static PE information: section name: .eh_fram
Source: BR2BC5.tmp.0.dr	Static PE information: section name: .eh_fram

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Code function: 0_2_00418B54 SHGetFileInfo,SetLayeredWindowAttributes,LoadCursorA,LoadIconA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,

0_2_00418B54

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR352F.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR35FB.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR2EE4.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR3434.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR3821.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR2A3D.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR2BC5.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR36B8.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR3755.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR2C62.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BR280A.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

File created: C:\Users\user\AppData\Local\Temp\bitrock_installer.log

Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Code function: 0_2_00417DBC IsIconic,IsZoomed,AdjustWindowRectEx,SendMessageA,SendMessageA,GetSystemMetrics,MoveWindow,GetWindowRect,GetClientRect,MoveWindow,DrawMenuBar,KiUserCallbackDispatcher,

0_2_00417DBC

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BR35FB.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BR3821.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BR36B8.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll	Jump to dropped file
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BR3755.tmp	Jump to dropped file

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Code function: 0_2_004FD418 GetVersionExA,GetSystemInfo,wsprintfA,

0_2_004FD418

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

API call chain: ExitProcess graph end node

graph_0-8423

Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.295544380.0000000004861000.00000004.00000001.sdmp	Binary or memory string: lappend b4VJ9cd22EIieY1cjZ8tPU4b /Library/Java/JavaVirtualMachines//Home/bin/java /Library/Java/JavaVirtualMachines//*/Home/bin/java
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568798344.00000000058D2000.00000004.00000001.sdmp	Binary or memory string: /Library/Java/JavaVirtualMachines///Home/bin/javaX
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568798344.00000000058D2000.00000004.00000001.sdmp	Binary or memory string: /Library/Java/JavaVirtualMachines///Home/bin/java
Source: java.exe, 00000002.00000002.309020845.0000000002EA5000.00000004.00000001.sdmp	Binary or memory string: ,java/lang/VirtualMachineError
Source: java.exe, 00000002.00000002.309020845.0000000002EA5000.00000004.00000001.sdmp	Binary or memory string: \|[Ljava/lang/VirtualMachineError;
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568798344.00000000058D2000.00000004.00000001.sdmp	Binary or memory string: /Library/Java/JavaVirtualMachines/*/Home/bin/java
Source: java.exe, 00000002.00000002.308993388.000000000179B000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll~~x
Source: java.exe, 00000006.00000002.314022176.0000000002245000.00000004.00000001.sdmp	Binary or memory string: 2[Ljava/lang/VirtualMachineError;

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Code function: 0_2_00418B54 SHGetFileInfo,SetLayeredWindowAttributes,LoadCursorA,LoadIconA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,FreeLibrary,

0_2_00418B54

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Code function: 0_2_00401020 SetUnhandledExceptionFilter,__getmainargs,__p__fmode,__p__environ,_cexit,ExitProcess,_setmode,_setmode,_setmode,

0_2_00401020

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Memory protected: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -version	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe 'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -d64 -version	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe 'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -version	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Process created: C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe 'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -d64 -version	Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe	Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M	Jump to behavior

Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564626295.0000000004976000.00000004.00000001.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[CreateGroup("%s")]} $bV6WEsSuPq1SIDWVgm4Viibb]
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.565249334.0000000004CC8000.00000004.00000001.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,,,,,"%s")]} $bLOA0KDuBdaCSYhj41thYQQb $b6LsX3HNVf1sgf2AJflJqZHb $name $bZnN40sigZoJQ2UlUfqVP0Eb]
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564626295.0000000004976000.00000004.00000001.sdmp	Binary or memory string: catch {dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $bV6WEsSuPq1SIDWVgm4Viibb]}
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564626295.0000000004976000.00000004.00000001.sdmp	Binary or memory string: dde execute progman progman [format {[ShowGroup("%s",6)]} $bV6WEsSuPq1SIDWVgm4Viibb]
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.565249334.0000000004CC8000.00000004.00000001.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,"%s",,,,"%s")]} $bLOA0KDuBdaCSYhj41thYQQb $b6LsX3HNVf1sgf2AJflJqZHb $name $bQkgKU65HM9Lehnb0Ql8NfQb $bZnN40sigZoJQ2UlUfqVP0Eb]
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.558405153.0000000001480000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.558405153.0000000001480000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.558405153.0000000001480000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.566138327.0000000004F63000.00000004.00000001.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::bnmKFU8VAU2DNQ56gbeh7FUb::b5iTZTqoOYYrgcEIWUa43OXb]
Source: jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.558405153.0000000001480000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user\AppData VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user\AppData VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51 VolumeInformation	Jump to behavior

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe

Code function: 2_2_03000380 cpuid

2_2_03000380

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias

Jump to behavior

Source: C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe

Code function: 0_2_004FD418 GetVersionExA,GetSystemInfo,wsprintfA,

0_2_004FD418

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Command and Scripting Interpreter2	Services File Permissions Weakness1	Process Injection12	Disable or Modify Tools1	OS Credential Dumping	System Time Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	Boot or Logon Initialization Scripts	Services File Permissions Weakness1	Process Injection12	LSASS Memory	Security Software Discovery1	Remote Desktop Protocol	Clipboard Data1	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information11	Security Account Manager	Process Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Services File Permissions Weakness1	NTDS	Application Window Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Protocol Impersonation	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing21	LSA Secrets	System Information Discovery34	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Link
jxplorer-3.3.1.2-windows-installer.exe	1%	Virustotal	Browse
jxplorer-3.3.1.2-windows-installer.exe	5%	Metadefender	Browse
jxplorer-3.3.1.2-windows-installer.exe	2%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\Temp\BR280A.tmp	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\BR280A.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\BR2A3D.tmp	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\BR2A3D.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\BR2BC5.tmp	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Temp\BR2BC5.tmp	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Download
0.2.jxplorer-3.3.1.2-windows-installer.exe.2990000.1.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File
0.0.jxplorer-3.3.1.2-windows-installer.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.2.jxplorer-3.3.1.2-windows-installer.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
0.2.jxplorer-3.3.1.2-windows-installer.exe.62e80000.10.unpack	100%	Avira	TR/Crypt.XPACK.Gen2	Download File
0.2.jxplorer-3.3.1.2-windows-installer.exe.3900000.6.unpack	100%	Avira	TR/Patched.Ren.Gen	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063	0%	Avira URL Cloud	safe
http://update.bitrock.com/api/1_0	0%	Avira URL Cloud	safe
http://update.bitrock.com/api/1_0%	0%	Avira URL Cloud	safe
http://bugreport.sun.com/bugreport/	0%	URL Reputation	safe
http://www.tdom.org	0%	Virustotal		Browse
http://www.tdom.org	0%	Avira URL Cloud	safe
http://download.bitrock.com/feedback.phpqyr	0%	Avira URL Cloud	safe
http://download.bitrock.com/feedback.phpile	0%	Avira URL Cloud	safe
http://download.bitrock.com/feedback.php.	0%	Avira URL Cloud	safe
http://download.bitrock.com/feedback.php	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://tcl.sf.net	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.295544380.0000000004861000.00000004.00000001.sdmp	false		high
http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.294808644.0000000004355000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.iana.org/assignments/character-sets	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.558457606.0000000002890000.00000004.00000001.sdmp	false		high
http://update.bitrock.com/api/1_0	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://update.bitrock.com/api/1_0%	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://bugreport.sun.com/bugreport/	java.exe, 00000002.00000002.309186026.0000000005200000.00000004.00000001.sdmp, java.exe, 00000006.00000002.314145834.0000000004400000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2826056	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.292351957.0000000004063000.00000004.00000001.sdmp, jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.560018508.0000000003700000.00000004.00000001.sdmp	false		high
http://www.tdom.org	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563775781.0000000004042000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://java.oracle.com/	java.exe, 00000002.00000002.309186026.0000000005200000.00000004.00000001.sdmp, java.exe, 00000006.00000002.314145834.0000000004400000.00000004.00000001.sdmp	false		high
http://download.bitrock.com/feedback.phpqyr	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568448075.00000000056E3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.google.com	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564072090.0000000004280000.00000004.00000001.sdmp	false		high
http://tkcon.sourceforge.net/	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564072090.0000000004280000.00000004.00000001.sdmp	false		high
http://www.activestate.com/tcl/	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.295544380.0000000004861000.00000004.00000001.sdmp	false		high
http://www.cs.wm.edu/~hallyn/des/weak	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000003.294884819.0000000004128000.00000004.00000001.sdmp	false		high
http://download.bitrock.com/feedback.phpile	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568448075.00000000056E3000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://download.bitrock.com/feedback.php.	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.563837311.00000000040E6000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://download.bitrock.com/feedback.php	jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.568740606.0000000005873000.00000004.00000001.sdmp, jxplorer-3.3.1.2-windows-installer.exe, 00000000.00000002.564527356.0000000004872000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	512641
Start date:	01.11.2021
Start time:	09:34:42
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	jxplorer-3.3.1.2-windows-installer.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean9.winEXE@12/18@0/0
EGA Information:	Successful, ratio: 33.3%
HDC Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Changed system and user locale, location and keyboard layout to English - Great Britain Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 20.50.102.62, 93.184.221.240, 40.112.88.60, 20.54.110.249, 80.67.82.211, 80.67.82.235, 20.49.157.6, 20.82.210.154 Excluded domains from analysis (whitelisted): displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu.ec.azureedge.net, wu-shim.trafficmanager.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Execution Graph export aborted for target java.exe, PID 5528 because it is empty Execution Graph export aborted for target java.exe, PID 7148 because it is empty Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\BR2C62.tmp	Autodesk_Desktop_App_Bootstrap.exe	Get hash	malicious	Browse
	Zscaler-windows-1.4.0.188-installer.exe	Get hash	malicious	Browse
	iSee-1.18.2.0-windows-installer (1).exe	Get hash	malicious	Browse
	iSee-1.18.2.0-windows-installer.exe	Get hash	malicious	Browse
	UPSVendorInfo-1.0-windows-installer.exe	Get hash	malicious	Browse
	http://mts-cdn.globalmeet.com/GuestDesktop/GlobalMeet_Guest_Desktop_Setup.exe	Get hash	malicious	Browse
	http://support.steinberg.de/elc/win/elc-installation-helper.exe	Get hash	malicious	Browse
	League of Legends installer EUW.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\BR2A3D.tmp	Autodesk_Desktop_App_Bootstrap.exe	Get hash	malicious	Browse
	Zscaler-windows-1.4.0.188-installer.exe	Get hash	malicious	Browse
	iSee-1.18.2.0-windows-installer (1).exe	Get hash	malicious	Browse
	iSee-1.18.2.0-windows-installer.exe	Get hash	malicious	Browse
	UPSVendorInfo-1.0-windows-installer.exe	Get hash	malicious	Browse
	http://mts-cdn.globalmeet.com/GuestDesktop/GlobalMeet_Guest_Desktop_Setup.exe	Get hash	malicious	Browse
	http://support.steinberg.de/elc/win/elc-installation-helper.exe	Get hash	malicious	Browse
	League of Legends installer EUW.exe	Get hash	malicious	Browse

Created / dropped Files

C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d83e2.timestamp Download File
Process:	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.841147470077358
Encrypted:	false
SSDEEP:	3:oFj4I5vpN6yUaHTQBlv:oJ5X6yVQBlv
MD5:	491BFC1D50E8452C2A6DF24E4D76EB5A
SHA1:	4070BDE3F5F41C1DC56C277F469DE6213CD3F16F
SHA-256:	3C1896F2B4E72601C78D11CE91D4AEDDF8A4E6288F9FBC4B6AFFEBB754F5CBF5
SHA-512:	71DE50A17FC4C0B09CDA6A378E090D3C9DD4192D295FD6CA7D1247858F12D127534830853444394473CA59D1E3A65B14949CBFF9BBF5726D3D4C2E2671531290
Malicious:	false
Reputation:	low
Preview:	C:\Program Files (x86)\Java\jre1.8.0_211..1635784551184..

