Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.8697.17037.exe

Overview

General Information

Sample name:	SecuriteInfo.com.FileRepMalware.8697.17037.exe
Analysis ID:	1501325
MD5:	8eb33cfbc3fccab789e6f96cd7b4553b
SHA1:	27a8160581bc7413b2ba118bb737f2fca61cd6c6
SHA256:	3cf61b6951d14daddeac3838d212ab9df11624c39838fca00aee497458639b9c
Tags:	exe
Infos:

Detection

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

AV process strings found (often used to terminate AV products)

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to communicate with device drivers

Contains functionality to create an SMB header

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found potential string decryption / allocating functions

Potential key logger detected (key state polling based)

Program does not show much activity (idle)

Sample execution stops while process was sleeping (likely an evasion)

Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

System is w10x64

SecuriteInfo.com.FileRepMalware.8697.17037.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe" MD5: 8EB33CFBC3FCCAB789E6F96CD7B4553B)

conhost.exe (PID: 7492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.101.104.92/mapp.exe	Avira URL Cloud: Label: malware
Source: http://185.101.104.92/fuck1.sys	Avira URL Cloud: Label: malware

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.5% probability

Machine Learning detection for sample

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2E5E0 CryptAcquireContextA,CryptCreateHash,	0_2_00007FF764B2E5E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2C52D strtol,strchr,strchr,strncmp,strncmp,strncmp,strncmp,strncmp,strncmp,strncmp,strncmp,strchr,CertOpenStore,GetLastError,CryptStringToBinaryA,CertFindCertificateInStore,fopen,fseek,ftell,fseek,fread,fclose,MultiByteToWideChar,PFXImportCertStore,GetLastError,CertFindCertificateInStore,GetLastError,CertCloseStore,CertCloseStore,CertFreeCertificateContext,fclose,CertFreeCertificateContext,	0_2_00007FF764B2C52D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B486D0 GetLastError,CreateFileA,GetLastError,GetFileSizeEx,GetLastError,ReadFile,strstr,strstr,CryptQueryObject,CertAddCertificateContextToStore,CertFreeCertificateContext,GetLastError,GetLastError,GetLastError,CloseHandle,	0_2_00007FF764B486D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2E630 CryptHashData,	0_2_00007FF764B2E630
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2E640 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	0_2_00007FF764B2E640
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2B8F0 memset,CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	0_2_00007FF764B2B8F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2B820 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext,	0_2_00007FF764B2B820
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B51210 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	0_2_00007FF764B51210
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B4F120 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,	0_2_00007FF764B4F120
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B47DB0 CertOpenStore,GetLastError,CertCreateCertificateChainEngine,GetLastError,CertGetCertificateChain,GetLastError,CertGetNameStringA,CertFindExtension,CryptDecodeObjectEx,CertGetNameStringA,CertFindExtension,CryptDecodeObjectEx,CertFreeCertificateChainEngine,CertCloseStore,CertFreeCertificateChain,CertFreeCertificateContext,	0_2_00007FF764B47DB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: -----BEGIN PUBLIC KEY-----		0_2_00007FF764B12510
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: -----BEGIN PUBLIC KEY-----

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: mov dword ptr [rbp+04h], 424D53FFh

0_2_00007FF764B3AF20

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764AE9AF4 Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,URLDownloadToFileA,system,system,

0_2_00007FF764AE9AF4

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: http://185.101.104.92/fuck1.sys
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: http://185.101.104.92/fuck1.sysC:
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: http://185.101.104.92/mapp.exe
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: http://185.101.104.92/mapp.exeC:
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: http://fontello.com
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: http://fontello.comCopyright
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: http://www.josbuivenga.demon.nl
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: http://www.josbuivenga.demon.nlCopyright
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: http://www.josbuivenga.demon.nlMuseo
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: https://keyauth.win/api/1.2/
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	String found in binary or memory: https://keyauth.win/api/1.2/vqdudtxqydjybehtmcjlwnbbbflfdrohjbpsqagcexsshuarkpwfcvbcdolruouthxdizrwn

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764AB0138 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,

0_2_00007FF764AB0138

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764AB0138 OpenClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,

0_2_00007FF764AB0138

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764AA8FE8 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,memcpy,GlobalUnlock,CloseClipboard,

0_2_00007FF764AA8FE8

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764AED61C memset,PeekMessageA,TranslateMessage,DispatchMessageA,GetForegroundWindow,GetWindow,SetWindowPos,GetAsyncKeyState,exit,memset,memset,GetClientRect,ClientToScreen,GetCursorPos,GetAsyncKeyState,SetWindowPos,DestroyWindow,

0_2_00007FF764AED61C

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764AC07C8 GetClientRect,QueryPerformanceCounter,GetKeyState,GetKeyState,GetKeyState,ClientToScreen,SetCursorPos,GetActiveWindow,GetCursorPos,ScreenToClient,

0_2_00007FF764AC07C8

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764B4F120 CryptAcquireContextA,CryptImportKey,CryptReleaseContext,CryptEncrypt,CryptDestroyKey,CryptReleaseContext,

0_2_00007FF764B4F120

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764AE83BC: DeviceIoControl,

0_2_00007FF764AE83BC

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2C5EC	0_2_00007FF764B2C5EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2C5F5	0_2_00007FF764B2C5F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ACE600	0_2_00007FF764ACE600
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2C52D	0_2_00007FF764B2C52D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ABE6B8	0_2_00007FF764ABE6B8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AB67DC	0_2_00007FF764AB67DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B16760	0_2_00007FF764B16760
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ABC898	0_2_00007FF764ABC898
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC48F8	0_2_00007FF764AC48F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B42860	0_2_00007FF764B42860
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AFC1C0	0_2_00007FF764AFC1C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF21DC	0_2_00007FF764AF21DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF22CA	0_2_00007FF764AF22CA
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC429C	0_2_00007FF764AC429C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2A2B0	0_2_00007FF764B2A2B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B36E10	0_2_00007FF764B36E10
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AECD18	0_2_00007FF764AECD18
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B24E80	0_2_00007FF764B24E80
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF6E60	0_2_00007FF764AF6E60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ABCF3C	0_2_00007FF764ABCF3C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC6F7C	0_2_00007FF764AC6F7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ABB0B4	0_2_00007FF764ABB0B4
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC309C	0_2_00007FF764AC309C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC1090	0_2_00007FF764AC1090
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B1B040	0_2_00007FF764B1B040
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AFA9D0	0_2_00007FF764AFA9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B2E9F0	0_2_00007FF764B2E9F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AD69DC	0_2_00007FF764AD69DC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B1CAA0	0_2_00007FF764B1CAA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ACABCC	0_2_00007FF764ACABCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF6BB0	0_2_00007FF764AF6BB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF8C40	0_2_00007FF764AF8C40
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC55A0	0_2_00007FF764AC55A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B03545	0_2_00007FF764B03545
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF3533	0_2_00007FF764AF3533
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ABF698	0_2_00007FF764ABF698
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AED61C	0_2_00007FF764AED61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B3F640	0_2_00007FF764B3F640
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AE765C	0_2_00007FF764AE765C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC1804	0_2_00007FF764AC1804
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AAD8AC	0_2_00007FF764AAD8AC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF7900	0_2_00007FF764AF7900
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AB5828	0_2_00007FF764AB5828
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B43890	0_2_00007FF764B43890
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AFD860	0_2_00007FF764AFD860
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B511A0	0_2_00007FF764B511A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B4F120	0_2_00007FF764B4F120
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ABD2CC	0_2_00007FF764ABD2CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ACF2F8	0_2_00007FF764ACF2F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF340E	0_2_00007FF764AF340E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AFD390	0_2_00007FF764AFD390
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AA34BC	0_2_00007FF764AA34BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC1420	0_2_00007FF764AC1420
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF7490	0_2_00007FF764AF7490
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B47DB0	0_2_00007FF764B47DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AE9D2C	0_2_00007FF764AE9D2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC7E50	0_2_00007FF764AC7E50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ABFE50	0_2_00007FF764ABFE50
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC2000	0_2_00007FF764AC2000
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764ACDF7C	0_2_00007FF764ACDF7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B080D0	0_2_00007FF764B080D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B279D0	0_2_00007FF764B279D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B3B940	0_2_00007FF764B3B940
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC7AB0	0_2_00007FF764AC7AB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B13A30	0_2_00007FF764B13A30
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B21B80	0_2_00007FF764B21B80
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF9B20	0_2_00007FF764AF9B20
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B19D00	0_2_00007FF764B19D00
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B1BC60	0_2_00007FF764B1BC60
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AF7C40	0_2_00007FF764AF7C40
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764AC1C18	0_2_00007FF764AC1C18

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764B07640 appears 46 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764B03C70 appears 49 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764B1C070 appears 31 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764B07710 appears 36 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764AD8E18 appears 69 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764B1C150 appears 33 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764B18CF0 appears 381 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764B528EC appears 49 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764B13670 appears 70 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: String function: 00007FF764B18E70 appears 321 times

Source: classification engine

Classification label: mal76.evad.winEXE@2/0@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764B02710 GetLastError,_errno,FormatMessageA,strchr,strncpy,_errno,_errno,GetLastError,SetLastError,

0_2_00007FF764B02710

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764AE8444 CreateToolhelp32Snapshot,Process32First,lstrcmpiA,CloseHandle,Process32Next,CloseHandle,

0_2_00007FF764AE8444

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7492:120:WilError_03

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

ReversingLabs: Detection: 57%

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

String found in binary or memory: iphlpapi.dllif_nametoindexkernel32LoadLibraryExA\/AddDllDirectory00

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe "C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: d3dx9_43.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Section loaded: wldp.dll	Jump to behavior

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764B1B940 GetModuleHandleA,GetProcAddress,strpbrk,LoadLibraryA,GetProcAddress,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,

0_2_00007FF764B1B940

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: PROCESSHACKER.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: PROCMON.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: IDAG.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: OLLYDBG.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: PEID.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: X64DBG.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: REGMON.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: NTUSERSENDINPUTWIN32UNTUSERSENDINPUTUSER32SENDINPUTUSER32NTUSERGETASYNCKEYSTATEWIN32UNTUSERGETASYNCKEYSTATEUSER32GETASYNCKEYSTATEUSER32.EXE0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\\.\ONKZAOOBRABOLEFT MOUSE BUTTONRIGHT MOUSE BUTTONMIDDLE MOUSE BUTTONMOUSE SIDE 1MOUSE SIDE 2CONTROL-BREAK PROCESSINGBACKSPACETABCLEARENTERSHIFTCTRLALTCAPS LOCKESCSPACE0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZNUMPAD 0NUMPAD 1NUMPAD 2NUMPAD 3NUMPAD 4NUMPAD 5NUMPAD 6NUMPAD 7NUMPAD 8NUMPAD 9MULTIPLYHEADNECKCHESTPELVISINFNAN(IND)NANNAN(SNAN)INFNAN(IND)NANNAN(SNAN)INFNAN(IND)NANNAN(SNAN)/C CMD.EXEINFNAN(IND)NANNAN(SNAN)INFNAN(IND)NANNAN(SNAN)12INFNAN(IND)NANNAN(SNAN)ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789TASKMGR.EXETASKMGR.EXEDIEC.EXEDWNEJFE.EXEWIN64.EXENFSYSTEMINFORMER.EXEINITYPROCESSHACKER.EXEFILEALYZER2.EXERESOURCEHACKER.EXEDEPENDS.EXEPEXPLORER.EXEDIEL.EXEDIE.EXEPPEE.EXEPE-BEAR.EXELORDPE.EXEANPEID.EXEWIRESHARK.EXETCPVIEW.EXEINDPROCEXP64.EXESNANPROCEXP.EXEREGMON.EXEFILEMON.EXEPROCMON.EXESCYLLA_X86.EXESCYLLA_X64.EXEOLLYDUMPEX_SA64.EXEOLLYDUMPEX_SA32.EXEHXD.EXEIMMUNITYDEBUGGER.EXEIMMUNITYDEBUGGER.EXEWINDBG.EXEIDAQ.EXEIDAW.EXEIDAG.EXEX96DBG.EXEX64DBG.EXEX32DBG.EXEOLLYDBG.EXEIDA64.EXEDOTPEEK64.EXEIDA32.EXEIDA.EXERECLASS.NET.EXERECLASS.EXEHEYRAYS.EXELIGHTHOUSE.EXECHEATENGINE-X86_64.EXECLASSINFORMER.EXEIDA-X86EMU.EXECFFEXPLORER.EXEWINHEX.EXEHIEW.EXEFIDDLER.EXEHTTPDEBUGGER.EXEHTTPDEBUGGERPRO.EXESCYLLA.EXECHEAT ENGINE.EXEDNSPY.EXEDNSPY.CONSOLE.EXEHTTP://185.101.104.92/MAPP.EXEC:\WINDOWS\SYSTEM\MAPP.EXEHTTP://185.101.104.92/FUCK1.SYSC:\WINDOWS\SYSTEM\FUCK1.SYSCD C:\START C:\WINDOWS\SYSTEM\MAPP.EXE C:\WINDOWS\SYSTEM\FUCK1.SYS0E+00NFINITYANINDSNAN0E+000P+0LEFT MOUSERIGHT MOUSECANCELMIDDLE MOUSEMOUSE 50P+0MOUSE 4BACKSPACETABCLEARENTERSHIFTCONTROLALTPAUSECAPSESCAPESPACEPAGE UPPAGE DOWNENDHOMELEFTUPRIGHTDOWNPRINTINSERTDELETE0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZNUMPAD 0NUMPAD 1NUMPAD 2NUMPAD 3NUMPAD 4NUMPAD 5NUMPAD 6NUMPAD 7NUMPAD 8NUMPAD 9MULTIPLYADDSUBTRACTDECIMALDIVIDEF1F2F3F4F5F6F7F8F9F10F11F12LEFT MOUSERIGHT MOUSECANCELMIDDLE MOUSEMOUSE 5MOUSE 4BACKSPACETABCLEARENTERSHIFTCONTROLALTPAUSECAPSESCAPESPACEPAGE UPPAGE DOWNENDHOMELEFTUPRIGHTDOWNPRINTINSERTDELETE0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZNUMPAD 0NUMPAD 1NUMPAD 2NUMPAD 3NUMPAD 4NUMPAD 5NUMPAD 6NUMPAD 7NUMPAD 8NUMPAD 9MULTIPLYADDSUBTRACTDECIMALDIVIDEF1F2F3F4F5F6F7F8F9F10F11F12LEFT MOUSERIGHT MOUSECANCELMIDDLE MOUSEMOUSE 5MOUSE 4BACKSPACETABCLEARENTERSHIFTCONTROLALTPAUSECAPSESCAPESPACEPAGE UPPAGE DOWNENDHOMELEFTUPRIGHTDOWNPRINTINSERTDELETE01234567
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: WINDBG.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: FIDDLER.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: IDAQ.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: WIRESHARK.EXE
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe	Binary or memory string: FILEMON.EXE

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe

Binary or memory string: DbgviewClassprotection_ididaqidaq64ida64ida32syserlordpecaptainhookhooksharkfakenetwindsocktcpviewwinhexfilemonregmonsofticevmwarevirtualboxwineqemubochscodeveinresourcehackerreshackerBluestacksAnti-debugging testntdll.dllNtQueryInformationProcess\\.\CEDRIVER72\\.\x64dbgntdll.dllNtRaiseHardErrorBSOD triggered successfully.

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764B52798 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00007FF764B52798

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764B52798 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00007FF764B52798

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764B1B940 GetModuleHandleA,GetProcAddress,strpbrk,LoadLibraryA,GetProcAddress,GetSystemDirectoryA,GetSystemDirectoryA,LoadLibraryA,

0_2_00007FF764B1B940

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764B067D0 GetProcessHeap,

0_2_00007FF764B067D0

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B522D8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF764B522D8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B5247C SetUnhandledExceptionFilter,	0_2_00007FF764B5247C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe	Code function: 0_2_00007FF764B52020 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF764B52020

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764AE765C mouse_event,

0_2_00007FF764AE765C

Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe

Code function: 0_2_00007FF764B52528 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF764B52528

Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000000.1652411390.00007FF764B56000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: procmon.exe
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000000.1652411390.00007FF764B56000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OLLYDBG.exe
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000000.1652411390.00007FF764B56000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: wireshark.exe
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000000.1652411390.00007FF764B56000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: procexp.exe
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000000.1652411390.00007FF764B56000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: LordPE.exe
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000000.1652411390.00007FF764B56000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: Tcpview.exe
Source: SecuriteInfo.com.FileRepMalware.8697.17037.exe, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000000.1652411390.00007FF764B56000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.FileRepMalware.8697.17037.exe, 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: regmon.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	1 Process Injection	21 Input Capture	1 System Time Discovery	1 Exploitation of Remote Services	21 Input Capture	2 Encrypted Channel	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	141 Security Software Discovery	Remote Desktop Protocol	12 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Obfuscated Files or Information	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	3 Clipboard Data	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	2 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
SecuriteInfo.com.FileRepMalware.8697.17037.exe	58%	ReversingLabs	Win64.Trojan.Barys
SecuriteInfo.com.FileRepMalware.8697.17037.exe	100%	Avira	HEUR/AGEN.1316761
SecuriteInfo.com.FileRepMalware.8697.17037.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://fontello.com	0%	URL Reputation	safe
https://curl.haxx.se/docs/http-cookies.html	0%	URL Reputation	safe
http://185.101.104.92/mapp.exeC:	0%	Avira URL Cloud	safe
http://fontello.comCopyright	0%	Avira URL Cloud	safe
http://185.101.104.92/fuck1.sysC:	0%	Avira URL Cloud	safe
http://www.josbuivenga.demon.nlMuseo	0%	Avira URL Cloud	safe
http://www.josbuivenga.demon.nl	0%	Avira URL Cloud	safe
https://keyauth.win/api/1.2/vqdudtxqydjybehtmcjlwnbbbflfdrohjbpsqagcexsshuarkpwfcvbcdolruouthxdizrwn	0%	Avira URL Cloud	safe
http://185.101.104.92/mapp.exe	100%	Avira URL Cloud	malware
https://curl.haxx.se/docs/http-cookies.html#	0%	Avira URL Cloud	safe
http://www.josbuivenga.demon.nlCopyright	0%	Avira URL Cloud	safe
http://185.101.104.92/fuck1.sys	100%	Avira URL Cloud	malware
https://keyauth.win/api/1.2/	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.josbuivenga.demon.nlMuseo	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: safe	unknown
http://185.101.104.92/mapp.exeC:	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: safe	unknown
http://www.josbuivenga.demon.nl	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: safe	unknown
http://fontello.comCopyright	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: safe	unknown
http://185.101.104.92/mapp.exe	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: malware	unknown
http://fontello.com	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	URL Reputation: safe	unknown
http://www.josbuivenga.demon.nlCopyright	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: safe	unknown
http://185.101.104.92/fuck1.sys	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: malware	unknown
http://185.101.104.92/fuck1.sysC:	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: safe	unknown
https://keyauth.win/api/1.2/vqdudtxqydjybehtmcjlwnbbbflfdrohjbpsqagcexsshuarkpwfcvbcdolruouthxdizrwn	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: safe	unknown
https://curl.haxx.se/docs/http-cookies.html	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	URL Reputation: safe	unknown
https://curl.haxx.se/docs/http-cookies.html#	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: safe	unknown
https://keyauth.win/api/1.2/	SecuriteInfo.com.FileRepMalware.8697.17037.exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501325
Start date and time:	2024-08-29 18:44:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.FileRepMalware.8697.17037.exe
Detection:	MAL
Classification:	mal76.evad.winEXE@2/0@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 221
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target SecuriteInfo.com.FileRepMalware.8697.17037.exe, PID 7484 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
VT rate limit hit for: SecuriteInfo.com.FileRepMalware.8697.17037.exe

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	6.636722235377553
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.FileRepMalware.8697.17037.exe
File size:	1'022'464 bytes
MD5:	8eb33cfbc3fccab789e6f96cd7b4553b
SHA1:	27a8160581bc7413b2ba118bb737f2fca61cd6c6
SHA256:	3cf61b6951d14daddeac3838d212ab9df11624c39838fca00aee497458639b9c
SHA512:	967d7c1c6ca0887b863ab300eaaa277c994d75993d1cc7ac67cf9783ab99bf437224c7a017c842a3557f3293a3398b3549b59def1dd78c41b43869516a39c32c
SSDEEP:	24576:aexdNwVn2WMhft1qs5UZMIlHZnVbvwAM:ae7NwBmfODTnVM
TLSH:	0E25AD0AA3B801F6D0BBD039D552A217F6B1349A03209BC757E1896A3FA37F05E7E751
File Content Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........{...(...(...(..@(...(...)...(...(...(...)...(...)...(...)...(#..)...(...)...(...)...(w.O(...(...)...(.B.(...(...(F..(...)...

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x1400b1f84
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66CC8B18 [Mon Aug 26 14:03:04 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	0b5ed182a18f08e11ae5e8b9937998f5

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F1F88DB8020h
dec eax
add esp, 28h
jmp 00007F1F88DB78F7h
int3
int3
dec eax
mov eax, esp
dec eax
mov dword ptr [eax+08h], ebx
dec eax
mov dword ptr [eax+10h], ebp
dec eax
mov dword ptr [eax+18h], esi
dec eax
mov dword ptr [eax+20h], edi
inc ecx
push esi
dec eax
sub esp, 20h
dec ebp
mov edx, dword ptr [ecx+38h]
dec eax
mov esi, edx
dec ebp
mov esi, eax
dec eax
mov ebp, ecx
dec ecx
mov edx, ecx
dec eax
mov ecx, esi
dec ecx
mov edi, ecx
inc ecx
mov ebx, dword ptr [edx]
dec eax
shl ebx, 04h
dec ecx
add ebx, edx
dec esp
lea eax, dword ptr [ebx+04h]
call 00007F1F88DB743Fh
mov eax, dword ptr [ebp+04h]
and al, 66h
neg al
mov eax, 00000001h
sbb edx, edx
neg edx
add edx, eax
test dword ptr [ebx+04h], edx
je 00007F1F88DB7A93h
dec esp
mov ecx, edi
dec ebp
mov eax, esi
dec eax
mov edx, esi
dec eax
mov ecx, ebp
call 00007F1F88DB833Fh
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov ebp, dword ptr [esp+38h]
dec eax
mov esi, dword ptr [esp+40h]
dec eax
mov edi, dword ptr [esp+48h]
dec eax
add esp, 20h
inc ecx
pop esi
ret
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [00004257h]
dec eax
mov ecx, ebx
call dword ptr [00004246h]
call dword ptr [00004328h]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[IMP] VS2005 build 50727

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xd6aa8	0x26c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xfd000	0x1e8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0xf5000	0x77e8	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xfe000	0xaa4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xcca70	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xccb00	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xcc930	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xb6000	0xe30	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xb455c	0xb4600	0f848939359e58b2ba6b73436a7d436e	False	0.5121369867463618	data	6.411669766265621	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xb6000	0x241c2	0x24200	a21c1e1772d3b245f43e149e508a887b	False	0.4273626730103806	data	5.885295261235386	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xdb000	0x19f90	0x18800	5843790d5b73af1ac07c07dd7748bcc0	False	0.4850924744897959	MMDF mailbox	6.8745845402578905	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0xf5000	0x77e8	0x7800	289e918496c1253a77a8c572aeb1aea9	False	0.47275390625	data	6.001277559462806	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xfd000	0x1e8	0x200	dd36ed25d4bc65bfe7167fb312ace6dc	False	0.544921875	data	4.772037401703051	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xfe000	0xaa4	0xc00	9aef51a6c42aea3894230f4afb0ea296	False	0.3955078125	data	5.1839833532221675	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0xfd060	0x188	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5892857142857143

Imports

DLL	Import
d3d9.dll	Direct3DCreate9Ex
dwmapi.dll	DwmExtendFrameIntoClientArea
KERNEL32.dll	HeapDestroy, HeapAlloc, HeapReAlloc, HeapFree, HeapSize, GetProcessHeap, InitializeCriticalSectionEx, DeleteCriticalSection, VirtualProtect, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, GetModuleHandleA, QueryFullProcessImageNameW, FormatMessageA, LocalFree, EnterCriticalSection, LeaveCriticalSection, SleepEx, VerSetConditionMask, GetSystemDirectoryA, FreeLibrary, DeviceIoControl, GetConsoleWindow, GetEnvironmentVariableA, GetFileType, ReadFile, PeekNamedPipe, WaitForMultipleObjects, GetFileSizeEx, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, IsDebuggerPresent, GetCurrentProcessId, SetConsoleTitleA, SetConsoleWindowInfo, GetCurrentThreadId, GetSystemTimeAsFileTime, SetLastError, GetLastError, CreateToolhelp32Snapshot, Process32Next, WaitForSingleObjectEx, Process32First, SetConsoleTextAttribute, SetConsoleScreenBufferSize, WideCharToMultiByte, MultiByteToWideChar, lstrcmpiA, LoadLibraryA, GetProcAddress, GetModuleHandleW, GetModuleFileNameA, GetTickCount, DebugBreak, CreateThread, TerminateProcess, ExitProcess, GetCurrentProcess, Sleep, MoveFileExA, CloseHandle, CreateFileW, CreateFileA, GetStdHandle, QueryPerformanceFrequency, QueryPerformanceCounter, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, OutputDebugStringW, VerifyVersionInfoA, InitializeSListHead
USER32.dll	SetCursor, GetCursorPos, ClientToScreen, ScreenToClient, LoadCursorA, TranslateMessage, DispatchMessageA, PeekMessageA, DefWindowProcA, PostQuitMessage, RegisterClassA, UnregisterClassA, CreateWindowExA, DestroyWindow, GetCapture, GetKeyState, GetActiveWindow, SetCursorPos, GetClientRect, SetLayeredWindowAttributes, MoveWindow, SetWindowDisplayAffinity, GetAsyncKeyState, mouse_event, GetSystemMetrics, UpdateWindow, GetForegroundWindow, EmptyClipboard, GetClipboardData, GetWindowRect, GetWindowLongA, SetWindowLongA, GetWindowLongPtrA, SetWindowLongPtrA, FindWindowA, SetWindowPos, GetWindow, ReleaseCapture, ShowWindow, SetClipboardData, CloseClipboard, OpenClipboard, MessageBoxA, SetCapture
GDI32.dll	GetStockObject
SHELL32.dll	ShellExecuteA
d3dx9_43.dll	D3DXCreateTextureFromFileInMemory
IMM32.dll	ImmReleaseContext, ImmGetContext, ImmSetCompositionWindow
MSVCP140.dll	?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z, ?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z, ?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z, ?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ, ?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ, ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z, ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ, ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z, ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z, ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ, ?id@?$ctype@D@std@@2V0locale@2@A, ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A, ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A, ?setf@ios_base@std@@QEAAHHH@Z, ?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z, ?_Xbad_function_call@std@@YAXXZ, ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z, ?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z, ?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ, ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ, ?getloc@ios_base@std@@QEBA?AVlocale@2@XZ, ?width@ios_base@std@@QEAA_J_J@Z, ?width@ios_base@std@@QEBA_JXZ, ?flags@ios_base@std@@QEBAHXZ, ?good@ios_base@std@@QEBA_NXZ, ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z, ?is@?$ctype@D@std@@QEBA_NFD@Z, ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ, ??Bid@locale@std@@QEAA_KXZ, _Cnd_do_broadcast_at_thread_exit, _Mtx_unlock, _Mtx_lock, _Mtx_destroy_in_situ, _Mtx_init_in_situ, _Thrd_id, _Thrd_sleep, _Thrd_join, _Query_perf_frequency, _Query_perf_counter, _Xtime_get_ticks, ?uncaught_exceptions@std@@YAHXZ, ?_Xout_of_range@std@@YAXPEBD@Z, ??1_Lockit@std@@QEAA@XZ, ??0_Lockit@std@@QEAA@H@Z, ?_Xlength_error@std@@YAXPEBD@Z, ?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ, ?_Throw_Cpp_error@std@@YAXH@Z
urlmon.dll	URLDownloadToFileA
Normaliz.dll	IdnToAscii
WLDAP32.dll
CRYPT32.dll	CertFreeCertificateChain, CertGetCertificateChain, CertFreeCertificateChainEngine, CertCreateCertificateChainEngine, CryptQueryObject, CertGetNameStringA, CertOpenStore, CertCloseStore, CertEnumCertificatesInStore, CertFindCertificateInStore, CertFreeCertificateContext, CryptStringToBinaryA, PFXImportCertStore, CryptDecodeObjectEx, CertAddCertificateContextToStore, CertFindExtension
WS2_32.dll	closesocket, recv, send, ntohl, gethostname, sendto, recvfrom, freeaddrinfo, getaddrinfo, select, __WSAFDIsSet, ioctlsocket, listen, htonl, accept, WSACleanup, WSAStartup, WSAIoctl, WSASetLastError, socket, setsockopt, ntohs, htons, getsockopt, getsockname, getpeername, connect, bind, WSAGetLastError
RPCRT4.dll	UuidToStringA, UuidCreate, RpcStringFreeA
PSAPI.DLL	GetModuleInformation
USERENV.dll	UnloadUserProfile
VCRUNTIME140.dll	__std_terminate, strstr, memchr, memcpy, memset, __current_exception_context, __std_exception_copy, __std_exception_destroy, _CxxThrowException, memcmp, __C_specific_handler, strchr, __current_exception, strrchr, memmove
VCRUNTIME140_1.dll	__CxxFrameHandler4
api-ms-win-crt-string-l1-1-0.dll	strcspn, isupper, isalnum, strpbrk, tolower, isprint, strcmp, _strdup, wcscpy, strlen, strncmp, strspn, strncpy
api-ms-win-crt-stdio-l1-1-0.dll	fread, fseek, ftell, __stdio_common_vsnprintf_s, __stdio_common_vsprintf_s, fgets, _pclose, _popen, fwrite, _set_fmode, __stdio_common_vfprintf, __stdio_common_vsprintf, __stdio_common_vsscanf, _open, __acrt_iob_func, _close, _write, fputc, fopen, fclose, _read, fputs, __p__commode, fflush, feof, _lseeki64, _wfopen
api-ms-win-crt-heap-l1-1-0.dll	free, realloc, calloc, _callnewh, malloc, _set_new_mode
api-ms-win-crt-utility-l1-1-0.dll	srand, rand, qsort
api-ms-win-crt-math-l1-1-0.dll	fabs, atan2, sinf, asin, sqrtf, tanf, floorf, cosf, ceilf, atan2f, sqrt, fmodf, powf, pow, __setusermatherr, _dclass
api-ms-win-crt-runtime-l1-1-0.dll	_c_exit, __p___argc, _initterm_e, _initterm, _get_initial_narrow_environment, exit, _resetstkoflw, system, _set_app_type, _seh_filter_exe, _cexit, _register_thread_local_exe_atexit_callback, _crt_atexit, _register_onexit_function, _initialize_onexit_table, _initialize_narrow_environment, _configure_narrow_argv, _invalid_parameter_noinfo_noreturn, _beginthreadex, _getpid, strerror, __p___argv, __sys_nerr, _exit, _errno, terminate, _invalid_parameter_noinfo
api-ms-win-crt-convert-l1-1-0.dll	strtoll, strtoul, strtol, strtod, strtoull, atoi, atof
api-ms-win-crt-filesystem-l1-1-0.dll	_stat64, _fstat64, _unlink, _access
api-ms-win-crt-time-l1-1-0.dll	_localtime64_s, strftime, _time64, _gmtime64
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale, localeconv
ADVAPI32.dll	CryptGenRandom, CryptCreateHash, CryptEncrypt, CryptImportKey, OpenProcessToken, AddAccessAllowedAce, GetLengthSid, GetTokenInformation, InitializeAcl, IsValidSid, SetSecurityInfo, CopySid, ConvertSidToStringSidA, CryptAcquireContextA, CryptReleaseContext, CryptGetHashParam, CryptDestroyHash, CryptDestroyKey, CryptHashData

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Target ID:	0
Start time:	12:44:57
Start date:	29/08/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.8697.17037.exe"
Imagebase:	0x7ff764aa0000
File size:	1'022'464 bytes
MD5 hash:	8EB33CFBC3FCCAB789E6F96CD7B4553B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	12:44:57
Start date:	29/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Function 00007FF764AE9D2C Relevance: 139.5, APIs: 40, Strings: 39, Instructions: 1219sleepkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AC07C8: GetClientRect.USER32 ref: 00007FF764AC07FB
Part of subcall function 00007FF764AC07C8: QueryPerformanceCounter.KERNEL32 ref: 00007FF764AC0829
Part of subcall function 00007FF764AC07C8: GetKeyState.USER32 ref: 00007FF764AC0867
Part of subcall function 00007FF764AC07C8: GetKeyState.USER32 ref: 00007FF764AC087F
Part of subcall function 00007FF764AC07C8: GetKeyState.USER32 ref: 00007FF764AC0895
Part of subcall function 00007FF764AC07C8: ClientToScreen.USER32 ref: 00007FF764AC08DF
Part of subcall function 00007FF764AC07C8: SetCursorPos.USER32 ref: 00007FF764AC08EB
Part of subcall function 00007FF764AC07C8: GetActiveWindow.USER32 ref: 00007FF764AC08FB
Part of subcall function 00007FF764AC07C8: GetCursorPos.USER32 ref: 00007FF764AC090E
Part of subcall function 00007FF764AC07C8: ScreenToClient.USER32 ref: 00007FF764AC0923