C:\Users\user\AppData\Local\Temp\BR280A.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	42370
Entropy (8bit):	5.0466136277802285
Encrypted:	false
SSDEEP:	768:bYhR8FateHZi03f9DsC429HqL9kChZYWz2CsPkr1wVXggpBOxSe2zt:bYice5iOf9DsC4WHqKRkr1wppBMSe0t
MD5:	98E531FFD84600DD27E8BC4A83DCDD5E
SHA1:	6B7403D6E903CFBD0B5F2C1BDAE16DE1EAB638C7
SHA-256:	09DD23B63F9FE79D039E43F274B5AEB9DF01A816DEFC8C503531E1B3643921A3
SHA-512:	E8523077549E79045C02882307654D21CADF334098B878C976C960BA86E323CFFDD678713E3084CCB31AC21158CF542187733767F28CC130665962AFD13D4A7A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;.IP.V..v......#.....4...R...............P.....b.................................+........ .........................g............................................................................................................................text....2.......4..................`.P`.data........P.......8..............@.`..rdata.......`.......:..............@.0@.eh_fram.....p.......B..............@.0..bss..................................@..edata..g............D..............@.0@.idata...............F..............@.0..CRT.................N..............@.0..tls.... ............P..............@.0..reloc...............R..............@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR2A3D.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	36633
Entropy (8bit):	5.172153856265245
Encrypted:	false
SSDEEP:	384:i760QouLg/TgeoyZQ82FXRivC4yPTyNeOnEOqjLtKjIUZuVnrufvS0QOwOP2H:pxR1u9CpKVZuFBNOeH
MD5:	08AD4CD2A940379F1DCDBDB9884A1375
SHA1:	C302B7589BA4F05C6429E7F89AD0CB84DD9DFBAC
SHA-256:	78827E2B1EF0AAD4F8B1B42D0964064819AA22BFCD537EBAACB30D817EDC06D8
SHA-512:	F37BD071994C31B361090A149999E8B2D4A7839F19EA63E1D4563AADA1371BE37F2BFCC474E24DE95FF77CA4124A39580C9F711E2FBE54265713AB76F631835A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Autodesk_Desktop_App_Bootstrap.exe, Detection: malicious, Browse Filename: Zscaler-windows-1.4.0.188-installer.exe, Detection: malicious, Browse Filename: iSee-1.18.2.0-windows-installer (1).exe, Detection: malicious, Browse Filename: iSee-1.18.2.0-windows-installer.exe, Detection: malicious, Browse Filename: UPSVendorInfo-1.0-windows-installer.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: League of Legends installer EUW.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../UM.R.........#.....2...N...............P....hf.......................................... ........................./.......x...............................<....................................................................................text....0.......2..................`.P`.data........P.......6..............@.`..rdata.......`.......8..............@.`@.eh_fram.....p.......B..............@.0..bss....T.............................@..edata../............D..............@.0@.idata..x............F..............@.0..CRT.................J..............@.0..tls.... ............L..............@.0..reloc..<............N..............@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR2BC5.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	112558
Entropy (8bit):	5.941177762717291
Encrypted:	false
SSDEEP:	1536:vbn96+fgEQxtYuuDFYe4gg2ReJAkz2omuU4LCPkYLsdFEclGqKONtlD+:D9NgEQnYuscgjeJAkBCvLsEQ/HlD+
MD5:	D33EE6D856350F321189138134745388
SHA1:	E20A69863AE3A63A5C812D80BC7766C54CBB0689
SHA-256:	9EB5405449BE0D43FEE145B5B6D5FE01799C6F635389A44F58A0AF2793A1B737
SHA-512:	133A382CE27408CB993E8DCDCBD65737C99C093DD632580B47CA08A3C0198699FA27BBD0A20CFBA572B1B2F8FA3840F1309DC6B8CEBE0B1A15885E0030201FEF
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....IP.^.........#.........Z............... .....q.......................................... ......................p...............................................................................................................................text...x...........................`.P`.data........ ......................@.`..rdata.......0......................@.`@.eh_fram.....P.......2..............@.0..bss....,....`........................@..edata.......p.......4..............@.0@.idata...............D..............@.0..CRT.................H..............@.0..tls.... ............J..............@.0..reloc...............L..............@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR2C62.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	409600
Entropy (8bit):	6.4807474467356245
Encrypted:	false
SSDEEP:	6144:qZW3ZkG4zErXGmWkaHf77ym+fs7EWdRx35FFFyFFFFFFc7N+8:qCZFmESn/v9dz35FFFyFFFFFFc48
MD5:	027491B39A7B16B116E780F55ABC288E
SHA1:	62C0AB7C3E374D5FC9920983EE62BAA4421076B4
SHA-256:	EEF69D005BF1C0B715C8D6205400D4755C261DD38DDFBBFE918E6EE91F21F1F0
SHA-512:	FE0BA835D9AF2A2C297A545BB7E30D315B580273BB1F558F16D9CBA59755200A4735F75B1672E5E5FBED449EB7A5ABB6D905696674C181B742BF637028953194
Malicious:	false
Joe Sandbox View:	Filename: Autodesk_Desktop_App_Bootstrap.exe, Detection: malicious, Browse Filename: Zscaler-windows-1.4.0.188-installer.exe, Detection: malicious, Browse Filename: iSee-1.18.2.0-windows-installer (1).exe, Detection: malicious, Browse Filename: iSee-1.18.2.0-windows-installer.exe, Detection: malicious, Browse Filename: UPSVendorInfo-1.0-windows-installer.exe, Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: , Detection: malicious, Browse Filename: League of Legends installer EUW.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X.......................~.......g...................?...................Rich....................PE..L...j'.?...........!.........................................................P......................................,..N....)..<...............................<F...................................................................................text............................... ..`.rdata..N...........................@..@.data...8....@.......@..............@....reloc...G.......P..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR2EE4.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	51712
Entropy (8bit):	6.11232673678852
Encrypted:	false
SSDEEP:	768:KUqfg94qXKdv7VzR5CnsW9+oR5gKkizhr2ORzQeOD:PqCev7ZCZ7htRzt
MD5:	72FAB2C90296330ECA3787DC4093E208
SHA1:	6091F6637EF24E2C4F5AEA348CD9DAE2607B17E8
SHA-256:	6251F51D616CDCB4256D73A67819A3419E5B59158BE358CF387B90E39C05C260
SHA-512:	347A54C6D0F4FEFC966B3EE3BCD4387FAA54D4C9D7FB050AC33E26514848CD4F4F5465D5A27F76B14F05F1D8380DA88B798B1EDE2EAB6722972EEF37118EAC0D
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............c._.c._.c._.1._.c._.1?_.c._.1)_.c._..._.c._..._.c._.c._.c._.E._.c._.. _.c._..8_.c._..;_.c._Rich.c._........PE..L....\|@L...........!.....\|...V......F.....................................................@.............................]...X...<...................................0................................................................................text....z.......\|.................. ..`.rdata..m&.......(..................@..@.data...............................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR3434.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	31232
Entropy (8bit):	5.970542297862573
Encrypted:	false
SSDEEP:	384:828IV0h6y6b65DRS/47tAF61letKEnQ7UcTNuZLngGDUVizkcZFNZNgB/p9DCn:8txi624hS61EtMUcnCUVoFN/AB
MD5:	B226B75915B944BF20F96ADDFD6E4F87
SHA1:	D1E745996FFD68C6AE91C2AC2C65B2D77BFD0EAB
SHA-256:	91910BF7A630D272D5389AA6DAFC4E71F32298731B4F44D39B6A0B0D34BD1A3B
SHA-512:	4913D11666057269249880668C92EC7D28788E3041BC18B6A9F72F94E2CA375464ADA6242DE694159E4EA99CCE934B01A981F60171E7A739607BB9DF6D07421B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....^Q...........#.....L...v......`........`....8g......................................... .........................................................................................................................h............................text...$K.......L..................`.P`.data........`.......P..............@.0..rdata..\|....p.......R..............@.0@.eh_fram.............V..............@.0@.bss..................................0..edata...............j..............@.0@.idata...............p..............@.0..CRT.................t..............@.0..tls.... ............v..............@.0..reloc...............x..............@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR352F.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	61685
Entropy (8bit):	5.767404399067206
Encrypted:	false
SSDEEP:	768:3wsnWORQW1x0waiE/h3QBG14+raAQD2ZW1YRC9gfMFfdKnoOWO:37DRrxcF2S4+WH1WhMFfgoK
MD5:	FA89B48BF972FEF2F26C24A5C1BD1689
SHA1:	2777FB16B37609C6EFC27ACCD1DD855A11FF4F5E
SHA-256:	6E5348CBCE980777D8E9827B57A90BE829F94884C9F96395807BABDB9B445756
SHA-512:	1C88F8F0EC311756C1AC3A6F72725F656A74630C97AE6A2DB02728B236EC0E8A8A3E524BF76E99E6F15AD52855C05CE0F238DE0C4350DA0F5EF00FA561A2D6C0
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......O...........#.....t.........................n......................... ................ .........................u.......X....................................................................................................................text...ls.......t..................`.P`.data................x..............@.`..rdata..T............~..............@.0@.eh_fram............................@.0..bss....$.............................@..edata..u...........................@.0@.idata..X...........................@.0..CRT................................@.0..tls.... ...........................@.0..reloc..............................@.0B................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR35FB.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	2.1110182606763486
Encrypted:	false
SSDEEP:	96:3OeQrkZUMQl0sLw1pljKegUlelUEYP2OaSOdOfDUj5y2RUI32IyyymvNTB:bQAlQl/UzjBPleOE5VoUjVRUKJyo
MD5:	4CF27E0747E5719A5478AA2624F6B996
SHA1:	13DF901E34F77E5EA11F36C0AFEDDA7F86A2C003
SHA-256:	E69A9D06F2C17CC021EBF9B62CA110548FACDC147B67DEA4846E09865043D2D9
SHA-512:	4B0DDCBD7321128F977E1DBBE18CC76C7E489D4EE84B7775989E99778B5A60DAA683C6063C5B700794B7F2070AE381FEF20B19B3CB35C1BABEF9BE79FF264941
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.../.y./.y./.y.M.j.-.y...w...y./.x.%.y..s.%.y..}.+.y.Rich/.y.........PE..L....l.?...........!..... ...0......Q!.......0...............................`.......................................1..k...(0..<............................P.......................................................0..(............................text............ .................. ..`.rdata..{....0.......0..............@..@.data...P....@.......@..............@....reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR36B8.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	24576
Entropy (8bit):	2.233559660511395
Encrypted:	false
SSDEEP:	192:w6Aw4G01nltNu1qqSyjjc1Pcrhve+fAzsI:w6Awe1ltUv3c1AveKAzs
MD5:	124E89D0FCC409EDE3595A253B788708
SHA1:	BC88E037C3EDEA02DD20AEFF10818105BE9F4033
SHA-256:	27EA1B57A3024AEC4A03188E80FDB2AA301FA5179C19BE9C8B0DFC2AAC73A114
SHA-512:	7CD0CA268A5DBD2AA22DBCE1F253A2D067CA30C5195E059C3F431D546A20D1811592F8BD8FE88B6AD9CB5C6FDD6A4666FF451B84A5E790A9D5058865D48790B1
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n...........H...(......"......'..........Rich*...........................PE..L....l.?...........!..... ...@....... .......0...............................p......]................................0......$0..<............................`.......................................................0.. ............................text...R........ .................. ..`.rdata.......0.......0..............@..@.data........@.......@..............@....reloc.......`.......P..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR3755.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	102400
Entropy (8bit):	6.032443659163402
Encrypted:	false
SSDEEP:	1536:RgeYsGOAkT1xZXRyrjGA9KOsZDmwd1/MAjVkZJEJ6PZ2:WBVw1xHef9amwDMAjUJ0
MD5:	606F13D4D580B1F322B3F3D3DF423BBA
SHA1:	02CB375E13B415EDC8B5360DFFDBA531E47827ED
SHA-256:	C71A16B1056E522CD0365449448116D06F37A3273D77694D170340064511DD25
SHA-512:	867A45DC15E99148F24FC528FBC9255582E5534BB4696700292B70163FDDB15F35DDF2ACD0536A9CD78B4D8F9D827BF7530D2303BFD7E428F11573B381A0986C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2...v..Xv..Xv..X...Xt..X...Xw..Xv..Xe..X...Xo..X...Xr..XRichv..X................PE..L....l.?...........!.....0...P.......1.......@.......................................,.............................. C..e....A..<...............................H....................................................@..L............................text....".......0.................. ..`.rdata.......@.......@..............@..@.data...X#...P...0...P..............@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR3821.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	4.947032837109441
Encrypted:	false
SSDEEP:	384:AfMFAoyIdlBM2y3yKy8i0s7xxgx9lRD4Pich2vzLfp6kVtWVG80TTqV5axSwHAuz:Af7KBM2vcLlRDYncLfp43HTaxOPxP0
MD5:	145D5C49FE34A44662BEAFFE641D58C7
SHA1:	95D5E92523990B614125D66FA3FA395170A73BFE
SHA-256:	59182F092B59A3005ADA6B2F2855C7E860E53E8ADF6E41CD8CD515578AE7815A
SHA-512:	48CB0048F4FCF460E791A5B0BECA40DBF2399B70F1784236B6D1F17835201D70DFA64C498814B872F57E527793C58A5959230FE40DDF5EBDCB0B1DE57E9C53EF
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........../^..\|^..\|^..\|<..\|\..\|...\|_..\|^..\|K..\|...\|I..\|...\|Z..\|Rich^..\|........PE..L....l.?...........!.........P......z................................................!..................................h.......<.......................................................................................P............................text...>r.......................... ..`.rdata..h........ ..................@..@.data............ ..................@....reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BR4BDA.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	95
Entropy (8bit):	4.413288531422079
Encrypted:	false
SSDEEP:	3:SXKPFaT5WRiGgBWKFiFCnRVLvDAEMVLU//Vy:SuFmWRiGghYFCnHEEMVQVy
MD5:	EF54325FD6089991019D42D4D2584AB8
SHA1:	8FAE15DB21C5C2C06E87EE9CF9EA18C6964D3D24
SHA-256:	3058165ABF1FF11090812BE06B155DE1CA8BFF3F077F246F18B6D0ECB6FA7905
SHA-512:	D5A257DC2DFED0E434EB2F3581E2AA03CF62736FB5E4EB4EE0E56C2C7EF1B25A1680A3709E051FBE74A2012E1C72663E73F7E5A99B114B0967F5542D95DA2E09
Malicious:	false
Preview:	Error: This Java instance does not support a 64-bit JVM...Please install the desired version...

C:\Users\user\AppData\Local\Temp\BR4F94.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	149
Entropy (8bit):	5.0506245895145785
Encrypted:	false
SSDEEP:	3:CEuXWN0Ld4muEHNekOCe3Z8465TEFHgtzasVUaIfKnQvn:CEuX8J/IcCQ16tt+sVfIfKn6n
MD5:	22CA8A72C29F11FF5158A385957E54D2
SHA1:	3CAA40588EE350F2C8CF89E4B474BAA29A97FAAE
SHA-256:	8E66EAFE2D5A1FFCB41C18C8AAC8DFAFD2DCA5C3349C6E35A6F0D7D0AB411D73
SHA-512:	FE2C6863929762AA77E5F8F13258BDE0038894947E6BB70B6E42E8B7D75850C1F00732D9DF7DB77835BC4563EB03C3ACAC903EEA7071D70130E2D94DFFDBF3EF
Malicious:	false
Preview:	java version "1.8.0_211"..Java(TM) SE Runtime Environment (build 1.8.0_211-b12)..Java HotSpot(TM) Client VM (build 25.211-b12, mixed mode, sharing)..

C:\Users\user\AppData\Local\Temp\BR54A6.tmp Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	95
Entropy (8bit):	4.413288531422079
Encrypted:	false
SSDEEP:	3:SXKPFaT5WRiGgBWKFiFCnRVLvDAEMVLU//Vy:SuFmWRiGghYFCnHEEMVQVy
MD5:	EF54325FD6089991019D42D4D2584AB8
SHA1:	8FAE15DB21C5C2C06E87EE9CF9EA18C6964D3D24
SHA-256:	3058165ABF1FF11090812BE06B155DE1CA8BFF3F077F246F18B6D0ECB6FA7905
SHA-512:	D5A257DC2DFED0E434EB2F3581E2AA03CF62736FB5E4EB4EE0E56C2C7EF1B25A1680A3709E051FBE74A2012E1C72663E73F7E5A99B114B0967F5542D95DA2E09
Malicious:	false
Preview:	Error: This Java instance does not support a 64-bit JVM...Please install the desired version...

C:\Users\user\AppData\Local\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51\twapi-be29e7f1-71ae-4703-50cb-1d52be512f51.dll Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	413276
Entropy (8bit):	6.543624302377151
Encrypted:	false
SSDEEP:	6144:qy3L0mgDcJ78LbJkOyVWWRT4KyQN5earARhMwZ1iooZfDZJHR9PWll7bt4:zg1BOI6uQNtqioo9D3TKft4
MD5:	A210F1AC135E5331C314CE5F394FB5A5
SHA1:	355AFC1C61E1F65834472B16A4CA718E61537DC2
SHA-256:	65B32EA2982078FB9A18E88FEEC238CB76ED2AE6C2BB4DDB0F6A9C4F57B1D62B
SHA-512:	E4E70EF75E2F7897837F6772B9A0DCAAF4515D8BE4210B28509F12CDDE9D85BD7BED604AD5A9EE587356971F75E6F79874DBDB974CEC4996262295E255501CF4
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................Q.........................................................................................-.......Rich....................PE..L...-..J...........!.................................................................\|...............................9..[...............X.................... ..x_...................................................................................text............................... ..`.rdata...Z.......\..................@..@.data........@.......&..............@....rsrc...X...........................@..@.reloc...a... ...b..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\bitrock_installer.log Download File
Process:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	150
Entropy (8bit):	4.625871843481267
Encrypted:	false
SSDEEP:	3:tBkuxX9UuF6U2XJKRLOLJxZGKs1VOXFMOa1yox/0sQGGAK82sBov:42JSJKRLmLGK4VOXFboRTGAK8xov
MD5:	D6DCC8B52D774A93E7CDD4B675522704
SHA1:	0F3D6292875FED6CE2A56E29EB73F430C26F6F84
SHA-256:	0840BCF92F33446B7E6D2E1FF1C8FF10E740B530E30E9007A9ADC8379C097373
SHA-512:	B99EA924EDFFDCDF73C68356FA82DD9A9B69921834E87C667549C7110F1708D0122238CE6D5C3D30D27120BFFA080852683FE6C3CD87C434DCD5FEF546FDB81D
Malicious:	false
Preview:	Log started 11/01/2021 at 09:35:43..Preferred installation mode : win32..Trying to init installer in mode win32..Mode win32 successfully initialized..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
Entropy (8bit):	7.9936248674269565
TrID:	Win32 Executable (generic) a (10002005/4) 99.39% UPX compressed Win32 Executable (30571/9) 0.30% Win32 EXE Yoda's Crypter (26571/9) 0.26% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	jxplorer-3.3.1.2-windows-installer.exe
File size:	7501332
MD5:	c23a27b06281cfa93641fdbb611c33ff
SHA1:	cac02ab7f94320ff7168ac30ca4da44df649dfa9
SHA256:	c1fe14a60bc6aa909ea8c1d5f09eb7426722bdd90634b451c12d1a32d10ff67b
SHA512:	f7902af4909083ce11ad7f0135a89f60096a4b44079326ec14458f90f8de908e18615e8686c526bbb04be4fdcc70b92e79ac27ba657741f2eeaee3ddffb3b437
SSDEEP:	196608:p5DOE1MFFH51Cetx3WxgzPp52ce3pYt3XqZ9sYg:p5v1MFFH51CWx3WOzPp5n1Xc4
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....IP..'..............0...0...@..Pq(..P....(...@...........................)............... .....................p.).p..

File Icon


Icon Hash:	f6d3d2f1d7c878b0

Static PE Info

General
Entrypoint:	0x687150
Entrypoint Section:	UPX1
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED
DLL Characteristics:
Time Stamp:	0x5049C0C3 [Fri Sep 7 09:39:15 2012 UTC]
TLS Callbacks:	0x687d56
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f703294ca5098ae27457e58f179b2127

Entrypoint Preview

Instruction
pushad
mov esi, 005B5015h
lea edi, dword ptr [esi-001B4015h]
mov dword ptr [edi+0023F4A0h], E8E07FC9h
push edi
mov ebp, esp
lea ebx, dword ptr [esp-00030E80h]
xor eax, eax
push eax
cmp esp, ebx
jne 00007FB4ECAB5DCDh
inc esi
inc esi
push ebx
push 002856EFh
push edi
add ebx, 04h
push ebx
push 000D2139h
push esi
add ebx, 04h
push ebx
push eax
mov dword ptr [ebx], 00040007h
nop
nop
nop
push ebp
push edi
push esi
push ebx
sub esp, 7Ch
mov edx, dword ptr [esp+00000090h]
mov dword ptr [esp+74h], 00000000h
mov byte ptr [esp+73h], 00000000h
mov ebp, dword ptr [esp+0000009Ch]
lea eax, dword ptr [edx+04h]
mov dword ptr [esp+78h], eax
mov eax, 00000001h
movzx ecx, byte ptr [edx+02h]
mov ebx, eax
shl ebx, cl
mov ecx, ebx
dec ecx
mov dword ptr [esp+6Ch], ecx
movzx ecx, byte ptr [edx+01h]
shl eax, cl
dec eax
mov dword ptr [esp+68h], eax
mov eax, dword ptr [esp+000000A8h]
movzx esi, byte ptr [edx]
mov dword ptr [ebp+00h], 00000000h
mov dword ptr [esp+60h], 00000000h
mov dword ptr [eax], 00000000h
mov eax, 00000300h
mov dword ptr [esp+64h], esi
mov dword ptr [esp+5Ch], 00000001h
mov dword ptr [esp+58h], 00000001h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x29a770	0x70	.rsrc
IMAGE_DIRECTORY_ENTRY_IMPORT	0x29a488	0x2e8	.rsrc
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x288000	0x12488	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x29a7e0	0x18	.rsrc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x287d78	0x18	UPX1
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
UPX0	0x1000	0x1b4000	0x0	False	0	empty	0.0	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
UPX1	0x1b5000	0xd3000	0xd2e00	False	0.998996230365	data	7.99969875033	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x288000	0x13000	0x12800	False	0.330355257601	data	4.1613860609	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_CURSOR	0x28a604	0x134	data	English	United States
RT_CURSOR	0x28a73c	0x134	AmigaOS bitmap font	English	United States
RT_CURSOR	0x28a874	0x134	data	English	United States
RT_CURSOR	0x28a9ac	0x134	data	English	United States
RT_CURSOR	0x28aae4	0x134	data	English	United States
RT_CURSOR	0x28ac1c	0x134	data	English	United States
RT_CURSOR	0x28ad54	0x134	data	English	United States
RT_CURSOR	0x28ae8c	0x134	data	English	United States
RT_CURSOR	0x28afc4	0x134	data	English	United States
RT_CURSOR	0x28b0fc	0x134	data	English	United States
RT_CURSOR	0x28b234	0x134	data	English	United States
RT_CURSOR	0x28b36c	0x134	data	English	United States
RT_CURSOR	0x28b4a4	0x134	data	English	United States
RT_CURSOR	0x28b5dc	0x134	data	English	United States
RT_CURSOR	0x28b714	0x134	data	English	United States
RT_CURSOR	0x28b84c	0x134	data	English	United States
RT_CURSOR	0x28b984	0x134	data	English	United States
RT_CURSOR	0x28babc	0x134	data	English	United States
RT_CURSOR	0x28bbf4	0x134	data	English	United States
RT_CURSOR	0x28bd2c	0x134	data	English	United States
RT_CURSOR	0x28be64	0x134	data	English	United States
RT_CURSOR	0x28bf9c	0x134	data	English	United States
RT_CURSOR	0x28c0d4	0x134	data	English	United States
RT_CURSOR	0x28c20c	0x134	data	English	United States
RT_CURSOR	0x28c344	0x134	data	English	United States
RT_CURSOR	0x28c47c	0x134	data	English	United States
RT_CURSOR	0x28c5b4	0x134	data	English	United States
RT_CURSOR	0x28c6ec	0x134	data	English	United States
RT_CURSOR	0x28c824	0x134	data	English	United States
RT_CURSOR	0x28c95c	0x134	data	English	United States
RT_CURSOR	0x28ca94	0x134	data	English	United States
RT_CURSOR	0x28cbcc	0x134	data	English	United States
RT_CURSOR	0x28cd04	0x134	data	English	United States
RT_CURSOR	0x28ce3c	0x134	data	English	United States
RT_CURSOR	0x28cf74	0x134	data	English	United States
RT_CURSOR	0x28d0ac	0x134	data	English	United States
RT_CURSOR	0x28d1e4	0x134	data	English	United States
RT_CURSOR	0x28d31c	0x134	data	English	United States
RT_CURSOR	0x28d454	0x134	data	English	United States
RT_CURSOR	0x28d58c	0x134	data	English	United States
RT_CURSOR	0x28d6c4	0x134	data	English	United States
RT_CURSOR	0x28d7fc	0x134	data	English	United States
RT_CURSOR	0x28d934	0x134	data	English	United States
RT_CURSOR	0x28da6c	0x134	data	English	United States
RT_CURSOR	0x28dba4	0x134	data	English	United States
RT_CURSOR	0x28dcdc	0x134	data	English	United States
RT_CURSOR	0x28de14	0x134	data	English	United States
RT_CURSOR	0x28df4c	0x134	data	English	United States
RT_CURSOR	0x28e084	0x134	data	English	United States
RT_CURSOR	0x28e1bc	0x134	data	English	United States
RT_CURSOR	0x28e2f4	0x134	data	English	United States
RT_CURSOR	0x28e42c	0x134	data	English	United States
RT_CURSOR	0x28e564	0x134	data	English	United States
RT_CURSOR	0x28e69c	0x134	data	English	United States
RT_CURSOR	0x28e7d4	0x134	data	English	United States
RT_CURSOR	0x28e90c	0x134	data	English	United States
RT_CURSOR	0x28ea44	0x134	data	English	United States
RT_CURSOR	0x28eb7c	0x134	data	English	United States
RT_CURSOR	0x28ecb4	0x134	data	English	United States
RT_CURSOR	0x28edec	0x134	data	English	United States
RT_CURSOR	0x28ef24	0x134	data	English	United States
RT_CURSOR	0x28f05c	0x134	data	English	United States
RT_CURSOR	0x28f194	0x134	data	English	United States
RT_CURSOR	0x28f2cc	0x134	data	English	United States
RT_CURSOR	0x28f404	0x134	data	English	United States
RT_CURSOR	0x28f53c	0x134	data	English	United States
RT_CURSOR	0x28f674	0x134	data	English	United States
RT_CURSOR	0x28f7ac	0x134	data	English	United States
RT_CURSOR	0x28f8e4	0x134	data	English	United States
RT_CURSOR	0x28fa1c	0x134	data	English	United States
RT_CURSOR	0x28fb54	0x134	data	English	United States
RT_CURSOR	0x28fc8c	0x134	data	English	United States
RT_CURSOR	0x28fdc4	0x134	data	English	United States
RT_CURSOR	0x28fefc	0x134	data	English	United States
RT_CURSOR	0x290034	0x134	data	English	United States
RT_CURSOR	0x29016c	0x134	data	English	United States
RT_CURSOR	0x2902a4	0x134	data	English	United States
RT_CURSOR	0x2903dc	0x134	data	English	United States
RT_BITMAP	0x290514	0x340	data	English	United States
RT_ICON	0x290858	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x290dc4	0x4228	dBase III DBT, version number 0, next free block index 40	English	United States
RT_ICON	0x294ff0	0x25a8	dBase III DBT, version number 0, next free block index 40	English	United States
RT_ICON	0x29759c	0x10a8	data	English	United States
RT_ICON	0x298648	0x988	dBase III DBT, version number 0, next free block index 40	English	United States
RT_DIALOG	0x298fd4	0x23a	data	English	United States
RT_GROUP_CURSOR	0x299214	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29922c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299244	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29925c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299274	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29928c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2992a4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2992bc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2992d4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2992ec	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299304	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29931c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299334	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29934c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299364	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29937c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299394	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2993ac	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2993c4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2993dc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2993f4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29940c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299424	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29943c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299454	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29946c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299484	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29949c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2994b4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2994cc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2994e4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2994fc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299514	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29952c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299544	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29955c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299574	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29958c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2995a4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2995bc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2995d4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2995ec	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299604	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29961c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299634	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29964c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299664	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29967c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299694	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2996ac	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2996c4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2996dc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2996f4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29970c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299724	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29973c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299754	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29976c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299784	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29979c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2997b4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2997cc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2997e4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2997fc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299814	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29982c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299844	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29985c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299874	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29988c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2998a4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2998bc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2998d4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x2998ec	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299904	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29991c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x299934	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_CURSOR	0x29994c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States
RT_GROUP_ICON	0x299964	0x4c	data	English	United States
RT_VERSION	0x2999b4	0x51c	data	English	United States
RT_MANIFEST	0x299ed4	0x5b1	XML 1.0 document, ASCII text	English	United States