GetAsyncKeyState.USER32 ref: 00007FF764AE9D5C
Sleep.KERNEL32 ref: 00007FF764AE9D96
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AE9F48
D3DXCreateTextureFromFileInMemory.D3DX9_43 ref: 00007FF764AEA09E
D3DXCreateTextureFromFileInMemory.D3DX9_43 ref: 00007FF764AEA0C8
D3DXCreateTextureFromFileInMemory.D3DX9_43 ref: 00007FF764AEA0F2
D3DXCreateTextureFromFileInMemory.D3DX9_43 ref: 00007FF764AEA11C
D3DXCreateTextureFromFileInMemory.D3DX9_43 ref: 00007FF764AEA146
_scwprintf.LIBCMT ref: 00007FF764AEA1A8
_scwprintf.LIBCMT ref: 00007FF764AEA1B4
_scwprintf.LIBCMT ref: 00007FF764AEA1C0

Part of subcall function 00007FF764AD1C0C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AD1C2E

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AEA21D
_scwprintf.LIBCMT ref: 00007FF764AEA225
_scwprintf.LIBCMT ref: 00007FF764AEA231
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AEA3A9
~.LIBCPMTD ref: 00007FF764AEA3DB
_scwprintf.LIBCMT ref: 00007FF764AEA3B1

Part of subcall function 00007FF764ADADE4: ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF764ADAE0E

_scwprintf.LIBCMT ref: 00007FF764AEA3EC
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AEA449
_scwprintf.LIBCMT ref: 00007FF764AEA451
_scwprintf.LIBCMT ref: 00007FF764AEA4A7
_scwprintf.LIBCMT ref: 00007FF764AEA4B3
_scwprintf.LIBCMT ref: 00007FF764AEA528
_scwprintf.LIBCMT ref: 00007FF764AEA562
_scwprintf.LIBCMT ref: 00007FF764AEA5FF
_scwprintf.LIBCMT ref: 00007FF764AEA60B
_scwprintf.LIBCMT ref: 00007FF764AEA617

Part of subcall function 00007FF764AD8F78: ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ.MSVCP140 ref: 00007FF764AD8FC1
Part of subcall function 00007FF764AD8F78: ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z.MSVCP140 ref: 00007FF764AD8FEF

Part of subcall function 00007FF764AD8D2C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AD8D49

Part of subcall function 00007FF764AEC3E8: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AEC3F6
Part of subcall function 00007FF764AEC3E8: strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF764AEC406

Part of subcall function 00007FF764AEC478: shared_ptr.LIBCMTD ref: 00007FF764AEC4C2
Part of subcall function 00007FF764AEC478: strftime.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF764AEC4E0

Part of subcall function 00007FF764AD9F08: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AD9F23

Strings

ESP, xrefs: 00007FF764AEA610
0, xrefs: 00007FF764AEAD0C
Aim Settings:, xrefs: 00007FF764AEA521
HWID : , xrefs: 00007FF764AEA3E5
Aim Key, xrefs: 00007FF764AEA55B
%.3f, xrefs: 00007FF764AEA5B2
Dynamic FOV, xrefs: 00007FF764AEA7C0
Filled Box, xrefs: 00007FF764AEA670
Aim FOV, xrefs: 00007FF764AEA598
Show Particles, xrefs: 00007FF764AEA7A8
Distance ESP, xrefs: 00007FF764AEA688
Enable Aimbot, xrefs: 00007FF764AEA4BF
Crosshair, xrefs: 00007FF764AEA50B
Aimbot Smoothness, xrefs: 00007FF764AEA5D5
Name ESP, xrefs: 00007FF764AEA6A5
Snaplines, xrefs: 00007FF764AEA640
Skeleton ESP, xrefs: 00007FF764AEA6C2
2D Box, xrefs: 00007FF764AEA628
Reload ESP, xrefs: 00007FF764AEA6F2
Custom Options, xrefs: 00007FF764AEA74A
Expiry: , xrefs: 00007FF764AEA22A
Weapon ESP, xrefs: 00007FF764AEA70F
Circle FOV, xrefs: 00007FF764AEA4E5
Exploits, xrefs: 00007FF764AEA8D1
Stream-proof, xrefs: 00007FF764AEA762
Unload, xrefs: 00007FF764AEA8A8
%.3f, xrefs: 00007FF764AEA85B
Visible Check, xrefs: 00007FF764AEA4D2
Humanized Aim, xrefs: 00007FF764AEA4F8
No recoil, xrefs: 00007FF764AEA8F0
0, xrefs: 00007FF764AEAD14
Head ESP, xrefs: 00007FF764AEA6DA
Misc, xrefs: 00007FF764AEA732
%.3f, xrefs: 00007FF764AEA575
Aim, xrefs: 00007FF764AEA4A0
Corner Box, xrefs: 00007FF764AEA658
Window, xrefs: 00007FF764AE9F06
Key: , xrefs: 00007FF764AEA1B9
Detached Area, xrefs: 00007FF764AEAAD7

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _scwprintf$Concurrency::details::EmptyQueue::StructuredWork$CreateFileFromMemoryTexture$StateU?$char_traits@$ClientD@std@@@std@@$CursorScreen$??0?$basic_ios@??0?$basic_iostream@??1?$basic_ios@ActiveAsyncCounterD@std@@@1@@PerformanceQueryRectSleepV?$basic_streambuf@Windowshared_ptrstrftimestrtol
String ID: %.3f$%.3f$%.3f$0$0$2D Box$Aim$Aim FOV$Aim Key$Aim Settings:$Aimbot Smoothness$Circle FOV$Corner Box$Crosshair$Custom Options$Detached Area$Distance ESP$Dynamic FOV$ESP$Enable Aimbot$Expiry: $Exploits$Filled Box$HWID : $Head ESP$Humanized Aim$Key: $Misc$Name ESP$No recoil$Reload ESP$Show Particles$Skeleton ESP$Snaplines$Stream-proof$Unload$Visible Check$Weapon ESP$Window
API String ID: 3274103908-641814997
Opcode ID: 4db1144df76c8d68dfd579d8c3c92af9316d975825838d43f2b20962435fcb93
Instruction ID: 37e6e3e31c6fbffab3d2bd0dae4ce4eb4e611a08c7dc8a691d280064b40b84da
Opcode Fuzzy Hash: 4db1144df76c8d68dfd579d8c3c92af9316d975825838d43f2b20962435fcb93
Instruction Fuzzy Hash: 94E25E3290D686E5EA60FF27E8D16F9F361EF8D340F948231E54C566A6DF2CE5448B20

Function 00007FF764B24E80 Relevance: 116.7, APIs: 19, Strings: 47, Instructions: 1228stringCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140 ref: 00007FF764B24ED8
memchr.VCRUNTIME140 ref: 00007FF764B26136

Part of subcall function 00007FF764B18E70: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B18F95
Part of subcall function 00007FF764B18E70: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B18FB0

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B2624E
strchr.VCRUNTIME140 ref: 00007FF764B26262
strchr.VCRUNTIME140 ref: 00007FF764B2628A
strchr.VCRUNTIME140 ref: 00007FF764B262A0

Strings

Overflow Content-Length: value!, xrefs: 00007FF764B2541B
keep-alive, xrefs: 00007FF764B25546, 00007FF764B256D6
Unsupported HTTP version in response, xrefs: 00007FF764B26221
Connection closure while negotiating auth (HTTP 1.0?), xrefs: 00007FF764B25E8C, 00007FF764B25ED8
Transfer-Encoding:, xrefs: 00007FF764B257CA
false, xrefs: 00007FF764B25BF0
Maximum file size exceeded, xrefs: 00007FF764B262DF
HTTP/1.0 connection set to keep alive!, xrefs: 00007FF764B2584B
Proxy-authenticate:, xrefs: 00007FF764B25B41
Proxy-Connection:, xrefs: 00007FF764B254B3, 00007FF764B2558C
Location:, xrefs: 00007FF764B25C4E
, xrefs: 00007FF764B2506C
Received 101, xrefs: 00007FF764B2631B
HTTP 1.0, assume close after body, xrefs: 00007FF764B252E7
HTTP/%1[23] %d, xrefs: 00007FF764B25044
HTTP error before end of send, keep sending, xrefs: 00007FF764B26069
HTTP/%1d.%1d%c%3d, xrefs: 00007FF764B25019
The requested URL returned error: %d, xrefs: 00007FF764B26413
Invalid Content-Length: value, xrefs: 00007FF764B262F8
HTTP %3d, xrefs: 00007FF764B250E8
Connection:, xrefs: 00007FF764B2564B, 00007FF764B25700
Keep sending data to get tossed away!, xrefs: 00007FF764B260DC
Content-Length:, xrefs: 00007FF764B2538F
Negotiate: noauthpersist -> %d, header part: %s, xrefs: 00007FF764B25C0C
Content-Encoding:, xrefs: 00007FF764B25881
Received HTTP/0.9 when not allowed, xrefs: 00007FF764B261AB
Set-Cookie:, xrefs: 00007FF764B25A13
, xrefs: 00007FF764B25222
Mark bundle as not supporting multiuse, xrefs: 00007FF764B250BF
WWW-Authenticate:, xrefs: 00007FF764B25B16
no chunk, no close, no size. Assume close to signal end, xrefs: 00007FF764B25E36
Persistent-Auth, xrefs: 00007FF764B25BB2
close, xrefs: 00007FF764B25613, 00007FF764B25793
RTSP/%1d.%1d%c%3d, xrefs: 00007FF764B2520D
RTSP/, xrefs: 00007FF764B24F74
Content-Type:, xrefs: 00007FF764B25436
Content-Range:, xrefs: 00007FF764B2594E
HTTP/1.1 proxy connection set close!, xrefs: 00007FF764B2582D
HTTP error before end of send, stop sending, xrefs: 00007FF764B2608D
Last-Modified:, xrefs: 00007FF764B25AB7
HTTP/, xrefs: 00007FF764B25189
Got 417 while waiting for a 100, xrefs: 00007FF764B26023
Lying server, not serving HTTP/2, xrefs: 00007FF764B2509C
The requested URL returned error: %s, xrefs: 00007FF764B262B7
HTTP, xrefs: 00007FF764B2623E
Retry-After:, xrefs: 00007FF764B258C3
HTTP/1.0 proxy connection set to keep alive!, xrefs: 00007FF764B2580C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr$fwritememchr$strncmp
String ID: $ $ HTTP %3d$ HTTP/%1[23] %d$ HTTP/%1d.%1d%c%3d$ RTSP/%1d.%1d%c%3d$Connection closure while negotiating auth (HTTP 1.0?)$Connection:$Content-Encoding:$Content-Length:$Content-Range:$Content-Type:$Got 417 while waiting for a 100$HTTP$HTTP 1.0, assume close after body$HTTP error before end of send, keep sending$HTTP error before end of send, stop sending$HTTP/$HTTP/1.0 connection set to keep alive!$HTTP/1.0 proxy connection set to keep alive!$HTTP/1.1 proxy connection set close!$Invalid Content-Length: value$Keep sending data to get tossed away!$Last-Modified:$Location:$Lying server, not serving HTTP/2$Mark bundle as not supporting multiuse$Maximum file size exceeded$Negotiate: noauthpersist -> %d, header part: %s$Overflow Content-Length: value!$Persistent-Auth$Proxy-Connection:$Proxy-authenticate:$RTSP/$Received 101$Received HTTP/0.9 when not allowed$Retry-After:$Set-Cookie:$The requested URL returned error: %d$The requested URL returned error: %s$Transfer-Encoding:$Unsupported HTTP version in response$WWW-Authenticate:$close$false$keep-alive$no chunk, no close, no size. Assume close to signal end
API String ID: 4061007846-690044944
Opcode ID: 2fbfcc8bbfee4be5ba23ae43d5d7566c2f75d37afc2f076835f4e33524c9b24c
Instruction ID: c68581e6dfd339db8f85f6e901d486131eb08273f9ddce90c385eb79de23072b
Opcode Fuzzy Hash: 2fbfcc8bbfee4be5ba23ae43d5d7566c2f75d37afc2f076835f4e33524c9b24c
Instruction Fuzzy Hash: 04C27E71A086C2C5FB65AF27D4943FAA7A1EB49B88F884135CE4D4B2C9DE2CE445C734

Function 00007FF764AFA9D0 Relevance: 107.9, APIs: 32, Strings: 29, Instructions: 1109windowthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32 ref: 00007FF764AFAA2D
UuidCreate.RPCRT4 ref: 00007FF764AFAA9E
UuidToStringA.RPCRT4 ref: 00007FF764AFAAB9
RpcStringFreeA.RPCRT4 ref: 00007FF764AFAAEE

Part of subcall function 00007FF764AD9F08: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AD9F23

Part of subcall function 00007FF764AD8D2C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AD8D49

memcmp.VCRUNTIME140 ref: 00007FF764AFAFD0
MessageBoxA.USER32 ref: 00007FF764AFB049
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFB051
memset.VCRUNTIME140 ref: 00007FF764AFB13C
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z.MSVCP140 ref: 00007FF764AFB1F2
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z.MSVCP140 ref: 00007FF764AFB207
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z.MSVCP140 ref: 00007FF764AFB219
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z.MSVCP140 ref: 00007FF764AFB237
memcmp.VCRUNTIME140 ref: 00007FF764AFB28F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFB2D0

Part of subcall function 00007FF764AD2738: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AD2770

Part of subcall function 00007FF764AF88A0: isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764AF8946
Part of subcall function 00007FF764AF88A0: memchr.VCRUNTIME140 ref: 00007FF764AF89C4
Part of subcall function 00007FF764AF88A0: memchr.VCRUNTIME140 ref: 00007FF764AF89F7

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFB380
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFB505
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF764AFB773
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FF764AFB780
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFB7CB
type_info::_name_internal_method.LIBCMTD ref: 00007FF764AFB97D
MessageBoxA.USER32 ref: 00007FF764AFBAEE
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFBB3E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFBB45
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFBBB4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFBC11
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFBC56
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFBCB3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFBCF8
MessageBoxA.USER32 ref: 00007FF764AFBD8D
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFBD95

Strings

numUsers, xrefs: 00007FF764AFB5B6
numKeys, xrefs: 00007FF764AFB62C
mzSR, xrefs: 00007FF764AFB44F
8qAL, xrefs: 00007FF764AFAC61
wqV@, xrefs: 00007FF764AFB7D2
jfPD, xrefs: 00007FF764AFC2FF
NLEA, xrefs: 00007FF764AFB928
customerPanelLink, xrefs: 00007FF764AFB6A2
version, xrefs: 00007FF764AFB667
-;<(, xrefs: 00007FF764AFBABA
szSR, xrefs: 00007FF764AFB07C
GQMA, xrefs: 00007FF764AFAC47
CDA, xrefs: 00007FF764AFB866
jfPD, xrefs: 00007FF764AFACA5
U2lnbmF0dXJlIGNoZWNrc3VtIGZhaWxlZC4gUmVxdWVzdCB3YXMgdGFtcGVyZWQgd2l0aCBvciBzZXNzaW9uIGVuZGVkIG1vc3QgbGlrZWx5LiAmIGVjaG86ICYgZWNobyBNZXNzYWdlOiA=, xrefs: 00007FF764AFB2F9
, xrefs: 00007FF764AFC97D
qoEO, xrefs: 00007FF764AFBB14
8zNB, xrefs: 00007FF764AFAC6F
-8iES, xrefs: 00007FF764AFAB89
B, xrefs: 00007FF764AFB41E
numOnlineUsers, xrefs: 00007FF764AFB5F1
CDA, xrefs: 00007FF764AFC729
8iES, xrefs: 00007FF764AFACDF
8wAR, xrefs: 00007FF764AFAC83
szSR, xrefs: 00007FF764AFB89E
CDA, xrefs: 00007FF764AFB084
wqFN, xrefs: 00007FF764AFCFBE
8pWO, xrefs: 00007FF764AFAC3D
NJ@S, xrefs: 00007FF764AFB7D9

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$D@std@@@std@@U?$char_traits@$Concurrency::details::EmptyMessageQueue::StructuredWorkexit$??6?$basic_ostream@CreateStringUuidV01@memchrmemcmp$??1?$basic_ios@??1?$basic_iostream@?fill@?$basic_ios@?setw@std@@FreeJ@1@_Smanip@_ThreadU?$_V21@@Vios_base@1@isalnummemsettype_info::_name_internal_method
String ID: $-8iES$-;<($8iES$8pWO$8qAL$8wAR$8zNB$B$CDA$CDA$CDA$GQMA$NJ@S$NLEA$U2lnbmF0dXJlIGNoZWNrc3VtIGZhaWxlZC4gUmVxdWVzdCB3YXMgdGFtcGVyZWQgd2l0aCBvciBzZXNzaW9uIGVuZGVkIG1vc3QgbGlrZWx5LiAmIGVjaG86ICYgZWNobyBNZXNzYWdlOiA=$customerPanelLink$jfPD$jfPD$mzSR$numKeys$numOnlineUsers$numUsers$qoEO$szSR$szSR$version$wqFN$wqV@
API String ID: 1152264058-3359016996
Opcode ID: f1b8366f62b0ee5bdf937911ab211a9755d34f35041c1b9842c1e983486f1f8c
Instruction ID: 76f4370289e27d43978459f26de8125e55f767a6d718475e452e258faf55aeb7
Opcode Fuzzy Hash: f1b8366f62b0ee5bdf937911ab211a9755d34f35041c1b9842c1e983486f1f8c
Instruction Fuzzy Hash: 08C2F562A18BC2D5EB60EF36D8807EDA7B0FB45788F945232DA4D07A99DF38D644C350

Function 00007FF764B2C52D Relevance: 96.8, APIs: 32, Strings: 23, Instructions: 552stringCOMMON

Download Yara Rule

APIs

strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF764B2C688
strchr.VCRUNTIME140 ref: 00007FF764B2C6B4
strchr.VCRUNTIME140 ref: 00007FF764B2C6EE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B2C712
strchr.VCRUNTIME140 ref: 00007FF764B2C822

Strings

schannel: unable to allocate memory, xrefs: 00007FF764B2CBAC, 00007FF764B2CE37
Unable to set ciphers to passed via SSL_CONN_CONFIG, xrefs: 00007FF764B2C727
http/1.1, xrefs: 00007FF764B2CD57
Users, xrefs: 00007FF764B2C7A6
schannel: Failed to open cert store %x %s, last error is 0x%x, xrefs: 00007FF764B2C8A0
LocalMachineGroupPolicy, xrefs: 00007FF764B2C7DC
schannel: Failed to read cert file %s, xrefs: 00007FF764B2CBE9
Services, xrefs: 00007FF764B2C787
schannel: AcquireCredentialsHandle failed: %s, xrefs: 00007FF764B2CCA5
CurrentService, xrefs: 00007FF764B2C765
Microsoft Unified Security Protocol Provider, xrefs: 00007FF764B2CC2F
LocalMachine, xrefs: 00007FF764B2C743
schannel: ALPN, offering %s, xrefs: 00007FF764B2CD65
LocalMachineEnterprise, xrefs: 00007FF764B2C7FB
schannel: Failed to get certificate from file %s, last error is 0x%x, xrefs: 00007FF764B2CB3F
schannel: Failed to import cert file %s, last error is 0x%x, xrefs: 00007FF764B2CAF4
http/1.1, xrefs: 00007FF764B2CD43
CurrentUserGroupPolicy, xrefs: 00007FF764B2C7BD
schannel: TLS 1.3 is not yet supported, xrefs: 00007FF764B2C5BB
schannel: Failed to import cert file %s, password is bad, xrefs: 00007FF764B2CAC9
schannel: Failed to get certificate location or file for %s, xrefs: 00007FF764B2CC12
CurrentUser, xrefs: 00007FF764B2C702
schannel: using IP address, SNI is not supported by OS., xrefs: 00007FF764B2CD23

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr$strncmpstrtol
String ID: CurrentService$CurrentUser$CurrentUserGroupPolicy$LocalMachine$LocalMachineEnterprise$LocalMachineGroupPolicy$Microsoft Unified Security Protocol Provider$Services$Unable to set ciphers to passed via SSL_CONN_CONFIG$Users$http/1.1$http/1.1$schannel: ALPN, offering %s$schannel: AcquireCredentialsHandle failed: %s$schannel: Failed to get certificate from file %s, last error is 0x%x$schannel: Failed to get certificate location or file for %s$schannel: Failed to import cert file %s, last error is 0x%x$schannel: Failed to import cert file %s, password is bad$schannel: Failed to open cert store %x %s, last error is 0x%x$schannel: Failed to read cert file %s$schannel: TLS 1.3 is not yet supported$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.
API String ID: 480918060-3372543188
Opcode ID: ddf27eb643df427216a5b549e197eb77e4b89c97819dc5a83a6debbb61dc9f5c
Instruction ID: f98c8f7bbdfbac7da03a8e4f3279257b010a267aaa0777b19a19b2e7feb194cf
Opcode Fuzzy Hash: ddf27eb643df427216a5b549e197eb77e4b89c97819dc5a83a6debbb61dc9f5c
Instruction Fuzzy Hash: A9427E31A08A82C1EB64AF27E8D46BAA7A4FF4DB94F805135CA1E47794DF3CE544C720

Function 00007FF764B3F640 Relevance: 81.1, APIs: 33, Strings: 13, Instructions: 580COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764B18E70: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B18F95
Part of subcall function 00007FF764B18E70: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B18FB0

#22.WLDAP32 ref: 00007FF764B3F756
#211.WLDAP32 ref: 00007FF764B3F7F0
#217.WLDAP32 ref: 00007FF764B3F80C
#211.WLDAP32 ref: 00007FF764B3F825
#211.WLDAP32 ref: 00007FF764B3F837
#60.WLDAP32 ref: 00007FF764B3F867
#211.WLDAP32 ref: 00007FF764B3F982
#60.WLDAP32 ref: 00007FF764B3F9A7
#22.WLDAP32 ref: 00007FF764B3FA4A
#41.WLDAP32 ref: 00007FF764B3FE66
#46.WLDAP32 ref: 00007FF764B3FEE6

Strings

cleartext, xrefs: 00007FF764B3F77F
Microsoft Corporation., xrefs: 00007FF764B3F660
LDAP local: Cannot connect to %s:%ld, xrefs: 00007FF764B3F88B
encrypted, xrefs: 00007FF764B3F79E
LDAP local: %s, xrefs: 00007FF764B3F6B7
LDAP local: %s, xrefs: 00007FF764B3F75C
There are more than %d entries, xrefs: 00007FF764B3FE76
;binary, xrefs: 00007FF764B3FCD0
LDAP local: LDAP Vendor = %s ; LDAP Version = %d, xrefs: 00007FF764B3F674
LDAP remote: %s, xrefs: 00007FF764B3FAC7
DN: , xrefs: 00007FF764B3FB42
LDAP local: trying to establish %s connection, xrefs: 00007FF764B3F789
LDAP local: bind via ldap_win_bind %s, xrefs: 00007FF764B3FA54

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #211$fwrite$#217
String ID: ;binary$DN: $LDAP local: %s$LDAP local: %s$LDAP local: Cannot connect to %s:%ld$LDAP local: LDAP Vendor = %s ; LDAP Version = %d$LDAP local: bind via ldap_win_bind %s$LDAP local: trying to establish %s connection$LDAP remote: %s$Microsoft Corporation.$There are more than %d entries$cleartext$encrypted
API String ID: 1673398186-78870445
Opcode ID: dfeb5e0476afd0dc8e0571d8925399129fab251f96cfc834dacedea2c8c40772
Instruction ID: a4a7f090fee24648ac7bea962042b738e038133ccbc4949c1e705311b056886a
Opcode Fuzzy Hash: dfeb5e0476afd0dc8e0571d8925399129fab251f96cfc834dacedea2c8c40772
Instruction Fuzzy Hash: 13427165B09A42C6FB15AF63D4942B9A3A2FB4DB88F804531CE0E17B95DF3CE849C350

Function 00007FF764AFD860 Relevance: 76.5, APIs: 41, Strings: 2, Instructions: 1239sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AF6920: DebugBreak.KERNEL32 ref: 00007FF764AF6924

allocator.LIBCONCRTD ref: 00007FF764AFDB25
allocator.LIBCONCRTD ref: 00007FF764AFDB50
allocator.LIBCONCRTD ref: 00007FF764AFDD05
allocator.LIBCONCRTD ref: 00007FF764AFDD30
isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764AFDEF0
memchr.VCRUNTIME140 ref: 00007FF764AFDF65

Part of subcall function 00007FF764AF8570: SetLastError.KERNEL32 ref: 00007FF764AF858C

memchr.VCRUNTIME140 ref: 00007FF764AFDFB5
memchr.VCRUNTIME140 ref: 00007FF764AFDFEA
memchr.VCRUNTIME140 ref: 00007FF764AFE146
GetCurrentProcess.KERNEL32 ref: 00007FF764AFE2D2
OpenProcessToken.ADVAPI32 ref: 00007FF764AFE2E4
GetTokenInformation.ADVAPI32 ref: 00007FF764AFE309
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764AFE312
GetTokenInformation.ADVAPI32 ref: 00007FF764AFE33D
IsValidSid.ADVAPI32 ref: 00007FF764AFE34E
GetLengthSid.ADVAPI32 ref: 00007FF764AFE35F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764AFE36A
InitializeAcl.ADVAPI32 ref: 00007FF764AFE383
AddAccessAllowedAce.ADVAPI32 ref: 00007FF764AFE39E
GetCurrentProcess.KERNEL32 ref: 00007FF764AFE3A8
SetSecurityInfo.ADVAPI32 ref: 00007FF764AFE3CB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764AFE3DA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764AFE3E3
CloseHandle.KERNEL32 ref: 00007FF764AFE3F2
isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764AFE500
memchr.VCRUNTIME140 ref: 00007FF764AFE575
memchr.VCRUNTIME140 ref: 00007FF764AFE5A9
memchr.VCRUNTIME140 ref: 00007FF764AFE5DE
memchr.VCRUNTIME140 ref: 00007FF764AFE619
memchr.VCRUNTIME140 ref: 00007FF764AFE743
memchr.VCRUNTIME140 ref: 00007FF764AFE025

Part of subcall function 00007FF764AD4908: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AD49A4

GetModuleHandleA.KERNEL32 ref: 00007FF764AFE923
GetCurrentProcess.KERNEL32 ref: 00007FF764AFE92C
GetModuleInformation.PSAPI ref: 00007FF764AFE942
Sleep.KERNEL32 ref: 00007FF764AFEB13
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFEB22
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFEB29
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFEB30
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFEB37
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFEB3E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFEB45

Strings

0kEY, xrefs: 00007FF764AFDD3F
0kEY, xrefs: 00007FF764AFDDA0

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memchr$_invalid_parameter_noinfo_noreturn$Processallocator$CurrentInformationToken$HandleModulefreeisalnummalloc$AccessAllowedBreakCloseConcurrency::details::DebugEmptyErrorInfoInitializeLastLengthOpenQueue::SecuritySleepStructuredValidWork
String ID: 0kEY$0kEY
API String ID: 1132674630-1733979332
Opcode ID: 86f6cfb7e0a691c0a6f966a83c5227fbbda1d75074760d12b1366206f6df1d7b
Instruction ID: 2af89e7eff769dfbf1d0b48dda8710169f6cd6656261ad9ef50daaf8f077e99c
Opcode Fuzzy Hash: 86f6cfb7e0a691c0a6f966a83c5227fbbda1d75074760d12b1366206f6df1d7b
Instruction Fuzzy Hash: EDC21622A08781D9EB45AF36C4806BDBBA1FB957A4FA80236DA6D13BD5DF3CD445C310

Function 00007FF764AF340E Relevance: 72.6, APIs: 36, Strings: 5, Instructions: 816COMMON

Download Yara Rule

APIs

allocator.LIBCONCRTD ref: 00007FF764AF3792
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF383F
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF386B
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF3878
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF38B2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3911
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF39D4
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF3A00
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF3A0D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3A47
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3AA6
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF4402
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF442E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF443B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF4475
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF44C8

Strings

object, xrefs: 00007FF764AF3E8C
array, xrefs: 00007FF764AF3CFA
object key, xrefs: 00007FF764AF40AB
number overflow parsing ', xrefs: 00007FF764AF3AC1
object separator, xrefs: 00007FF764AF3FAC

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$allocator
String ID: array$number overflow parsing '$object$object key$object separator
API String ID: 2709460221-85532522
Opcode ID: 04d156c65f46e6710d3c12c2c624e87d3f371e9b9b5b3694fcc1bbf1d2790d77
Instruction ID: f9de9cba1a733d2e028f379caa6d898c601b899893eb9e9b0036f9e27edfca13
Opcode Fuzzy Hash: 04d156c65f46e6710d3c12c2c624e87d3f371e9b9b5b3694fcc1bbf1d2790d77
Instruction Fuzzy Hash: 2982C462E18B86D5FB04EF7AD4802ADA371FB95794F945332DA9C12AD9DF6CE480C310

Function 00007FF764AF21DC Relevance: 72.6, APIs: 36, Strings: 5, Instructions: 815COMMON

Download Yara Rule

APIs

allocator.LIBCONCRTD ref: 00007FF764AF2E37
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF2E5E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF2E6B
allocator.LIBCONCRTD ref: 00007FF764AF2E88
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF2F55
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF2F82
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF2F8F
allocator.LIBCONCRTD ref: 00007FF764AF2FAD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3326

Strings

object, xrefs: 00007FF764AF2C94
array, xrefs: 00007FF764AF2AFF
object key, xrefs: 00007FF764AF2EBB
number overflow parsing ', xrefs: 00007FF764AF28C2
object separator, xrefs: 00007FF764AF2DB8

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: __std_exception_destroy$allocator$_invalid_parameter_noinfo_noreturn
String ID: array$number overflow parsing '$object$object key$object separator
API String ID: 2979784319-85532522
Opcode ID: 6b3b28b3dc460444019962797e25ea7a7127cca8880f684a0164f2074258bb1b
Instruction ID: 5cd1a7dab7c71de8e2a82dbe6d750fe31863065ed5b0e23d9613ce441424d277
Opcode Fuzzy Hash: 6b3b28b3dc460444019962797e25ea7a7127cca8880f684a0164f2074258bb1b
Instruction Fuzzy Hash: B382D462E18B82D1FB04EF7AD4806EDE361EB95794FA45332EA5D12AD9DF6CD480C310

Function 00007FF764B47DB0 Relevance: 70.5, APIs: 16, Strings: 24, Instructions: 549encryptionCOMMON

Download Yara Rule

APIs

CertOpenStore.CRYPT32 ref: 00007FF764B47F1F
GetLastError.KERNEL32 ref: 00007FF764B47F32
CertCreateCertificateChainEngine.CRYPT32 ref: 00007FF764B47FE4
GetLastError.KERNEL32 ref: 00007FF764B47FEE
CertGetCertificateChain.CRYPT32 ref: 00007FF764B4807B
GetLastError.KERNEL32 ref: 00007FF764B48085
CertGetNameStringA.CRYPT32 ref: 00007FF764B481F3
CertFreeCertificateChainEngine.CRYPT32 ref: 00007FF764B4866B
CertCloseStore.CRYPT32 ref: 00007FF764B48680
CertFreeCertificateChain.CRYPT32 ref: 00007FF764B48690
CertFreeCertificateContext.CRYPT32 ref: 00007FF764B486A0

Strings

schannel: Null certificate info., xrefs: 00007FF764B48243, 00007FF764B483D4
schannel: CertGetNameString() returned certificate name information of unexpected size, xrefs: 00007FF764B48533
schannel: failed to create certificate store: %s, xrefs: 00007FF764B47F4C
schannel: CryptDecodeObjectEx() returned no alternate name information., xrefs: 00007FF764B482BE, 00007FF764B48465
schannel: failed to create certificate chain engine: %s, xrefs: 00007FF764B48008
schannel: Failed to read remote certificate context: %s, xrefs: 00007FF764B4861D
schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT, xrefs: 00007FF764B4811C
schannel: CertGetNameString() failed to match connection hostname (%s) against server certificate names, xrefs: 00007FF764B485F6
schannel: this version of Windows is too old to support certificate verification via CA bundle file., xrefs: 00007FF764B47EF1
schannel: CertGetCertificateChain failed: %s, xrefs: 00007FF764B4809F
schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN, xrefs: 00007FF764B48105
schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID, xrefs: 00007FF764B48132
schannel: CertGetNameString() returned no certificate name information, xrefs: 00007FF764B4833D
schannel: server certificate name verification failed, xrefs: 00007FF764B485DE
schannel: Null certificate context., xrefs: 00007FF764B48208, 00007FF764B483B7
schannel: connection hostname (%s) did not match against certificate name (%s), xrefs: 00007FF764B485A9
schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN, xrefs: 00007FF764B48149
schannel: Empty DNS name., xrefs: 00007FF764B482FA, 00007FF764B484A8
schannel: Not enough memory to list all host names., xrefs: 00007FF764B4851C
schannel: connection hostname (%s) validated against certificate name (%s), xrefs: 00007FF764B48599
schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED, xrefs: 00007FF764B480ED
schannel: CertGetCertificateChain error mask: 0x%08x, xrefs: 00007FF764B4815A
2.5.29.17, xrefs: 00007FF764B48253, 00007FF764B48284, 00007FF764B483EF, 00007FF764B4842B
schannel: CertFindExtension() returned no extension., xrefs: 00007FF764B4826B, 00007FF764B48407

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Cert$Certificate$Chain$ErrorFreeLast$EngineStore$CloseContextCreateNameOpenString
String ID: 2.5.29.17$schannel: CertFindExtension() returned no extension.$schannel: CertGetCertificateChain error mask: 0x%08x$schannel: CertGetCertificateChain failed: %s$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_NOT_TIME_VALID$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_REVOKED$schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT$schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN$schannel: CertGetNameString() failed to match connection hostname (%s) against server certificate names$schannel: CertGetNameString() returned certificate name information of unexpected size$schannel: CertGetNameString() returned no certificate name information$schannel: CryptDecodeObjectEx() returned no alternate name information.$schannel: Empty DNS name.$schannel: Failed to read remote certificate context: %s$schannel: Not enough memory to list all host names.$schannel: Null certificate context.$schannel: Null certificate info.$schannel: connection hostname (%s) did not match against certificate name (%s)$schannel: connection hostname (%s) validated against certificate name (%s)$schannel: failed to create certificate chain engine: %s$schannel: failed to create certificate store: %s$schannel: server certificate name verification failed$schannel: this version of Windows is too old to support certificate verification via CA bundle file.
API String ID: 561913010-2037819326
Opcode ID: e17df78bbc3a7caf47e683887ed34d3ccc26ce4fe3a6e6a6c698e7c25b36c4aa
Instruction ID: 4acd27b8f789fd376db0548708d66591413782023230a8c81952bab424630fb8
Opcode Fuzzy Hash: e17df78bbc3a7caf47e683887ed34d3ccc26ce4fe3a6e6a6c698e7c25b36c4aa
Instruction Fuzzy Hash: 2B42AE36A08B82C1EB51AF26E4802BDB7A1FB48B94F844135DE5D17798DF3CE949C760

Function 00007FF764B36E10 Relevance: 61.8, APIs: 22, Strings: 13, Instructions: 515COMMON

Download Yara Rule

APIs

#6.WS2_32 ref: 00007FF764B370EA
#111.WS2_32 ref: 00007FF764B370F4

Strings

Failure sending PORT command: %s, xrefs: 00007FF764B3755C
PORT, xrefs: 00007FF764B37532
%s %s, xrefs: 00007FF764B37539
,%d,%d, xrefs: 00007FF764B37509
bind() failed, we ran out of ports!, xrefs: 00007FF764B372E6
socket failure: %s, xrefs: 00007FF764B371EF, 00007FF764B373F6
failed to resolve the address provided to PORT: %s, xrefs: 00007FF764B37619
Failure sending EPRT command: %s, xrefs: 00007FF764B375DF
getsockname() failed: %s, xrefs: 00007FF764B3710E, 00007FF764B3731E
bind(port=%hu) failed: %s, xrefs: 00007FF764B37355
EPRT, xrefs: 00007FF764B375A2
bind(port=%hu) on non-local address failed: %s, xrefs: 00007FF764B37284
%s |%d|%s|%hu|, xrefs: 00007FF764B375B9

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111
String ID: %s %s$%s |%d|%s|%hu|$,%d,%d$EPRT$Failure sending EPRT command: %s$Failure sending PORT command: %s$PORT$bind() failed, we ran out of ports!$bind(port=%hu) failed: %s$bind(port=%hu) on non-local address failed: %s$failed to resolve the address provided to PORT: %s$getsockname() failed: %s$socket failure: %s
API String ID: 568940515-2383553807
Opcode ID: 94fd33e0959b0fdc43f0173c6bedf2e0461a8c083bd428505f47594b0a449f51
Instruction ID: eea9d4cf73d0c35d25ac56efaf9108eb228bfba4e8375c6972f216fec4dd7d5c
Opcode Fuzzy Hash: 94fd33e0959b0fdc43f0173c6bedf2e0461a8c083bd428505f47594b0a449f51
Instruction Fuzzy Hash: F422D461A0C782C1EB55BF27D4802BAE7A1FB4DB84F849032EA4E47A95DF7CE545C720

Function 00007FF764B486D0 Relevance: 49.3, APIs: 15, Strings: 13, Instructions: 253fileCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF764B48716

Part of subcall function 00007FF764B03040: GetLastError.KERNEL32 ref: 00007FF764B0305C
Part of subcall function 00007FF764B03040: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B03064

CreateFileA.KERNEL32 ref: 00007FF764B48770
GetLastError.KERNEL32 ref: 00007FF764B48781

Strings

schannel: failed to open CA file '%s': %s, xrefs: 00007FF764B4879B
schannel: failed to extract certificate from CA file '%s': %s, xrefs: 00007FF764B48A45
schannel: failed to determine size of CA file '%s': %s, xrefs: 00007FF764B487E2
-----END CERTIFICATE-----, xrefs: 00007FF764B488E9
schannel: CA file '%s' is not correctly formatted, xrefs: 00007FF764B48A61
-----BEGIN CERTIFICATE-----, xrefs: 00007FF764B488BE
schannel: CA file exceeds max size of %u bytes, xrefs: 00007FF764B48819
schannel: unexpected content type '%d' when extracting certificate from CA file '%s', xrefs: 00007FF764B48A15
schannel: added %d certificate(s) from CA file '%s', xrefs: 00007FF764B48A93
schannel: invalid path name for CA file '%s': %s, xrefs: 00007FF764B48730
schannel: failed to add certificate from CA file '%s' to certificate store: %s, xrefs: 00007FF764B489F6
schannel: did not add any certificates from CA file '%s', xrefs: 00007FF764B48A82
schannel: failed to read from CA file '%s': %s, xrefs: 00007FF764B489C0

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$CreateFile_errno
String ID: -----END CERTIFICATE-----$-----BEGIN CERTIFICATE-----$schannel: CA file '%s' is not correctly formatted$schannel: CA file exceeds max size of %u bytes$schannel: added %d certificate(s) from CA file '%s'$schannel: did not add any certificates from CA file '%s'$schannel: failed to add certificate from CA file '%s' to certificate store: %s$schannel: failed to determine size of CA file '%s': %s$schannel: failed to extract certificate from CA file '%s': %s$schannel: failed to open CA file '%s': %s$schannel: failed to read from CA file '%s': %s$schannel: invalid path name for CA file '%s': %s$schannel: unexpected content type '%d' when extracting certificate from CA file '%s'
API String ID: 932773366-902404565
Opcode ID: d58066181f9e1876738ae8c320aa46e309b153cfb9daf9d454fefac445522c37
Instruction ID: e8149bc8d8687eb6dbbbc45701b88d5f893153ef9c4752a88a2e5c006fb2dedd
Opcode Fuzzy Hash: d58066181f9e1876738ae8c320aa46e309b153cfb9daf9d454fefac445522c37
Instruction Fuzzy Hash: 92B19F25B18752C2EA14AF27E8806A9E7A1BF4CB84FC01035DE4D57B99DF7CE9098760

Function 00007FF764AFC1C0 Relevance: 40.8, APIs: 12, Strings: 11, Instructions: 552COMMON

Download Yara Rule

Strings

QJKK, xrefs: 00007FF764AFC245
GQMA, xrefs: 00007FF764AFC21F
8tEX, xrefs: 00007FF764AFC2BF
CI[L, xrefs: 00007FF764AFC28B
8lER, xrefs: 00007FF764AFC23E
8qAL, xrefs: 00007FF764AFC230
8wWH, xrefs: 00007FF764AFC257
, xrefs: 00007FF764AFC97D
8pWO, xrefs: 00007FF764AFC218
jfPD, xrefs: 00007FF764AFC2FF
szSR8wWH, xrefs: 00007FF764AFD00E

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ProcessToken$CurrentErrorInformationLastOpenfree
String ID: $8lER$8pWO$8qAL$8tEX$8wWH$CI[L$GQMA$QJKK$jfPD$szSR8wWH
API String ID: 3730952443-3230771089
Opcode ID: b8b5c2e59b8bd73f9f56214fcb8a8a4d429eb0d535b01ed17ec49b767389328a
Instruction ID: 2586190f668a4ce9135b729e39226f97674bfbe64e6c926f4249845207ac6961
Opcode Fuzzy Hash: b8b5c2e59b8bd73f9f56214fcb8a8a4d429eb0d535b01ed17ec49b767389328a
Instruction Fuzzy Hash: 69421472A08BC2D8EB60DF26D8843EDB7A1FB45748F905136DA4D0BA99DF78D684C350

Function 00007FF764B1B040 Relevance: 38.9, APIs: 15, Strings: 7, Instructions: 357networkCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764B1B0DC
#23.WS2_32 ref: 00007FF764B1B125
#15.WS2_32 ref: 00007FF764B1B1B1
#21.WS2_32 ref: 00007FF764B1B213
#111.WS2_32 ref: 00007FF764B1B21D
#7.WS2_32 ref: 00007FF764B1B2BF
#21.WS2_32 ref: 00007FF764B1B2EE
#21.WS2_32 ref: 00007FF764B1B32D
WSAIoctl.WS2_32 ref: 00007FF764B1B3BA
#111.WS2_32 ref: 00007FF764B1B3C4

Part of subcall function 00007FF764B27280: #10.WS2_32(?,?,?,?,00007FF764B091A9,?,?,?,?,00000000,00007FF764B03B56,?,?,?,?,00000000), ref: 00007FF764B27299

Part of subcall function 00007FF764B1FDA0: QueryPerformanceCounter.KERNEL32(?,?,00000000,00007FF764B08D0F), ref: 00007FF764B1FDB7

#4.WS2_32 ref: 00007FF764B1B4EB
#111.WS2_32 ref: 00007FF764B1B508

Part of subcall function 00007FF764B02F00: GetLastError.KERNEL32 ref: 00007FF764B02F22
Part of subcall function 00007FF764B02F00: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02F2A

Part of subcall function 00007FF764B18E70: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B18F95
Part of subcall function 00007FF764B18E70: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B18FB0

Part of subcall function 00007FF764B19950: #3.WS2_32(?,?,00000000,00007FF764B14986), ref: 00007FF764B19993

Strings

Immediate connect fail for %s: %s, xrefs: 00007FF764B1B538
@, xrefs: 00007FF764B1B257
Failed to set SO_KEEPALIVE on fd %d, xrefs: 00007FF764B1B33A
sa_addr inet_ntop() failed with errno %d: %s, xrefs: 00007FF764B1B5AE
Could not set TCP_NODELAY: %s, xrefs: 00007FF764B1B23A
Trying %s:%ld..., xrefs: 00007FF764B1B1BF
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d, xrefs: 00007FF764B1B3CD

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111$fwrite$CounterErrorIoctlLastPerformanceQuery_errnomemcpy
String ID: Trying %s:%ld...$ @$Could not set TCP_NODELAY: %s$Failed to set SIO_KEEPALIVE_VALS on fd %d: %d$Failed to set SO_KEEPALIVE on fd %d$Immediate connect fail for %s: %s$sa_addr inet_ntop() failed with errno %d: %s
API String ID: 627581321-3868455274
Opcode ID: 46408fe2bb842dce4a0f86aad37b43e35ddf8784b8781e1ec0d799d202c7159a
Instruction ID: 634b402db6193b7dd89cbf108de4b8e3a7ed65e3c943718116f61b7a1b2737e6
Opcode Fuzzy Hash: 46408fe2bb842dce4a0f86aad37b43e35ddf8784b8781e1ec0d799d202c7159a
Instruction Fuzzy Hash: 4FF1B072A0C282C6EB55EF26D4846BDA7A2FB4CB84F804135DA4D87B94DF3CE944CB10

Function 00007FF764B12510 Relevance: 35.3, APIs: 15, Strings: 5, Instructions: 254stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B12576

Strings

;sha256//, xrefs: 00007FF764B12670
public key hash: sha256//%s, xrefs: 00007FF764B1260E
-----END PUBLIC KEY-----, xrefs: 00007FF764B127FE
sha256//, xrefs: 00007FF764B1256C, 00007FF764B126BE
-----BEGIN PUBLIC KEY-----, xrefs: 00007FF764B127CA

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strncmp
String ID: public key hash: sha256//%s$-----END PUBLIC KEY-----$-----BEGIN PUBLIC KEY-----$;sha256//$sha256//
API String ID: 1114863663-471711153
Opcode ID: f1837c459fe67c9553f33a14eedf81f79a357f9c56eb53e84b9596e9646fd16f
Instruction ID: e50d0632b656b271851ed8949655eec989ab7dbde655c7e99959c9c21f0aa507
Opcode Fuzzy Hash: f1837c459fe67c9553f33a14eedf81f79a357f9c56eb53e84b9596e9646fd16f
Instruction Fuzzy Hash: E6A18F11B09642C1FB5ABF27D8942B9E7A2AF4EBD0F884435DD0E17795EE3CE8458720

Function 00007FF764AED61C Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 181windowkeyboardCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764AED644
PeekMessageA.USER32 ref: 00007FF764AED672
TranslateMessage.USER32 ref: 00007FF764AED683
DispatchMessageA.USER32 ref: 00007FF764AED690
GetForegroundWindow.USER32 ref: 00007FF764AED696
GetWindow.USER32 ref: 00007FF764AED6B9
SetWindowPos.USER32 ref: 00007FF764AED6EE
GetAsyncKeyState.USER32 ref: 00007FF764AED6F9
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AED70C
memset.VCRUNTIME140 ref: 00007FF764AED71F
memset.VCRUNTIME140 ref: 00007FF764AED731
GetClientRect.USER32 ref: 00007FF764AED742
ClientToScreen.USER32 ref: 00007FF764AED754
GetCursorPos.USER32 ref: 00007FF764AED7AB
GetAsyncKeyState.USER32 ref: 00007FF764AED7F0
SetWindowPos.USER32 ref: 00007FF764AED923
DestroyWindow.USER32 ref: 00007FF764AED99E

Strings

Process base address: %p., xrefs: 00007FF764AED95F

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Window$Messagememset$AsyncClientState$CursorDestroyDispatchForegroundPeekRectScreenTranslateexit
String ID: Process base address: %p.
API String ID: 1096395158-1196208145
Opcode ID: 5d8b2b7c89bf47b0bc9a296c564623794529676be057b4bf45d2f62636f93a04
Instruction ID: 8c01d54b05322a01f182bd6de5ce2d6e4404ef03db88e55f0858a61db89519e0
Opcode Fuzzy Hash: 5d8b2b7c89bf47b0bc9a296c564623794529676be057b4bf45d2f62636f93a04
Instruction Fuzzy Hash: 13A11B75A08A42D6E754EF2AE890769F7A0FB8D740F905135EA4D83B64DF3DE844CB20

Function 00007FF764B2C5EC Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 203stringfileCOMMON

Download Yara Rule

APIs

strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF764B2C688
strchr.VCRUNTIME140 ref: 00007FF764B2C6B4
strchr.VCRUNTIME140 ref: 00007FF764B2C6EE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B2C712
strchr.VCRUNTIME140 ref: 00007FF764B2C822
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B2C965
fseek.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B2C991

Strings

, xrefs: 00007FF764B2C5EC
schannel: Failed to import cert file %s, password is bad, xrefs: 00007FF764B2CAC9
CurrentUser, xrefs: 00007FF764B2C702

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr$fopenfseekstrncmpstrtol
String ID: $CurrentUser$schannel: Failed to import cert file %s, password is bad
API String ID: 2935600597-4282655970
Opcode ID: 30627cbe5218f5810e31c6a419da5ed0a67df72a20379fbc9bdfb7d93bb70dc2
Instruction ID: 210c19449e2ba6efa09a3703070596138cc2fe021ac3b96e0f403d601f8256a6
Opcode Fuzzy Hash: 30627cbe5218f5810e31c6a419da5ed0a67df72a20379fbc9bdfb7d93bb70dc2
Instruction Fuzzy Hash: F7816121B09682C2FB59AF27D89437AA6A0BF4DB94F845535CA1E477D0EF3CE945C320

Function 00007FF764B2C5F5 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 202stringfileCOMMON

Download Yara Rule

APIs

strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF764B2C688
strchr.VCRUNTIME140 ref: 00007FF764B2C6B4
strchr.VCRUNTIME140 ref: 00007FF764B2C6EE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B2C712
strchr.VCRUNTIME140 ref: 00007FF764B2C822
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B2C965
fseek.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B2C991

Strings

schannel: Failed to import cert file %s, password is bad, xrefs: 00007FF764B2CAC9
CurrentUser, xrefs: 00007FF764B2C702

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr$fopenfseekstrncmpstrtol
String ID: CurrentUser$schannel: Failed to import cert file %s, password is bad
API String ID: 2935600597-1887299029
Opcode ID: c008d26260e0c746c9f564e721fd80a010737c76e4e9d8c43a0bedbfe8024876
Instruction ID: 4588ffc2937caadcef47147bcc83f931c2594891965c953f6cf16df7ff860962
Opcode Fuzzy Hash: c008d26260e0c746c9f564e721fd80a010737c76e4e9d8c43a0bedbfe8024876
Instruction Fuzzy Hash: 71817321B09682C2FB59AF27D89427AA7A0BF4DB94F845535CA1E477D0EF3CE945C320

Function 00007FF764B02710 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 134COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF764B02738
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02740

Strings

CRYPT_E_REVOKED, xrefs: 00007FF764B02B72
Unknown error, xrefs: 00007FF764B02C30
SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log., xrefs: 00007FF764B02C49
%s (0x%08X), xrefs: 00007FF764B02795
%s - %s, xrefs: 00007FF764B02C99
No error, xrefs: 00007FF764B02B90
SEC_I_CONTINUE_NEEDED, xrefs: 00007FF764B02B9C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno
String ID: %s (0x%08X)$%s - %s$CRYPT_E_REVOKED$No error$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_I_CONTINUE_NEEDED$Unknown error
API String ID: 3939687465-1752685260
Opcode ID: 9c902fab1a91d0b1230bf30b8d88d1dbcf5d404dbd6121a5817d94ad95821cbf
Instruction ID: 57884de8c6e7aa681de35eaa803feac62fbbd606cab1809846eb362d050a0a67
Opcode Fuzzy Hash: 9c902fab1a91d0b1230bf30b8d88d1dbcf5d404dbd6121a5817d94ad95821cbf
Instruction Fuzzy Hash: 4551AF22A0C682D5F769AF22E4887F9E6A4FB4CB81FC44435DA4D02695DF3CE8498620

Function 00007FF764AF6E60 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 270COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32 ref: 00007FF764AF6EB0
memcpy.VCRUNTIME140 ref: 00007FF764AF6F45
allocator.LIBCONCRTD ref: 00007FF764AF6F7C
memcpy.VCRUNTIME140 ref: 00007FF764AF6FA0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF709E
_popen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764AF70E6
fgets.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764AF7113
fgets.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764AF7152
_pclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764AF7160
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF719B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF71ED
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF722E

Strings

>, xrefs: 00007FF764AF70D3
certutil -hashfile ", xrefs: 00007FF764AF6FAF

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$fgetsmemcpy$FileModuleName_pclose_popenallocator
String ID: >$certutil -hashfile "
API String ID: 3235693850-631556956
Opcode ID: 8ca8095af067780e9b051d516fdcbb1f2486ea7be65d1a43fa454c76203bca83
Instruction ID: ac99d1b7bbc75bb6c3c563749bec140604e804b5d276123e8f1bded826f58977
Opcode Fuzzy Hash: 8ca8095af067780e9b051d516fdcbb1f2486ea7be65d1a43fa454c76203bca83
Instruction Fuzzy Hash: EFC10922E18B81D5FB10EF66D4803ADA7A1FB89794FA45235DA9D03AE5DF3CD580C310

Function 00007FF764AF22CA Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 348COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF29CE
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF29FC
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF2A09
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF2A43
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3326

Strings

array, xrefs: 00007FF764AF2AFF
number overflow parsing ', xrefs: 00007FF764AF28C2

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: array$number overflow parsing '
API String ID: 1346393832-1723591761
Opcode ID: a12b52cb6bff6dd84454c988b1f916c405fb589430685afe81d2f9cbd878b1fb
Instruction ID: 4620583af42d8dbceab83fe611d94dfcd3e789207d3a820e6e8218b0780204a5
Opcode Fuzzy Hash: a12b52cb6bff6dd84454c988b1f916c405fb589430685afe81d2f9cbd878b1fb
Instruction Fuzzy Hash: 17E1D862E18B85D5FB04AF7AD4843FDA361EB957A4FA45332DA5C02AD5DF6CE480C310

Function 00007FF764AF3533 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 345COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3BCA
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF3BF6
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF3C03
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3C3D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF450C

Strings

array, xrefs: 00007FF764AF3CFA
number overflow parsing ', xrefs: 00007FF764AF3AC1

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: array$number overflow parsing '
API String ID: 1346393832-1723591761
Opcode ID: 0e1003b1a26643898f39a098d2ee448131aa987959b331bdf5d39c0dd712029a
Instruction ID: 3600e7904288b0bef8280a0620ec5bc4d537ddb53250a7a0a63eae51c6594ea9
Opcode Fuzzy Hash: 0e1003b1a26643898f39a098d2ee448131aa987959b331bdf5d39c0dd712029a
Instruction Fuzzy Hash: FFE1D862E18B85D5FB04EF6AD4843ADA361EB957A4F944332DA9D12BD5EF3CE480C310

Function 00007FF764B16760 Relevance: 24.4, APIs: 8, Strings: 8, Instructions: 401stringCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764B167BA
memset.VCRUNTIME140 ref: 00007FF764B167CF
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B167EB
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B16812
strchr.VCRUNTIME140 ref: 00007FF764B169A6
strchr.VCRUNTIME140 ref: 00007FF764B169EB
strchr.VCRUNTIME140 ref: 00007FF764B16A1B
tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B16AC3

Part of subcall function 00007FF764B2E530: GetEnvironmentVariableA.KERNEL32(?,?,?,00007FF764B138E9,?,?,?,?,00007FF764B12C8B), ref: 00007FF764B2E57E

Strings

http_proxy, xrefs: 00007FF764B16B0D
all_proxy, xrefs: 00007FF764B16B49
NO_PROXY, xrefs: 00007FF764B168FD
Uses proxy env variable %s == '%s', xrefs: 00007FF764B1691C, 00007FF764B16B7A
memory shortage, xrefs: 00007FF764B16897
no_proxy, xrefs: 00007FF764B168E1
ALL_PROXY, xrefs: 00007FF764B16B60
_proxy, xrefs: 00007FF764B16AD9

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr$memsetstrncpy$EnvironmentVariabletolower
String ID: ALL_PROXY$NO_PROXY$Uses proxy env variable %s == '%s'$_proxy$all_proxy$http_proxy$memory shortage$no_proxy
API String ID: 1436244693-1021110354
Opcode ID: f5408baf9a52bab08a48eef086e8d3f33384435c1881560cb8c18c4c8dbeaf54
Instruction ID: 1ccad949f6be83a1de96b771606aa45256c9e27e8e3934d4995ef20e7ebc13a8
Opcode Fuzzy Hash: f5408baf9a52bab08a48eef086e8d3f33384435c1881560cb8c18c4c8dbeaf54
Instruction Fuzzy Hash: 15029032A097C2C6EB56AF12E4947BAA7A6EF49788F885035DE4D07795DF3CE444C320

Function 00007FF764AF6BB0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 172filememoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF764AF6BEA
GetCurrentProcess.KERNEL32 ref: 00007FF764AF6C32
QueryFullProcessImageNameW.KERNEL32 ref: 00007FF764AF6C47
CreateFileW.KERNEL32 ref: 00007FF764AF6C75
CreateFileMappingW.KERNEL32 ref: 00007FF764AF6CA6
MapViewOfFile.KERNEL32 ref: 00007FF764AF6CC6
VirtualProtect.KERNEL32 ref: 00007FF764AF6DBB
VirtualProtect.KERNEL32 ref: 00007FF764AF6DE3
UnmapViewOfFile.KERNEL32 ref: 00007FF764AF6DFA
CloseHandle.KERNEL32 ref: 00007FF764AF6E05
UnmapViewOfFile.KERNEL32 ref: 00007FF764AF6E14
CloseHandle.KERNEL32 ref: 00007FF764AF6E1D

Strings

@, xrefs: 00007FF764AF6DAA

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: File$HandleView$CloseCreateProcessProtectUnmapVirtual$CurrentFullImageMappingModuleNameQuery
String ID: @
API String ID: 1254450295-2766056989
Opcode ID: efe1d7170a9c92182b37a7196f2566d01f37f911ed18b75d177d3f0f95813351
Instruction ID: 4b253f23bcb70b273b7b5a8d3faf0bd198ceccfc9de8157e6342ddf7b5026716
Opcode Fuzzy Hash: efe1d7170a9c92182b37a7196f2566d01f37f911ed18b75d177d3f0f95813351
Instruction Fuzzy Hash: B071D632A09641D7EB94AF16E49467AF7E1FB88B44F946036DA4D03784DF3CE856C710

Function 00007FF764AF7900 Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 197librarymemoryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF764AF7BD8
VirtualProtect.KERNEL32 ref: 00007FF764AF7BF6

Strings

=, xrefs: 00007FF764AF7A0E
;, xrefs: 00007FF764AF7A06
B, xrefs: 00007FF764AF7A22
@, xrefs: 00007FF764AF7A1A
<, xrefs: 00007FF764AF7A0A
A, xrefs: 00007FF764AF7A1E
:, xrefs: 00007FF764AF7A02
n, xrefs: 00007FF764AF7A26
>, xrefs: 00007FF764AF7A12
?, xrefs: 00007FF764AF7A16

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: AddressProcProtectVirtual
String ID: :$;$<$=$>$?$@$A$B$n
API String ID: 3759838892-2276247029
Opcode ID: e14564c449cd23710c8c6568873b59819fdf80227eabe2028fba7e4d23c858ca
Instruction ID: 35444a6060a5bc52ef2223ea6205f6832e93afaf4483632869e6fcd69203ba14
Opcode Fuzzy Hash: e14564c449cd23710c8c6568873b59819fdf80227eabe2028fba7e4d23c858ca
Instruction Fuzzy Hash: C8910C26E187918AF742DF3AD4816B8F7A4AF56784F948336DE4C33A51EF38A545C310

Function 00007FF764B2A2B0 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 422stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B2A52E
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B2A536
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF764B2A54C
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B2A555
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B2A55D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B2A567

Strings

%02d:%02d%n, xrefs: 00007FF764B2A50D
%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz], xrefs: 00007FF764B2A36E
GMT, xrefs: 00007FF764B2A427
%02d:%02d:%02d%n, xrefs: 00007FF764B2A4D9

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _errno$strtol
String ID: %02d:%02d%n$%02d:%02d:%02d%n$%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]$GMT
API String ID: 3596500743-988243589
Opcode ID: 5610402a3395f314e2d6d944ac4d53a2b53faf7bf86038c5d682ab501513900e
Instruction ID: 1c2c6082ecd50e87d39a8655da6c9ba1289906ac7741d3be12cd98a317709b0f
Opcode Fuzzy Hash: 5610402a3395f314e2d6d944ac4d53a2b53faf7bf86038c5d682ab501513900e
Instruction Fuzzy Hash: AAF10672F08542CAEB24EF6AD4801BDB7A1AB4C758B900235DE2E57BD4DE3CE9058B50

Function 00007FF764AFD390 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 334COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AEE640: memcmp.VCRUNTIME140 ref: 00007FF764AEE70C
Part of subcall function 00007FF764AEE640: memcmp.VCRUNTIME140 ref: 00007FF764AEE783

Part of subcall function 00007FF764AEE640: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AEE869

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFD81E

Strings

createdate, xrefs: 00007FF764AFD49A
subscriptions, xrefs: 00007FF764AFD511, 00007FF764AFD58D, 00007FF764AFD673
expiry, xrefs: 00007FF764AFD722
none, xrefs: 00007FF764AFD44D
hwid, xrefs: 00007FF764AFD43A, 00007FF764AFD45C
lastlogin, xrefs: 00007FF764AFD4D4
username, xrefs: 00007FF764AFD3C4
subscription, xrefs: 00007FF764AFD63C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnmemcmp
String ID: createdate$expiry$hwid$lastlogin$none$subscription$subscriptions$username
API String ID: 2972922734-284943577
Opcode ID: f7ea7170afd2db3bd021c9866e3e9e1e099edef75af21f0694eeab753dadd556
Instruction ID: eda63322d6af0b9cd16ba3ba291427839c63da5958c40385b3014c32ef2ce741
Opcode Fuzzy Hash: f7ea7170afd2db3bd021c9866e3e9e1e099edef75af21f0694eeab753dadd556
Instruction Fuzzy Hash: A0E1C662B08A82E1FF45EF66D4846ACA7A1EB45B84FE99433DA1E07385DE3CE544C350

Function 00007FF764AF7490 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 289COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AFF880: memmove.VCRUNTIME140 ref: 00007FF764AFF9E4

memmove.VCRUNTIME140 ref: 00007FF764AF756B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF76DD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF772F
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF7780
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF77BF
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF7810
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF784F

Part of subcall function 00007FF764AF4E10: __std_exception_copy.VCRUNTIME140 ref: 00007FF764AF4E53

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF78CB

Strings

parse error, xrefs: 00007FF764AF7561, 00007FF764AF7581

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memmove$__std_exception_copy
String ID: parse error
API String ID: 450636425-316136553
Opcode ID: e9b9cbece805098340afa4a6ff42029fc29c7933a9d6b5133d1a32574b8461c6
Instruction ID: b8225a073adc67deaaf9dc335d25761e91de7255323f26379a148fc16124a64d
Opcode Fuzzy Hash: e9b9cbece805098340afa4a6ff42029fc29c7933a9d6b5133d1a32574b8461c6
Instruction Fuzzy Hash: 50D1D562E18B8181EB04EF2AD48476DA761FB997A4FA45232EA9C036D5DF7CE4C0C350

Function 00007FF764B2B8F0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 78encryptionCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764B2B930
CryptAcquireContextA.ADVAPI32(?,?,?,?,?,?,?,?,00007FF764B2B8B9), ref: 00007FF764B2B94F
CryptCreateHash.ADVAPI32(?,?,?,?,?,?,?,?,00007FF764B2B8B9), ref: 00007FF764B2B979
CryptHashData.ADVAPI32(?,?,?,?,?,?,?,?,00007FF764B2B8B9), ref: 00007FF764B2B991
CryptGetHashParam.ADVAPI32(?,?,?,?,?,?,?,?,00007FF764B2B8B9), ref: 00007FF764B2B9B6
CryptGetHashParam.ADVAPI32(?,?,?,?,?,?,?,?,00007FF764B2B8B9), ref: 00007FF764B2B9E2
CryptDestroyHash.ADVAPI32(?,?,?,?,?,?,?,?,00007FF764B2B8B9), ref: 00007FF764B2B9F2
CryptReleaseContext.ADVAPI32(?,?,?,?,?,?,?,?,00007FF764B2B8B9), ref: 00007FF764B2BA04

Strings

@, xrefs: 00007FF764B2B945

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Crypt$Hash$ContextParam$AcquireCreateDataDestroyReleasememset
String ID: @
API String ID: 2041421932-2766056989
Opcode ID: 704e135f58fe50079fd3cd6b89b01256576c1f0f5e4a291e04a01bb74073d726
Instruction ID: 2cc492946ec2da44ba668be44d2d0e2723d3d35913eabd2f04f589e0573452cb
Opcode Fuzzy Hash: 704e135f58fe50079fd3cd6b89b01256576c1f0f5e4a291e04a01bb74073d726
Instruction Fuzzy Hash: F6313D32619681C6EB64DF22E4C4A6AF764FBC8B80F885135EA8E53B14CF3CD445CB10

Function 00007FF764AC07C8 Relevance: 15.1, APIs: 10, Instructions: 104keyboardCOMMON

Download Yara Rule

APIs

GetClientRect.USER32 ref: 00007FF764AC07FB
QueryPerformanceCounter.KERNEL32 ref: 00007FF764AC0829
GetKeyState.USER32 ref: 00007FF764AC0867
GetKeyState.USER32 ref: 00007FF764AC087F
GetKeyState.USER32 ref: 00007FF764AC0895
ClientToScreen.USER32 ref: 00007FF764AC08DF
SetCursorPos.USER32 ref: 00007FF764AC08EB
GetActiveWindow.USER32 ref: 00007FF764AC08FB
GetCursorPos.USER32 ref: 00007FF764AC090E
ScreenToClient.USER32 ref: 00007FF764AC0923

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ClientState$CursorScreen$ActiveCounterPerformanceQueryRectWindow
String ID:
API String ID: 2405801627-0
Opcode ID: 2f7e390bda73068c7f3dd6807a04c82aea7e7ba71e7b018e7c521b0ee918c62c
Instruction ID: c31177c50f9c1a835735a81dd527be4074da64469853f0db2a851da84fa583db
Opcode Fuzzy Hash: 2f7e390bda73068c7f3dd6807a04c82aea7e7ba71e7b018e7c521b0ee918c62c
Instruction Fuzzy Hash: 4B51B032E18641DAF705EF76D8806ACB7B0FB4D784F885235DA1D53655DF38A494CB20