Imports

DLL	Import
KERNEL32.DLL	LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
ADVAPI32.DLL	RegCloseKey
COMCTL32.DLL	InitCommonControlsEx
COMDLG32.DLL	ChooseColorA
GDI32.dll	Arc
IMM32.DLL	ImmGetContext
msvcrt.dll	cos
OLE32.dll	CreateBindCtx
OLEAUT32.DLL	VariantInit
SHELL32.DLL	SHGetMalloc
USER32.dll	GetDC
WS2_32.DLL	bind

Exports

Name	Ordinal	Address
TclKit_AppInit	1	0x402344
TclKit_SetKitPath	2	0x402720

Version Infos

Description	Data
LegalCopyright	Copyright JXplorer Open Source Project

InternalName
FileVersion	1.0.0.0
CompanyName	JXplorer Open Source Project
LegalTrademarks
Comments
ProductName	JXplorer
ProductVersion	3.3.1.2
FileDescription
OriginalFilename	setup.exe
Translation	0x0409 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

No network behavior found

Code Manipulations

Statistics

CPU Usage

• jxplorer-3.3.1.2-windows-installer.exe
• java.exe
• icacls.exe
• conhost.exe
• java.exe
• java.exe
• java.exe

Click to jump to process

Memory Usage

• jxplorer-3.3.1.2-windows-installer.exe
• java.exe
• icacls.exe
• conhost.exe
• java.exe
• java.exe
• java.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• jxplorer-3.3.1.2-windows-installer.exe
• java.exe
• icacls.exe
• conhost.exe
• java.exe
• java.exe
• java.exe

Click to jump to process

System Behavior

Analysis Process: jxplorer-3.3.1.2-windows-installer.exe PID: 4644 Parent PID: 5096

Function Logs

General

Start time:	09:35:39
Start date:	01/11/2021
Path:	C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\jxplorer-3.3.1.2-windows-installer.exe'
Imagebase:	0x400000
File size:	7501332 bytes
MD5 hash:	C23A27B06281CFA93641FDBB611C33FF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Created

LPC Port Activities

Chronological Activities

Analysis Process: java.exe PID: 5528 Parent PID: 4644

Function Logs

General

Start time:	09:35:47
Start date:	01/11/2021
Path:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -version
Imagebase:	0x1160000
File size:	192376 bytes
MD5 hash:	28733BA8C383E865338638DF5196E6FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Java
Reputation:	high

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

System Activities

System Information Queried

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: icacls.exe PID: 7072 Parent PID: 5528

Function Logs

General

Start time:	09:35:48
Start date:	01/11/2021
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant 'everyone':(OI)(CI)M
Imagebase:	0x11a0000
File size:	29696 bytes
MD5 hash:	FF0D1D4317A44C951240FAE75075D501
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

File Activities

File Opened

File Attributes Queried

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

Memory Allocated

Show Windows behavior

System Activities

Show Windows behavior

Object Security Activities

Chronological Activities

Analysis Process: conhost.exe PID: 7040 Parent PID: 7072

Function Logs

General

Start time:	09:35:48
Start date:	01/11/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7f20f0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

File Activities

File Attributes Queried

Volume Information Queried

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Show Windows behavior

Thread Activities

Thread Created

Show Windows behavior

System Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: java.exe PID: 7124 Parent PID: 4644

Function Logs

General

Start time:	09:35:49
Start date:	01/11/2021
Path:	C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe' -d64 -version
Imagebase:	0x1160000
File size:	192376 bytes
MD5 hash:	28733BA8C383E865338638DF5196E6FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

File Activities

File Written

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Terminated

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Allocated

Show Windows behavior

System Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: java.exe PID: 7148 Parent PID: 4644

Function Logs

General

Start time:	09:35:50
Start date:	01/11/2021
Path:	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -version
Imagebase:	0xaa0000
File size:	192376 bytes
MD5 hash:	28733BA8C383E865338638DF5196E6FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Memory Activities

Memory Allocated

Memory Protection Changed

Show Windows behavior

System Activities

System Information Queried

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: java.exe PID: 7164 Parent PID: 4644

Function Logs

General

Start time:	09:35:52
Start date:	01/11/2021
Path:	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_885250\java.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe' -d64 -version
Imagebase:	0xaa0000
File size:	192376 bytes
MD5 hash:	28733BA8C383E865338638DF5196E6FE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

File Activities

File Written

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Terminated

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Allocated

Show Windows behavior

System Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Code Analysis

Analysis Process: jxplorer-3.3.1.2-windows-installer.exe PID: 4644 Parent PID: 5096 jxplorer-3.3.1.2-windows-installer.exeCOMMON

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:	10.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	15%
Total number of Nodes:	608
Total number of Limit Nodes:	41

Executed Functions

Function 00417DBC, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 319
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsIconic.USER32 ref: 00417DDE
IsZoomed.USER32 ref: 00417DF6
AdjustWindowRectEx.USER32 ref: 00417E54
SendMessageA.USER32 ref: 0041807E
SendMessageA.USER32 ref: 0041809C

Strings

@, xrefs: 0041803F

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: MessageSend$AdjustIconicRectWindowZoomed
String ID: @
API String ID: 3468695746-2766056989
Opcode ID: 1dfc70bc8f74020222e4fa21b729a1296705e618534ff47a6460fa8efc646f2a
Instruction ID: b3f47970eecb9420cda856a2368fa749880b8b57822db4e005dd73235364fa22
Opcode Fuzzy Hash: 1dfc70bc8f74020222e4fa21b729a1296705e618534ff47a6460fa8efc646f2a
Instruction Fuzzy Hash: 12E12B71508305CFCB14DF28C18469ABBF1BF88318F158A6EEC986B345DB34E985CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401020, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00401053
__getmainargs.MSVCRT ref: 00401092
__p__fmode.MSVCRT ref: 004010A0
__p__environ.MSVCRT ref: 004010BA
_cexit.MSVCRT ref: 004010DD
ExitProcess.KERNEL32 ref: 004010E5
_setmode.MSVCRT ref: 00401105
_setmode.MSVCRT ref: 00401119
_setmode.MSVCRT ref: 0040112D

Strings

@\, xrefs: 00401027

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode_cexit
String ID: @\
API String ID: 3695137517-3984165437
Opcode ID: 87beb7fabfa9707f6b45a3ec9534653eff2953bd471800a764ac23823eee4b94
Instruction ID: dfed728f0063e300c51f57784679bc62287248947ced7a3eeb6717f653d6abfe
Opcode Fuzzy Hash: 87beb7fabfa9707f6b45a3ec9534653eff2953bd471800a764ac23823eee4b94
Instruction Fuzzy Hash: D131B7B49093469FC710EF78D59A62ABBF5BF84300F00882EE9C497362D774D9449B52

Uniqueness

Uniqueness Score: -1.00%

Function 00418B54, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadCursorA.USER32 ref: 00418C5E

Strings

Z_, xrefs: 00418D47

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: CursorLoad
String ID: Z_
API String ID: 3238433803-1605463335
Opcode ID: 03668ea9d278256fc5a6e19b055f2bff59c2aaf889a54834eb54fa34a154b0af
Instruction ID: 4529915f5265db785fee36eee1967e0453c3551146f5c9e9d1dcc4fc07457575
Opcode Fuzzy Hash: 03668ea9d278256fc5a6e19b055f2bff59c2aaf889a54834eb54fa34a154b0af
Instruction Fuzzy Hash: 694189B15087058BD320AF28D5487AA7FF5FF80304F05496EE5898B351EB78D845CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 004FD418, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32 ref: 004FD478
GetSystemInfo.KERNEL32 ref: 004FD488
wsprintfA.USER32 ref: 004FD4EE

Strings

hpa, xrefs: 004FD419

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: InfoSystemVersionwsprintf
String ID: hpa
API String ID: 3808322963-2886691762
Opcode ID: 1e3bd9ca012b50a78634628fe4d42bd72467ed3ee07ea7a95e8262f7efba8401
Instruction ID: a6d285c7c9c722aa2fc2a02095e453056b6a40f4546951374d00b6775df73744
Opcode Fuzzy Hash: 1e3bd9ca012b50a78634628fe4d42bd72467ed3ee07ea7a95e8262f7efba8401
Instruction Fuzzy Hash: 0F81D2B0408745AFC320AF25C4982AEBFE6BF88349F048D1EE5D88B241C7B99585CF57

Uniqueness

Uniqueness Score: -1.00%

Function 0041832C, Relevance: 6.2, APIs: 4, Instructions: 170nativeCOMMON

Download Yara Rule

APIs

NtdllDefWindowProc_A.NTDLL ref: 0043629F
NtdllDefWindowProc_A.NTDLL ref: 004362F0

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: NtdllProc_Window
String ID:
API String ID: 4255912815-0
Opcode ID: 3def92e04e55f4bfc274b5ef146cb00f7e2534ba68811a57a05619c9b0901be2
Instruction ID: 3913e1c84d1a17e8f5318016c0647030583df3b4a57b645ee8e4a81c2f96c842
Opcode Fuzzy Hash: 3def92e04e55f4bfc274b5ef146cb00f7e2534ba68811a57a05619c9b0901be2
Instruction Fuzzy Hash: 15615BB09083029FC710AF29C48556FBBE4BB88314F06DA6FE8A997341D338D9458F4A

Uniqueness

Uniqueness Score: -1.00%

Function 00419A62, Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 250
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetForegroundWindow.USER32 ref: 00419A62
IsWindow.USER32 ref: 00419A94
SetWindowLongA.USER32 ref: 00419AC1
SetParent.USER32 ref: 00419AE4
SendMessageA.USER32 ref: 00419B0F
SendMessageA.USER32 ref: 00419B36
GetDesktopWindow.USER32 ref: 00419B4B
SetWindowLongA.USER32 ref: 00419B6B
SetParent.USER32 ref: 00419BE6

Strings

, xrefs: 00419FF6

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Window$LongMessageParentSend$DesktopForeground
String ID:
API String ID: 2299332115-3916222277
Opcode ID: 21ac153df164bac7657e66e35e01e705aedf371d401fb55333957b2cdbd37b6a
Instruction ID: ab16b314d7edb7fb2e842306ce609dc906fb71e19f0691c1b0c6c3642d68181a
Opcode Fuzzy Hash: 21ac153df164bac7657e66e35e01e705aedf371d401fb55333957b2cdbd37b6a
Instruction Fuzzy Hash: D0C107B0509701DFD710EF28C18976ABBF1BF84704F14896EE8998B392D779D884CB96

Uniqueness

Uniqueness Score: -1.00%

Function 0048A910, Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 147
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SystemParametersInfoA.USER32 ref: 0048A964
SystemParametersInfoA.USER32 ref: 0048A9A1
733AAC50.USER32 ref: 0048A9E3
MulDiv.KERNEL32 ref: 0048AA16
GetStockObject.GDI32 ref: 0048AA79
MulDiv.KERNEL32 ref: 0048AA30