Function 00007FF764B42860 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 252fileCOMMON

Download Yara Rule

APIs

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000468,00000470,00000000,?), ref: 00007FF764B428F3
fgets.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B4291D
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B42B7A

Strings

machine, xrefs: 00007FF764B42AB1, 00007FF764B42AF2
password, xrefs: 00007FF764B42A99
login, xrefs: 00007FF764B42A7E
default, xrefs: 00007FF764B42B0D
, xrefs: 00007FF764B42931, 00007FF764B42B32

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: fclosefgetsfopen
String ID: $default$login$machine$password
API String ID: 1391696698-155862542
Opcode ID: fc1651bba4f1ffe879d65b12285de02692e79c8cc4685c41432a0a1550bc1a6d
Instruction ID: 820e87f608916b986cf7cb2ddbee569c838dc24e29af2606788571a18139511e
Opcode Fuzzy Hash: fc1651bba4f1ffe879d65b12285de02692e79c8cc4685c41432a0a1550bc1a6d
Instruction Fuzzy Hash: 4AA18621A0C782D5FA69AF13E5D43BAE690AF8D7C4F884031DE4D46698DE3CE4499730

Function 00007FF764B51210 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 69encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32 ref: 00007FF764B51256
CryptCreateHash.ADVAPI32 ref: 00007FF764B5127A
CryptHashData.ADVAPI32 ref: 00007FF764B51296
CryptGetHashParam.ADVAPI32 ref: 00007FF764B512B5
CryptGetHashParam.ADVAPI32 ref: 00007FF764B512D8
CryptDestroyHash.ADVAPI32 ref: 00007FF764B512E8
CryptReleaseContext.ADVAPI32 ref: 00007FF764B512FA

Strings

@, xrefs: 00007FF764B5122D

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Crypt$Hash$ContextParam$AcquireCreateDataDestroyRelease
String ID: @
API String ID: 3606780921-2766056989
Opcode ID: 53638c4c6439253e70d4761c07b10cdd26f02755566521c4f48a9a6fcf1cc29c
Instruction ID: eeac2ad85224bfa4d4e47f1f51056c499d9645e002421dc7bf26d7d052867a68
Opcode Fuzzy Hash: 53638c4c6439253e70d4761c07b10cdd26f02755566521c4f48a9a6fcf1cc29c
Instruction Fuzzy Hash: 61217332A18681C6EB54DF62F49466AF760FBC9B84F845135EA8E43A18DF3CD8458B10

Function 00007FF764B522D8 Relevance: 13.6, APIs: 9, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF764B522F4
memset.VCRUNTIME140 ref: 00007FF764B52318
RtlCaptureContext.KERNEL32 ref: 00007FF764B52321
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF764B5233B
RtlVirtualUnwind.KERNEL32 ref: 00007FF764B5237C
memset.VCRUNTIME140 ref: 00007FF764B523AF
IsDebuggerPresent.KERNEL32 ref: 00007FF764B523D0
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF764B523ED
UnhandledExceptionFilter.KERNEL32 ref: 00007FF764B523F8

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 313767242-0
Opcode ID: 9ffb1756e9c475c04c7550e8272371286c059ab5ba4d151dd7ac7b352fc41ab7
Instruction ID: 40901933010a9881cf863867c3ce56d2151c2203d37b35ddb92052ec64ab33ee
Opcode Fuzzy Hash: 9ffb1756e9c475c04c7550e8272371286c059ab5ba4d151dd7ac7b352fc41ab7
Instruction Fuzzy Hash: 6D312172609B81C5EB689F61E8803EDB360FB88744F84443ADA4D47B94DF3DD648CB20

Function 00007FF764B4F120 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 112encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32 ref: 00007FF764B4F167
CryptImportKey.ADVAPI32 ref: 00007FF764B4F239
CryptReleaseContext.ADVAPI32 ref: 00007FF764B4F251
CryptEncrypt.ADVAPI32 ref: 00007FF764B4F282
CryptDestroyKey.ADVAPI32 ref: 00007FF764B4F28C
CryptReleaseContext.ADVAPI32 ref: 00007FF764B4F298

Strings

@, xrefs: 00007FF764B4F14D

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Crypt$Context$Release$AcquireDestroyEncryptImport
String ID: @
API String ID: 3016261861-2766056989
Opcode ID: 60797377a7866c532b6b7cd8b609c772dc1698af9ecfdd9bfcc56e5b02a438d6
Instruction ID: 1cfc3f9910b1479fe828e0e62fc429a08b048d06ec08a2d476bdd01bb4688d17
Opcode Fuzzy Hash: 60797377a7866c532b6b7cd8b609c772dc1698af9ecfdd9bfcc56e5b02a438d6
Instruction Fuzzy Hash: C8419E22A046A0CEF7109FB6E4903EE7BB1F74A348F444025DE9D17A4ACB3C811AD760

Function 00007FF764AB0138 Relevance: 12.0, APIs: 8, Instructions: 44clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00007FF764AB014C
GlobalAlloc.KERNEL32 ref: 00007FF764AB016E
GlobalLock.KERNEL32 ref: 00007FF764AB017F
GlobalUnlock.KERNEL32 ref: 00007FF764AB019E
EmptyClipboard.USER32 ref: 00007FF764AB01A4
SetClipboardData.USER32 ref: 00007FF764AB01B2
GlobalFree.KERNEL32 ref: 00007FF764AB01C0
CloseClipboard.USER32 ref: 00007FF764AB01C6

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardGlobal$AllocCloseDataEmptyFreeLockOpenUnlock
String ID:
API String ID: 453615576-0
Opcode ID: 6ee73d281638923e8959a35da648ca09333b9b6fe898f591ca06f8d2f7e93c85
Instruction ID: 67d6b8205310f93fbb322fff84e3858a3bbf34b0c136e02b2ffd2687ed7ebe48
Opcode Fuzzy Hash: 6ee73d281638923e8959a35da648ca09333b9b6fe898f591ca06f8d2f7e93c85
Instruction Fuzzy Hash: 7C115E21B09742C2FA58BF27F998739D6A1AF89FC1F949034DE0E06759DF3CE8458220

Function 00007FF764AA8FE8 Relevance: 10.6, APIs: 7, Instructions: 118clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00007FF764AA906B
GetClipboardData.USER32 ref: 00007FF764AA9081
CloseClipboard.USER32 ref: 00007FF764AA908F
GlobalLock.KERNEL32 ref: 00007FF764AA909A
memcpy.VCRUNTIME140 ref: 00007FF764AA9121
GlobalUnlock.KERNEL32 ref: 00007FF764AA9180
CloseClipboard.USER32 ref: 00007FF764AA9186

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Clipboard$CloseGlobal$DataLockOpenUnlockmemcpy
String ID:
API String ID: 30868158-0
Opcode ID: 2f12158fef0840934f86515725fcfa18755303b1d85ca70cddb54b0369cf3f74
Instruction ID: 99cc987344177b84d5effc7e501e0885b87f6dcfd3068b1b9f86c4a14cbdb515
Opcode Fuzzy Hash: 2f12158fef0840934f86515725fcfa18755303b1d85ca70cddb54b0369cf3f74
Instruction Fuzzy Hash: 8E512A31E09642D1FA54AF27EDC4679E3A4AF4DB90F941835C90E43FA0DE2DE8858360

Function 00007FF764AC6F7C Relevance: 9.3, APIs: 1, Strings: 5, Instructions: 299COMMON

Download Yara Rule

Strings

##ColorButton, xrefs: 00007FF764AC77B4
_COL4F, xrefs: 00007FF764AC7A07
##picker, xrefs: 00007FF764AC78BE
_COL3F, xrefs: 00007FF764AC79E0
picker, xrefs: 00007FF764AC7868

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ##ColorButton$##picker$_COL3F$_COL4F$picker
API String ID: 0-4294525443
Opcode ID: 95ca310219c95db08e44fe0113c1d406374dbeb8dfb2d7581c89c63483b5ca1b
Instruction ID: 971c3272a473a972f934dcc64f87ea4fa2d17e7a530dbb5fb3a80637a519b9b1
Opcode Fuzzy Hash: 95ca310219c95db08e44fe0113c1d406374dbeb8dfb2d7581c89c63483b5ca1b
Instruction Fuzzy Hash: E3D1E136E18786D9F762EF3794805A9F7A0AF59344FA48731DE4C266A1DF28B481CF10

Function 00007FF764AECD18 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 387COMMON

Download Yara Rule

APIs

exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AECD4B
memset.VCRUNTIME140 ref: 00007FF764AECD60

Strings

1.67 WIP, xrefs: 00007FF764AECE3A
C:\Windows\Fonts\Bahnschrift.ttf, xrefs: 00007FF764AED565
, xrefs: 00007FF764AECDF5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: exitmemset
String ID: $1.67 WIP$C:\Windows\Fonts\Bahnschrift.ttf
API String ID: 2099101326-3343129968
Opcode ID: e96202bf6c792ff41605ffbcb088583ecf29dc5cc0d6e05b0260ad47cf2591c1
Instruction ID: 79e1d95d97c33d8c6ec32940ffb1a36ba3c3ea58fd7324de1fcd8addfa90c4fc
Opcode Fuzzy Hash: e96202bf6c792ff41605ffbcb088583ecf29dc5cc0d6e05b0260ad47cf2591c1
Instruction Fuzzy Hash: A6225072A08B85D1EB20EF16E4907AAB360FBC9740F904236DA8D07BA5DF3DD544DB10

Function 00007FF764AE8444 Relevance: 9.0, APIs: 6, Instructions: 39processstringCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF764AE8469
Process32First.KERNEL32 ref: 00007FF764AE8485
lstrcmpiA.KERNEL32 ref: 00007FF764AE849B
CloseHandle.KERNEL32 ref: 00007FF764AE84AA
Process32Next.KERNEL32 ref: 00007FF764AE84CA
CloseHandle.KERNEL32 ref: 00007FF764AE84D8

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32lstrcmpi
String ID:
API String ID: 3122021977-0
Opcode ID: 1e58ee6bad95ded6318a7b1b0e9af84073a75d120623fbb73b97c6714ccfc4ba
Instruction ID: 1b448a40a1a9073a01e574e2603a0841a6a04eec7bbb128365f37d9e6a7e0239
Opcode Fuzzy Hash: 1e58ee6bad95ded6318a7b1b0e9af84073a75d120623fbb73b97c6714ccfc4ba
Instruction Fuzzy Hash: 0E114632A1C581D2E760EF16E89076BF3A0FBC8744F801035E59E87659DF3CD4048B10

Function 00007FF764B2B820 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32 ref: 00007FF764B2B851
CryptGenRandom.ADVAPI32 ref: 00007FF764B2B865
CryptReleaseContext.ADVAPI32 ref: 00007FF764B2B876
CryptReleaseContext.ADVAPI32 ref: 00007FF764B2B88C

Strings

@, xrefs: 00007FF764B2B839

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Crypt$Context$Release$AcquireRandom
String ID: @
API String ID: 2916321625-2766056989
Opcode ID: b27ae78883a2cb8bdf6d67dcf95efdb2d4145fac989905538182efcfea9ff988
Instruction ID: 765aae2381ae73693b897251406095f4ee25221ea6c72d08003dbb92ee367ecb
Opcode Fuzzy Hash: b27ae78883a2cb8bdf6d67dcf95efdb2d4145fac989905538182efcfea9ff988
Instruction Fuzzy Hash: D7F01D65B18A81C2E7149F66F88432BE760EB8CBD4F984530DE4D46669DE7CC4858B10

Function 00007FF764ACABCC Relevance: 7.4, APIs: 2, Strings: 1, Instructions: 2175COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764ACB138

Strings

#SCROLLY, xrefs: 00007FF764ACAFF4, 00007FF764ACC5AB

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID: #SCROLLY
API String ID: 3510742995-1064663049
Opcode ID: a904af8487da5be2eb8c57b845cc4abc1627c98624e95afa8723b349040bbdaa
Instruction ID: 8ed6e64cd1085e5d6236a74c25fc7a96102515b66073ef2e598b6e08ce54c96b
Opcode Fuzzy Hash: a904af8487da5be2eb8c57b845cc4abc1627c98624e95afa8723b349040bbdaa
Instruction Fuzzy Hash: 4C23D872A08281DAE7B1EF37A080ABDB7A1FB59748F549235DE4917795CF39E840CB10

Function 00007FF764B52798 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF764B527F9
IsDebuggerPresent.KERNEL32 ref: 00007FF764B52811
OutputDebugStringW.KERNEL32 ref: 00007FF764B52822

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF764B5281B

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: def13fc1b0ef8317954262717a2b38fb30d0076d0c4d1cabf66c3bbe19ae4e3e
Instruction ID: bff514be7bb26a4af3406aa2c3b8c5a207055337709020a7a65747da55c14765
Opcode Fuzzy Hash: def13fc1b0ef8317954262717a2b38fb30d0076d0c4d1cabf66c3bbe19ae4e3e
Instruction Fuzzy Hash: 4B114232A18781E6F748AF67E5943B9B2A0FF48345F844135C64D42950EF7CE874CB60

Function 00007FF764ABB0B4 Relevance: 6.6, APIs: 4, Instructions: 590COMMON

Download Yara Rule

APIs

sqrtf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ABB751
sqrtf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ABB76E
memcpy.VCRUNTIME140 ref: 00007FF764ABB8B7
memcpy.VCRUNTIME140 ref: 00007FF764ABB8D5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpysqrtf
String ID:
API String ID: 553808169-0
Opcode ID: 492266a61c83890433d60aec06366bcd5dd0c8c8549fcafe1bbcf1ff272e8735
Instruction ID: af5e4d2b4965a2626b88766657ea4a160b3f7e09049d9a7fe4d9bfe2e286cc7e
Opcode Fuzzy Hash: 492266a61c83890433d60aec06366bcd5dd0c8c8549fcafe1bbcf1ff272e8735
Instruction Fuzzy Hash: 9A327922A186D48AD3169F3690C17BAFBE0FF59784F188336EE8957A65DB3CD501CB10

Function 00007FF764AC48F8 Relevance: 6.5, APIs: 4, Instructions: 466COMMON

Download Yara Rule

APIs

pow.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC4AD4
pow.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC4B0C
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC4E4A
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC4EB5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: e6f505cddc68826997d64d84fb6209016d70f5c18f6e9eaba0e9e1902693ebd6
Instruction ID: 1ba60517f7d06cf26610709ede17694d31708123f83b47b488dbed385573ef55
Opcode Fuzzy Hash: e6f505cddc68826997d64d84fb6209016d70f5c18f6e9eaba0e9e1902693ebd6
Instruction Fuzzy Hash: 74122B22D1CA8DD5E573AE3750826B9E2516F6E7C0F6CC732ED4D323A1EF2974818A14

Function 00007FF764B43890 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 425COMMON

Download Yara Rule

Strings

digest_sspi: MakeSignature failed, error 0x%08lx, xrefs: 00007FF764B43C3B
realm, xrefs: 00007FF764B43BA7
WDigest, xrefs: 00007FF764B438D1, 00007FF764B43D05

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: WDigest$digest_sspi: MakeSignature failed, error 0x%08lx$realm
API String ID: 0-2223379150
Opcode ID: 5c2294be4ef743a16657df1e894e08abb3409a5dbaed0979d756017a5ab5a391
Instruction ID: 706beaa13e26fc0c88d1913385a9f2bb9a6239675b5c29f40caddbe81b0008f6
Opcode Fuzzy Hash: 5c2294be4ef743a16657df1e894e08abb3409a5dbaed0979d756017a5ab5a391
Instruction Fuzzy Hash: 92127032A09B45C5EB14EF26E8946BDB7A4FB49B88F841035DE4E43B98DF38D449C750

Function 00007FF764AC429C Relevance: 6.4, APIs: 4, Instructions: 366COMMON

Download Yara Rule

APIs

pow.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC444D
pow.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC4473
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC4776
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC47D9

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: c3fe3f6757d64ab9f07dea7ff231f2bd05cf77fe0c7987e0188f11e64b42626c
Instruction ID: d49f80ac582e32f0fff59d23ffb8a8cb15affc2618e8801e465035a30472eeb3
Opcode Fuzzy Hash: c3fe3f6757d64ab9f07dea7ff231f2bd05cf77fe0c7987e0188f11e64b42626c
Instruction Fuzzy Hash: 02F1D922D18BC9C5E2A2AF3750815F5F350AFAE784F68D732ED4C32761EF2875818A14

Function 00007FF764AC309C Relevance: 6.3, APIs: 4, Instructions: 347COMMON

Download Yara Rule

APIs

powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC321E
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC3239
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC3527
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC3573

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: 16ba082a715744d736da512d1211b58145f04c355266d3bf6cebc3c349229d48
Instruction ID: 3edc744c56133820496ea8d3a282aec88b31d65a587a2c219ff7e1c55a61a510
Opcode Fuzzy Hash: 16ba082a715744d736da512d1211b58145f04c355266d3bf6cebc3c349229d48
Instruction Fuzzy Hash: EAF1F832D18689D5E6A3AF3750815B9F350AF6E384F6CD732ED88327A1DF2974818B10

Function 00007FF764B52528 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF764B52554
GetCurrentThreadId.KERNEL32 ref: 00007FF764B52562
GetCurrentProcessId.KERNEL32 ref: 00007FF764B5256E
QueryPerformanceCounter.KERNEL32 ref: 00007FF764B5257E

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: b06b66f6bffe87dc0a2cc0103786f38d0479be89cdd0c2b78a49703432985ce3
Instruction ID: 7be176c002d04e9add17de965ae8b0ceedde672d1f240851cc7a87a5bc94fb27
Opcode Fuzzy Hash: b06b66f6bffe87dc0a2cc0103786f38d0479be89cdd0c2b78a49703432985ce3
Instruction Fuzzy Hash: F2115A22B14F01CAEF00DF61E8942B8B3A4FB1D758F841E35EA2D86BA8DF78D5548350

Function 00007FF764B2E640 Relevance: 6.0, APIs: 4, Instructions: 33encryptionCOMMON

Download Yara Rule

APIs

CryptGetHashParam.ADVAPI32 ref: 00007FF764B2E670
CryptGetHashParam.ADVAPI32 ref: 00007FF764B2E696
CryptDestroyHash.ADVAPI32 ref: 00007FF764B2E6A5
CryptReleaseContext.ADVAPI32 ref: 00007FF764B2E6B5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Crypt$Hash$Param$ContextDestroyRelease
String ID:
API String ID: 2110207923-0
Opcode ID: c3d059d0d9032344f1b3302af12fedbea2a40242b2ac23347c5db4b0351591b3
Instruction ID: a9cbb2e1895d7f05346ded2c42737d450036618ba7deb52e0fa83c2022eeb08f
Opcode Fuzzy Hash: c3d059d0d9032344f1b3302af12fedbea2a40242b2ac23347c5db4b0351591b3
Instruction Fuzzy Hash: BC017136608641C2EB54DF32E49437AF730FB88B88F584135DA4D06A68CF7CD948CB10

Function 00007FF764AB67DC Relevance: 5.7, APIs: 4, Instructions: 695COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764AB6A64
memset.VCRUNTIME140 ref: 00007FF764AB6A71
memset.VCRUNTIME140 ref: 00007FF764AB6A82

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: d47c52100ab6c86bbf06f939a91421edf6ba77d4ed97f8a5b623955d4bfd96b4
Instruction ID: 3a6771bad43cc93447f2131d98200ff9b982c3b2521deaeeb0702d3dbe0ed104
Opcode Fuzzy Hash: d47c52100ab6c86bbf06f939a91421edf6ba77d4ed97f8a5b623955d4bfd96b4
Instruction Fuzzy Hash: FC620173A04B84CAE714EF36D480AADB7A4FB48B84F558336EE4963755DB38E490CB10

Function 00007FF764B2E5E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32 ref: 00007FF764B2E5FC
CryptCreateHash.ADVAPI32 ref: 00007FF764B2E61D

Strings

@, xrefs: 00007FF764B2E5EC

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Crypt$AcquireContextCreateHash
String ID: @
API String ID: 1914063823-2766056989
Opcode ID: 0c750fbf475f5cae955593147f4e36bebaef1694b2f6c3a0193a9ec42d589b96
Instruction ID: f745d4136d42066f5135087e527e78bb8ecbbc31b6be529c45a2b91f0c9ae0f5
Opcode Fuzzy Hash: 0c750fbf475f5cae955593147f4e36bebaef1694b2f6c3a0193a9ec42d589b96
Instruction Fuzzy Hash: 25E04861B1455283F7605F76E451B16E350FB98748F885030CF4C46A54DF3DD5568B14

Function 00007FF764AC1804 Relevance: 4.7, APIs: 3, Instructions: 248COMMON

Download Yara Rule

APIs

pow.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC1AA3
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC1ADC
pow.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC1B2A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: d3d2838740c5478233c10e7b03a2a6deff66b6bb0625ded09af2f6552f7dda6e
Instruction ID: 36d8f91744e4aa2b6afc711c6f86ca28807ebf3491efa16383a45d81d568e784
Opcode Fuzzy Hash: d3d2838740c5478233c10e7b03a2a6deff66b6bb0625ded09af2f6552f7dda6e
Instruction Fuzzy Hash: 73B10132E0CEC9D4E2B7BE3740816F9E794AF6A384F698731DD4931395DF1964828E60

Function 00007FF764AC1090 Relevance: 4.7, APIs: 3, Instructions: 242COMMON

Download Yara Rule

APIs

powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC12E8
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC1313
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC1366

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: ee4173f70ccb6ba3f1601534f77a3ab21d6fd9df7abc850a4ca4843433909328
Instruction ID: ba929cb91f739a79fb3ee78ba0ec3bf2a995d5fce9d99fa2820a8a967aa891db
Opcode Fuzzy Hash: ee4173f70ccb6ba3f1601534f77a3ab21d6fd9df7abc850a4ca4843433909328
Instruction Fuzzy Hash: A7A15932F08689D1E3B2BF3790859F9F791AF6D744F694331D94876361EB3868818E60

Function 00007FF764AC1420 Relevance: 4.7, APIs: 3, Instructions: 241COMMON

Download Yara Rule

APIs

powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC1699
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC16C2
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC170C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: d4d072a837ff10d9ac6f888d220dc57c23bc458a482c65a49c4b552bce46d0c3
Instruction ID: b56155b53916948c4c52c6edf673dd9e0f681e2f5f5c313837c5d33d6f630898
Opcode Fuzzy Hash: d4d072a837ff10d9ac6f888d220dc57c23bc458a482c65a49c4b552bce46d0c3
Instruction Fuzzy Hash: F1B1DC32E0868DD4E2B2BF3740855B9E7909F5D744F6D8732D948363A1DF2979818E60

Function 00007FF764AA34BC Relevance: 4.6, Strings: 2, Instructions: 2149COMMON

Download Yara Rule

Strings

#CLOSE, xrefs: 00007FF764AA53EF
#COLLAPSE, xrefs: 00007FF764AA53BB

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID: #CLOSE$#COLLAPSE
API String ID: 3510742995-3250029216
Opcode ID: 502995c024bf325f797c2aadb8e0e860549fe247ba9d7e9ca799fdd239713cf7
Instruction ID: b2024fc76d4eb3319057bfa60a63532b19cb2c5c6f2d682551b816bd3c0f5bb8
Opcode Fuzzy Hash: 502995c024bf325f797c2aadb8e0e860549fe247ba9d7e9ca799fdd239713cf7
Instruction Fuzzy Hash: CD33F333A04B85EBD315DF3785806ACB760FF59384F689725EB48279A1DB38B4A4CB50

Function 00007FF764B2E9F0 Relevance: 4.0, Strings: 3, Instructions: 223COMMON

Download Yara Rule

Strings

%c%c%c%c, xrefs: 00007FF764B2EB23
%c%c%c=, xrefs: 00007FF764B2EB61
%c%c==, xrefs: 00007FF764B2EB93

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %c%c%c%c$%c%c%c=$%c%c==
API String ID: 0-3943651191
Opcode ID: 6c294575899eafee50b99d789df6186d5b89ff55ef8fa598f33477454f8f0c55
Instruction ID: 94d221a904b85b78eb9294f4a5d8ad47e3a2bdb062c0a433327c9f5e54c07d36
Opcode Fuzzy Hash: 6c294575899eafee50b99d789df6186d5b89ff55ef8fa598f33477454f8f0c55
Instruction Fuzzy Hash: 5491C1329086D1C5E721AF27E4843BEBBA0EB49794F984635EAAD077D6DF3CD4018720

Function 00007FF764ACF2F8 Relevance: 4.0, APIs: 3, Instructions: 218COMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140 ref: 00007FF764ACF42E
memchr.VCRUNTIME140 ref: 00007FF764ACF4B9
memchr.VCRUNTIME140 ref: 00007FF764ACF548

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memchr
String ID:
API String ID: 3297308162-0
Opcode ID: 4979c0c5c9220457940361f77ec4a9eab97471c301c2a37e104154d113d7bef1
Instruction ID: 2288127b63024874c0580863f7878b57c5d65ee57aa8b86586a7c786af015984
Opcode Fuzzy Hash: 4979c0c5c9220457940361f77ec4a9eab97471c301c2a37e104154d113d7bef1
Instruction Fuzzy Hash: 9E912822E18B88D5F751EF3784816F9E3619F6E3C8F549335EE0836AE6DF2461829710

Function 00007FF764AF8C40 Relevance: 3.7, APIs: 2, Instructions: 680COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00000000,?,00007FF764AF0C31), ref: 00007FF764AF9165
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 00007FF764AF95B0

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Xbad_function_call@std@@_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 18249463-0
Opcode ID: dda164171b7cc22a878b7206e416ac8867319c5097f5f024c59ef831e74f4315
Instruction ID: c2092150dbe46e8a47902d566be646f0b3b05bdd67c1779ce1c4fe763596f37f
Opcode Fuzzy Hash: dda164171b7cc22a878b7206e416ac8867319c5097f5f024c59ef831e74f4315
Instruction Fuzzy Hash: 6D52B122B08B81D4EB919F26D5805BCABE5EB59B98FAC8136CF5D07799CF38D454C320

Function 00007FF764AE83BC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

DeviceIoControl.KERNEL32 ref: 00007FF764AE8432

Strings

$&", xrefs: 00007FF764AE8426

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ControlDevice
String ID: $&"
API String ID: 2352790924-3602642414
Opcode ID: 34938949baf72a64b9f489be82fe32ec66ac4e84fc3d5420b58de77ba00bcc06
Instruction ID: ee91c8fa8aebac32fae6a3cdbe4a11d0682e4c0c36ccd3b61a3087af7d1689b6
Opcode Fuzzy Hash: 34938949baf72a64b9f489be82fe32ec66ac4e84fc3d5420b58de77ba00bcc06
Instruction Fuzzy Hash: CEF0B272618B8496E7508F05F49435ABBB0F789794FA00125E78D47B68DB7EC5888B40

Function 00007FF764AC55A0 Relevance: 3.1, APIs: 2, Instructions: 126COMMON

Download Yara Rule

APIs

powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC5685

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: 0d47529af0394297a2a21e14f599efbe6677810112427551c356cada91a1fbc8
Instruction ID: 81eac704f41eb474e55f9c360179e6113189c0906d0c168bb454f49f0114fb95
Opcode Fuzzy Hash: 0d47529af0394297a2a21e14f599efbe6677810112427551c356cada91a1fbc8
Instruction Fuzzy Hash: 1C412641E697AD92E867A9774182CB9C1421F6A3C0EBCCB31F90E31792EB3D31C14C20

Function 00007FF764B3AF20 Relevance: 3.0, APIs: 2, Instructions: 38COMMON

Download Yara Rule

APIs

#9.WS2_32 ref: 00007FF764B3AF5B
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B3AF8F

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _getpid
String ID:
API String ID: 1117694923-0
Opcode ID: ed7fbe7cc5f9d7e52b88230b7289b73f1f2ff13124d09836da9230587ab18451
Instruction ID: 413a3c2397d5f2e09d4d136e17dda523fea6df1c51d8b4628d7a821486990b6a
Opcode Fuzzy Hash: ed7fbe7cc5f9d7e52b88230b7289b73f1f2ff13124d09836da9230587ab18451
Instruction Fuzzy Hash: 87117C62A247D0CAD304CF36E5401AD7770FB5CB84B44962AFB9987B18EB78C6D0C704

Function 00007FF764ABCF3C Relevance: 2.7, APIs: 2, Instructions: 239COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764ABD037
memset.VCRUNTIME140 ref: 00007FF764ABD04F

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 3a5fadd2f103c3f6c418a1c90fa5d3291df2826f5ab8dda4513d5b6f2954857f
Instruction ID: 65f1eedcecc9314a3bffec73db1998efae6cd1244a700a918e3741b5f08668d7
Opcode Fuzzy Hash: 3a5fadd2f103c3f6c418a1c90fa5d3291df2826f5ab8dda4513d5b6f2954857f
Instruction Fuzzy Hash: 6AA1B232A09A85D6EB15EF27E480669F360FF48784F59C231EB4D67660EF39E491CB10

Function 00007FF764AE765C Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

APIs

mouse_event.USER32 ref: 00007FF764AE787A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: 0c733af39d3655b9900021ddd06364e0f6b211c0d1781d2ab71de83f4cf8f862
Instruction ID: 9439ce8ec8b53d379ee17d62154bf68206a97961bdb74c1218ccc391177b79b4
Opcode Fuzzy Hash: 0c733af39d3655b9900021ddd06364e0f6b211c0d1781d2ab71de83f4cf8f862
Instruction Fuzzy Hash: 97510E33829689DAD382EF3BA48141AF361EFDD740F18A711F69531469EB6CF4D49E10

Function 00007FF764ABE6B8 Relevance: 1.4, APIs: 1, Instructions: 191COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?), ref: 00007FF764ABE707

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 4eb59db528510afe6ba84e62e945828dc581ddafd7740ab6abe66c11a6125525
Instruction ID: 3a83e99216dbdc9061b8b6ddce9a10c2a0ee40f0efba3bdeace658122c3acda4
Opcode Fuzzy Hash: 4eb59db528510afe6ba84e62e945828dc581ddafd7740ab6abe66c11a6125525
Instruction Fuzzy Hash: CD51AEA3B1C6D255E3564FBE4983FBA6EC07B55348F285172EF59D2B85C83CD9008260

Function 00007FF764ABC898 Relevance: 1.4, APIs: 1, Instructions: 189COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,?,?,00000000), ref: 00007FF764ABC8F2

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: ac32b90888df507ad147b43e008ebfb1a65863415dfbf3a2dfc7fcd01452a7dd
Instruction ID: 88898ed293c2bf3b2f9ed2b8a3b9eba6eb96147b366f8225efd898d59407db72
Opcode Fuzzy Hash: ac32b90888df507ad147b43e008ebfb1a65863415dfbf3a2dfc7fcd01452a7dd
Instruction Fuzzy Hash: 58514973B686E4D9E716CE3E9442EBCBF91AB12348B99423DDA5883E85CD2DE101C710

Function 00007FF764B067D0 Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,00007FF764B06283,?,?,00000000,00007FF764B06CD5), ref: 00007FF764B068BD

Part of subcall function 00007FF764B518FC: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF764AA1453), ref: 00007FF764B5190C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: AcquireExclusiveHeapLockProcess
String ID:
API String ID: 3110430671-0
Opcode ID: ebbda2e24f3084b6939bea4f4bd34ccaebb7a0587f1e03758103568f371b80e1
Instruction ID: ca5e8294d3ae08c4a4ad0a3318ca291b0582f44ba23a66e986f9a053cc91c990
Opcode Fuzzy Hash: ebbda2e24f3084b6939bea4f4bd34ccaebb7a0587f1e03758103568f371b80e1
Instruction Fuzzy Hash: A831D3A0D0EA03C1EA54FF26FCC46B0A3A4AF4E315FD55175D56C422A1EF3CA9A4CB20

Function 00007FF764AD69DC Relevance: .9, Instructions: 921COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7392ef4a5e91daa7c5b30c5ef9a51c307a3167bb4da66a803bce9a1f4c71332
Instruction ID: 591b5b8c87e50416bf2b5faf4e2888e779000c7a1d3897298b0d704a80c4c4d5
Opcode Fuzzy Hash: f7392ef4a5e91daa7c5b30c5ef9a51c307a3167bb4da66a803bce9a1f4c71332
Instruction Fuzzy Hash: 2EE2FC32914B8AEAD701DF17E4C0169FB60EBD9B91F45C776EA4C23674EB68E0D09E10

Function 00007FF764ABD2CC Relevance: .7, Instructions: 725COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d48dd2998b373effdff6ab44f8027a378fdf9b0369d145495f7b2d381a455fd
Instruction ID: 93378deafffb632494effc854c151afee6f89111793b93115a28074ac1b66570
Opcode Fuzzy Hash: 4d48dd2998b373effdff6ab44f8027a378fdf9b0369d145495f7b2d381a455fd
Instruction Fuzzy Hash: 5062E332D18685DAE711EE3B94C14BCF3A0FFAD349F649735EE49629A5DB38B440CA10