Part of subcall function 0048A854: CreateFontIndirectA.GDI32 ref: 0048A86A
Part of subcall function 0048A854: DeleteObject.GDI32 ref: 0048A889

Strings

TkHeadingFont, xrefs: 0048AABF
TkTooltipFont, xrefs: 0048AB00
TkIconFont, xrefs: 0048AB4A
TkCaptionFont, xrefs: 0048AB15
TkMenuFont, xrefs: 0048AAE8
TkFixedFont, xrefs: 0048AA5E
1, xrefs: 0048A9D4
TkTextFont, xrefs: 0048AAD0
H, xrefs: 0048AA04
L, xrefs: 0048A974
H, xrefs: 0048AA1E
TkSmallCaptionFont, xrefs: 0048AB2A
TkDefaultFont, xrefs: 0048AAAE

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: InfoObjectParametersSystem$CreateDeleteFontIndirectStock
String ID: 1$H$H$L$TkCaptionFont$TkDefaultFont$TkFixedFont$TkHeadingFont$TkIconFont$TkMenuFont$TkSmallCaptionFont$TkTextFont$TkTooltipFont
API String ID: 2412933844-581550370
Opcode ID: f8ad6996d3b9d81194897c48c2124e1b69edbe3d6cb877e07245aed2bd4192aa
Instruction ID: df09e8b0604826b9a847722ce989e57484fc40e49ac1658ffdb3daab5d28662b
Opcode Fuzzy Hash: f8ad6996d3b9d81194897c48c2124e1b69edbe3d6cb877e07245aed2bd4192aa
Instruction Fuzzy Hash: 4D511C706083448FE350FF28C58579EBBE6AB88304F018C2EE989C7345DBB898598B57

Uniqueness

Uniqueness Score: -1.00%

Function 0050F900, Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 212
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_ftime.MSVCRT ref: 0050F930
RtlEnterCriticalSection.NTDLL ref: 0050F984
QueryPerformanceCounter.KERNEL32 ref: 0050F991
RtlLeaveCriticalSection.NTDLL(?), ref: 0050FABF

Strings

ntel, xrefs: 0050FB7E
Genu, xrefs: 0050FB36
ineI, xrefs: 0050FB74

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: CriticalSection$CounterEnterLeavePerformanceQuery_ftime
String ID: Genu$ineI$ntel
API String ID: 809612594-3389352399
Opcode ID: 3bb0167c3934eca56ddb2f427e30a0814f8fe06bbf3774d3e5695a431e0490f8
Instruction ID: 56be6974c6fe67d0062e3a682dc3cfd4d5d209c7406cf5f45a825cc7359be0c5
Opcode Fuzzy Hash: 3bb0167c3934eca56ddb2f427e30a0814f8fe06bbf3774d3e5695a431e0490f8
Instruction Fuzzy Hash: CBA1E4B08083429FD720EF68D56971EFFE5BB84744F00992EE899877A1D7789448CF82

Uniqueness

Uniqueness Score: -1.00%

Function 00419C02, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 280
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00417DBC: IsIconic.USER32 ref: 00417DDE

SetWindowLongA.USER32 ref: 00419AC1
SetParent.USER32 ref: 00419AE4
SendMessageA.USER32 ref: 00419B0F
SendMessageA.USER32 ref: 00419B36
GetDesktopWindow.USER32 ref: 00419B4B
SetWindowLongA.USER32 ref: 00419B6B
SetParent.USER32 ref: 00419BE6
CreateWindowExW.USER32 ref: 00419DB3
SetWindowLongA.USER32 ref: 00419DF6
GetWindowPlacement.USER32 ref: 00419E9F
GetWindow.USER32 ref: 00419EF7

Strings

,, xrefs: 00419E83

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Window$Long$MessageParentSend$CreateDesktopIconicPlacement
String ID: ,
API String ID: 1921295904-3772416878
Opcode ID: 8459e2ca7db4151b67cf8311fc708252881fa70ef2f0da39e5df0658d44600bd
Instruction ID: 6055e93715125bd72b99c945665e696d42438dbdf7e1f1f5fbc6dfe2b8109d76
Opcode Fuzzy Hash: 8459e2ca7db4151b67cf8311fc708252881fa70ef2f0da39e5df0658d44600bd
Instruction Fuzzy Hash: 96E1D1B4509301CFD750EF28C584B9ABBF1BF84304F18896EEC998B396D7799884CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0041C94F, Relevance: 19.7, APIs: 9, Strings: 2, Instructions: 417
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32 ref: 0041CA3C
IsWindowVisible.USER32 ref: 0041CAF2
GetClientRect.USER32 ref: 0041CB4E
MoveWindow.USER32 ref: 0041CBCD

Strings

Z, xrefs: 0041D1B7
,, xrefs: 0041D26C

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Window$ClientMessageMoveRectSendVisible
String ID: ,$Z
API String ID: 3303122596-3024109530
Opcode ID: e0beef523fe094c72795692bf717737d03d0cbd67c3e3cacb766a83010b708a3
Instruction ID: 2e8d3ecffb26bc1ce40e336ff9a2c8adfccb203d54eabbf5d237a56337cc25ab
Opcode Fuzzy Hash: e0beef523fe094c72795692bf717737d03d0cbd67c3e3cacb766a83010b708a3
Instruction Fuzzy Hash: 35024BB0548701CFD724DF28C5C57AABBE1BF84344F14892ED8998B355D738E885CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004AC51C, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 103
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadIconA.USER32 ref: 004AC5AD
LoadIconA.USER32 ref: 004AC5C8
LoadCursorA.USER32 ref: 004AC5E3
RegisterClassExA.USER32 ref: 004AC60A
CreateWindowExA.USER32 ref: 004AC6AA
SetWindowLongA.USER32 ref: 004AC6C3
ShowWindow.USER32 ref: 004AC6D6
UpdateWindow.USER32 ref: 004AC6E1

Strings

TtkMonitorClass, xrefs: 004AC55E
0, xrefs: 004AC572
TtkMonitorWindow, xrefs: 004AC53F

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Window$Load$Icon$ClassCreateCursorLongRegisterShowUpdate
String ID: 0$TtkMonitorClass$TtkMonitorWindow
API String ID: 1906826020-4109889077
Opcode ID: 5a6d5aa1303209dcc19ebcae4ad7267da52fba77c0fa46cc1c28f09fd69c17bd
Instruction ID: ef8428fd6395ead5cb2f4dbe3cc88fe1601c8907ef333af622a7926318b55ea4
Opcode Fuzzy Hash: 5a6d5aa1303209dcc19ebcae4ad7267da52fba77c0fa46cc1c28f09fd69c17bd
Instruction Fuzzy Hash: 6A4100B08183418FD320AF68C44935FBFE4BB84744F40892EE8C89B391D7B99548CB93

Uniqueness

Uniqueness Score: -1.00%

Function 00519494, Relevance: 16.6, APIs: 11, Instructions: 136
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateEventA.KERNEL32 ref: 00519537
CreateEventA.KERNEL32 ref: 00519561
CreateEventA.KERNEL32 ref: 0051958B
CreateThread.KERNEL32 ref: 005195C1
SetThreadPriority.KERNEL32 ref: 005195D7
CreateEventA.KERNEL32 ref: 0051960A
CreateEventA.KERNEL32 ref: 00519634
CreateEventA.KERNEL32 ref: 0051965E
CreateThread.KERNEL32 ref: 00519694
SetThreadPriority.KERNEL32 ref: 005196AD
sprintf.MSVCRT ref: 005196CC

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Create$Event$Thread$Priority$sprintf
String ID:
API String ID: 2067779509-0
Opcode ID: 6998950a34e982990c13e70034224f4513f6f94996bb2ff08443efe48eef13ae
Instruction ID: 69af821411dfb6cd930ad2ddcbd2e77d70ed776cb084ce52a7c8766b00a650e3
Opcode Fuzzy Hash: 6998950a34e982990c13e70034224f4513f6f94996bb2ff08443efe48eef13ae
Instruction Fuzzy Hash: 126162B1409301AFE750EF69C19935ABFE0BF84708F54C95EE8984B346D7B98588CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0047F824, Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 426
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetMenuItemCount.USER32 ref: 0047F863
RemoveMenu.USER32 ref: 0047F88B

Strings

(Tear-off), xrefs: 0047FA4F
ge), xrefs: 0047F8EB
(Pixmap), xrefs: 0047FAFB

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Menu$CountItemRemove
String ID: (Pixmap)$(Tear-off)$ge)
API String ID: 1046485675-1017915560
Opcode ID: 77bb54f53515e45e56296cab9b15366362feefc859836a48e2825a04ef1270a5
Instruction ID: 165960d8b491ec4e01c2997aac214d862667a42d005618d56dfa826d81c1241c
Opcode Fuzzy Hash: 77bb54f53515e45e56296cab9b15366362feefc859836a48e2825a04ef1270a5
Instruction Fuzzy Hash: D712E7B49083419FC714DF28C584AAABBE1BF89310F15897EE8899B361D774E845CF86

Uniqueness

Uniqueness Score: -1.00%

Function 00401137, Relevance: 12.1, APIs: 8, Instructions: 105
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__set_app_type.MSVCRT ref: 0040114D

Part of subcall function 00401020: SetUnhandledExceptionFilter.KERNEL32 ref: 00401053
Part of subcall function 00401020: __getmainargs.MSVCRT ref: 00401092
Part of subcall function 00401020: __p__fmode.MSVCRT ref: 004010A0
Part of subcall function 00401020: __p__environ.MSVCRT ref: 004010BA
Part of subcall function 00401020: _cexit.MSVCRT ref: 004010DD
Part of subcall function 00401020: ExitProcess.KERNEL32 ref: 004010E5
Part of subcall function 00401020: _setmode.MSVCRT ref: 00401105
Part of subcall function 00401020: _setmode.MSVCRT ref: 00401119
Part of subcall function 00401020: _setmode.MSVCRT ref: 0040112D

__set_app_type.MSVCRT ref: 0040116D
signal.MSVCRT ref: 004011B0
signal.MSVCRT ref: 00401208

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: _setmode$__set_app_typesignal$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode_cexit
String ID:
API String ID: 312243418-0
Opcode ID: 862aa577647d4664eda0bce5bbbf62d24ee43af8cf31228daf786c227d63a13d
Instruction ID: a6ab4f04e15091c89f6135d63b23023ea29ae5da0b75456b6f4cac2c2492200a
Opcode Fuzzy Hash: 862aa577647d4664eda0bce5bbbf62d24ee43af8cf31228daf786c227d63a13d
Instruction Fuzzy Hash: 323183700142018BD7246B68C94437ABAE4BB46328F150A2FE6D5FB3E1CBBD9885875B

Uniqueness

Uniqueness Score: -1.00%

Function 0048AF14, Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

733AAC50.USER32 ref: 0048AF51
SelectObject.GDI32(?), ref: 0048AF7A
GetTextExtentPoint32W.GDI32 ref: 0048B14F

Strings

, xrefs: 0048B38C

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ExtentObjectPoint32SelectText
String ID:
API String ID: 1470722260-3916222277
Opcode ID: dd1756c1c319f331719094d3a7a569f2244b2bfff88336452d6b3dc283b1f416
Instruction ID: 3f0afc2c8483562b699363120c6255ae64b8f7f32d57e15670fd6a08abe91075
Opcode Fuzzy Hash: dd1756c1c319f331719094d3a7a569f2244b2bfff88336452d6b3dc283b1f416
Instruction Fuzzy Hash: 17028C74908740DFC360EF29C588A9EBBF0EF89705F14896EE99887321D775A944CF86

Uniqueness

Uniqueness Score: -1.00%

Function 00518980, Relevance: 9.1, APIs: 6, Instructions: 94
filepipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WaitForMultipleObjects.KERNEL32 ref: 005189CB
ReadFile.KERNEL32 ref: 005189F9
PeekNamedPipe.KERNEL32 ref: 00518A30
SetEvent.KERNEL32 ref: 00518A4C
ReadFile.KERNEL32 ref: 00518A97
GetLastError.KERNEL32 ref: 00518AAC

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: FileRead$ErrorEventLastMultipleNamedObjectsPeekPipeWait
String ID:
API String ID: 409193913-0
Opcode ID: 71b31091d4b973b014f70bf2aff975ef16c57729169b2ede5d4a928a20c8003c
Instruction ID: 1cafbb4331aa6f58bfcfcb3b5d179f52cdcb5d758ad0ff3e378a6d5bd04eea5b
Opcode Fuzzy Hash: 71b31091d4b973b014f70bf2aff975ef16c57729169b2ede5d4a928a20c8003c
Instruction Fuzzy Hash: C73159B55083019FE760EF29C58876BBFE4BF84364F04892EE8888B341D775D984CB92

Uniqueness

Uniqueness Score: -1.00%

Function 004D6214, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreatePatternBrush.GDI32 ref: 004D6372