Function 00007FF764B1CAA0 Relevance: .5, Instructions: 460COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7082c492ed63c731784ac54290ec0b40de6b18bec814edb5a8d187c0c3ac906b
Instruction ID: 5556f07d63dca2c2d2f4900c2f83e3bc083bed0c9b8a099d92cc98a7117b0eaa
Opcode Fuzzy Hash: 7082c492ed63c731784ac54290ec0b40de6b18bec814edb5a8d187c0c3ac906b
Instruction Fuzzy Hash: 9CF181B2B181A04AD36D8B2EA469639BFE1F3C9B41B04912EE7A7C3781D93CC555DF10

Function 00007FF764AAD8AC Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce104ee782247c1fb54b7c2ffe1858944aab01fabf03a3c8bccf688ab4357301
Instruction ID: 1cf206b917b8fcbb1466421a1340bc5f0cfb8bfb2319aee454e52a67e11bde52
Opcode Fuzzy Hash: ce104ee782247c1fb54b7c2ffe1858944aab01fabf03a3c8bccf688ab4357301
Instruction Fuzzy Hash: 5CE1E733A09685E6E659FE3381806F9F761FF59740F988231DE9C13A91DF28B4A4C690

Function 00007FF764ACE600 Relevance: .3, Instructions: 305COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1be837865c6463c54feaf57dc7bb9cfb91b0d6b9859c90354605b234f2e4fcc3
Instruction ID: 46c8588f5f99a31e095d36ce3e8778393fc74f4dd166e87b3cb62880da518d2c
Opcode Fuzzy Hash: 1be837865c6463c54feaf57dc7bb9cfb91b0d6b9859c90354605b234f2e4fcc3
Instruction Fuzzy Hash: C8D13832B08785D5E765AF3780826FEF3A0AF59344FA84735EE4D266A5DF38A4448B10

Function 00007FF764ABF698 Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: f4c5d1d590dd4c1f64ae20c067484da001f1d153175e2f8d5eb8b86faef1a3c8
Instruction ID: 9e5234a6e1bad90a3dfc9637a3c1036b89d93f3a4b1408ae41f31dabc966bb5a
Opcode Fuzzy Hash: f4c5d1d590dd4c1f64ae20c067484da001f1d153175e2f8d5eb8b86faef1a3c8
Instruction Fuzzy Hash: 9DD1D132A1869486D225CF36E18197EB3A1FF5D744F158326FB89A3654EB3CE5A0CB10

Function 00007FF764AB5828 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db34f1315bed3bc0947c951ccefa4f36435d7f56312848356d513ea63d3563e6
Instruction ID: 7694c7ed80b1c2d0d6bcbc38fe440a3c9705a62fcecf61f4d9b556bf1c6b3940
Opcode Fuzzy Hash: db34f1315bed3bc0947c951ccefa4f36435d7f56312848356d513ea63d3563e6
Instruction Fuzzy Hash: 5341BB21A08749D5E9219F27D0807BEB351AF6E794FB9C733D98832754DB39E5824210

Function 00007FF764B03545 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89ef4ab4c00f2b98bff18bb8ffc507612c5f0400747ffb4d4ba617b38d53742d
Instruction ID: 2386c6f4367b54fd295e8b43bbab2eccfe7c7d4d9655f7629f83e8fa43c285c0
Opcode Fuzzy Hash: 89ef4ab4c00f2b98bff18bb8ffc507612c5f0400747ffb4d4ba617b38d53742d
Instruction Fuzzy Hash: C301C877629195DFD366CF3DE9E494EBBE0AF0121030A9867C7D482581F368A239DB02

Function 00007FF764B511A0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9bc956564b332abba12e54d0044448655734ddf9d44365f360b093ba55ae5c6
Instruction ID: fc1d2420db85df7ba6a33de3b89d1ca0c451d5eae2fa466ce73df2f17f23cf0f
Opcode Fuzzy Hash: a9bc956564b332abba12e54d0044448655734ddf9d44365f360b093ba55ae5c6
Instruction Fuzzy Hash: 69F08C25724767BEFE05893B8624FBD9E409BC0741FB369748C84420CBC69F54A3D714

Function 00007FF764B2E630 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 728c2236c60636a8a0a6b9c84d25a20a707f68fea671a939b6c738dd5efd0c4c
Instruction ID: cbc2a65934444b17293bf8f348096709d0530e5e50aee9638fc12032a07fee2c
Opcode Fuzzy Hash: 728c2236c60636a8a0a6b9c84d25a20a707f68fea671a939b6c738dd5efd0c4c
Instruction Fuzzy Hash: BFA00162A0A94AC0A6149F26E6E0E26A661FB98B59799A025990E46820CE29A9428610

Function 00007FF764B5247C Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25e77f9e36053e1ff14b280e4e4e8fc229f9510f796af2b0a2a84b41f161a446
Instruction ID: e8b8646871df4dd6bda2acbe0c5a500815d11d7fc2dc2554083a5297a9a66470
Opcode Fuzzy Hash: 25e77f9e36053e1ff14b280e4e4e8fc229f9510f796af2b0a2a84b41f161a446
Instruction Fuzzy Hash: CDA00122919902D0EACCAF06E890460E220AB68300B805131C10D524609E2DE8448620

Function 00007FF764B1A9B0 Relevance: 38.8, APIs: 14, Strings: 8, Instructions: 317stringCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764B1AA82
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B1AA9D
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B1AADC

Strings

Bind to local port %hu failed, trying next, xrefs: 00007FF764B1AD90
Couldn't bind to interface '%s', xrefs: 00007FF764B1AC20
getsockname() failed with errno %d: %s, xrefs: 00007FF764B1AE2C
Couldn't bind to '%s', xrefs: 00007FF764B1AB72
Local Interface %s is ip %s using address family %i, xrefs: 00007FF764B1AB97
Name '%s' family %i resolved to '%s' family %i, xrefs: 00007FF764B1ACA8
bind failed with errno %d: %s, xrefs: 00007FF764B1AE68
Local port: %hu, xrefs: 00007FF764B1AE85

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strncmp$memset
String ID: Bind to local port %hu failed, trying next$Couldn't bind to '%s'$Couldn't bind to interface '%s'$Local Interface %s is ip %s using address family %i$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$getsockname() failed with errno %d: %s
API String ID: 3268688168-2769131373
Opcode ID: 4cbe12fd9de29c0c78e99b84e23e26b26675c28fb832ba387c8315a97971d806
Instruction ID: 995dc928bdc92397fde2c6ca8a4b56a90fe59c671cba335e1207e72486410640
Opcode Fuzzy Hash: 4cbe12fd9de29c0c78e99b84e23e26b26675c28fb832ba387c8315a97971d806
Instruction Fuzzy Hash: 8EE1E322E18682C6FB11EF26D4802B9A771FB9D788F805136EE4E43755DF7CE5898B10

Function 00007FF764B3B560 Relevance: 30.2, APIs: 8, Strings: 12, Instructions: 208stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140 ref: 00007FF764B3B633
strchr.VCRUNTIME140 ref: 00007FF764B3B68A
strchr.VCRUNTIME140 ref: 00007FF764B3B6A2
strchr.VCRUNTIME140 ref: 00007FF764B3B6BD
strchr.VCRUNTIME140 ref: 00007FF764B3B739
strchr.VCRUNTIME140 ref: 00007FF764B3B751
strchr.VCRUNTIME140 ref: 00007FF764B3B76C
strchr.VCRUNTIME140 ref: 00007FF764B3B787

Strings

lookup word is missing, xrefs: 00007FF764B3B6D4, 00007FF764B3B79E
/DEFINE:, xrefs: 00007FF764B3B5EB
/LOOKUP:, xrefs: 00007FF764B3B61D
CLIENT libcurl 7.70.0%sQUIT, xrefs: 00007FF764B3B66A
/MATCH:, xrefs: 00007FF764B3B59A
Failed sending DICT request, xrefs: 00007FF764B3B821
/D:, xrefs: 00007FF764B3B606
CLIENT libcurl 7.70.0MATCH %s %s %sQUIT, xrefs: 00007FF764B3B7F5
/M:, xrefs: 00007FF764B3B5B5
CLIENT libcurl 7.70.0DEFINE %s %sQUIT, xrefs: 00007FF764B3B71A
/FIND:, xrefs: 00007FF764B3B5D0
default, xrefs: 00007FF764B3B6E3, 00007FF764B3B7AD

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr
String ID: /D:$/DEFINE:$/FIND:$/LOOKUP:$/M:$/MATCH:$CLIENT libcurl 7.70.0%sQUIT$CLIENT libcurl 7.70.0DEFINE %s %sQUIT$CLIENT libcurl 7.70.0MATCH %s %s %sQUIT$Failed sending DICT request$default$lookup word is missing
API String ID: 2830005266-31095704
Opcode ID: 5fcc76786d9baf97454085261f29ac2740d549fcb7891344358fc34c5ebc3fba
Instruction ID: 2c8ee29e70479e319a5d58a7a8ab26bda644d18abb6679d7d089dc2f627044c8
Opcode Fuzzy Hash: 5fcc76786d9baf97454085261f29ac2740d549fcb7891344358fc34c5ebc3fba
Instruction Fuzzy Hash: 49813A21B0DA82D5FB16AF27D5902B9E691AF49BC4FD84031DD4D07B9AEF2CE905C630

Function 00007FF764B20BC0 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 312stringCOMMON

Download Yara Rule

APIs

tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B20CB5
strchr.VCRUNTIME140 ref: 00007FF764B20D55
memcpy.VCRUNTIME140 ref: 00007FF764B20D85
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF764B20DB1
strchr.VCRUNTIME140 ref: 00007FF764B20DFC
memcpy.VCRUNTIME140 ref: 00007FF764B20E5B

Part of subcall function 00007FF764AB2C0C: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764AB2C49

tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B20F74

Strings

Couldn't parse CURLOPT_RESOLVE entry '%s'!, xrefs: 00007FF764B20EEA
RESOLVE %s:%d is - old addresses discarded!, xrefs: 00007FF764B20FFB
Couldn't parse CURLOPT_RESOLVE removal entry '%s'!, xrefs: 00007FF764B20C57
Resolve address '%s' found illegal!, xrefs: 00007FF764B20EDB
%255[^:]:%d, xrefs: 00007FF764B20C41
@, xrefs: 00007FF764B20E46
:%u, xrefs: 00007FF764B20CC9, 00007FF764B20F88
RESOLVE %s:%d is wildcard, enabling wildcard checks, xrefs: 00007FF764B2109E
Added %s:%d:%s to DNS cache, xrefs: 00007FF764B2106D
], xrefs: 00007FF764B20E35

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpystrchrtolower$__stdio_common_vsscanfstrtoul
String ID: %255[^:]:%d$:%u$@$Added %s:%d:%s to DNS cache$Couldn't parse CURLOPT_RESOLVE entry '%s'!$Couldn't parse CURLOPT_RESOLVE removal entry '%s'!$RESOLVE %s:%d is - old addresses discarded!$RESOLVE %s:%d is wildcard, enabling wildcard checks$Resolve address '%s' found illegal!$]
API String ID: 1094891576-1753329177
Opcode ID: c5c8c0e76584fc4b9e90a34ed76afbd5feaefba947887263729aaa6997907158
Instruction ID: a55aa758be371b6d81607d7b71ae303fa3a086cc69745ff9f3201b3d58debb9f
Opcode Fuzzy Hash: c5c8c0e76584fc4b9e90a34ed76afbd5feaefba947887263729aaa6997907158
Instruction Fuzzy Hash: 16D1F222A096C6C5EB61AF22D4903FAB761FB4A798F844632DB5D17AC5DF3CE445C320

Function 00007FF764B28A30 Relevance: 27.3, APIs: 1, Strings: 17, Instructions: 341COMMON

Download Yara Rule

Strings

SOCKS4 connection to %s not supported, xrefs: 00007FF764B28CFC
SOCKS4: Failed receiving connect request ack: %s, xrefs: 00007FF764B28E8A
[, xrefs: 00007FF764B28FC4
Failed to send SOCKS4 connect request., xrefs: 00007FF764B28DDD
SOCKS4: too long host name, xrefs: 00007FF764B28DF6
SOCKS4%s request granted., xrefs: 00007FF764B28FF6
SOCKS4 communication to %s:%d, xrefs: 00007FF764B28B0F
Failed to resolve "%s" for SOCKS4 connect., xrefs: 00007FF764B28D1B
Too long SOCKS proxy name, can't use!, xrefs: 00007FF764B28BF7
SOCKS4 connect to IPv4 %s (locally resolved), xrefs: 00007FF764B28C9A
SOCKS4 non-blocking resolve of %s, xrefs: 00007FF764B28B9B
SOCKS4%s: connecting to HTTP proxy %s port %d, xrefs: 00007FF764B28AF6
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client., xrefs: 00007FF764B28F9D
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown., xrefs: 00007FF764B28F36
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed., xrefs: 00007FF764B28FD4
SOCKS4 reply has wrong version, version should be 0., xrefs: 00007FF764B28ED1
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids., xrefs: 00007FF764B28F63

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.$Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.$Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.$Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.$Failed to resolve "%s" for SOCKS4 connect.$Failed to send SOCKS4 connect request.$SOCKS4 communication to %s:%d$SOCKS4 connect to IPv4 %s (locally resolved)$SOCKS4 connection to %s not supported$SOCKS4 non-blocking resolve of %s$SOCKS4 reply has wrong version, version should be 0.$SOCKS4%s request granted.$SOCKS4%s: connecting to HTTP proxy %s port %d$SOCKS4: Failed receiving connect request ack: %s$SOCKS4: too long host name$Too long SOCKS proxy name, can't use!$[
API String ID: 0-3760664348
Opcode ID: 7c5d0b9aca62ebf1b4c4a5e4cf9eed0176a0a2008ba5a6cdf9a5b1443dee7418
Instruction ID: 72af14655c7879ccef30b012a82c32010a67a3752297569706cf4a505f305fb5
Opcode Fuzzy Hash: 7c5d0b9aca62ebf1b4c4a5e4cf9eed0176a0a2008ba5a6cdf9a5b1443dee7418
Instruction Fuzzy Hash: C1E1D062A0C6C1C9EB55AF26D4D437ABBA1FB49B84F888236DA4D47795CF3CE444C720

Function 00007FF764B2C260 Relevance: 26.6, APIs: 2, Strings: 13, Instructions: 348libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF764B2C331
GetProcAddress.KERNEL32 ref: 00007FF764B2C341

Strings

schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc., xrefs: 00007FF764B2C312
schannel: unable to allocate memory, xrefs: 00007FF764B2CE37
http/1.1, xrefs: 00007FF764B2CD57
schannel: initial InitializeSecurityContext failed: %s, xrefs: 00007FF764B2CEFC, 00007FF764B2CF43
schannel: this version of Windows is too old to support certificate verification via CA bundle file., xrefs: 00007FF764B2C3D2
schannel: SNI or certificate check failed: %s, xrefs: 00007FF764B2CF1D
schannel: failed to send initial handshake data: sent %zd of %lu bytes, xrefs: 00007FF764B2CFD9
ntdll, xrefs: 00007FF764B2C32A
schannel: ALPN, offering %s, xrefs: 00007FF764B2CD65
http/1.1, xrefs: 00007FF764B2CD43
schannel: using IP address, SNI is not supported by OS., xrefs: 00007FF764B2CD23
wine_get_version, xrefs: 00007FF764B2C33A
Unrecognized parameter passed via CURLOPT_SSLVERSION, xrefs: 00007FF764B2CCDF

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Unrecognized parameter passed via CURLOPT_SSLVERSION$http/1.1$http/1.1$ntdll$schannel: ALPN, offering %s$schannel: SNI or certificate check failed: %s$schannel: Windows version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc.$schannel: failed to send initial handshake data: sent %zd of %lu bytes$schannel: initial InitializeSecurityContext failed: %s$schannel: this version of Windows is too old to support certificate verification via CA bundle file.$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.$wine_get_version
API String ID: 1646373207-2477831187
Opcode ID: c06703f68173da65170629ead77f9e14d706f64d11cde7d2dbfe59378bf7e61b
Instruction ID: 7b11d56f90252cdf3beba921a977d4e6d5fb17f571f96b378ef7a7aa8e89f52d
Opcode Fuzzy Hash: c06703f68173da65170629ead77f9e14d706f64d11cde7d2dbfe59378bf7e61b
Instruction Fuzzy Hash: 6102AE32A08B81C6EB60AF2AD8802FEB7B5FB48B88F804135DA5D57795DF38E545C710

Function 00007FF764B06C20 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 280COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF764B06CD6
OpenProcessToken.ADVAPI32 ref: 00007FF764B06CEB
GetTokenInformation.ADVAPI32 ref: 00007FF764B06D2E
GetLastError.KERNEL32 ref: 00007FF764B06D34
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B06D9D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B06DD6
UnloadUserProfile.USERENV ref: 00007FF764B06EBC
CloseHandle.KERNEL32 ref: 00007FF764B06ED5
GetTokenInformation.ADVAPI32 ref: 00007FF764B06F45
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B06F66
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B06F96
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B06FF8
memcpy.VCRUNTIME140 ref: 00007FF764B0701B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B07057

Strings

none, xrefs: 00007FF764B06DF9

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: free$Token$InformationProcess$CloseCurrentErrorHandleLastOpenProfileUnloadUsercallocmallocmemcpy
String ID: none
API String ID: 4155466088-2140143823
Opcode ID: f2c66e23884c95f84db04c59d9552eb0c275da00611101d2263d70b054957d24
Instruction ID: dd306bbbeffd8d50ced67d9bc1891ffe675eebeab1675b246adc2857e5c5626e
Opcode Fuzzy Hash: f2c66e23884c95f84db04c59d9552eb0c275da00611101d2263d70b054957d24
Instruction Fuzzy Hash: EEC19432A05BC1C9EB60AF22D8847E8B3A0FB48B65F849735DA6D47B95DF38D594C310

Function 00007FF764B2D7D0 Relevance: 26.5, APIs: 4, Strings: 11, Instructions: 241encryptionCOMMON

Download Yara Rule

APIs

CertEnumCertificatesInStore.CRYPT32 ref: 00007FF764B2DAB7
CertEnumCertificatesInStore.CRYPT32 ref: 00007FF764B2DB27
CertFreeCertificateContext.CRYPT32 ref: 00007FF764B2DB65
CertFreeCertificateContext.CRYPT32 ref: 00007FF764B2DB78

Strings

schannel: failed to setup sequence detection, xrefs: 00007FF764B2D82A
schannel: failed to retrieve remote cert context, xrefs: 00007FF764B2DB97
schannel: ALPN, server accepted to use %.*s, xrefs: 00007FF764B2D918
schannel: failed to setup memory allocation, xrefs: 00007FF764B2D881
schannel: failed to retrieve ALPN result, xrefs: 00007FF764B2D8EB
schannel: failed to store credential handle, xrefs: 00007FF764B2DA1C
ALPN, server did not agree to a protocol, xrefs: 00007FF764B2D945
http/1.1, xrefs: 00007FF764B2D92B
schannel: failed to setup replay detection, xrefs: 00007FF764B2D846
schannel: failed to setup confidentiality, xrefs: 00007FF764B2D862
schannel: failed to setup stream orientation, xrefs: 00007FF764B2D8A0

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Cert$CertificateCertificatesContextEnumFreeStore
String ID: ALPN, server did not agree to a protocol$http/1.1$schannel: ALPN, server accepted to use %.*s$schannel: failed to retrieve ALPN result$schannel: failed to retrieve remote cert context$schannel: failed to setup confidentiality$schannel: failed to setup memory allocation$schannel: failed to setup replay detection$schannel: failed to setup sequence detection$schannel: failed to setup stream orientation$schannel: failed to store credential handle
API String ID: 2572311694-3353508759
Opcode ID: 227002145d5de50b7584ba642b9556270b80e0c3449d107da3e646d310d16b82
Instruction ID: 4a7695bbe67d7c537de2fd8d73557f43f5b18d47281c32fe167edbfcc22ceffc
Opcode Fuzzy Hash: 227002145d5de50b7584ba642b9556270b80e0c3449d107da3e646d310d16b82
Instruction Fuzzy Hash: 3CB1B262A08AC2C2EB61AF16E8943BAA3A5FF8DB84F845131DE4D47795DF3CD505C720

Function 00007FF764B40660 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 214stringCOMMON

Download Yara Rule

APIs

strstr.VCRUNTIME140 ref: 00007FF764B4069F
strchr.VCRUNTIME140 ref: 00007FF764B406CB
strrchr.VCRUNTIME140 ref: 00007FF764B406E5
strchr.VCRUNTIME140 ref: 00007FF764B406FA
strrchr.VCRUNTIME140 ref: 00007FF764B4075A

Strings

/, xrefs: 00007FF764B406B5
/, xrefs: 00007FF764B4072E
?, xrefs: 00007FF764B406D8
/, xrefs: 00007FF764B40773
., xrefs: 00007FF764B4073A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchrstrrchr$strstr
String ID: .$/$/$/$?
API String ID: 2684281851-1821401756
Opcode ID: 711cf8916b392160258a3a682976bf50248378d0a755a268c46fe70ba77d6e0c
Instruction ID: b85f0565a5aa7c3b8df4301b50eb379bc18ab19754c8b3edee65d10b65ac109e
Opcode Fuzzy Hash: 711cf8916b392160258a3a682976bf50248378d0a755a268c46fe70ba77d6e0c
Instruction Fuzzy Hash: 2E81A312E0D282C5FB65AF23D594379EB91AF6E794F884031CD8D177CADE3CA8498721

Function 00007FF764AECB8C Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 72registrythreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32 ref: 00007FF764AECBB4
GetStockObject.GDI32 ref: 00007FF764AECBCD
LoadCursorA.USER32 ref: 00007FF764AECBE2
RegisterClassA.USER32 ref: 00007FF764AECC24
GetSystemMetrics.USER32 ref: 00007FF764AECC49
GetSystemMetrics.USER32 ref: 00007FF764AECC55
CreateWindowExA.USER32 ref: 00007FF764AECCB5
ShowWindow.USER32 ref: 00007FF764AECCCE
DwmExtendFrameIntoClientArea.DWMAPI ref: 00007FF764AECCE2
SetWindowLongA.USER32 ref: 00007FF764AECCFA
UpdateWindow.USER32 ref: 00007FF764AECD07

Part of subcall function 00007FF764AD1C54: char_traits.LIBCPMTD ref: 00007FF764AD1C75
Part of subcall function 00007FF764AD1C54: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF764AD1C9F
Part of subcall function 00007FF764AD1C54: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF764AD1CCA
Part of subcall function 00007FF764AD1C54: ?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF764AD1CF7
Part of subcall function 00007FF764AD1C54: ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF764AD1FD5

Strings

FireFox 29.1.5, xrefs: 00007FF764AECCAC
FireFox, xrefs: 00007FF764AECC31
FireFox 29.1.5, xrefs: 00007FF764AECC08

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Window$?width@ios_base@std@@$CreateMetricsSystem$?setstate@?$basic_ios@AreaClassClientCursorD@std@@@std@@ExtendFrameIntoLoadLongObjectRegisterShowStockThreadU?$char_traits@Updatechar_traits
String ID: FireFox$FireFox 29.1.5$FireFox 29.1.5
API String ID: 582981890-2070709176
Opcode ID: 8396e5c8b30e5b6cf9a07f921f91cfdef4b44bfde51573781d158aa79087cc4b
Instruction ID: c91f4384039999206f05be4744c332c1263bef6ad28b851bd412dad3f2cb34e1
Opcode Fuzzy Hash: 8396e5c8b30e5b6cf9a07f921f91cfdef4b44bfde51573781d158aa79087cc4b
Instruction Fuzzy Hash: 6B412771A08B42C6E754AF26F89432AF7B1FB88744F905139DA8D82B64DF3DD848CB10

Function 00007FF764B27050 Relevance: 24.1, APIs: 16, Instructions: 127COMMON

Download Yara Rule

APIs

#23.WS2_32 ref: 00007FF764B27091
#8.WS2_32 ref: 00007FF764B270BE
#21.WS2_32 ref: 00007FF764B270F5
#2.WS2_32 ref: 00007FF764B27110
#6.WS2_32 ref: 00007FF764B2712C
#13.WS2_32 ref: 00007FF764B27141
#23.WS2_32 ref: 00007FF764B27158
#4.WS2_32 ref: 00007FF764B27177
#1.WS2_32 ref: 00007FF764B2718E
#19.WS2_32 ref: 00007FF764B271DC
#16.WS2_32 ref: 00007FF764B271FA
memcmp.VCRUNTIME140 ref: 00007FF764B27215
#3.WS2_32 ref: 00007FF764B27221

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 53930dd38eed8b24643555d65462e507dff28f4159321aa2c14a5d918c8f9b22
Instruction ID: ce86c911248328900d4d304055a385d8130a953f1918ee66ca7c9d723877d63c
Opcode Fuzzy Hash: 53930dd38eed8b24643555d65462e507dff28f4159321aa2c14a5d918c8f9b22
Instruction Fuzzy Hash: C0516131618A82C1DB54BF26E584179F361FB89BB4F905730EA7E42AE4DF7CD8498710

Function 00007FF764B2D040 Relevance: 23.2, APIs: 4, Strings: 9, Instructions: 415encryptionCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764B2D349
memmove.VCRUNTIME140 ref: 00007FF764B2D48A
memset.VCRUNTIME140 ref: 00007FF764B2D657
CertFreeCertificateContext.CRYPT32 ref: 00007FF764B2D6BA

Strings

schannel: failed to receive handshake, SSL/TLS connection failed, xrefs: 00007FF764B2D4B6
schannel: unable to allocate memory, xrefs: 00007FF764B2D7AF
schannel: failed to send next handshake data: sent %zd of %lu bytes, xrefs: 00007FF764B2D564
SSL: failed retrieving public key from server certificate, xrefs: 00007FF764B2D6DA
schannel: unable to re-allocate memory, xrefs: 00007FF764B2D1D2
schannel: Failed to read remote certificate context: %s, xrefs: 00007FF764B2D6FA
schannel: SNI or certificate check failed: %s, xrefs: 00007FF764B2D51B
schannel: next InitializeSecurityContext failed: %s, xrefs: 00007FF764B2D54E, 00007FF764B2D762
SSL: public key does not match pinned public key!, xrefs: 00007FF764B2D69C, 00007FF764B2D6C4

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: CertCertificateContextFreememcpymemmovememset
String ID: SSL: failed retrieving public key from server certificate$SSL: public key does not match pinned public key!$schannel: Failed to read remote certificate context: %s$schannel: SNI or certificate check failed: %s$schannel: failed to receive handshake, SSL/TLS connection failed$schannel: failed to send next handshake data: sent %zd of %lu bytes$schannel: next InitializeSecurityContext failed: %s$schannel: unable to allocate memory$schannel: unable to re-allocate memory
API String ID: 1319252513-3059304359
Opcode ID: cbe41573ef217e778193b3ceb04f200de5d2826fac2ef849cbe41e2b82a8c5fc
Instruction ID: ce2599c03888bbbec48c16d59c8be68afec95318f2b73e8ceb6c0b3e52831f63
Opcode Fuzzy Hash: cbe41573ef217e778193b3ceb04f200de5d2826fac2ef849cbe41e2b82a8c5fc
Instruction Fuzzy Hash: C9126D32A08B81C5EB64AF2AE8943BAB7A4FF48B85F900136CA5D57794DF3CE545C710

Function 00007FF764AFF260 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 345COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764AFF2B7
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFF3DD
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AFF40B
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AFF418
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFF451
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFF4A3
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFF627
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AFF654
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AFF661
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFF69B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFF6EE
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFF7D7

Part of subcall function 00007FF764AF9B20: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF9C77

Part of subcall function 00007FF764AF7490: memmove.VCRUNTIME140 ref: 00007FF764AF756B

Part of subcall function 00007FF764AFA470: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF764AF9D32), ref: 00007FF764AFA54F

Strings

value, xrefs: 00007FF764AFF336, 00007FF764AFF584

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$memmove$memset
String ID: value
API String ID: 2016291828-494360628
Opcode ID: 436b0ebb3edac9fa2580d9db281c5e65b97a3d9f6e4988266d04a620c8086394
Instruction ID: 53cdc17249b97bd1a0e7baffd7cc564cfdd134378d191185eb7941f56759619f
Opcode Fuzzy Hash: 436b0ebb3edac9fa2580d9db281c5e65b97a3d9f6e4988266d04a620c8086394
Instruction Fuzzy Hash: 1EF1D922E18B81D5FB50DF66D4803ADE7A1EB893A4F545337EA9C02AE9DF6CD580C710

Function 00007FF764B44E90 Relevance: 23.1, APIs: 2, Strings: 11, Instructions: 312COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764B44F79
#9.WS2_32 ref: 00007FF764B452A7

Strings

bad error code, xrefs: 00007FF764B44FD8
TTL: %u seconds, xrefs: 00007FF764B45055
DOH: %s type %s for %s, xrefs: 00007FF764B44FF4
DOH A: %u.%u.%u.%u, xrefs: 00007FF764B4508E
DOH Host name: %s, xrefs: 00007FF764B45041
Could not DOH-resolve: %s, xrefs: 00007FF764B44EE6
CNAME: %s, xrefs: 00007FF764B451A3
DOH AAAA: , xrefs: 00007FF764B450C2
AAAA, xrefs: 00007FF764B44FE6
%s, xrefs: 00007FF764B45163
%s%02x%02x, xrefs: 00007FF764B4510E

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memset
String ID: %s$%s%02x%02x$AAAA$CNAME: %s$Could not DOH-resolve: %s$DOH A: %u.%u.%u.%u$DOH AAAA: $DOH Host name: %s$DOH: %s type %s for %s$TTL: %u seconds$bad error code
API String ID: 2221118986-4053692942
Opcode ID: dc3c2626682507d20072cf678d22903ec53f0c997a039dd028459ba994a97bd5
Instruction ID: 8ccbc7ebc86d21cf112a128eade36e91762a72a303b727bcdd58c79462a99072
Opcode Fuzzy Hash: dc3c2626682507d20072cf678d22903ec53f0c997a039dd028459ba994a97bd5
Instruction Fuzzy Hash: F1E19032A08A86C6EB60AF22D4803BDB765FB4DB84F844135DA4E17798DF3CE559C760

Function 00007FF764AFA5F0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 273COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764AFA6BE
allocator.LIBCONCRTD ref: 00007FF764AFA6FD
memcpy.VCRUNTIME140 ref: 00007FF764AFA71B
memcmp.VCRUNTIME140 ref: 00007FF764AFA741
memmove.VCRUNTIME140 ref: 00007FF764AFA7B9
memcpy.VCRUNTIME140 ref: 00007FF764AFA81E
allocator.LIBCONCRTD ref: 00007FF764AFA85C
memcpy.VCRUNTIME140 ref: 00007FF764AFA879
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFA8C4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFA8FC
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFA957

Strings

signature, xrefs: 00007FF764AFA73A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$_invalid_parameter_noinfo_noreturn$allocator$memcmpmemmove
String ID: signature
API String ID: 1157166377-2928148801
Opcode ID: f37c1366535dcc0a8c68a2bc4e38e701bbdbb37d88460d9930db00850420e463
Instruction ID: e9398ef8a2f7be4da97643a67b64cb5f1c47ded621c0a23c70ee1917af6e8fc4
Opcode Fuzzy Hash: f37c1366535dcc0a8c68a2bc4e38e701bbdbb37d88460d9930db00850420e463
Instruction Fuzzy Hash: 5FA1C862F08A41D9FB54AFB6D5803ECA3A3AB147E8F944632DD2C27BC9DE78D4458350

Function 00007FF764B2F4A0 Relevance: 22.8, APIs: 1, Strings: 14, Instructions: 321COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140 ref: 00007FF764B2F4F8

Strings

FETCH, xrefs: 00007FF764B2F66C, 00007FF764B2F782
LSUB, xrefs: 00007FF764B2F80F
PREA, xrefs: 00007FF764B2F534
LIST, xrefs: 00007FF764B2F6DC
EXPUNGE, xrefs: 00007FF764B2F7F7
, xrefs: 00007FF764B2F501
SEARCH, xrefs: 00007FF764B2F60C, 00007FF764B2F7DF
Unexpected continuation response, xrefs: 00007FF764B2F93E
EXAMINE, xrefs: 00007FF764B2F7C7
CAPABILITY, xrefs: 00007FF764B2F8C0
UID, xrefs: 00007FF764B2F827
NOOP, xrefs: 00007FF764B2F83F
STORE, xrefs: 00007FF764B2F72A
SELECT, xrefs: 00007FF764B2F7AF

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcmp
String ID: $CAPABILITY$EXAMINE$EXPUNGE$FETCH$LIST$LSUB$NOOP$PREA$SEARCH$SELECT$STORE$UID$Unexpected continuation response
API String ID: 1475443563-555813803
Opcode ID: 34bb742e0766241b94490f51bf9bb44a92d4c210add1180ce394b2f02faf42c0
Instruction ID: 8ad67f77a53494b92b87ab2a7d2566bd83a139f27f70bc494fb2f9e9fda31427
Opcode Fuzzy Hash: 34bb742e0766241b94490f51bf9bb44a92d4c210add1180ce394b2f02faf42c0
Instruction Fuzzy Hash: AAD19221F0C2C3D2FB257E27D5843BAE693AF08794FC55031DA1D4A595EE6CE806E321