Strings

7Fa, xrefs: 004D6411
3Fa, xrefs: 004D6409
>Ga, xrefs: 004D633D
MFa, xrefs: 004D63CA, 004D63D3

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: BrushCreatePattern
String ID: 3Fa$7Fa$>Ga$MFa
API String ID: 1995003023-1512465142
Opcode ID: de73a9de05c86bc1c8b258370482ebe6fb33c437b3c72707a64b2c63325bc320
Instruction ID: 75fadcf07c1b38f56ef71d4641bd968666acd6b250126cfc45388c5b175f053d
Opcode Fuzzy Hash: de73a9de05c86bc1c8b258370482ebe6fb33c437b3c72707a64b2c63325bc320
Instruction Fuzzy Hash: B151BDB0409741AFD701AF16D19825EBFE1BF81758F55C82EE4D88B351DBB88489CF86

Uniqueness

Uniqueness Score: -1.00%

Function 00512EB4, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000004,line,00513054), ref: 00512EBE
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000004,line,00513054), ref: 00512ED8
GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000004,line,00513054), ref: 00512EEC

Strings

line, xrefs: 00512EB4

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ConsoleErrorFileLastModeType
String ID: line
API String ID: 2867079444-3507795190
Opcode ID: e96547521f8fc94660850a6b3213d786de110d7878bbced6ffa8d8f7b6506712
Instruction ID: 00406211933036d7f5ac0434d913f5a7a29ad1fc6e5ce0ad58e121e6085cdfec
Opcode Fuzzy Hash: e96547521f8fc94660850a6b3213d786de110d7878bbced6ffa8d8f7b6506712
Instruction Fuzzy Hash: 58F036B16093114BEB10FA38B9892DB7ED8BB44354F05493FFC58C6344E735D999C692

Uniqueness

Uniqueness Score: -1.00%

Function 005D6CB0, Relevance: 7.5, APIs: 5, Instructions: 48COMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32 ref: 005D6CFB
RtlInitializeCriticalSection.NTDLL ref: 005D6D0E
RtlInitializeCriticalSection.NTDLL ref: 005D6D1D
RtlEnterCriticalSection.NTDLL ref: 005D6D48

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: CriticalSection$Initialize$EnterExchangeInterlocked
String ID:
API String ID: 33273390-0
Opcode ID: 0334e486cb7d73863c9a6ceb37f76073a1e92d8fa425e7668c45c0a3370bd000
Instruction ID: 1d2e89b87524eab1fb031f087281dda5f3319854309c179298ba8cd56b8ad92a
Opcode Fuzzy Hash: 0334e486cb7d73863c9a6ceb37f76073a1e92d8fa425e7668c45c0a3370bd000
Instruction Fuzzy Hash: 3B016DF190411186E734BFBCA64A2193EE6FB41344F40582BE981C7721F375999ADF93

Uniqueness

Uniqueness Score: -1.00%

Function 00418808, Relevance: 4.6, APIs: 3, Instructions: 149windowCOMMON

Download Yara Rule

APIs

_mbscpy.MSVCRT ref: 00418890
SetWindowTextW.USER32 ref: 004188D9
SendMessageA.USER32 ref: 00418932

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: MessageSendTextWindow_mbscpy
String ID:
API String ID: 3092963323-0
Opcode ID: ea77ef0630a1ed058133c7854fad195a9e9c5b19ec1e85726b8074bea3b32389
Instruction ID: 92930b6000ae40238bdc8a1862c31a9cec4fa2e2c35789e401793ae7e8d0235e
Opcode Fuzzy Hash: ea77ef0630a1ed058133c7854fad195a9e9c5b19ec1e85726b8074bea3b32389
Instruction Fuzzy Hash: BD51E5B5A08701DFC310DF28D588A6ABBE5FF88320F15896EE89DC7761D73598848F52

Uniqueness

Uniqueness Score: -1.00%

Function 0047382C, Relevance: 4.6, APIs: 3, Instructions: 57COMMON

Download Yara Rule

APIs

SelectObject.GDI32(?), ref: 00473864
GetBkMode.GDI32(?), ref: 00473880
733AAC50.USER32 ref: 004738BD

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ModeObjectSelect
String ID:
API String ID: 2050317032-0
Opcode ID: 24c8b1628fdf94ad6d709d08b7d089b53061631f8551548a3558391dc8428457
Instruction ID: 24872b9aa47b1765540832d1d5f6603c05c09271e3155d132f02c8f70ef90cf1
Opcode Fuzzy Hash: 24c8b1628fdf94ad6d709d08b7d089b53061631f8551548a3558391dc8428457
Instruction Fuzzy Hash: 951104B46047018FC360EF2AC885A5ABBF4FB89310F15882EF889C7702D634E944DB56

Uniqueness

Uniqueness Score: -1.00%

Function 0048AD20, Relevance: 4.5, APIs: 3, Instructions: 41COMMON

Download Yara Rule

APIs

733AAC50.USER32 ref: 0048AD3B
EnumFontFamiliesA.GDI32 ref: 0048AD64

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: EnumFamiliesFont
String ID:
API String ID: 2229041460-0
Opcode ID: 1adf2f98d9df91696021672d7f5176b1e97759a89843f7523e057bdfb29875fb
Instruction ID: 2a5fd9178197e884cf4e7f41768ade893b097ef9b396f4f8b2f63ec6460891fa
Opcode Fuzzy Hash: 1adf2f98d9df91696021672d7f5176b1e97759a89843f7523e057bdfb29875fb
Instruction Fuzzy Hash: E0015AB04083009AD320BF29958961FBFE4EF80308F418D1FF49887312D6788814CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004FD268, Relevance: 4.5, APIs: 3, Instructions: 16COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,?,?,?,?,?,0050F478,?,?,?,?,?,?,004E989C), ref: 004FD27C
SetErrorMode.KERNEL32(?,?,?,?,?,?,?,0050F478,?,?,?,?,?,?,004E989C), ref: 004FD288
GetModuleHandleA.KERNEL32(?,?,?,?,?,?,?,?,0050F478,?,?,?,?,?,?,004E989C), ref: 004FD295

Part of subcall function 00542870: GetVersionExA.KERNEL32 ref: 00542891

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ErrorMode$HandleModuleVersion
String ID:
API String ID: 1490064178-0
Opcode ID: 39cc959004907f691b6efa335e57a52db79f761651f6aeb648451af686c397de
Instruction ID: 41281cd27e4b69f252c9dc71da0ba33c608d0d6729e72d67a8c19733ab019e92
Opcode Fuzzy Hash: 39cc959004907f691b6efa335e57a52db79f761651f6aeb648451af686c397de
Instruction Fuzzy Hash: DCD09EF44487029AE7507FB8D80E75D7DE4BF90706F81495EF4C457352E77940448623

Uniqueness

Uniqueness Score: -1.00%

Function 00598E18, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 00598E8D

Strings

0%, xrefs: 00598E77

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: malloc
String ID: 0%
API String ID: 2803490479-3583766603
Opcode ID: da459b4480afd5a85025d57be6f0bd20e075aa72a7e269af96c72eb1a8dd11ae
Instruction ID: 43272f94abd23b14930d61e0314b4c16fb9248d634b7597935165e45de7b3eb4
Opcode Fuzzy Hash: da459b4480afd5a85025d57be6f0bd20e075aa72a7e269af96c72eb1a8dd11ae
Instruction Fuzzy Hash: 902139B09042108FDF108F24C99476A7EE8FB4A368F658799EC594B396D774CC85CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00483358, Relevance: 3.1, APIs: 2, Instructions: 67COMMON

Download Yara Rule

APIs

CreateWindowExA.USER32 ref: 004833D8
CreateWindowExA.USER32 ref: 0048344B

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 7ebbba2fdebd3cf811400f33d9c41fd6163761c443cecc646bd5615bca4e7aad
Instruction ID: 827c8f3ea988240b9bc57280d49db92f0a4df3bbcbab5bf5775b2b6225a5b109
Opcode Fuzzy Hash: 7ebbba2fdebd3cf811400f33d9c41fd6163761c443cecc646bd5615bca4e7aad
Instruction Fuzzy Hash: CE31AFB0509301CFE300AF25C55971FBFE0FB84708F14986EE8889B2A1D7B98949CF96

Uniqueness

Uniqueness Score: -1.00%

Function 005428F4, Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00542925
VirtualQuery.KERNEL32 ref: 0054293E

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: InfoQuerySystemVirtual
String ID:
API String ID: 401686933-0
Opcode ID: 3773d760258ace996b719f087a94ad69d2ab58732df6676d48eb8877336784b8
Instruction ID: 206eab185391c417d4d7a0d948f19b6e20c3ac285e3bb1b8a8c54ccd42d9ce1f
Opcode Fuzzy Hash: 3773d760258ace996b719f087a94ad69d2ab58732df6676d48eb8877336784b8
Instruction Fuzzy Hash: F711F2B56083028FD750DF68C481A9AFBE0BB89748F94892DF894C7300E378D888CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00416474, Relevance: 3.0, APIs: 2, Instructions: 49COMMON

Download Yara Rule

APIs

CreateWindowExA.USER32 ref: 004164E6
SetWindowPos.USER32 ref: 00416523

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Window$Create
String ID:
API String ID: 870168347-0
Opcode ID: 3538a40de986ab059f749819989974d3536e838d0ae558ada1056b05c7c242f9
Instruction ID: 492ce447c219f4c3f0e9dde633ec125d7ab1825407403e1e179143cada259ebb
Opcode Fuzzy Hash: 3538a40de986ab059f749819989974d3536e838d0ae558ada1056b05c7c242f9
Instruction Fuzzy Hash: 3911E4B08093018FD340DF29C18871BBFF4BB88354F15895EE9889B351D3B9D9488F96

Uniqueness

Uniqueness Score: -1.00%

Function 0048A854, Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

CreateFontIndirectA.GDI32 ref: 0048A86A
DeleteObject.GDI32 ref: 0048A889

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: CreateDeleteFontIndirectObject
String ID:
API String ID: 1932138579-0
Opcode ID: ebe32e7144cec7d4fd79aa2ab3a836baec2ab8b9d2555c55423f1697812cf37c
Instruction ID: 2698363bc748baab621001724186537644e5d339d8980361525ee8544be14d85
Opcode Fuzzy Hash: ebe32e7144cec7d4fd79aa2ab3a836baec2ab8b9d2555c55423f1697812cf37c
Instruction Fuzzy Hash: 5EE0E5B0A087118FC394EF2D98C5A0FBBE4AF8C250F01592DF889D3301E234D9858B92

Uniqueness

Uniqueness Score: -1.00%

Function 0041DD74, Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

SetForegroundWindow.USER32 ref: 0041DD8B
SetForegroundWindow.USER32 ref: 0041DDA6

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: d68fff69d0362bea47adc5efd410823941d844d77263701ef5cbd24bfb1b8428
Instruction ID: 80788abe60655e53ceceeb737f8df583d6c92566f1d4b7228b94839c9a716f1f
Opcode Fuzzy Hash: d68fff69d0362bea47adc5efd410823941d844d77263701ef5cbd24bfb1b8428
Instruction Fuzzy Hash: 7AE01DB49047018BD714FF38C546A6EBBE47F84300FC50A9DE88497742D63CD5808B67

Uniqueness

Uniqueness Score: -1.00%

Function 004165D8, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 00416602

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: a41cfb58879ce6500416b149af3d780e5975d22ca75f5aa838f02a6fc908c960
Instruction ID: 27bf1ee4af788bf3a2eea4fa83627e4cebf97940e407cb9908deccf8e4ab03d3
Opcode Fuzzy Hash: a41cfb58879ce6500416b149af3d780e5975d22ca75f5aa838f02a6fc908c960
Instruction Fuzzy Hash: D931DBB05093008FD750DF29D584B9BBBE0BF88318F05896EE88C9B345D779D985CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00409544, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT ref: 00409589

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: d1edded23859d20f758d9a610107fe28be2dd130926a95e5435de9b50fd446bd
Instruction ID: 49ef41fac315f9177bf7b8cc39eaf08fb4b3c1a03e796b08a5ed85a3d361f629
Opcode Fuzzy Hash: d1edded23859d20f758d9a610107fe28be2dd130926a95e5435de9b50fd446bd
Instruction Fuzzy Hash: AB21C570604201DFCB50EF2AC9C0A1ABBE4AF48304B5585AAE988DF397E738DC41CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00419980, Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 004199E0

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 1e42611596d295b6901cf8160005b211a10211af04ca8a792e3414a6edfc3e2b
Instruction ID: 926fa9a6760c6ee7b5e968137f8f5a221a418706b8d806aa876ee763124dece1
Opcode Fuzzy Hash: 1e42611596d295b6901cf8160005b211a10211af04ca8a792e3414a6edfc3e2b
Instruction Fuzzy Hash: 10012CF191420587DB209E2C89D17A677D4AB54301F5845ABE84CCB385F22ACCD5A796