Function 00007FF764AF2FD3 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 220COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AF9B20: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF9C77

Part of subcall function 00007FF764AF7490: memmove.VCRUNTIME140 ref: 00007FF764AF756B

Part of subcall function 00007FF764AFA470: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF764AF9D32), ref: 00007FF764AFA54F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3089
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF30B7
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF30C4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF30FD
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF315B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF321C
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF324A
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF3257
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3290
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF32E2
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3326

Strings

value, xrefs: 00007FF764AF2FEC, 00007FF764AF317C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$memmove
String ID: value
API String ID: 585464943-494360628
Opcode ID: 37299265c5c114d2c0b71ebb7109c512908fd01c8c7224f24f4c80c1aefa551a
Instruction ID: a3633aa0f41c88e30ecfdd3756a88a8aff8bd7ed85e0569c8e2e57d853b2dd61
Opcode Fuzzy Hash: 37299265c5c114d2c0b71ebb7109c512908fd01c8c7224f24f4c80c1aefa551a
Instruction Fuzzy Hash: 58A1D862E18781C5FB05EF69E4843ADE361EF853A4F945332EAAD06AD9DF6CD480C710

Function 00007FF764AF41BF Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 219COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AF9B20: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF9C77

Part of subcall function 00007FF764AF7490: memmove.VCRUNTIME140 ref: 00007FF764AF756B

Part of subcall function 00007FF764AFA470: memmove.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF764AF9D32), ref: 00007FF764AFA54F

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF4272
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF429E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF42AB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF42E5
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF4344
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF4402
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF442E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF443B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF4475
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF44C8
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF450C

Strings

value, xrefs: 00007FF764AF41D8, 00007FF764AF4365

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy$memmove
String ID: value
API String ID: 585464943-494360628
Opcode ID: 15a12f7a5045bedfaa0e72400bbdb492f204ad1ac1f0c804dd2ac9ef28cc6364
Instruction ID: d14237a84d54366f5707e974403eb981564d25946923f294e8b45c1fe50def59
Opcode Fuzzy Hash: 15a12f7a5045bedfaa0e72400bbdb492f204ad1ac1f0c804dd2ac9ef28cc6364
Instruction Fuzzy Hash: 60A1D962E18B81C5FB05EF6AD5843ADE761EB953A8F940332DA6C16AD9DF6CD480C310

Function 00007FF764AD4120 Relevance: 21.2, APIs: 14, Instructions: 200COMMON

Download Yara Rule

APIs

?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF764AD415E
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF764AD4189
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF764AD41C4
?flags@ios_base@std@@QEBAHXZ.MSVCP140 ref: 00007FF764AD4231
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF764AD4280
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF764AD42AB
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF764AD42BE
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF764AD4326
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z.MSVCP140 ref: 00007FF764AD4346
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF764AD43AB
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ.MSVCP140 ref: 00007FF764AD43D6
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z.MSVCP140 ref: 00007FF764AD43E9
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF764AD4453
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF764AD448A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$?width@ios_base@std@@$?rdbuf@?$basic_ios@D@std@@@2@V?$basic_streambuf@$?fill@?$basic_ios@?sputc@?$basic_streambuf@$?flags@ios_base@std@@?setstate@?$basic_ios@?sputn@?$basic_streambuf@
String ID:
API String ID: 4125389999-0
Opcode ID: 57b344c9e6b9fdc9e636a83e168857f9f8227511761659576570b5e4a9d251fb
Instruction ID: 49900933ab38cccd5dc33742cb23972a2069cccd65ad9b2577c18766ae311cc3
Opcode Fuzzy Hash: 57b344c9e6b9fdc9e636a83e168857f9f8227511761659576570b5e4a9d251fb
Instruction Fuzzy Hash: 82A1D936609B85C6DB60DF56E49076AF7A1FBC8B85F504036EA8E87B68DF3CD4408B10

Function 00007FF764B1A680 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 161COMMON

Download Yara Rule

APIs

#5.WS2_32 ref: 00007FF764B1A6EC
#111.WS2_32 ref: 00007FF764B1A6F6

Part of subcall function 00007FF764B02F00: GetLastError.KERNEL32 ref: 00007FF764B02F22
Part of subcall function 00007FF764B02F00: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02F2A

#6.WS2_32 ref: 00007FF764B1A776
#111.WS2_32 ref: 00007FF764B1A780

Strings

getsockname() failed with errno %d: %s, xrefs: 00007FF764B1A7A0
ssrem inet_ntop() failed with errno %d: %s, xrefs: 00007FF764B1A806
getpeername() failed with errno %d: %s, xrefs: 00007FF764B1A716
ssloc inet_ntop() failed with errno %d: %s, xrefs: 00007FF764B1A89C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111$ErrorLast_errno
String ID: getpeername() failed with errno %d: %s$getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
API String ID: 2219348275-670633250
Opcode ID: 38156bed35517d2514e3eae1392a1793934e315ae225b468960922aa8e880563
Instruction ID: 7229f706bece305d29e90a62e8edbbe3e9be752a83c41b2e9ccd1e80bfd0d8b7
Opcode Fuzzy Hash: 38156bed35517d2514e3eae1392a1793934e315ae225b468960922aa8e880563
Instruction Fuzzy Hash: 60918026A19AC5C2E711DF26D4802E9B3A0FB9CB88F449236DE4C47655DF39E586CB10

Function 00007FF764AE9480 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 156COMMON

Download Yara Rule

Strings

, xrefs: 00007FF764AE958E
, xrefs: 00007FF764AE9596

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: 4f8ea448ce038bc46a67204a516aaef2ec8a42fa728d209e9ceb535a83168d3c
Instruction ID: c4d32637f9de0820c14c1e5e24123cb7626db64e8701e038403cb643fca88913
Opcode Fuzzy Hash: 4f8ea448ce038bc46a67204a516aaef2ec8a42fa728d209e9ceb535a83168d3c
Instruction Fuzzy Hash: D581EC3651CB81C5DA60EF26E48076AE7A4FBC9B94F600135EA9E47B6ACF3CD444CB14

Function 00007FF764B02F00 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88stringCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF764B02F22
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02F2A
__sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02F49
strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02F55
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B02F64
strrchr.VCRUNTIME140 ref: 00007FF764B02FB5
strrchr.VCRUNTIME140 ref: 00007FF764B02FD6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02FEF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02FFA
GetLastError.KERNEL32 ref: 00007FF764B03003
SetLastError.KERNEL32 ref: 00007FF764B0300F

Strings

Unknown error %d (%#x), xrefs: 00007FF764B02F97

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$strrchr$__sys_nerrstrerrorstrncpy
String ID: Unknown error %d (%#x)
API String ID: 4262108436-2414550090
Opcode ID: 5ff057b94ba24f8afa1ca2544d30b3c9e9e8f4448d9441ab7d814ead78edfd0e
Instruction ID: 7b778ec88652f49002ba864666335e276802dfbd1a1a811290ff12e198a0c49b
Opcode Fuzzy Hash: 5ff057b94ba24f8afa1ca2544d30b3c9e9e8f4448d9441ab7d814ead78edfd0e
Instruction Fuzzy Hash: 75315E21A19642C5FA19BF23E898679F661AF8CFC1F885435DE4E17B95DF3CE8058320

Function 00007FF764B3C140 Relevance: 19.7, APIs: 4, Strings: 9, Instructions: 151stringCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764B3C1AB
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B3C28F
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B3C2D5

Strings

%hu%*[xX]%hu, xrefs: 00007FF764B3C359
BINARY, xrefs: 00007FF764B3C37E
NEW_ENV, xrefs: 00007FF764B3C2F1
TTYPE, xrefs: 00007FF764B3C265
%127[^= ]%*[ =]%255s, xrefs: 00007FF764B3C250
Syntax error in telnet option: %s, xrefs: 00007FF764B3C3E6
XDISPLOC, xrefs: 00007FF764B3C2AB
USER,%s, xrefs: 00007FF764B3C1D0
Unknown telnet option %s, xrefs: 00007FF764B3C3CD

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strncpy$memset
String ID: %127[^= ]%*[ =]%255s$%hu%*[xX]%hu$BINARY$NEW_ENV$Syntax error in telnet option: %s$TTYPE$USER,%s$Unknown telnet option %s$XDISPLOC
API String ID: 2148828965-748038847
Opcode ID: 534e209b1c008e3ccecc6692475e333b41431185a29c5840307491e2b5a51cb1
Instruction ID: f2a7cd9e2a44771a38642cd50dbea5c21c9bf70d36a16db8b528b01449b0e44e
Opcode Fuzzy Hash: 534e209b1c008e3ccecc6692475e333b41431185a29c5840307491e2b5a51cb1
Instruction Fuzzy Hash: EB715C32A08AC6D4FB22AF26D4817E9A370FF88784FC45032DA8D47659EF38D545C760

Function 00007FF764B32D50 Relevance: 19.5, APIs: 2, Strings: 9, Instructions: 297stringCOMMON

Download Yara Rule

APIs

strpbrk.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B32DE2

Strings

Mime-Version: 1.0, xrefs: 00007FF764B33044
Mime-Version, xrefs: 00007FF764B33029
<%s@%s>, xrefs: 00007FF764B32E46, 00007FF764B32F8A
%I64d, xrefs: 00007FF764B3309E
SIZE=, xrefs: 00007FF764B33151
AUTH=, xrefs: 00007FF764B33145
<%s>, xrefs: 00007FF764B32E69, 00007FF764B32FAD
MAIL FROM:%s%s%s%s%s%s, xrefs: 00007FF764B3317C
SMTPUTF8, xrefs: 00007FF764B3313A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strpbrk
String ID: AUTH=$ SIZE=$ SMTPUTF8$%I64d$<%s>$<%s@%s>$MAIL FROM:%s%s%s%s%s%s$Mime-Version$Mime-Version: 1.0
API String ID: 3024680390-2994854565
Opcode ID: 60284e9421b55195664d5a3fe3c11726f7a1861f6039aecdb78ed09f293c2707
Instruction ID: 196bb672fb9e9fdcfb3b5093c36553fa05a51541d5cfdaded2dc308bc111a634
Opcode Fuzzy Hash: 60284e9421b55195664d5a3fe3c11726f7a1861f6039aecdb78ed09f293c2707
Instruction Fuzzy Hash: 2AD16E21E09B92C0FA16FF27E8846B9A3A0AF49B84F845535DD4D17B95DF3CA846C360

Function 00007FF764B3F240 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 222COMMON

Download Yara Rule

APIs

#20.WS2_32 ref: 00007FF764B3F3B3
#20.WS2_32 ref: 00007FF764B3F46C
#111.WS2_32 ref: 00007FF764B3F47A

Strings

tftp_tx: giving up waiting for block %d ack, xrefs: 00007FF764B3F424
tftp_tx: internal error, event: %i, xrefs: 00007FF764B3F298
Received ACK for block %d, expecting %d, xrefs: 00007FF764B3F405
Timeout waiting for block %d ACK. Retries = %d, xrefs: 00007FF764B3F2AD

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111
String ID: Received ACK for block %d, expecting %d$Timeout waiting for block %d ACK. Retries = %d$tftp_tx: giving up waiting for block %d ack$tftp_tx: internal error, event: %i
API String ID: 568940515-4197595102
Opcode ID: 684b9eadd2fe4dca1f5967cfabce1054f1223b46e99f0f27d557220303c54703
Instruction ID: b77e682af23b3f2b4235b7ebe9bd2f28e345a4b0914466a971b21405b1540a9a
Opcode Fuzzy Hash: 684b9eadd2fe4dca1f5967cfabce1054f1223b46e99f0f27d557220303c54703
Instruction Fuzzy Hash: D2B15F72608682C6EB66DF2AD4806ADB7A1FB8CF88F844136DE4D4B758DF38D445C760

Function 00007FF764B17670 Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 219COMMON

Download Yara Rule

Strings

http, xrefs: 00007FF764B1778E
Unsupported proxy '%s', libcurl is built without the HTTPS-proxy support., xrefs: 00007FF764B177D4
socks5h, xrefs: 00007FF764B17712
socks, xrefs: 00007FF764B1777A
https, xrefs: 00007FF764B176F4
socks5, xrefs: 00007FF764B17730
socks4a, xrefs: 00007FF764B1774B
socks4, xrefs: 00007FF764B17766
Unsupported proxy syntax in '%s', xrefs: 00007FF764B1797A
Unsupported proxy scheme for '%s', xrefs: 00007FF764B177A1

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Unsupported proxy '%s', libcurl is built without the HTTPS-proxy support.$Unsupported proxy scheme for '%s'$Unsupported proxy syntax in '%s'$http$https$socks$socks4$socks4a$socks5$socks5h
API String ID: 0-874090715
Opcode ID: 0eda640e9b1fe974a31f3b9164c719015d0fd1b0fb3c2f992c16c0f9d836d865
Instruction ID: 2c400d2dbb908d2b5487e7d71ca8e6f8ece1730857e4e2ca5af1fba6b77a938f
Opcode Fuzzy Hash: 0eda640e9b1fe974a31f3b9164c719015d0fd1b0fb3c2f992c16c0f9d836d865
Instruction Fuzzy Hash: 7DA18722E08642D5FB12FF23D880AB9A7B6AB5CB94F844531CE0D53795DF78E949C360

Function 00007FF764B3CC70 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 180COMMON

Download Yara Rule

APIs

#19.WS2_32 ref: 00007FF764B3CE6C
#111.WS2_32 ref: 00007FF764B3CE7E
#19.WS2_32 ref: 00007FF764B3CF76
#111.WS2_32 ref: 00007FF764B3CF80

Strings

%c%c%c%c%s%c%c, xrefs: 00007FF764B3CF4F
Sending data failed (%d), xrefs: 00007FF764B3CE84, 00007FF764B3CF86
%c%s%c%s, xrefs: 00007FF764B3CE10
%c%c%c%c, xrefs: 00007FF764B3CD4D
%127[^,],%127s, xrefs: 00007FF764B3CDD8
%c%c, xrefs: 00007FF764B3CE48
#, xrefs: 00007FF764B3CEEE

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111
String ID: #$%127[^,],%127s$%c%c$%c%c%c%c$%c%c%c%c%s%c%c$%c%s%c%s$Sending data failed (%d)
API String ID: 568940515-931584821
Opcode ID: a9732cd84847f28bc05d58df0c2673153714a351089a2caddf9902d67ccfdcf8
Instruction ID: 315ba0d0fef5c0638f89304c3d7c837f67c13e64e02e37cb84f7e8240a79edd1
Opcode Fuzzy Hash: a9732cd84847f28bc05d58df0c2673153714a351089a2caddf9902d67ccfdcf8
Instruction Fuzzy Hash: ED918C22A08AD1D5F721AF56E4857EAB3B0FB887A8F840231EE4D07A95DF3DD245C750

Function 00007FF764B3E620 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 179COMMON

Download Yara Rule

APIs

#20.WS2_32 ref: 00007FF764B3E798
_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF764B3E7B3
#20.WS2_32 ref: 00007FF764B3E81A
#20.WS2_32 ref: 00007FF764B3E8D1
_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF764B3E909

Strings

Received unexpected DATA packet block %d, expecting block %d, xrefs: 00007FF764B3E911
Received last DATA packet block %d again., xrefs: 00007FF764B3E865
tftp_rx: internal error, xrefs: 00007FF764B3E66E
Timeout waiting for block %d ACK. Retries = %d, xrefs: 00007FF764B3E692

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _time64
String ID: Received last DATA packet block %d again.$Received unexpected DATA packet block %d, expecting block %d$Timeout waiting for block %d ACK. Retries = %d$tftp_rx: internal error
API String ID: 1670930206-1785996722
Opcode ID: dc5e5183c789f3fe7861c987bd87cbe3471266d0dad6018217354c98346b3dd3
Instruction ID: c5810e96e8d1b6af2db053f0fd758749363d5b68a1356af991479504a030a05d
Opcode Fuzzy Hash: dc5e5183c789f3fe7861c987bd87cbe3471266d0dad6018217354c98346b3dd3
Instruction Fuzzy Hash: 67914B32618681C5D7569F2AD4903ADBBB1FB9CF88F848132DA4D4B768DF39D906C720

Function 00007FF764B0D850 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 154COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D8B3
fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D92D
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF764B0D9A0
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D9FF
_unlink.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF764B0DA1A
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0DA30

Strings

%s.%s.tmp, xrefs: 00007FF764B0D8EA
# Netscape HTTP Cookie File# https://curl.haxx.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk., xrefs: 00007FF764B0D926
## Fatal libcurl error, xrefs: 00007FF764B0DA67
%s, xrefs: 00007FF764B0D9CB

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: fclose$__acrt_iob_func_unlinkfputsqsort
String ID: ## Fatal libcurl error$# Netscape HTTP Cookie File# https://curl.haxx.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk.$%s$%s.%s.tmp
API String ID: 101901870-4087121635
Opcode ID: 518ff8f8ba25049ea709d35525d753fb30cb7a71856cf244e1c8c902c750309f
Instruction ID: 0ccc32c0c5a2af7dec2e440f493d7689b1e792376b585b39558e5f141ff89b5a
Opcode Fuzzy Hash: 518ff8f8ba25049ea709d35525d753fb30cb7a71856cf244e1c8c902c750309f
Instruction Fuzzy Hash: 31517011A0D642C1EE65BF23E99867AE2A4AF9DFC6FC44435DD4E463D0EE3CE8458220

Function 00007FF764AB095C Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 110stringCOMMON

Download Yara Rule

APIs

strstr.VCRUNTIME140 ref: 00007FF764AB0A7B
_cwprintf_s_l.LIBCMT ref: 00007FF764AB0A98
_cwprintf_s_l.LIBCMT ref: 00007FF764AB0AB5
_cwprintf_s_l.LIBCMT ref: 00007FF764AB0AD2
_cwprintf_s_l.LIBCMT ref: 00007FF764AB0AE7
_cwprintf_s_l.LIBCMT ref: 00007FF764AB0AF6

Strings

###, xrefs: 00007FF764AB0A71
Collapsed=%d, xrefs: 00007FF764AB0ADD
Size=%d,%d, xrefs: 00007FF764AB0AC1
[%s][%s], xrefs: 00007FF764AB0A84
Pos=%d,%d, xrefs: 00007FF764AB0AA4

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _cwprintf_s_l$strstr
String ID: ###$Collapsed=%d$Pos=%d,%d$Size=%d,%d$[%s][%s]
API String ID: 2968156105-2972057365
Opcode ID: ad2d4a20dd530db6bbad05d75819e7cf02286a8790e5bfa95aee74bd2818025b
Instruction ID: 43c7d97eea83aea358a7fa9a19096e6d656447d7ec051ebff39933e1efc71af2
Opcode Fuzzy Hash: ad2d4a20dd530db6bbad05d75819e7cf02286a8790e5bfa95aee74bd2818025b
Instruction Fuzzy Hash: F141F332A18646D6DE19EF26E5808BDF361FB4AB84FA48536DF5D47250DF38E841C720

Function 00007FF764B35DD0 Relevance: 18.3, APIs: 1, Strings: 11, Instructions: 284stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140 ref: 00007FF764B35E51

Part of subcall function 00007FF764AB2C0C: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764AB2C49

Strings

Weirdly formatted EPSV reply, xrefs: 00007FF764B35F2F
Can't resolve proxy host %s:%hu, xrefs: 00007FF764B36123
Can't resolve new host %s:%hu, xrefs: 00007FF764B3618E
%u.%u.%u.%u, xrefs: 00007FF764B36083
Bad PASV/EPSV response: %03d, xrefs: 00007FF764B3628E
Skip %u.%u.%u.%u for data connection, re-use %s instead, xrefs: 00007FF764B3604B
%u,%u,%u,%u,%u,%u, xrefs: 00007FF764B35F9B
Connecting to %s (%s) port %d, xrefs: 00007FF764B3621A
Illegal port number in EPSV reply, xrefs: 00007FF764B35ECF
%c%c%c%u%c, xrefs: 00007FF764B35E8B
Couldn't interpret the 227-response, xrefs: 00007FF764B35FBE

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: __stdio_common_vsscanfstrchr
String ID: %c%c%c%u%c$%u,%u,%u,%u,%u,%u$%u.%u.%u.%u$Bad PASV/EPSV response: %03d$Can't resolve new host %s:%hu$Can't resolve proxy host %s:%hu$Connecting to %s (%s) port %d$Couldn't interpret the 227-response$Illegal port number in EPSV reply$Skip %u.%u.%u.%u for data connection, re-use %s instead$Weirdly formatted EPSV reply
API String ID: 926783119-2414412286
Opcode ID: f06a06bc8f44d8d03020ee7ae3acf763edd7b19db9620503609ffbf132d549e7
Instruction ID: 40dbc2b27baaefab37255e5183a57f0aa0e5c9ea78f7280734244086217683fe
Opcode Fuzzy Hash: f06a06bc8f44d8d03020ee7ae3acf763edd7b19db9620503609ffbf132d549e7
Instruction Fuzzy Hash: BCD19622A08682D2EA29EF27E5C06B9F7A1FB49784F841032EB4D07B55DF3CE564C710

Function 00007FF764B285D0 Relevance: 16.7, APIs: 11, Instructions: 241sleepCOMMON

Download Yara Rule

APIs

#112.WS2_32 ref: 00007FF764B2862D
Sleep.KERNEL32 ref: 00007FF764B2863E
#112.WS2_32 ref: 00007FF764B287A8
Sleep.KERNEL32 ref: 00007FF764B287B9
#151.WS2_32 ref: 00007FF764B2886C
#151.WS2_32 ref: 00007FF764B28883
#151.WS2_32 ref: 00007FF764B2889E
#151.WS2_32 ref: 00007FF764B288B2
#151.WS2_32 ref: 00007FF764B288CD
#151.WS2_32 ref: 00007FF764B288E1

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #151$#112Sleep
String ID:
API String ID: 618961276-0
Opcode ID: 43b6910e8fc30c3cc6edc997e62f0c61595f8cb7957ccb71c8c34de6898b3771
Instruction ID: 26ea44d882ab3c4b7874181803d8de54e652515119aed58ed7ce43e5170ff712
Opcode Fuzzy Hash: 43b6910e8fc30c3cc6edc997e62f0c61595f8cb7957ccb71c8c34de6898b3771
Instruction Fuzzy Hash: B591CA21A0C6C2C7E7696E2BD9C01BBE291FB9C794F944735E91E8ABC4DE3CDD418610

Function 00007FF764AEB8C0 Relevance: 16.7, APIs: 11, Instructions: 200COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 00007FF764AEB961
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AEB97B
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AEB9AB
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AEB9F4
fpos.LIBCPMTD ref: 00007FF764AEBAEC
fpos.LIBCPMTD ref: 00007FF764AEBB27
fpos.LIBCPMTD ref: 00007FF764AEBB9A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: fpos$D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@?gptr@?$basic_streambuf@?pptr@?$basic_streambuf@
String ID:
API String ID: 1127984721-0
Opcode ID: 963ca87338eb91d643bda82c3d9ae3622897123adc28b925d19f3df3c6e80ba6
Instruction ID: 69c646f430cf002000f0f03d90cf56ff40142546bb825e491e87311d81ea6252
Opcode Fuzzy Hash: 963ca87338eb91d643bda82c3d9ae3622897123adc28b925d19f3df3c6e80ba6
Instruction Fuzzy Hash: 56A11C2260CB85C6DA70EF16E49476AE7A0F784794FA44231EAED87B98CF3CD444DB14

Function 00007FF764AD18FC Relevance: 16.7, APIs: 11, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AD9BA0: ?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z.MSVCP140 ref: 00007FF764AD9BD9

?getloc@ios_base@std@@QEBA?AVlocale@2@XZ.MSVCP140 ref: 00007FF764AD197A

Part of subcall function 00007FF764AD65D8: ??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF764AD65E8
Part of subcall function 00007FF764AD65D8: ??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF764AD6602
Part of subcall function 00007FF764AD65D8: std::locale::_Getfacet.LIBCPMTD ref: 00007FF764AD6617
Part of subcall function 00007FF764AD65D8: ??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF764AD66CD

?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF764AD19DB
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF764AD1A15
?width@ios_base@std@@QEBA_JXZ.MSVCP140 ref: 00007FF764AD1A45
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF764AD1A84
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF764AD1A8D

Part of subcall function 00007FF764AE8D1C: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AE8D2A
Part of subcall function 00007FF764AE8D1C: _Max_value.LIBCPMTD ref: 00007FF764AE8D4F
Part of subcall function 00007FF764AE8D1C: _Min_value.LIBCPMTD ref: 00007FF764AE8D7D

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ.MSVCP140 ref: 00007FF764AD1ACE
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ.MSVCP140 ref: 00007FF764AD1AD7
?width@ios_base@std@@QEAA_J_J@Z.MSVCP140 ref: 00007FF764AD1B90
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z.MSVCP140 ref: 00007FF764AD1BD8

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: U?$char_traits@$D@std@@@std@@$?width@ios_base@std@@$?rdbuf@?$basic_ios@D@std@@@2@Lockit@std@@V?$basic_streambuf@$??0_??1_?getloc@ios_base@std@@?setstate@?$basic_ios@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Bid@locale@std@@Concurrency::details::EmptyGetfacetIpfx@?$basic_istream@Max_valueMin_valueQueue::StructuredVlocale@2@Workstd::locale::_
String ID:
API String ID: 3924174504-0
Opcode ID: 1952bdc3d8a9d9ac0b9cf91cbf4659088f67f2a5f5e7f17a4416efd009388186
Instruction ID: 2706d7cbd23a424427bbf58531a3358e1f33b49c819f96e6c48e997cf280401c
Opcode Fuzzy Hash: 1952bdc3d8a9d9ac0b9cf91cbf4659088f67f2a5f5e7f17a4416efd009388186
Instruction Fuzzy Hash: 1081CC32609A85D5EB60EF16E49077AF7A0FBD8B84F505135EA8E83B69DE3CD404CB14

Function 00007FF764B3E9C3 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 290COMMON

Download Yara Rule

Strings

timeout, xrefs: 00007FF764B3ED85
TFTP buffer too small for options, xrefs: 00007FF764B3EBBF, 00007FF764B3ED08
blksize, xrefs: 00007FF764B3EC98
%I64d, xrefs: 00007FF764B3EB56
TFTP file name too long, xrefs: 00007FF764B3EAAF
%s%c%s%c, xrefs: 00007FF764B3EADA
tsize, xrefs: 00007FF764B3EBD2

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %I64d$%s%c%s%c$TFTP buffer too small for options$TFTP file name too long$blksize$timeout$tsize
API String ID: 0-3837278924
Opcode ID: 1fed3c17beaa39bafa448ee2c63f1a3965556ed5e9cba32cf4f349540f55653f
Instruction ID: d727375df140194011cf438bbaddcd2d89c04e45cafeda2a4b3ed2ad070fe94c
Opcode Fuzzy Hash: 1fed3c17beaa39bafa448ee2c63f1a3965556ed5e9cba32cf4f349540f55653f
Instruction Fuzzy Hash: 32D17062A08A82C5EB12DF16D0843BDB7A1FB49B88FC48532CA4D47B85DF7DD945C320

Function 00007FF764B03040 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 72stringwindowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF764B0305C
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B03064
FormatMessageA.KERNEL32 ref: 00007FF764B0309E
strchr.VCRUNTIME140 ref: 00007FF764B030B3
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B030FC
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B03106
GetLastError.KERNEL32 ref: 00007FF764B0310E
SetLastError.KERNEL32 ref: 00007FF764B0311A

Strings

Unknown error %u (0x%08X), xrefs: 00007FF764B030EA

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchr
String ID: Unknown error %u (0x%08X)
API String ID: 1897771742-1058733786
Opcode ID: 5a9c3bda770b552ecc590811c85aad79330631ef68a93b00a77b9f074c3f8090
Instruction ID: 29c2ed93abff7e4d811b7081b6c2365530e18300f02a8501754156be989d8805
Opcode Fuzzy Hash: 5a9c3bda770b552ecc590811c85aad79330631ef68a93b00a77b9f074c3f8090
Instruction Fuzzy Hash: 26216422A0D741C6EB55AF27E488A2AFAA0AF8CFD1F885434DA4D03B55DF3DD8518721

Function 00007FF764B0284E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF764B027E9
strchr.VCRUNTIME140 ref: 00007FF764B02810
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B02CAF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CBA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CC5
GetLastError.KERNEL32 ref: 00007FF764B02CCE
SetLastError.KERNEL32 ref: 00007FF764B02CDA

Strings

SEC_E_BAD_PKGID, xrefs: 00007FF764B0284E
%s (0x%08X), xrefs: 00007FF764B02795
%s - %s, xrefs: 00007FF764B02C99

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_BAD_PKGID
API String ID: 600764987-1052566392
Opcode ID: 3db9922bb7deeb4bf7b750d8064e04003781dbfd924f1baa605144a4c8cb1ade
Instruction ID: fbaca27fec494cd58ea8d251dccfdb2a6fb5aa1622ae897d7f859ca0265a0335
Opcode Fuzzy Hash: 3db9922bb7deeb4bf7b750d8064e04003781dbfd924f1baa605144a4c8cb1ade
Instruction Fuzzy Hash: 0031502660D781D5E775AF22E4947EAF7A4FB88B41F840435DA8E02A95DF3CD948C720

Function 00007FF764B02842 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF764B027E9
strchr.VCRUNTIME140 ref: 00007FF764B02810
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B02CAF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CBA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CC5
GetLastError.KERNEL32 ref: 00007FF764B02CCE
SetLastError.KERNEL32 ref: 00007FF764B02CDA

Strings

SEC_E_BAD_BINDINGS, xrefs: 00007FF764B02842
%s (0x%08X), xrefs: 00007FF764B02795
%s - %s, xrefs: 00007FF764B02C99

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_BAD_BINDINGS
API String ID: 600764987-2710416593
Opcode ID: b4237a5601813039186a2a4bdc72cefaca88f9f21f5e526bb74f81501d0c3c6a
Instruction ID: 5d19a35e141a04df979f7413b8d42a1dfd4c4b527ddbbc5cd88b7a134aa8259a
Opcode Fuzzy Hash: b4237a5601813039186a2a4bdc72cefaca88f9f21f5e526bb74f81501d0c3c6a
Instruction Fuzzy Hash: A631502660D781D5E775AF22E4947EAF7A4FB88B41F840435DA8D02A95DF3CD948C720

Function 00007FF764B0288A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF764B027E9
strchr.VCRUNTIME140 ref: 00007FF764B02810
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B02CAF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CBA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CC5
GetLastError.KERNEL32 ref: 00007FF764B02CCE
SetLastError.KERNEL32 ref: 00007FF764B02CDA

Strings

%s (0x%08X), xrefs: 00007FF764B02795
%s - %s, xrefs: 00007FF764B02C99
SEC_E_CERT_UNKNOWN, xrefs: 00007FF764B0288A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_CERT_UNKNOWN
API String ID: 600764987-1381340633
Opcode ID: fb69855eb93c36ead092b10461e28b0d55e4e1a7c7013f7beec08c850359b2ae
Instruction ID: d369298748e246532aad1ca713dd0cbfbcdc2ec36ee741500e9ba77bb2b9a8fc
Opcode Fuzzy Hash: fb69855eb93c36ead092b10461e28b0d55e4e1a7c7013f7beec08c850359b2ae
Instruction Fuzzy Hash: C431502660D781D5E775AF22E4947EAF7A4FB88B41F840435DA8E02A95DF3CD948C720

Function 00007FF764B0287E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF764B027E9
strchr.VCRUNTIME140 ref: 00007FF764B02810
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B02CAF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CBA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CC5
GetLastError.KERNEL32 ref: 00007FF764B02CCE
SetLastError.KERNEL32 ref: 00007FF764B02CDA

Strings

SEC_E_CERT_EXPIRED, xrefs: 00007FF764B0287E
%s (0x%08X), xrefs: 00007FF764B02795
%s - %s, xrefs: 00007FF764B02C99

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_CERT_EXPIRED
API String ID: 600764987-3862749013
Opcode ID: b5e3f79f4c355b81bad2cf96fd4c3d8ff6464f07994b12a32ddfd69e306aee91
Instruction ID: 227a504898234ee583403306b674c30472d180f4f8deb6600dc4a6610b16b6d3
Opcode Fuzzy Hash: b5e3f79f4c355b81bad2cf96fd4c3d8ff6464f07994b12a32ddfd69e306aee91
Instruction Fuzzy Hash: 3231502660D781D5E775AF22E4947EEF7A4FB88B41F840435DA8D02A95DF3CD948C720

Function 00007FF764B02872 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF764B027E9
strchr.VCRUNTIME140 ref: 00007FF764B02810
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B02CAF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CBA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CC5
GetLastError.KERNEL32 ref: 00007FF764B02CCE
SetLastError.KERNEL32 ref: 00007FF764B02CDA

Strings

SEC_E_CANNOT_PACK, xrefs: 00007FF764B02872
%s (0x%08X), xrefs: 00007FF764B02795
%s - %s, xrefs: 00007FF764B02C99