Uniqueness

Uniqueness Score: -1.00%

Function 004892DC, Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 004892FB

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: DeleteObject
String ID:
API String ID: 1531683806-0
Opcode ID: a74492c10af2d7347b0c242ed8141cb10ced9d9c25a3778d46d1e8acf0fd9bdc
Instruction ID: d127a8632bfb2a6a296164e8689feec42e1a190d089e5b67d13fbd86571ade5f
Opcode Fuzzy Hash: a74492c10af2d7347b0c242ed8141cb10ced9d9c25a3778d46d1e8acf0fd9bdc
Instruction Fuzzy Hash: 95F090316405049FCB20BFADD88592ABBE4FF44314B19097EED59C3322D224EC50C794

Uniqueness

Uniqueness Score: -1.00%

Function 004166E8, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 0041670F

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 775bc4612f3fde25676219590a1745faf13eddddd76b13f6ac9ead3b7bc5f115
Instruction ID: fe0b38728a35944cb171696bc8f630b6e9eb7fe1e1b8fa8caa88712018e394d3
Opcode Fuzzy Hash: 775bc4612f3fde25676219590a1745faf13eddddd76b13f6ac9ead3b7bc5f115
Instruction Fuzzy Hash: 880116B45087018FC350DF28D58478BBBE0BF88314F108A6EE89887355D738EA88CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0059ABDC, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

??3@YAXPAX@Z.MSVCRT ref: 0059AC13

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 6226cf96f88226f9045ecd0a2c4ac9454f09fb1fd7af28ba243cf9ad3cd06b01
Instruction ID: dbd1a0d373b8140ec61abedff1f4d5a544fc6f49b2ede229bd81b180d37b7408
Opcode Fuzzy Hash: 6226cf96f88226f9045ecd0a2c4ac9454f09fb1fd7af28ba243cf9ad3cd06b01
Instruction Fuzzy Hash: B2F0A4B47056008BCF54EF69C5C4A1A7BE6BF88710B65869CE8498B34AE734DC51CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0040CD38, Relevance: 1.5, APIs: 1, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: CombineCreateDeleteObjectRect$Indirect
String ID:
API String ID: 3044651595-0
Opcode ID: 19b0cf3a384e83862e688888efcc9bf040804df147fd5d4215a7e53d3df44462
Instruction ID: 18b30bd831e71ec7baa31c179fd10da025ec476a828a0401f6b0d67dd0ed4f8f
Opcode Fuzzy Hash: 19b0cf3a384e83862e688888efcc9bf040804df147fd5d4215a7e53d3df44462
Instruction Fuzzy Hash: 33A11771508301CBCB18DF25C0C062BBBF5FF88744F05496EE989AB291E779D942DB8A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004700F4, Relevance: 32.2, APIs: 12, Strings: 6, Instructions: 699COMMON

Download Yara Rule

APIs

sprintf.MSVCRT ref: 004702F4
sprintf.MSVCRT ref: 0047069A
sprintf.MSVCRT ref: 004706DF

Strings

], xrefs: 00470977
[1 0, xrefs: 00470944
/DeviceRGB, xrefs: 00470620
/DeviceGray, xrefs: 0047091C, 0047095E
[0 1 0 1 0 1], xrefs: 0047063C
;, xrefs: 00470EC9

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: sprintf
String ID: /DeviceGray$/DeviceRGB$;$[0 1 0 1 0 1]$[1 0$]
API String ID: 590974362-1630172899
Opcode ID: 6b09a2930e947bacc0902e346b3b165e0ea6b5f6bcc171342bb453a2eaab8e7e
Instruction ID: 8ff1b55727ffae2a1816a5e39721f6eba072dd109f06cd90322d0ce963a0f433
Opcode Fuzzy Hash: 6b09a2930e947bacc0902e346b3b165e0ea6b5f6bcc171342bb453a2eaab8e7e
Instruction Fuzzy Hash: DD82D2B0549381CFC325DF15C48879BBBE2BB89314F14896EE4D88B3A2D7B49845CF96

Uniqueness

Uniqueness Score: -1.00%

Function 004351EC, Relevance: 6.0, APIs: 4, Instructions: 49clipboardCOMMON

Download Yara Rule

APIs

GetClipboardOwner.USER32 ref: 00435210
OpenClipboard.USER32 ref: 00435293
EmptyClipboard.USER32 ref: 00435299
CloseClipboard.USER32 ref: 004352AE

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Clipboard$CloseEmptyOpenOwner
String ID:
API String ID: 1113666267-0
Opcode ID: 9950952572b77b57ef40fc14d515aea708fba70a19462a3adda9e8afb72a0d37
Instruction ID: 92f3fb5f6ab1d7a5557e1100c3c36db63f0aa1070366741f634f72a31997670d
Opcode Fuzzy Hash: 9950952572b77b57ef40fc14d515aea708fba70a19462a3adda9e8afb72a0d37
Instruction Fuzzy Hash: 551197B4504B058FCB50EF69D88569A7BE4BF48305F0558BAEC88CB346E674D9808F65

Uniqueness

Uniqueness Score: -1.00%

Function 004340D0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

IsWindow.USER32 ref: 0043415B

Strings

1, xrefs: 00434202

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Window
String ID: 1
API String ID: 2353593579-2212294583
Opcode ID: 97957a819e94dd0f1e5836e3ff142191d6818384c02acd16d2dd1941e308cbc1
Instruction ID: cf4d8638c93e4feb1c813016f407832571ddddb8af0c9c41ae7a262259c58701
Opcode Fuzzy Hash: 97957a819e94dd0f1e5836e3ff142191d6818384c02acd16d2dd1941e308cbc1
Instruction Fuzzy Hash: 045139B05083009FD310AF29D4897AABBE4FFC8354F04986EE9888B351D77998848F96

Uniqueness

Uniqueness Score: -1.00%

Function 0055313C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100stringCOMMON

Download Yara Rule

APIs

__p__environ.MSVCRT ref: 0055319D
__p__environ.MSVCRT ref: 005531B8
strchr.MSVCRT ref: 005531EB
__p__environ.MSVCRT ref: 00553223

Strings

hpa, xrefs: 0055313E
=, xrefs: 005531E0

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: __p__environ$strchr
String ID: =$hpa
API String ID: 3615923317-3817669091
Opcode ID: 44df40ff74d6775cb6499d64df7be1f0dbbb3fbbef18a7cabe2372dc61312aca
Instruction ID: b188c27479abf36994b430aa7b7e6a683400762e7a7729ec95a41a9ede8b8e69
Opcode Fuzzy Hash: 44df40ff74d6775cb6499d64df7be1f0dbbb3fbbef18a7cabe2372dc61312aca
Instruction Fuzzy Hash: 594116B45087419FD710EF59D49872ABFE0FF85389F00885EE9894B362C7B99848CF92

Uniqueness

Uniqueness Score: -1.00%

Function 00427168, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 276COMMON

Download Yara Rule

APIs

sprintf.MSVCRT ref: 004272A6
_isctype.MSVCRT ref: 004273BE

Strings

Wt_, xrefs: 004275BF
`|_, xrefs: 00427248, 00427261
0, xrefs: 004275DA

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: _isctypesprintf
String ID: 0$Wt_$`|_
API String ID: 3856747102-1717563890
Opcode ID: ba8e74db4a7b057dc5434bf78346386fc28331e414417e7247c296aeaa274feb
Instruction ID: 11e9e6729de9f0d99dff572e517177f252e580d0602c087a507397475857dbbb
Opcode Fuzzy Hash: ba8e74db4a7b057dc5434bf78346386fc28331e414417e7247c296aeaa274feb
Instruction Fuzzy Hash: 2FC10474608352CFC710DF19D588A2ABBE1FF89304F548AAEE8998B361D734D945CF4A

Uniqueness

Uniqueness Score: -1.00%

Function 0051302C, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 0051305D
GetCurrentProcess.KERNEL32 ref: 00513064
DuplicateHandle.KERNEL32 ref: 0051309B
CloseHandle.KERNEL32(?), ref: 005130D5

Strings

line, xrefs: 0051302E

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: CurrentHandleProcess$CloseDuplicate
String ID: line
API String ID: 1410216518-3507795190
Opcode ID: 7f07dc42570967f1563fd61bc2e07d12144606d833a8619c603fa08787f79b70
Instruction ID: 0e90dfbe444b505ab157694d3e7a313b060df38faac91232096c37ee8e3fac0f
Opcode Fuzzy Hash: 7f07dc42570967f1563fd61bc2e07d12144606d833a8619c603fa08787f79b70
Instruction Fuzzy Hash: 9141A6B45087459FD360EF64C49579AFFE4FB88740F108D2EE88987311E7799A84CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0048A240, Relevance: 7.7, APIs: 5, Instructions: 160COMMON

Download Yara Rule

APIs

SelectObject.GDI32 ref: 0048A268
GetTextMetricsA.GDI32 ref: 0048A282
SelectObject.GDI32 ref: 0048A2BD
GetTextMetricsA.GDI32 ref: 0048A2D3
SelectObject.GDI32 ref: 0048A4A3

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ObjectSelect$MetricsText
String ID:
API String ID: 3697559710-0
Opcode ID: ab686e14286090032e6e0ffbefe99d5617bbddb11f133cb97f630b237d58e5ed
Instruction ID: 2c52ea1d3b65e68362f0c4d0d4cfd3095759291897c222dcdc424e1050c1e55b
Opcode Fuzzy Hash: ab686e14286090032e6e0ffbefe99d5617bbddb11f133cb97f630b237d58e5ed
Instruction Fuzzy Hash: E97170749087459FC390EF28C585A9EBBF0BF88701F44896EE989C7315E730A955CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0042A160, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 198stringCOMMON

Download Yara Rule

APIs

strncpy.MSVCRT ref: 0042A25A

Strings

d, xrefs: 0042A23F
H, xrefs: 0042A182

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: strncpy
String ID: H$d
API String ID: 3301158039-989806989
Opcode ID: b7ce41448c75a05407d9907faf95def6a1f48a5f07f599a070b69c70532e7e7d
Instruction ID: 99795147df00731972e54b1705124a5cf865683d5295bb382dd6828d1b225689
Opcode Fuzzy Hash: b7ce41448c75a05407d9907faf95def6a1f48a5f07f599a070b69c70532e7e7d
Instruction Fuzzy Hash: 82717D74704351CFD720DF29E0847ABB7E1BB85304F98896ADD888B312D3799895CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 0047302C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 00473086
733AAC50.USER32 ref: 004730C2
GetDIBits.GDI32 ref: 0047310B

Strings

(, xrefs: 004730CA

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: BitsClientRect
String ID: (
API String ID: 1769629971-3887548279
Opcode ID: 951a99067c15eabdfb2183b3f9b6ef615ac024bcf69ce1da0f7685ca2f4b76eb
Instruction ID: 3566dd0bc71e1c63a864a448f1aa7d9e3ec0f712a5caac23623a5f9b0907eb05
Opcode Fuzzy Hash: 951a99067c15eabdfb2183b3f9b6ef615ac024bcf69ce1da0f7685ca2f4b76eb
Instruction Fuzzy Hash: 563102B1608300CFC714EF68D585B5ABBE4FB84305F04886EE888CB351E779D944CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0043F118, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00407086), ref: 0043F158
MultiByteToWideChar.KERNEL32 ref: 0043F195
MessageBoxW.USER32 ref: 0043F1D3

Strings

..., xrefs: 0043F1A4

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: ByteCharMultiWide$Message
String ID: ...
API String ID: 3609034761-1685331755
Opcode ID: f7099ffdd2a7b6e463bcd01fd1f6f3162990682c2fea4f9798ece317b2bacde9
Instruction ID: 8ecdf76cfab7d17513de80c6ff5e732f459cbeb97d2928bbdfa63c4d8acf5569
Opcode Fuzzy Hash: f7099ffdd2a7b6e463bcd01fd1f6f3162990682c2fea4f9798ece317b2bacde9
Instruction Fuzzy Hash: AC11F5B54093459BD320EF29D14869BBFE4FB84364F408A1EE4E887380D7B986488B93

Uniqueness

Uniqueness Score: -1.00%

Function 0047508C, Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

SetBkColor.GDI32 ref: 004750C0
SetBkMode.GDI32 ref: 004750D5
ExtTextOutA.GDI32 ref: 00475118
SetBkColor.GDI32 ref: 00475127

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID: Color$ModeText
String ID:
API String ID: 2971265119-0
Opcode ID: cf0c09b6b347ee7c91e9625af907751c57fc18f59f60365bb4a9758f9e643916
Instruction ID: 6a49e02db2abc8b0efcff8356259a5e0684ab65ee08fc4943b73230f7bd46504
Opcode Fuzzy Hash: cf0c09b6b347ee7c91e9625af907751c57fc18f59f60365bb4a9758f9e643916
Instruction Fuzzy Hash: BB1150B18093028FD300EF65D58A70ABFF4BB89754F018A2DE8D857245D37996488F92

Uniqueness

Uniqueness Score: -1.00%

Function 0050E070, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

0, xrefs: 00510F1A

Memory Dump Source

Source File: 00000000.00000002.557522840.0000000000401000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.557518151.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.557977950.00000000005F3000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558039738.0000000000643000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558047296.0000000000646000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558051613.0000000000649000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558059951.000000000065B000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558078695.000000000067A000.00000040.00020000.sdmp Download File
Associated: 00000000.00000002.558101117.0000000000688000.00000004.00020000.sdmp Download File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_jxplorer-3.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 61f217ba63f8902fc8c37dc4dbc318fc442b6b39fb40aed3fafc2559f68fa44a
Instruction ID: 1b6907fba4bf0bd4e95e953748db7a22f205ed165092e53664cb59025ff7deb5
Opcode Fuzzy Hash: 61f217ba63f8902fc8c37dc4dbc318fc442b6b39fb40aed3fafc2559f68fa44a
Instruction Fuzzy Hash: 5B317F716042018FD714DF18D49975ABFE1FB94308F648A6DE8884F386D3B6D986CF92

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: java.exe PID: 5528 Parent PID: 4644 java.exeCOMMON

Executed Functions

Function 0300D925, Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309138532.0000000003002000.00000040.00000001.sdmp, Offset: 03002000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3002000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fabc6b6114c1a5dbd816713225acf91c2bf2cb6bbe04259081a782eda49d51ab
Instruction ID: 4c552414c1e656a04caa5c8bd0ef796cb463af181d170359988e6a2967ea6aee
Opcode Fuzzy Hash: fabc6b6114c1a5dbd816713225acf91c2bf2cb6bbe04259081a782eda49d51ab
Instruction Fuzzy Hash: 6B81BE75A06601DFEB58CFA4C494BA9FBB0FF49314F08859ED81A5B381D774A981CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 03000632, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309135198.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3000000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60392962478eb443b2c3eac1ca8a1346b06c4eb38417e1efb3aaec0e1d1d181d
Instruction ID: 8d9cb9782b988db55d4aa5e243400ff9a767eeaf9dca2b089a90b8c9e314dc02
Opcode Fuzzy Hash: 60392962478eb443b2c3eac1ca8a1346b06c4eb38417e1efb3aaec0e1d1d181d
Instruction Fuzzy Hash: EE117FB2D0122A8FEF54CF88C5815ADF3F2FB98310F1A452ADC64A7381D7346960CB91

Uniqueness

Uniqueness Score: -1.00%

Function 030006E2, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309135198.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3000000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e513933093163475642b4a94aa170af4ed19f1dc54cbffa2c5a5906f3dfe324
Instruction ID: 765442c1e5f1b8b5252a6346b430bf449a26413f772dc73a4232e968caa83a8f
Opcode Fuzzy Hash: 9e513933093163475642b4a94aa170af4ed19f1dc54cbffa2c5a5906f3dfe324
Instruction Fuzzy Hash: D5F09276C0122A9B9B54CF48C4442ADF7B2EB45228F1A8496DC687B281D232AD62CF81

Uniqueness

Uniqueness Score: -1.00%

Function 03014C2D, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309138532.0000000003002000.00000040.00000001.sdmp, Offset: 03002000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3002000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22ee169920cb418ee8e005a5731482da6819bddb763a71cbef078c1b35c35d95
Instruction ID: 4134abdad79f7233801e69ea33622fc5d3b8498cec6ac8377099ff7761313c4e
Opcode Fuzzy Hash: 22ee169920cb418ee8e005a5731482da6819bddb763a71cbef078c1b35c35d95
Instruction Fuzzy Hash: 07F07FB5910B06ABEB05CF64C4947EBF7B8FB88714F14460AD82857340C379B569CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 03014AD8, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309138532.0000000003002000.00000040.00000001.sdmp, Offset: 03002000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3002000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66008689f0cf585ad922949da2edb2daa32fbf2a0392a0bb82c05c45471c9e0c
Instruction ID: 752450be8b69d7990f851f2dc4a81834f6198db82dc9f4fd2d6bfd6912bf7c57
Opcode Fuzzy Hash: 66008689f0cf585ad922949da2edb2daa32fbf2a0392a0bb82c05c45471c9e0c
Instruction Fuzzy Hash: 3AF07FB5911A06ABDB05CF60C4947DAF7B9FB88714F14421AD82867340C779B565CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 0300EB7C, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309138532.0000000003002000.00000040.00000001.sdmp, Offset: 03002000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3002000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90364bd81e3920fbb7ffde34cd023512d541eb50534d5a4db38c4c448c009eb6
Instruction ID: e7d7c094d2ceae6d067c1b41731b5ed2ca55511b4ecaff03ee372535e537b4eb
Opcode Fuzzy Hash: 90364bd81e3920fbb7ffde34cd023512d541eb50534d5a4db38c4c448c009eb6
Instruction Fuzzy Hash: AFF092B5910B06ABDB05CF60C4947CAFBB5BF48714F14421AD82867340C379B569CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 03013BD6, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309138532.0000000003002000.00000040.00000001.sdmp, Offset: 03002000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3002000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dd27ee32c318d6739e3447d917e9e0fe7e374f9fba598de3cff28c7ebc616fb
Instruction ID: d7427883d04fcf234aa2b91adeb6c32733c2afc0151f9e2f0cbca0aac6f203be
Opcode Fuzzy Hash: 8dd27ee32c318d6739e3447d917e9e0fe7e374f9fba598de3cff28c7ebc616fb
Instruction Fuzzy Hash: 3EF0C2B6D00B06ABDB05CF60C0847CAFBB8BB84724F14461AD82863340D378B665CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 0300D9B5, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309138532.0000000003002000.00000040.00000001.sdmp, Offset: 03002000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3002000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8d2963f46246303f5dfc391d3bb0a42326a2d3d426dcef5bde77839f5413365
Instruction ID: 66d230cb7eeb6cc07ce5243e79df6e230c999cb40431136c3d3ed14103856a85
Opcode Fuzzy Hash: d8d2963f46246303f5dfc391d3bb0a42326a2d3d426dcef5bde77839f5413365
Instruction Fuzzy Hash: 40F0C2B6D00A06ABDB44CF60C0947CAFBB8BB84724F14461AD82863340D378B669CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 03014549, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309138532.0000000003002000.00000040.00000001.sdmp, Offset: 03002000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3002000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ee906f858cd89d32a65b4db392e9ebc1f260d4331c3c9f01d387a8d2151826b
Instruction ID: 3f7d640a260859b042de84f1e79bb87e87e732259aef8377193ee11862c2f236
Opcode Fuzzy Hash: 6ee906f858cd89d32a65b4db392e9ebc1f260d4331c3c9f01d387a8d2151826b
Instruction Fuzzy Hash: A0F0C2B6D10A06ABDB04CF60C4947CAFBB8BB84724F14461AD82867340D378B665CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 03014E54, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309138532.0000000003002000.00000040.00000001.sdmp, Offset: 03002000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3002000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 399b5e4204aa9922db8ae099ee210b88e0818346baa11082d47865dcb003641a
Instruction ID: 6da1650180a78d8d98b812d0f73c9871a6f16a03e5935c474d628c4c8a1c8e91
Opcode Fuzzy Hash: 399b5e4204aa9922db8ae099ee210b88e0818346baa11082d47865dcb003641a
Instruction Fuzzy Hash: 79F0C2B5D00A06EBDB04CF60C18439AF7B4BB84718F14421AD82863340C378B565CFC0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 03000380, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.309135198.0000000003000000.00000040.00000001.sdmp, Offset: 03000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_3000000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
Instruction ID: d34860c5f71c07f5af0eb92ad1e5a8beccaa957abadfd6cd6ba89976764545e6
Opcode Fuzzy Hash: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
Instruction Fuzzy Hash: 2921F6BA6042568FEB358F298C403D9B7E9FB58314F21482EDECDE7711D3306A898B55

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: java.exe PID: 7148 Parent PID: 4644 java.exeCOMMON

Executed Functions

Function 023FD925, Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.314106089.00000000023F2000.00000040.00000001.sdmp, Offset: 023F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_23f2000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb0502b7983dcbbf45d6ec6e45fdf13283d5cbce37256ca744bec595d6d7b411
Instruction ID: af1af880f05bbd8ca3aabadde3d5744438c29db291d475d262d5172c475f5031
Opcode Fuzzy Hash: bb0502b7983dcbbf45d6ec6e45fdf13283d5cbce37256ca744bec595d6d7b411
Instruction Fuzzy Hash: 1B81CE71A04609DFDB99CF64D498BA9FBB0FF49314F0881AEDA1A4B381D734A941CF90

Uniqueness

Uniqueness Score: -1.00%

Function 023F0632, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.314102970.00000000023F0000.00000040.00000001.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_23f0000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60392962478eb443b2c3eac1ca8a1346b06c4eb38417e1efb3aaec0e1d1d181d
Instruction ID: 2cbb12442c847c2cb19362ac1f74408a3481c86ed7c04adc0d7eb67cf2f930fb
Opcode Fuzzy Hash: 60392962478eb443b2c3eac1ca8a1346b06c4eb38417e1efb3aaec0e1d1d181d
Instruction Fuzzy Hash: 301179B2C0023A8FDF68CF8CC5814ADB3B1FF98314B56412AED64A7346D3346960CB90

Uniqueness

Uniqueness Score: -1.00%

Function 023F06E2, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.314102970.00000000023F0000.00000040.00000001.sdmp, Offset: 023F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_23f0000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e513933093163475642b4a94aa170af4ed19f1dc54cbffa2c5a5906f3dfe324
Instruction ID: aa4f1437e75b1d7cfd2e6bdc8642a58145120f4ed07926d020ffe1a742d834b7
Opcode Fuzzy Hash: 9e513933093163475642b4a94aa170af4ed19f1dc54cbffa2c5a5906f3dfe324
Instruction Fuzzy Hash: 1DF0A576C0022ADB8B58CF48D4441ADF7B1FB45228B1A8496DD6C7B242D332AD62CF81

Uniqueness

Uniqueness Score: -1.00%

Function 02404AD8, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.314106089.00000000023F2000.00000040.00000001.sdmp, Offset: 023F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_23f2000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 565424907f9e94dbe12c8eae88dd0af2340cebef77b4a5a22f00aa78d2618386
Instruction ID: 6893649b0c4194b6bfc774317117063af4c753bdc037c21b23686ab1e36219af
Opcode Fuzzy Hash: 565424907f9e94dbe12c8eae88dd0af2340cebef77b4a5a22f00aa78d2618386
Instruction Fuzzy Hash: 3CF092B5910A06AFDB05CF64C5947DAF7B4FB88714F14421AD82867340C779B565CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 02403BD6, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.314106089.00000000023F2000.00000040.00000001.sdmp, Offset: 023F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_23f2000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70a90ef9afdbfc62e0f7b25b645266d4c494af9a4385537d793c36c1cafa5d20
Instruction ID: f9f9a55ab993500e44122f459c3515568b884f918a0d019c40600746a43853ea
Opcode Fuzzy Hash: 70a90ef9afdbfc62e0f7b25b645266d4c494af9a4385537d793c36c1cafa5d20
Instruction Fuzzy Hash: 8BF0C2B6D00B06ABDB058F64C5847CAFBB4BB84724F14461AD82863300D378B665CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 023FD9B5, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.314106089.00000000023F2000.00000040.00000001.sdmp, Offset: 023F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_23f2000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce5ae3c218c98543fa7f5d6860c4eadc8bd3d25fddb15f57732ca4bb55e82dac
Instruction ID: f6bdc837160f200ea08bfacb72d30e74ed6cc46d29e334ec79f2fa63ff1fbf8b
Opcode Fuzzy Hash: ce5ae3c218c98543fa7f5d6860c4eadc8bd3d25fddb15f57732ca4bb55e82dac
Instruction Fuzzy Hash: A9F0C2B6D00A06ABDB448F64C5947CAFBB4BB84724F14461AD82863300D378B669CFC0

Uniqueness

Uniqueness Score: -1.00%

Function 02404549, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.314106089.00000000023F2000.00000040.00000001.sdmp, Offset: 023F2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_23f2000_java.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cfcbbe8c4b49a932f21c14add593067fe4ec0cb8400c985bc46d92134180f5b
Instruction ID: c064929421fe1ce0cba5e4a85dee295997c7bd4095c1a3aaf64d0383b99b58e4
Opcode Fuzzy Hash: 6cfcbbe8c4b49a932f21c14add593067fe4ec0cb8400c985bc46d92134180f5b
Instruction Fuzzy Hash: 85F0C2B6D10A06ABDB048F64C5947CAFBB4FB84724F14461AD82867300D378B665CFC0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the binaries used by services. Adversaries may use flaws in the permissions of Windows services to replace the binary that is executed upon service start. These service processes may automatically execute specific binaries as part of their functionality or to perform other actions. If the permissions on the file system directory containing a target binary, or permissions on the binary itself are improperly set, then the target binary may be overwritten with another binary using user-level permissions and executed by the original process. If the original process and thread are running under a higher permissions level, then the replaced binary will also execute under higher-level permissions, which could include SYSTEM.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Services
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report jxplorer-3.3.1.2-windows-installer.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: jxplorer-3.3.1.2-windows-installer.exe PID: 4644 Parent PID: 5096

General

File Activities