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_CANNOT_PACK
API String ID: 600764987-1502336670
Opcode ID: dc89fc471b1619db6b51ee9f1f9441fbbbccb526ecc08470d33614c67115feea
Instruction ID: f58290aa66f4f45f466402084a7751bf206c6fed576b24ec16662eedf83e6f6a
Opcode Fuzzy Hash: dc89fc471b1619db6b51ee9f1f9441fbbbccb526ecc08470d33614c67115feea
Instruction Fuzzy Hash: 2631502660D781D5E775AF22E4947EAF7A4FB88B41F840435DA8E02A95DF3CD948C720

Function 00007FF764B02866 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF764B027E9
strchr.VCRUNTIME140 ref: 00007FF764B02810
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B02CAF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CBA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CC5
GetLastError.KERNEL32 ref: 00007FF764B02CCE
SetLastError.KERNEL32 ref: 00007FF764B02CDA

Strings

%s (0x%08X), xrefs: 00007FF764B02795
%s - %s, xrefs: 00007FF764B02C99
SEC_E_CANNOT_INSTALL, xrefs: 00007FF764B02866

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_CANNOT_INSTALL
API String ID: 600764987-2628789574
Opcode ID: b6d977fb7614b619997d37763022862aa4c79d47e314d121bd84ee4a48062ade
Instruction ID: a2cabfacacde3a6951c621614389a95c1bd27e86b8f68c149304ec7d5f32ff7e
Opcode Fuzzy Hash: b6d977fb7614b619997d37763022862aa4c79d47e314d121bd84ee4a48062ade
Instruction Fuzzy Hash: 2C31502660D781D5E775AF22E4947EAF7A4FB88B41F840435DA8D02A95DF3CD948C720

Function 00007FF764B0285A Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF764B027E9
strchr.VCRUNTIME140 ref: 00007FF764B02810
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B02CAF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CBA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CC5
GetLastError.KERNEL32 ref: 00007FF764B02CCE
SetLastError.KERNEL32 ref: 00007FF764B02CDA

Strings

%s (0x%08X), xrefs: 00007FF764B02795
%s - %s, xrefs: 00007FF764B02C99
SEC_E_BUFFER_TOO_SMALL, xrefs: 00007FF764B0285A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_BUFFER_TOO_SMALL
API String ID: 600764987-1965992168
Opcode ID: 14616516c88f7509fade31cf055c6b7b3ad4bcea269a40717513b235e7411adb
Instruction ID: 98476d78e252e3c2a9dc67daa15fee24ae5bcc7f21248263ba33bbc100367a4c
Opcode Fuzzy Hash: 14616516c88f7509fade31cf055c6b7b3ad4bcea269a40717513b235e7411adb
Instruction Fuzzy Hash: 1831502660D781D5E775AF22E4947EAF7A4FB88B41F840435DA8E02A95DF3CD948C720

Function 00007FF764B0278E Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 69stringwindowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF764B027E9
strchr.VCRUNTIME140 ref: 00007FF764B02810
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B02CAF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CBA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02CC5
GetLastError.KERNEL32 ref: 00007FF764B02CCE
SetLastError.KERNEL32 ref: 00007FF764B02CDA

Strings

SEC_E_ALGORITHM_MISMATCH, xrefs: 00007FF764B0278E
%s (0x%08X), xrefs: 00007FF764B02795
%s - %s, xrefs: 00007FF764B02C99

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessagestrchrstrncpy
String ID: %s (0x%08X)$%s - %s$SEC_E_ALGORITHM_MISMATCH
API String ID: 600764987-618797061
Opcode ID: 5d42a18b7313e4e6ce7f4997799be450bcf9f4979c74c63c4527dec5703fd72d
Instruction ID: 58e81f43499591890b7c1c5c71998d5c2f967afb05fbc5edc9622c8cf0452684
Opcode Fuzzy Hash: 5d42a18b7313e4e6ce7f4997799be450bcf9f4979c74c63c4527dec5703fd72d
Instruction Fuzzy Hash: FC31612660D7C1D5EB75AF22E4947EAF7A4FB88B41F840435DA8D02A95DF3CD948CB20

Function 00007FF764B4F2E0 Relevance: 15.2, APIs: 6, Strings: 4, Instructions: 179COMMON

Download Yara Rule

Strings

../, xrefs: 00007FF764B4F3D9
/../, xrefs: 00007FF764B4F43B
/.., xrefs: 00007FF764B4F472
/./, xrefs: 00007FF764B4F3FC

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ../$/..$/../$/./
API String ID: 0-456519384
Opcode ID: 2dbab25f729fef1f61110d8261d6b7dddaabbd66fd56968b1a31eea453c71c54
Instruction ID: 4349e19eb8cc18b3c651b41aa7e09e55dddf5a90c3cb80f2476f7142227d8b6c
Opcode Fuzzy Hash: 2dbab25f729fef1f61110d8261d6b7dddaabbd66fd56968b1a31eea453c71c54
Instruction Fuzzy Hash: 8E71C922E0D682D1FB22EF16D590279EB52AF1DBA4F844131CA5D036D9DF2CE559C321

Function 00007FF764B069C0 Relevance: 15.1, APIs: 10, Instructions: 130COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000010,?,00007FF764B06B54,?,?,?,?,?,?,00000000,00007FF764B06FAD), ref: 00007FF764B06A42
_invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000010,?,00007FF764B06B54,?,?,?,?,?,?,00000000,00007FF764B06FAD), ref: 00007FF764B06AAA

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfo
String ID:
API String ID: 2959964966-0
Opcode ID: 30b37a837a752e5ade18450c7cc7a75b8aa85acd0d1dc89586993fc663f8de38
Instruction ID: ff5e73ca3cc8a8159deb912ca13ac1ba65a9db994b9321d7a542bd52585865d5
Opcode Fuzzy Hash: 30b37a837a752e5ade18450c7cc7a75b8aa85acd0d1dc89586993fc663f8de38
Instruction Fuzzy Hash: 5041B266A09646C5EA14BF17D48867DE3A0EF4CF86F94A031DB0E03755DF3CE8928A20

Function 00007FF764AF97D0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 216processCOMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF764AF98F0
system.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF9963
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF999D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF99EE

Part of subcall function 00007FF764AF0450: memcpy.VCRUNTIME140 ref: 00007FF764AF0543
Part of subcall function 00007FF764AF0450: memcpy.VCRUNTIME140 ref: 00007FF764AF0551

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF9A3D
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF9A8E
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF9B0C

Strings

&& timeout /t 5", xrefs: 00007FF764AF98E6, 00007FF764AF9904

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmovesystem
String ID: && timeout /t 5"
API String ID: 3525216138-934313417
Opcode ID: 5ff9e2e30faa45462b8a9d0e8fe91db5ba3e835855bd8ef1b8558fa501f5164b
Instruction ID: 5e548437c3c1692ddf23ce97e5aee26751c2ccb4fe00244c20260243ddcdc73d
Opcode Fuzzy Hash: 5ff9e2e30faa45462b8a9d0e8fe91db5ba3e835855bd8ef1b8558fa501f5164b
Instruction Fuzzy Hash: FB91C162E18B86D4FB04DF2AD5843ADA361FB897A4F945332DAAD02AD5DF7CD480C350

Function 00007FF764B35280 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 208stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140 ref: 00007FF764B35374
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B353BF
strchr.VCRUNTIME140 ref: 00007FF764B353E9
strrchr.VCRUNTIME140 ref: 00007FF764B35405
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B35486
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B3559C

Strings

Request has same path as previous transfer, xrefs: 00007FF764B355A6
Uploading to a URL without a file name!, xrefs: 00007FF764B354EC

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchrstrncpy$strncmpstrrchr
String ID: Request has same path as previous transfer$Uploading to a URL without a file name!
API String ID: 4163149846-131330169
Opcode ID: 09410f9ac9ae6992fb4b994b1198de00256e141542eb4e3ca317667b4b6bc7b0
Instruction ID: 75af1fa22b4f23706d00f15b7e6066b703aac045b5f1bcbd05550077e954cc09
Opcode Fuzzy Hash: 09410f9ac9ae6992fb4b994b1198de00256e141542eb4e3ca317667b4b6bc7b0
Instruction Fuzzy Hash: 5491A422B09782C2EA59AF27D4843B9B3E1FF49B80F944435DA8E03B95DF3CE4558725

Function 00007FF764B00B7A Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 142stringCOMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B0126F
strtoull.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF764B01299
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B012A2

Strings

invalid number; expected digit after '.', xrefs: 00007FF764B00FCE
invalid number; expected '+', '-', or digit after exponent, xrefs: 00007FF764B010A4

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _errno$strtoull
String ID: invalid number; expected '+', '-', or digit after exponent$invalid number; expected digit after '.'
API String ID: 642117244-808606891
Opcode ID: 5c9276fc7c5cf63b04a2e07fe65b3ad722349e79db0e68523ebd04497fb2c08d
Instruction ID: a999e633f5babecd69b48aac2795f066197df67fee80c26b133d630f9e41c8d2
Opcode Fuzzy Hash: 5c9276fc7c5cf63b04a2e07fe65b3ad722349e79db0e68523ebd04497fb2c08d
Instruction Fuzzy Hash: F8616E32A09A42C6EB68AF26D48877CB761FB49F49FD44532DA4D43698DF3DE844C360

Function 00007FF764AE2F60 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 64threadCOMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00007FF764AE2FD8
type_info::_name_internal_method.LIBCMTD ref: 00007FF764AE2FE9
type_info::_name_internal_method.LIBCMTD ref: 00007FF764AE3004
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AE302D
CreateThread.KERNEL32 ref: 00007FF764AE3077

Strings

|, xrefs: 00007FF764AE2F97
Select Key, xrefs: 00007FF764AE2FCC
Press the key, xrefs: 00007FF764AE2FF8

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::CreateEmptyQueue::StructuredThreadWork
String ID: Press the key$Select Key$|
API String ID: 2313886200-3394947503
Opcode ID: 516ef2c9dcaad4155fa8b319f6c3d4a38b739a87c81f2b1f5d97e92c9507732e
Instruction ID: b7e4308216af1c3009f1f93e09368d0931aa3ca101cacd81180476c95c5fc6ca
Opcode Fuzzy Hash: 516ef2c9dcaad4155fa8b319f6c3d4a38b739a87c81f2b1f5d97e92c9507732e
Instruction Fuzzy Hash: C5312F3291C682D6EB60EF12E4917BAF360FB95344FD05135E68D429A9DF7CE449CB10

Function 00007FF764B0E700 Relevance: 13.7, APIs: 9, Instructions: 165COMMON

Download Yara Rule

APIs

InitializeCriticalSectionEx.KERNEL32 ref: 00007FF764B0E7E6

Part of subcall function 00007FF764B27050: #23.WS2_32 ref: 00007FF764B27091

DeleteCriticalSection.KERNEL32 ref: 00007FF764B0E820
#3.WS2_32 ref: 00007FF764B0E852
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B0E88E
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B0E915
EnterCriticalSection.KERNEL32 ref: 00007FF764B0E936
LeaveCriticalSection.KERNEL32 ref: 00007FF764B0E94A
CloseHandle.KERNEL32 ref: 00007FF764B0E957
#3.WS2_32 ref: 00007FF764B0E99B

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$_errno$CloseDeleteEnterHandleInitializeLeave
String ID:
API String ID: 3745366588-0
Opcode ID: 9c391e11587af7980b8e14d7778d521fca17c57d3c4f98f872f9243fb0f34f1f
Instruction ID: 6b0abfce2b57feee359ffb0a82b159f3d8465d905f2af35bed77a50fca198f6c
Opcode Fuzzy Hash: 9c391e11587af7980b8e14d7778d521fca17c57d3c4f98f872f9243fb0f34f1f
Instruction Fuzzy Hash: 81815F22D09B81C2E664EF22E99467DB360FB99B54F445235DB9E037A2DF78E4D4C310

Function 00007FF764B3899C Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 266COMMON

Download Yara Rule

APIs

_fstat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF764B38A37

Part of subcall function 00007FF764B38FE0: strchr.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF764B39016
Part of subcall function 00007FF764B38FE0: _open.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF764B3906B

Strings

failed to resume file:// transfer, xrefs: 00007FF764B38D96
Accept-ranges: bytes, xrefs: 00007FF764B38ACE
Content-Length: %I64d, xrefs: 00007FF764B38A93
Can't get the size of file., xrefs: 00007FF764B38C19
Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT%s, xrefs: 00007FF764B38B9B

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _fstat64_openstrchr
String ID: Accept-ranges: bytes$Can't get the size of file.$Content-Length: %I64d$Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT%s$failed to resume file:// transfer
API String ID: 3410096895-1509146019
Opcode ID: 67f5bb270efafb0dcaa55bac615edeaadf2192e8a0c640b7de638e9d06b6a965
Instruction ID: aadb8fdd8269f362461795198112182914f6c10440e547f7f22e9b9ea156cfdf
Opcode Fuzzy Hash: 67f5bb270efafb0dcaa55bac615edeaadf2192e8a0c640b7de638e9d06b6a965
Instruction Fuzzy Hash: EFB19732A0D682C5EB26BF27D4907BAA3A1FF48B84F944035DE4D87B55EE3CE4058761

Function 00007FF764AFF880 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 200COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140 ref: 00007FF764AFF9E4
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFFA7C

Part of subcall function 00007FF764AF0450: memcpy.VCRUNTIME140 ref: 00007FF764AF0543
Part of subcall function 00007FF764AF0450: memcpy.VCRUNTIME140 ref: 00007FF764AF0551

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFFABB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFFB0A
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFFB59

Strings

at line , xrefs: 00007FF764AFF965
, column , xrefs: 00007FF764AFF9DA, 00007FF764AFF9FC

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$memcpy$memmove
String ID: at line $, column
API String ID: 1675611454-191570568
Opcode ID: 639050f411784cdeb6bf1b3246b037affdb679bd1ee555565cdb6b47c69f24fd
Instruction ID: 313b70ba10e9d5b27bf0505dfb5546ed9b63056a48a8dabb33261d6cb044dbf7
Opcode Fuzzy Hash: 639050f411784cdeb6bf1b3246b037affdb679bd1ee555565cdb6b47c69f24fd
Instruction Fuzzy Hash: 4491E362F18B85D5FB04EF7AD4403ECA3A2EB59798F944226DA6C1378AEF38D145C350

Function 00007FF764B0D4D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 161fileCOMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D591
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D5B2
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D608
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D6D4

Strings

Set-Cookie:, xrefs: 00007FF764B0D646
none, xrefs: 00007FF764B0D552
ignoring failed cookie_init for %s, xrefs: 00007FF764B0D612

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: fclose$__acrt_iob_funcfopen
String ID: Set-Cookie:$ignoring failed cookie_init for %s$none
API String ID: 3183491739-4095489131
Opcode ID: f2340336eef8823bfe7f3f364d80d4c58f2706bd0edc336ea5dd1d380b085468
Instruction ID: 4c3796b01562ff93007d972e47738f0c8bc936304e20d9a0b98d824fa6892ad0
Opcode Fuzzy Hash: f2340336eef8823bfe7f3f364d80d4c58f2706bd0edc336ea5dd1d380b085468
Instruction Fuzzy Hash: AE61B121A09782C1EB55AF26E4986BAA798EF4EF85F884435DE8D037C5DF3CE441C360

Function 00007FF764AF2160 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 157COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF321C
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF324A
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF3257
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF3290
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF32E2

Strings

value, xrefs: 00007FF764AF317C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: 0fac0296e4b56506f007c60110fe16e77a53d9b0b38bac76256b5961d1cf1a66
Instruction ID: 2a187bebd12fc5c0363aac6195e5ff0fdca74f582a11f46af33237a90a90a06e
Opcode Fuzzy Hash: 0fac0296e4b56506f007c60110fe16e77a53d9b0b38bac76256b5961d1cf1a66
Instruction Fuzzy Hash: 6E61F822E18B81C5FB05DF79E4843EDA361EB993A4F945332EAAD06AD5DF6CD481C310

Function 00007FF764AF33A0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF4402
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF442E
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF443B
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF4475
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF44C8

Strings

value, xrefs: 00007FF764AF4365

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: c9272b4b638513854b3bf0f7d9b3884501a581e3aa2ab7e3e91cb4de8f345b23
Instruction ID: c1fe58c6febb72f63dd95d340a36c35afc80caebb6718dd8f74b8c1b0f8d1282
Opcode Fuzzy Hash: c9272b4b638513854b3bf0f7d9b3884501a581e3aa2ab7e3e91cb4de8f345b23
Instruction Fuzzy Hash: EB61E862E18B81D6FB05DF7AD5843ADA361EB993A8F540332EA6C12AD5DF3CD481C310

Function 00007FF764B17220 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 151stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B172DF
strchr.VCRUNTIME140 ref: 00007FF764B1735E
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF764B1738C

Strings

Invalid IPv6 address format, xrefs: 00007FF764B17347
No valid port number in connect to host string (%s), xrefs: 00007FF764B173EB
%25, xrefs: 00007FF764B172D5
Please URL encode %% as %%25, see RFC 6874., xrefs: 00007FF764B172E9

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchrstrncmpstrtol
String ID: %25$Invalid IPv6 address format$No valid port number in connect to host string (%s)$Please URL encode %% as %%25, see RFC 6874.
API String ID: 3688256003-2404041592
Opcode ID: f691ee9315d657446f6c510e99a4ee84afc45cc51ab2891e6a34e92a527e6daf
Instruction ID: bb43596ee0357a74344f28e2f5635924ba0f4dbdfdd57144adb7db869ee290a8
Opcode Fuzzy Hash: f691ee9315d657446f6c510e99a4ee84afc45cc51ab2891e6a34e92a527e6daf
Instruction Fuzzy Hash: 8751A411A08686C5FB57BF17E8A03B9E7E29F49B94F884031DE4D07281EE6CE5478320

Function 00007FF764B38FE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 145stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF764B39016
_open.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF764B3906B
_fstat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF764B390DC
_close.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF764B390E9
_close.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF764B391FB

Strings

Can't get the size of %s, xrefs: 00007FF764B390F2
Can't open %s for writing, xrefs: 00007FF764B3907B

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _close$_fstat64_openstrchr
String ID: Can't get the size of %s$Can't open %s for writing
API String ID: 423814720-3544860555
Opcode ID: fd35898813f97cd0b7105e8e6f81b550b23a9e3031f7a8d83e970d60fbfd965f
Instruction ID: ba3e8761543bca2ff5e03d64098f8b3b3620f603541819c13f853686b4faba59
Opcode Fuzzy Hash: fd35898813f97cd0b7105e8e6f81b550b23a9e3031f7a8d83e970d60fbfd965f
Instruction Fuzzy Hash: 3551C522B08A83C1FA29AF27D8942B9E391FB8CBD0F844135DE5E57795DE3CE8118310

Function 00007FF764AF4890 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764AF491C
memmove.VCRUNTIME140 ref: 00007FF764AF495F
memcpy.VCRUNTIME140 ref: 00007FF764AF4977
allocator.LIBCONCRTD ref: 00007FF764AF49D3
memcpy.VCRUNTIME140 ref: 00007FF764AF49F9
memcpy.VCRUNTIME140 ref: 00007FF764AF4A13

Strings

&& timeout /t 5", xrefs: 00007FF764AF4890

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$allocatormemmove
String ID: && timeout /t 5"
API String ID: 3863486226-934313417
Opcode ID: 0bb9af477fc27dfdc21e9899d7ab7e082c914ac3c3f68657f5f6d2f881c47ee8
Instruction ID: 80b5d549c69a05720e8b9874aa2d1dd537fd0b795af93bd7938bace55d8587a9
Opcode Fuzzy Hash: 0bb9af477fc27dfdc21e9899d7ab7e082c914ac3c3f68657f5f6d2f881c47ee8
Instruction Fuzzy Hash: 2A41D722B04B81D1EB14EF2AE6845A9A361F765BD4FA44631DFAC07786DF38E1D0C340

Function 00007FF764B3CAC0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

#9.WS2_32 ref: 00007FF764B3CB2C
#9.WS2_32 ref: 00007FF764B3CB42
#19.WS2_32 ref: 00007FF764B3CBE8
#111.WS2_32 ref: 00007FF764B3CBFC
#19.WS2_32 ref: 00007FF764B3CC3E
#111.WS2_32 ref: 00007FF764B3CC48

Strings

Sending data failed (%d), xrefs: 00007FF764B3CC02, 00007FF764B3CC4E

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111
String ID: Sending data failed (%d)
API String ID: 568940515-2319402659
Opcode ID: bbb13fdf9ac442769b34cb120001b90cadd6e83fde3fd50391bf062df472bc55
Instruction ID: e6e8d64f3fbf767b0ecbf02761323a3bed699b2241611645e3765b49a80f60ad
Opcode Fuzzy Hash: bbb13fdf9ac442769b34cb120001b90cadd6e83fde3fd50391bf062df472bc55
Instruction Fuzzy Hash: DE419A33608A96C0E7066FA6D490AA8B730F768F89F844532DB8D03B54DF7CE45AC321

Function 00007FF764AEC1C8 Relevance: 12.1, APIs: 8, Instructions: 106COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AEC1E9
MultiByteToWideChar.KERNEL32 ref: 00007FF764AEC20C
memset.VCRUNTIME140 ref: 00007FF764AEC266
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AEC284
MultiByteToWideChar.KERNEL32 ref: 00007FF764AEC2AE
WideCharToMultiByte.KERNEL32 ref: 00007FF764AEC2E9
memset.VCRUNTIME140 ref: 00007FF764AEC32A
WideCharToMultiByte.KERNEL32 ref: 00007FF764AEC364

Part of subcall function 00007FF764AD8E18: char_traits.LIBCPMTD ref: 00007FF764AD8E44

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$Concurrency::details::EmptyQueue::StructuredWorkmemset$char_traits
String ID:
API String ID: 881086949-0
Opcode ID: b0b625d2905b23ce666165e0cda7d2c5249048989e58aee4d5181a99c69f5c0f
Instruction ID: dafc052c66b93e2076a39d4ad35963072933eaffd5a5abe6b66ee2b94a5d1f79
Opcode Fuzzy Hash: b0b625d2905b23ce666165e0cda7d2c5249048989e58aee4d5181a99c69f5c0f
Instruction Fuzzy Hash: 1451E432608B8086D764EF66F49035AFBA1F7C97A0F104225EADD87BA9DF7DD4448B00

Function 00007FF764B51E08 Relevance: 12.1, APIs: 8, Instructions: 94COMMON

Download Yara Rule

APIs

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF764B51E31
__scrt_release_startup_lock.LIBCMT ref: 00007FF764B51E9F
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B51EED
_get_initial_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B51EF2
__p___argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B51EFA
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B51F02
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B51F24
_exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B51F7E

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: __p___argc__p___argv__scrt_acquire_startup_lock__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
String ID:
API String ID: 1133592946-0
Opcode ID: 698fcb676a854d009b9da8b2e168f5059a80c79fe6b9b880668a1c13ce86483f
Instruction ID: a14f3bd96a4ed060f81af65344ff41eda848c9732151f11bf8ad892bd8d04574
Opcode Fuzzy Hash: 698fcb676a854d009b9da8b2e168f5059a80c79fe6b9b880668a1c13ce86483f
Instruction Fuzzy Hash: 0D311921E0A242C2FA1CBF27E4913F9E791AF5D784FC84434DA4D07297DE6CAC458671

Function 00007FF764AE69B8 Relevance: 12.1, APIs: 8, Instructions: 75COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE69FC
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE6A0C
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE6A29
_Max_value.LIBCPMTD ref: 00007FF764AE6A45
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE6A63
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE6A8D
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE6A9D
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE6ABA

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?pptr@?$basic_streambuf@$?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?gptr@?$basic_streambuf@?pbase@?$basic_streambuf@Max_value
String ID:
API String ID: 2353371583-0
Opcode ID: 3f89c3910a14bda5632255bc1f56cff176e866f832807aab471be682cc61c81e
Instruction ID: 0237f0723d815c13f53a67dd7f86c55dccddea6b7f6f7458c2095f9e200a2008
Opcode Fuzzy Hash: 3f89c3910a14bda5632255bc1f56cff176e866f832807aab471be682cc61c81e
Instruction Fuzzy Hash: A131B936618B85C2DA10DF56F89012AF7A0FBC8BA4B945435EA8D87728DF7CD454CB10

Function 00007FF764AEC53C Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AEC54A
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AEC56C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?egptr@?$basic_streambuf@?gptr@?$basic_streambuf@
String ID:
API String ID: 288742420-0
Opcode ID: ca6a69f553c97f548c0adf796ddca912dde3dfd50c4e86e55c67446cc267dbe5
Instruction ID: 87cd66e847d94bcdb146b13fc16eb62ee37b51c18deef067f6546a5b0cbd4f51
Opcode Fuzzy Hash: ca6a69f553c97f548c0adf796ddca912dde3dfd50c4e86e55c67446cc267dbe5
Instruction Fuzzy Hash: 6031E93691DB85D2D610BF16F48462EF7A0FB88B84F901035EA9E47769DF2CE4409B24

Function 00007FF764AE6D88 Relevance: 12.1, APIs: 8, Instructions: 54COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140(?,?,?,?,?,?,?,?,00007FF764AD9F7A), ref: 00007FF764AE6DB7
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140(?,?,?,?,?,?,?,?,00007FF764AD9F7A), ref: 00007FF764AE6DC7
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140(?,?,?,?,?,?,?,?,00007FF764AD9F7A), ref: 00007FF764AE6DD9
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140(?,?,?,?,?,?,?,?,00007FF764AD9F7A), ref: 00007FF764AE6DE9
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140(?,?,?,?,?,?,?,?,00007FF764AD9F7A), ref: 00007FF764AE6E04
allocator.LIBCONCRTD ref: 00007FF764AE6E26
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z.MSVCP140(?,?,?,?,?,?,?,?,00007FF764AD9F7A), ref: 00007FF764AE6E38
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z.MSVCP140(?,?,?,?,?,?,?,?,00007FF764AD9F7A), ref: 00007FF764AE6E48

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?eback@?$basic_streambuf@$?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?pptr@?$basic_streambuf@?setg@?$basic_streambuf@?setp@?$basic_streambuf@D00@allocator
String ID:
API String ID: 4248052844-0
Opcode ID: c35e873e20a1156a4fbe4438aa6a2a22e63726b2a58e722f600be6bfc507c4e7
Instruction ID: 9fb4b8ddf4f9b481533274c546e8ced27068b9d463a3758a578a27f52e5ab158
Opcode Fuzzy Hash: c35e873e20a1156a4fbe4438aa6a2a22e63726b2a58e722f600be6bfc507c4e7
Instruction Fuzzy Hash: 5021B136A18B81C6DB50EF5AE89162AF3A0FBC8B94F501135EA8E47B64DF7CD405CB14

Function 00007FF764B28230 Relevance: 10.7, APIs: 7, Instructions: 242sleepCOMMON

Download Yara Rule

APIs

#112.WS2_32 ref: 00007FF764B28296
#112.WS2_32 ref: 00007FF764B28456
Sleep.KERNEL32 ref: 00007FF764B28466
#151.WS2_32 ref: 00007FF764B2857A
#151.WS2_32 ref: 00007FF764B28592
Sleep.KERNEL32 ref: 00007FF764B285BD

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #112#151Sleep
String ID:
API String ID: 3289937094-0
Opcode ID: 5c4afa7076b0ce17f32e71aef32c9cca837b6c79197a88519eca6524da51a358
Instruction ID: c272653b77a8f1ef5973b04f5ac856fd1d158f64861cccbfb8971c9a0bfe1a30
Opcode Fuzzy Hash: 5c4afa7076b0ce17f32e71aef32c9cca837b6c79197a88519eca6524da51a358
Instruction Fuzzy Hash: 66A13721A18AD2C6EB696F1AD4803BBA295FF4CB94F945334E92E47BC4DF3DD8018310

Function 00007FF764B40D00 Relevance: 10.7, APIs: 1, Strings: 6, Instructions: 223COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764B40E72

Strings

%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s, xrefs: 00007FF764B41042
file://%s%s%s, xrefs: 00007FF764B40D4E
%%25%s], xrefs: 00007FF764B40E82
https, xrefs: 00007FF764B40D90
%ld, xrefs: 00007FF764B40DBE
file, xrefs: 00007FF764B40D1B

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID: %%25%s]$%ld$%s://%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s$file$file://%s%s%s$https
API String ID: 3510742995-1832275178
Opcode ID: 88fd5ff4b35a05e61e6e38ca69f83a5488986a1e96c663c3e5fdbb9ea0c4bd23
Instruction ID: 03810dfc7a0a205cd19e87f7c9d79173bdfa17002074235f17a6ed3339ae089b
Opcode Fuzzy Hash: 88fd5ff4b35a05e61e6e38ca69f83a5488986a1e96c663c3e5fdbb9ea0c4bd23
Instruction Fuzzy Hash: 70A18062A09B86D4EB65AF16E4803A9F3A0EF59B84F848131CE8D13758DF3CE459C720

Function 00007FF764B07870 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 217stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF764B07838), ref: 00007FF764B07985
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00007FF764B07838), ref: 00007FF764B0799F

Strings

I32, xrefs: 00007FF764B07975, 00007FF764B079D5
Internal error removing splay node = %d, xrefs: 00007FF764B07882
I64, xrefs: 00007FF764B07995, 00007FF764B079FF

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strncmp
String ID: I32$I64$Internal error removing splay node = %d
API String ID: 1114863663-13178787
Opcode ID: 491ac133e9000593961312c4dbfca09365f194312719dec41d904bc8bbf8ed5a
Instruction ID: c4da28799870d97bc55038c6b2bad72cabc5efb403eaf05b4ba41c5491f4a9f6
Opcode Fuzzy Hash: 491ac133e9000593961312c4dbfca09365f194312719dec41d904bc8bbf8ed5a
Instruction Fuzzy Hash: CEA1C333A08681D6E720AF16E488B7DFBA4FB5CB89F954535CA8D42254DF7CD608C760

Function 00007FF764B4C7E0 Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 210COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764B4C888
memmove.VCRUNTIME140 ref: 00007FF764B4C9D9
memcpy.VCRUNTIME140 ref: 00007FF764B4CA51

Strings

response reading failed, xrefs: 00007FF764B4CA71
Excessive server response line length received, %zd bytes. Stripping, xrefs: 00007FF764B4C9B1
cached response data too big to handle, xrefs: 00007FF764B4CAD1
8, xrefs: 00007FF764B4CA83

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$memmove
String ID: 8$Excessive server response line length received, %zd bytes. Stripping$cached response data too big to handle$response reading failed
API String ID: 1283327689-1003742340
Opcode ID: fec63b6d9b281d19cf5b1ace3c2b35efdffbf3e305bc2555124f8a271e803aac
Instruction ID: 217edecd96c6b21720b3a148d27d2b54342edb46ab76af60fd85335b46b929ec
Opcode Fuzzy Hash: fec63b6d9b281d19cf5b1ace3c2b35efdffbf3e305bc2555124f8a271e803aac
Instruction Fuzzy Hash: FB81AF22609B81D1EA54EF27D0803B9A770FB49B84F865436DF8E47789DF38D4998350

Function 00007FF764B35820 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 146stringCOMMON

Download Yara Rule

APIs

strstr.VCRUNTIME140 ref: 00007FF764B358E3

Strings

, xrefs: 00007FF764B35887
Maxdownload = %I64d, xrefs: 00007FF764B3597C, 00007FF764B35A1B
RETR response: %03d, xrefs: 00007FF764B35878
Data conn was not available immediately, xrefs: 00007FF764B359D7
bytes, xrefs: 00007FF764B358D9
Getting file with size: %I64d, xrefs: 00007FF764B35995

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strstr
String ID: $ bytes$Data conn was not available immediately$Getting file with size: %I64d$Maxdownload = %I64d$RETR response: %03d
API String ID: 1392478783-2096918210
Opcode ID: dbef7eb86c178f8aeaff6f1116a2af0bbaff73a7ad558b93c12353b0c2a26db1
Instruction ID: b2e629e345028ce678e4fc482be9224618d85ec0d38cb6b76064fc393b110d94
Opcode Fuzzy Hash: dbef7eb86c178f8aeaff6f1116a2af0bbaff73a7ad558b93c12353b0c2a26db1
Instruction Fuzzy Hash: 9A51B562A09786C1EB26AF1BE4C42B9F391AB5D778FC40331DA5C06AD5DF7CE5828314

Function 00007FF764B355F0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 144COMMON

Download Yara Rule

APIs

#111.WS2_32 ref: 00007FF764B35796

Part of subcall function 00007FF764B4C7E0: memcpy.VCRUNTIME140 ref: 00007FF764B4C888

Strings

*, xrefs: 00007FF764B35764
QUOT string not accepted: %s, xrefs: 00007FF764B357BF
FTP response aborted due to select/poll error: %d, xrefs: 00007FF764B357A4
FTP response timeout, xrefs: 00007FF764B35803
We got a 421 - timeout!, xrefs: 00007FF764B357D5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111memcpy
String ID: *$FTP response aborted due to select/poll error: %d$FTP response timeout$QUOT string not accepted: %s$We got a 421 - timeout!
API String ID: 1499133761-2335292235
Opcode ID: 5b69bec027af01284b407dbde25728c34ea3fc6ec3a3004e59545fc523c6b1a2
Instruction ID: 6eb825893a7fdaeaf9645e8e127e48b5c722cb76a2e4fef2fd02e1606d06a5ab
Opcode Fuzzy Hash: 5b69bec027af01284b407dbde25728c34ea3fc6ec3a3004e59545fc523c6b1a2
Instruction Fuzzy Hash: EF51BF21A08682D5FB66BE27D8807B9A391BF4DBD4F844131DE4D87AD5EF2CE4458328

Function 00007FF764B0D2C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143fileCOMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D350
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D36D
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B0D3BC
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF764B04C90), ref: 00007FF764B0D485

Strings

Set-Cookie:, xrefs: 00007FF764B0D3F6
none, xrefs: 00007FF764B0D313

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: fclose$__acrt_iob_funcfopen
String ID: Set-Cookie:$none
API String ID: 3183491739-3629594122
Opcode ID: b7b14f633b31ad2e3417eb75cdeb38a88c768665de51668658403eef2e5d2a90
Instruction ID: a9683dbc6108915c7baa8a85579722fd070233a5f1fabd32393aa7e07be2a467
Opcode Fuzzy Hash: b7b14f633b31ad2e3417eb75cdeb38a88c768665de51668658403eef2e5d2a90
Instruction Fuzzy Hash: D5518021A0D782C1EB55AF27F5946BEE694AF4EF81FC84434DE8E067C5DE2CE4468320

Function 00007FF764B17420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 142stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140 ref: 00007FF764B17530
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF764B17550

Strings

Connecting to port: %d, xrefs: 00007FF764B175F0
anonymous, xrefs: 00007FF764B17430
Connecting to hostname: %s, xrefs: 00007FF764B175AB
%s%s%s, xrefs: 00007FF764B174BF

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchrstrtol
String ID: %s%s%s$Connecting to hostname: %s$Connecting to port: %d$anonymous
API String ID: 1008397618-1224060940
Opcode ID: 98eaa001cbde31aac1f50946a4409cdf4cc369d785f958ebf385ab8e0bbc77bd
Instruction ID: d600708d551bd3d4b7053cfe9a6479c41d65b31be4c6242cf1fd6770fe1d5410
Opcode Fuzzy Hash: 98eaa001cbde31aac1f50946a4409cdf4cc369d785f958ebf385ab8e0bbc77bd
Instruction Fuzzy Hash: F151B122A08BC2C5EB26BF26E8803A9A7A5FB49BD8F944135DE9D07794CF7CD545C310

Function 00007FF764B3E3D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 139COMMON

Download Yara Rule

APIs

#17.WS2_32 ref: 00007FF764B3E430
memcpy.VCRUNTIME140 ref: 00007FF764B3E456
memchr.VCRUNTIME140 ref: 00007FF764B3E553

Strings

Internal error: Unexpected packet, xrefs: 00007FF764B3E4F8
TFTP error: %s, xrefs: 00007FF764B3E570
Received too short packet, xrefs: 00007FF764B3E482

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memchrmemcpy
String ID: Internal error: Unexpected packet$Received too short packet$TFTP error: %s
API String ID: 3039221550-477593554
Opcode ID: 94137994b011d62a261f19a1fb8e0afb51f82ee8e58960b1f9732595780ded67
Instruction ID: 64148e8e4bd12ba1ad7e283db84b430a07cce0d81b7d49fd384e81f4201299cc
Opcode Fuzzy Hash: 94137994b011d62a261f19a1fb8e0afb51f82ee8e58960b1f9732595780ded67
Instruction Fuzzy Hash: AF51AF72A08582C5EB65AF27D5903BDB790FB48B45F894136DA4D4BB85DE3CE805C720

Function 00007FF764B32AC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 135stringCOMMON

Download Yara Rule

APIs

strpbrk.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B32BC4

Strings

%s %s%s, xrefs: 00007FF764B32B49
VRFY %s%s%s%s, xrefs: 00007FF764B32C4E
EXPN, xrefs: 00007FF764B32B07
HELP, xrefs: 00007FF764B32CB5
SMTPUTF8, xrefs: 00007FF764B32B2D, 00007FF764B32C35

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strpbrk
String ID: SMTPUTF8$%s %s%s$EXPN$HELP$VRFY %s%s%s%s
API String ID: 3024680390-2300960079
Opcode ID: c3df5f67dec3b2ab61c1cfba7a9c320f3ba94e473ee4295380390e44b5bd4d6e
Instruction ID: 7b46c49ae3a278d5fa37a333cb68e8ff21fd710b2e8080ae5a99bd13ff92c089
Opcode Fuzzy Hash: c3df5f67dec3b2ab61c1cfba7a9c320f3ba94e473ee4295380390e44b5bd4d6e
Instruction Fuzzy Hash: C5519022A18B82D1EB16EF17E4907B9E7A0FB4AB84FC44131DA4D13B85DF6CE845C350

Function 00007FF764B369B0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 117COMMON

Download Yara Rule

Strings

Got a %03d response code instead of the assumed 200, xrefs: 00007FF764B369F0
LIST, xrefs: 00007FF764B36AB2
%s%s%s, xrefs: 00007FF764B36AD5
NLST, xrefs: 00007FF764B36AAB
Couldn't set desired mode, xrefs: 00007FF764B369CE

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: %s%s%s$Couldn't set desired mode$Got a %03d response code instead of the assumed 200$LIST$NLST
API String ID: 0-1262176364
Opcode ID: ecddca4db1d40f2132be9e1dedcba9ea71c3000451d3d0b60a854dfc34600307
Instruction ID: 6727bf49c90d42eabfaceceb631926c521eb39a048e74ae04e682701be51fd41
Opcode Fuzzy Hash: ecddca4db1d40f2132be9e1dedcba9ea71c3000451d3d0b60a854dfc34600307
Instruction Fuzzy Hash: 5141C322B08642C6EA36BF57E4C16B9F360EF49B80FC45075DA4D07A95DF7CE8498760

Function 00007FF764B26580 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140 ref: 00007FF764B26666
strchr.VCRUNTIME140 ref: 00007FF764B26679
strchr.VCRUNTIME140 ref: 00007FF764B2668B

Strings

Expect, xrefs: 00007FF764B265E7
Expect:, xrefs: 00007FF764B2660E
100-continue, xrefs: 00007FF764B266A6
Expect: 100-continue, xrefs: 00007FF764B266E8

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr
String ID: 100-continue$Expect$Expect:$Expect: 100-continue
API String ID: 2830005266-711804848
Opcode ID: ef0ace77d0d1fd3a35cc6471f4fccb8bdf87a59809358bee8b656b5c92a47f29
Instruction ID: 4467d6eef4a89479cd1af0a7feb43ce5655b6711445fef42f4be4668de11a8c2
Opcode Fuzzy Hash: ef0ace77d0d1fd3a35cc6471f4fccb8bdf87a59809358bee8b656b5c92a47f29
Instruction Fuzzy Hash: 0541D621B1DAC2C1EA15BF17E4901FAE790AF4DB88F882034DE4D47796EE1DE5418B20

Function 00007FF764B3EF20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 109COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF764B3EF38
_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF764B3F0A1

Strings

set timeouts for state %d; Total %ld, retry %d maxtry %d, xrefs: 00007FF764B3F07C
Connection time-out, xrefs: 00007FF764B3EF5B
gfff, xrefs: 00007FF764B3EFAC
gfff, xrefs: 00007FF764B3F018

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _time64
String ID: Connection time-out$gfff$gfff$set timeouts for state %d; Total %ld, retry %d maxtry %d
API String ID: 1670930206-870032562
Opcode ID: d2a941ae2de6500959931be81c698e6c17a8efed79dd7a6fe95437a7139ce928
Instruction ID: 14332f049e052da3601d398424ff7691c95651f8bb8bd29a93accf47c8d47574
Opcode Fuzzy Hash: d2a941ae2de6500959931be81c698e6c17a8efed79dd7a6fe95437a7139ce928
Instruction Fuzzy Hash: 9F41A276B14655C6DB24DF2BE080668B7A4F79CB88F905036DE0C87B94DE3AE541CB40

Function 00007FF764B1E950 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 106COMMON

Download Yara Rule

APIs

fseek.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B1EA9A

Strings

seek callback returned error %d, xrefs: 00007FF764B1E9EE
Cannot rewind mime/post data, xrefs: 00007FF764B1EAD0
ioctl callback returned error %d, xrefs: 00007FF764B1EA5F
necessary data rewind wasn't possible, xrefs: 00007FF764B1EAA5
the ioctl callback returned %d, xrefs: 00007FF764B1EA45

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: fseek
String ID: Cannot rewind mime/post data$ioctl callback returned error %d$necessary data rewind wasn't possible$seek callback returned error %d$the ioctl callback returned %d
API String ID: 623662203-959247533
Opcode ID: 1c1dde23ad1195b7c95883e38809369ec0d3b5510f5981af69b4c5b44e4fbb7b
Instruction ID: 6431270576a2602744200ab1b3aa985b5d29a47a0b9dfc9c9ea18b8dfb7f313d
Opcode Fuzzy Hash: 1c1dde23ad1195b7c95883e38809369ec0d3b5510f5981af69b4c5b44e4fbb7b
Instruction Fuzzy Hash: C241A466B14A81C1E755AF2BD4847B9A3A2EB8CB94F882031DD0E4B699DF3DD481C724

Function 00007FF764B021F0 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764B0223C
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764B0224A
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764B02256
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764B0227A
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764B0228B
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764B02299
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764B022A5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?pptr@?$basic_streambuf@$?eback@?$basic_streambuf@?egptr@?$basic_streambuf@?epptr@?$basic_streambuf@?gptr@?$basic_streambuf@?pbase@?$basic_streambuf@
String ID:
API String ID: 2869409680-0
Opcode ID: 4accc71b1623408801edd9af0fbd12d8a503cc39fd5eef4cbd0b49985aac0ae1
Instruction ID: 2128c94fb0188fc5081a45c4b659e1b0515e849f471b35ae41a43b647ddbe397
Opcode Fuzzy Hash: 4accc71b1623408801edd9af0fbd12d8a503cc39fd5eef4cbd0b49985aac0ae1
Instruction Fuzzy Hash: 7921B462E18B82C1DB59AF22E9842A9E3A0FB98FC5F585135DD4E03B58DF3CD985C350

Function 00007FF764B0E5F0 Relevance: 10.6, APIs: 7, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764B2ACC0: getaddrinfo.WS2_32 ref: 00007FF764B2ACE2
Part of subcall function 00007FF764B2ACC0: memcpy.VCRUNTIME140(?,?,?,00007FF764B0E645), ref: 00007FF764B2ADA1
Part of subcall function 00007FF764B2ACC0: freeaddrinfo.WS2_32(?,?,?,00007FF764B0E645), ref: 00007FF764B2AE21

#111.WS2_32 ref: 00007FF764B0E64B
#111.WS2_32 ref: 00007FF764B0E655
EnterCriticalSection.KERNEL32 ref: 00007FF764B0E670
LeaveCriticalSection.KERNEL32 ref: 00007FF764B0E67F
#19.WS2_32 ref: 00007FF764B0E6B3
#111.WS2_32 ref: 00007FF764B0E6BD
LeaveCriticalSection.KERNEL32 ref: 00007FF764B0E6D0

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111CriticalSection$Leave$Enterfreeaddrinfogetaddrinfomemcpy
String ID:
API String ID: 1340842722-0
Opcode ID: 00240952b39b3ae9c0964303687d9db88a56e84689844cad0c63600dc8c83182
Instruction ID: 9f6f6fed04f8f74605e08012372644016886c96f6434dd49eb998304e7dba74b
Opcode Fuzzy Hash: 00240952b39b3ae9c0964303687d9db88a56e84689844cad0c63600dc8c83182
Instruction Fuzzy Hash: E2315231A08A42C6E754AF26E49467DB7A0FF8CF99F845131D91E836A4DF3CD885C760

Function 00007FF764AD65D8 Relevance: 10.6, APIs: 7, Instructions: 58COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QEAA@H@Z.MSVCP140 ref: 00007FF764AD65E8
??Bid@locale@std@@QEAA_KXZ.MSVCP140 ref: 00007FF764AD6602
std::locale::_Getfacet.LIBCPMTD ref: 00007FF764AD6617
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z.MSVCP140 ref: 00007FF764AD664B
Concurrency::cancel_current_task.LIBCPMTD ref: 00007FF764AD6657
??1_Lockit@std@@QEAA@XZ.MSVCP140 ref: 00007FF764AD66CD

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Concurrency::cancel_current_taskD@std@@Getcat@?$ctype@GetfacetV42@@Vfacet@locale@2@std::locale::_
String ID:
API String ID: 4058481119-0
Opcode ID: f906678386a4049acbb89fe61d6cc352271cb99bc84b0a254ec61f6fae4dd96f
Instruction ID: 35bb9c5ca19386bb8360dfd89460eccf247be16c72d88a14fb3ab3e99a72a7e4
Opcode Fuzzy Hash: f906678386a4049acbb89fe61d6cc352271cb99bc84b0a254ec61f6fae4dd96f
Instruction Fuzzy Hash: 0D310C3651DA45D1DA50AF16F8C066AF7A0FBC87A4F902131EA9E43BB8DE3CD544CB10

Function 00007FF764AE327C Relevance: 9.2, APIs: 6, Instructions: 199COMMON

Download Yara Rule

APIs

sinf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AE331E
cosf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AE3330
sinf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AE3342
cosf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AE3354
sinf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AE3366
cosf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AE3378

Part of subcall function 00007FF764AD92F4: memcpy.VCRUNTIME140 ref: 00007FF764AD9312

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: cosfsinf$memcpy
String ID:
API String ID: 233715133-0
Opcode ID: 507bc690af0661506d1e3195acbc7018a918e53c070d612cd6a8a421869c019c
Instruction ID: 158ce65bd48debd886ab478093b934b57f63072820b5c4bc88866e2b24028356
Opcode Fuzzy Hash: 507bc690af0661506d1e3195acbc7018a918e53c070d612cd6a8a421869c019c
Instruction Fuzzy Hash: 16B14E32615B488ADB19CF3AE09135AF364FBC8740F545B26E78E627A4EF6CD584DE00

Function 00007FF764AF0450 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764AF0543
memcpy.VCRUNTIME140 ref: 00007FF764AF0551
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF058A
memcpy.VCRUNTIME140 ref: 00007FF764AF0594
memcpy.VCRUNTIME140 ref: 00007FF764AF05A2
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF764AF05D1

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1775671525-0
Opcode ID: 0fc2847223b48781b94032428f904544c8a8b8a3824b58c8f23b1a4c383f473c
Instruction ID: 6afa875d67f5fb0d3f43157508dae9bb4313ed909d33a516b589ea7e57e6a746
Opcode Fuzzy Hash: 0fc2847223b48781b94032428f904544c8a8b8a3824b58c8f23b1a4c383f473c
Instruction Fuzzy Hash: 5041F461B09645D1EE64AF13E584669E391BB0ABE0FD88631DFAD077C5DE7CE0418710

Function 00007FF764AFEB50 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 211COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFED62
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFEDB1
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFEDF0
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AFEE3F

Strings

[json.exception., xrefs: 00007FF764AFEC12

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: [json.exception.
API String ID: 3668304517-791563284
Opcode ID: 53cb646bafcace04f7b2753cbc28a2f549c428c880a345568a3de2d084fe5fc2
Instruction ID: 256873dc70050a9d34f1ec2d14bfbb89619613bc77b2f1330ecd8fc8085e304a
Opcode Fuzzy Hash: 53cb646bafcace04f7b2753cbc28a2f549c428c880a345568a3de2d084fe5fc2
Instruction Fuzzy Hash: E491E162F18B86D5FB04DF7AD4807ADA3A1EB59798FA44232DA5C03AD6DF38D085C350

Function 00007FF764B4B90A Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 154COMMON

Download Yara Rule

APIs

isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B4BC13
isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B4BC27

Strings

GMT, xrefs: 00007FF764B4B9BE
%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s, xrefs: 00007FF764B4BA31
TRUE, xrefs: 00007FF764B4BBED

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: isupper
String ID: GMT$%.4s-%.2s-%.2s %.2s:%.2s:%c%c%s%.*s%s%.*s$TRUE
API String ID: 2794029478-910067264
Opcode ID: 5eb01390137852337629e153c477b14f2b12ca9d211e1651266dd0ef971c6ba3
Instruction ID: 8ad6f08869efe5726d56d1cd0a6197293321008b2bff81e83660a380220a6eff
Opcode Fuzzy Hash: 5eb01390137852337629e153c477b14f2b12ca9d211e1651266dd0ef971c6ba3
Instruction Fuzzy Hash: 9361E562E0C696D4FB15AF66D5C427DEBA5EB29780FC44432C78D42A9ACF3CD549C320

Function 00007FF764AC96E4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 147COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF764AC98AF
_scwprintf.LIBCMT ref: 00007FF764AC990B

Strings

##preview, xrefs: 00007FF764AC9805
#%02X%02X%02X%02XR:%d, G:%d, B:%d, A:%d(%.3f, %.3f, %.3f, %.3f), xrefs: 00007FF764AC98BB
#%02X%02X%02XR: %d, G: %d, B: %d(%.3f, %.3f, %.3f), xrefs: 00007FF764AC9877

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _scwprintf
String ID: ##preview$#%02X%02X%02XR: %d, G: %d, B: %d(%.3f, %.3f, %.3f)$#%02X%02X%02X%02XR:%d, G:%d, B:%d, A:%d(%.3f, %.3f, %.3f, %.3f)
API String ID: 1992661772-3134099302
Opcode ID: 611122e54945140b347db7f7cd1e629e9f3254e4f321141b5f0f5d528b08cd3c
Instruction ID: 80b09e835133fa1640df1e109fd4f16695110ab547f8d39e730a4f5d32bd0a1b
Opcode Fuzzy Hash: 611122e54945140b347db7f7cd1e629e9f3254e4f321141b5f0f5d528b08cd3c
Instruction Fuzzy Hash: 1F61F672C19B89D5E261EF379481469E765FF9EB84F68C731EE0926261DF3CE4908B00

Function 00007FF764B07090 Relevance: 8.9, APIs: 7, Instructions: 141COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764B0715C
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B071A8
memcpy.VCRUNTIME140 ref: 00007FF764B071DA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B0720C
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B07217
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF764B07295
memcpy.VCRUNTIME140 ref: 00007FF764B072B8

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$freemalloc
String ID:
API String ID: 3313557100-0
Opcode ID: a3ecd1426f4db4485785385a1ff500ec500d2b063bdebff5832bc9136dd44e70
Instruction ID: 4e6aadcf1bfcd2bbe86c2b8143ace6aeb1ca752def4738bfec412d7ff88532a6
Opcode Fuzzy Hash: a3ecd1426f4db4485785385a1ff500ec500d2b063bdebff5832bc9136dd44e70
Instruction Fuzzy Hash: C3614F13D18BC186E7119F35D9412F9A330FBAD788F41A321EE8D12A5BEF68E6D48700

Function 00007FF764AF05E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 124COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764AF06DB
memmove.VCRUNTIME140 ref: 00007FF764AF070C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF0778

Part of subcall function 00007FF764B51A80: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF764AE6143,?,?,?,?,?,?,?,?,?,00007FF764AE78A8), ref: 00007FF764B51A9A

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF764AF077F

Strings

&& timeout /t 5", xrefs: 00007FF764AF05ED

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmallocmemmovememset
String ID: && timeout /t 5"
API String ID: 2090792099-934313417
Opcode ID: 49a876db139f7aace2028c4ab97c6a8b378443645cc8aae91645bcc186b09504
Instruction ID: c60d961f74de237cddd8f8841c289cc953510d5c29822410de3bd3c30516be68
Opcode Fuzzy Hash: 49a876db139f7aace2028c4ab97c6a8b378443645cc8aae91645bcc186b09504
Instruction Fuzzy Hash: C141E5B2709A81D1DAA4DF66E48467AF3A0FB45BE0FA84232DAAD137C4DF7CD4418310

Function 00007FF764B21540 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B215AA
tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B2161B
_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF764B2167B

Strings

:%u, xrefs: 00007FF764B215BE, 00007FF764B21624
Hostname in DNS cache was stale, zapped, xrefs: 00007FF764B216A2

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: tolower$_time64
String ID: :%u$Hostname in DNS cache was stale, zapped
API String ID: 4068448496-2924501231
Opcode ID: 420cd8800e2275e45342d4623d061c87e2b98c7c98dce0eaaba7563309c42a36
Instruction ID: 6fb2a8b45eed4dc89e30324888c6d399dd93d4e3551017b70607e6c9cc8754c0
Opcode Fuzzy Hash: 420cd8800e2275e45342d4623d061c87e2b98c7c98dce0eaaba7563309c42a36
Instruction Fuzzy Hash: 1041D362A186C2D1EB21EF12E4807BAAB61EB8DB94F885231DE4D07795DE3CE505C320

Function 00007FF764AF88A0 Relevance: 7.8, APIs: 6, Instructions: 256COMMON

Download Yara Rule

APIs

isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764AF8946
memchr.VCRUNTIME140 ref: 00007FF764AF89C4
memchr.VCRUNTIME140 ref: 00007FF764AF89F7
memchr.VCRUNTIME140 ref: 00007FF764AF8A2B
memchr.VCRUNTIME140 ref: 00007FF764AF8A66
memchr.VCRUNTIME140 ref: 00007FF764AF8B77

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memchr$isalnum
String ID:
API String ID: 2196416319-0
Opcode ID: a8f727930ed4918e0f513f474b85c4bcaf3dc74f4d24e82d5a0ef37f1859e83b
Instruction ID: c8bf44087e2bd702a88644c1f03cf4317289310a6a7d94477be4a8db730f39ac
Opcode Fuzzy Hash: a8f727930ed4918e0f513f474b85c4bcaf3dc74f4d24e82d5a0ef37f1859e83b
Instruction Fuzzy Hash: 5EA12913F09691C9FB45AF2794806BD6BE0AB15B94F9C463ADE6D13BC6CB3C9441C320

Function 00007FF764B490B6 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 169COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764B4911A

Strings

Serial Number: %s, xrefs: 00007FF764B4924C
Serial Number, xrefs: 00007FF764B49232
Signature Algorithm, xrefs: 00007FF764B492D7
Signature Algorithm: %s, xrefs: 00007FF764B492F1

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID: Serial Number: %s$ Signature Algorithm: %s$Serial Number$Signature Algorithm
API String ID: 3510742995-517259162
Opcode ID: 89252cb8133153641aec4e9a4c5dcb1cf30dee3f7733c4a5debffe4aefeae420
Instruction ID: f40d284cf8aabfcf652aa47cd020c7b6a09b1324a386884b5ab86d5800368707
Opcode Fuzzy Hash: 89252cb8133153641aec4e9a4c5dcb1cf30dee3f7733c4a5debffe4aefeae420
Instruction Fuzzy Hash: 04610751B08682D5FF19AF67C5982B8A761BF1E784F844536CA0F0BBDDDE2CA4598320

Function 00007FF764B4F8C0 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 129stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140(?,?,?,?,?,?,00000000,00000000,00000000,00007FF764B4F880), ref: 00007FF764B4F92F

Part of subcall function 00007FF764B29EF0: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF764B0DDDA,?,?,?,?,?,?,?,00007FF764B0DBA7), ref: 00007FF764B29F01

Part of subcall function 00007FF764B29EF0: strchr.VCRUNTIME140(?,?,?,00000000,TRUE,?,00000000,00000000,00000000,?), ref: 00007FF764B2A0A3
Part of subcall function 00007FF764B29EF0: strchr.VCRUNTIME140(?,?,?,00000000,TRUE,?,00000000,00000000,00000000,?), ref: 00007FF764B2A0C0

strchr.VCRUNTIME140(?,?,?,?,?,?,00000000,00000000,00000000,00007FF764B4F880), ref: 00007FF764B4F99E
strchr.VCRUNTIME140(?,?,?,?,?,?,00000000,00000000,00000000,00007FF764B4F880), ref: 00007FF764B4F9B8
strchr.VCRUNTIME140(?,?,?,?,?,?,00000000,00000000,00000000,00007FF764B4F880), ref: 00007FF764B4F9EE

Strings

xn--, xrefs: 00007FF764B4F9D5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr$_errno
String ID: xn--
API String ID: 2644425738-2826155999
Opcode ID: 4ed7af8983180c34f4c6e6533305022f49a99484f43c2ad1f3efd3393ef608b0
Instruction ID: 26b217e11e73bc8f8ce22fbc34ddb7bb2b18dd25cb7f5d04beff818f346254c1
Opcode Fuzzy Hash: 4ed7af8983180c34f4c6e6533305022f49a99484f43c2ad1f3efd3393ef608b0
Instruction Fuzzy Hash: 11419F51B0D682C5FF54AE23D5943B9D2A29F5DBC0F889134DE4E877C9EE2CE40A8720

Function 00007FF764B1B780 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 112stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140(?,?,?,?,?,00000000,?,00000000,?,Digest,?,00007FF764B26AFA), ref: 00007FF764B1B851

Strings

%.*s, xrefs: 00007FF764B1B85E
Digest, xrefs: 00007FF764B1B78B
%sAuthorization: Digest %s, xrefs: 00007FF764B1B8E5
Proxy-, xrefs: 00007FF764B1B8DB

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr
String ID: %.*s$%sAuthorization: Digest %s$Digest$Proxy-
API String ID: 2830005266-3976116069
Opcode ID: 3d5b1213f853d14f364f81c8b94e795e5ac44003bbc100f21a4259e2e2507fd8
Instruction ID: 3e52f1097ab4577eaab24e425412f247f93e9c5e6e0bf4d29e810d2f786a1bbe
Opcode Fuzzy Hash: 3d5b1213f853d14f364f81c8b94e795e5ac44003bbc100f21a4259e2e2507fd8
Instruction Fuzzy Hash: 0241A022B0CB86D2EB25AF12E8847AAB7A0FB49B84F940435DE8D47795DF3CD556C310

Function 00007FF764AC9508 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 112COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764AC966A

Strings

##dummypicker, xrefs: 00007FF764AC967A
##selectable, xrefs: 00007FF764AC9609
context, xrefs: 00007FF764AC9545
Alpha Bar, xrefs: 00007FF764AC96B5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID: ##dummypicker$##selectable$Alpha Bar$context
API String ID: 3510742995-2275185138
Opcode ID: 5deb39478407fdefc30f059230c14e9f095559654404f73e2f3d2e3284feab95
Instruction ID: 288123bf155b4b8d851bb04aca1b567e49bfd55f25e6c21a5cf03e0fcea402f4
Opcode Fuzzy Hash: 5deb39478407fdefc30f059230c14e9f095559654404f73e2f3d2e3284feab95
Instruction Fuzzy Hash: D241E323918641D2E761FF27E4C1AFAF350AF88318F954235E95C526D2DF2CD9498B20

Function 00007FF764B54570 Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AD3284: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00007FF764AD32C5

_CxxThrowException.VCRUNTIME140 ref: 00007FF764B545A4
_CxxThrowException.VCRUNTIME140 ref: 00007FF764B545D2
allocator.LIBCONCRTD ref: 00007FF764B545F9
_CxxThrowException.VCRUNTIME140 ref: 00007FF764B54602
_CxxThrowException.VCRUNTIME140 ref: 00007FF764B54632

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionThrow$Concurrency::details::Factory::FreeProxyRetireThreadallocator
String ID:
API String ID: 1836974444-0
Opcode ID: 104bdb0dfb250a5feb19502f802a87d4e5260f78cb6b75f39038ed715e138e21
Instruction ID: f7a7f607cf2c1b92a939d969eecb284e367d5a4b1bac7cd701631e1e887794e5
Opcode Fuzzy Hash: 104bdb0dfb250a5feb19502f802a87d4e5260f78cb6b75f39038ed715e138e21
Instruction Fuzzy Hash: 73114DA6A05A84C9D75CFE73D8814E96361FF88BC8F14983AFE4D47B4ECE28D4418640

Function 00007FF764AE49FC Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140 ref: 00007FF764AE4A28
GetWindowRect.USER32 ref: 00007FF764AE4A3B
GetWindowLongA.USER32 ref: 00007FF764AE4A79
MoveWindow.USER32 ref: 00007FF764AE4AFD
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AE4B07

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Window$LongMoveRectexitmemset
String ID:
API String ID: 1858858066-0
Opcode ID: e2130a7d1b05d114a52e087492d4f26cc7aac6a3adf6588d88b2bd931c6e43aa
Instruction ID: da5cc9fbd17dcfe7688ae87313ef022e93f0660bde78b4b2a70dba97874f436d
Opcode Fuzzy Hash: e2130a7d1b05d114a52e087492d4f26cc7aac6a3adf6588d88b2bd931c6e43aa
Instruction Fuzzy Hash: 85318474A18602DAE354EF2AECD4625F7A0BB4E704F946135E91DC3AA4DF3CBC148B24

Function 00007FF764AE84F8 Relevance: 7.6, APIs: 5, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f224949df0672bca6ba0ea542020f2d8af45340745a08812e5c760a4a5248a0
Instruction ID: 7c8c401c140022e481b5020550846de90128331f33a69b92b475ecbb4a06ee81
Opcode Fuzzy Hash: 1f224949df0672bca6ba0ea542020f2d8af45340745a08812e5c760a4a5248a0
Instruction Fuzzy Hash: 22218A22A1C581D5E764FF22E8906BBE2A0FFCC790FD04235E5AE876D9DF2CD5009624

Function 00007FF764AE751C Relevance: 7.5, APIs: 5, Instructions: 46COMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF764AE7543

Part of subcall function 00007FF764AD5FFC: shared_ptr.LIBCMTD ref: 00007FF764AD6061
Part of subcall function 00007FF764AD5FFC: _Ptr_base.LIBCPMTD ref: 00007FF764AD6094

type_info::_name_internal_method.LIBCMTD ref: 00007FF764AE7581

Part of subcall function 00007FF764ADA034: _Ptr_base.LIBCMTD ref: 00007FF764ADA042

type_info::_name_internal_method.LIBCMTD ref: 00007FF764AE75AF

Part of subcall function 00007FF764AE92C8: _Subatomic.LIBCONCRTD ref: 00007FF764AE9336

type_info::_name_internal_method.LIBCMTD ref: 00007FF764AE75D7
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF764AE75E2

Part of subcall function 00007FF764ADA018: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF764ADA029

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::_CriticalLock::_Ptr_baseReentrantScoped_lock$Base::Concurrency::details::ContextIdentityQueueScoped_lock::_Scoped_lock::~_SubatomicWorkshared_ptr
String ID:
API String ID: 1397068083-0
Opcode ID: 9351b02824d90da24d9ca3c7bbf040697e2294a9a5cce9595b9ea6628fdf2489
Instruction ID: bb735b4b94683339ed752650a4b7ac3c1da266f16e78d164aaeead3a22757651
Opcode Fuzzy Hash: 9351b02824d90da24d9ca3c7bbf040697e2294a9a5cce9595b9ea6628fdf2489
Instruction Fuzzy Hash: 8E11F672619A81D1DA60EB16E48169EF364FBC5780FA04036EACD87B6ADE2CC5158B04

Function 00007FF764B03640 Relevance: 7.5, APIs: 1, Strings: 4, Instructions: 46stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF764B02F79), ref: 00007FF764B038DF

Strings

No data record of requested type, xrefs: 00007FF764B038C3
Host not found, xrefs: 00007FF764B038A8
Host not found, try again, xrefs: 00007FF764B038D5
Unrecoverable error in call to nameserver, xrefs: 00007FF764B038CC

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strncpy
String ID: Host not found$Host not found, try again$No data record of requested type$Unrecoverable error in call to nameserver
API String ID: 3301158039-3625861382
Opcode ID: b4e1c0bfd75f46bcd4c9fcf77824598250a2106b5e6277f9f1aa562177205920
Instruction ID: b34435ca0c8391e80a9f240dd31687985c36a1c45e546b9308b2a3f9aafda972
Opcode Fuzzy Hash: b4e1c0bfd75f46bcd4c9fcf77824598250a2106b5e6277f9f1aa562177205920
Instruction Fuzzy Hash: 8F11E751F0C742D0FA6CAF1BE5DCA7893619F1DB80FC861B1C60E06AC4CE6CE4808720

Function 00007FF764AE8AE4 Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF764AE8B04
_Thrd_id.MSVCP140 ref: 00007FF764AE8B09
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF764AE8B1D
_Thrd_join.MSVCP140 ref: 00007FF764AE8B37
?_Throw_Cpp_error@std@@YAXH@Z.MSVCP140 ref: 00007FF764AE8B45

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Cpp_error@std@@Throw_$Thrd_idThrd_join
String ID:
API String ID: 2186022934-0
Opcode ID: e20f74aa110e7d19e76d3f360a072672c5144b73fec3780031bc369b7774005f
Instruction ID: d4c412665a5dfbb406a3fba9935908ab26f84cf992cc505a9417ebb2ead07bba
Opcode Fuzzy Hash: e20f74aa110e7d19e76d3f360a072672c5144b73fec3780031bc369b7774005f
Instruction Fuzzy Hash: BC01B512E08685C2E709AF67E4911BAE351FBD4780F908135EA8D43296EE6CDC84CB10

Function 00007FF764B27D80 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 206COMMON

Download Yara Rule

APIs

fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 00007FF764B280D2

Strings

** Resuming transfer from byte position %I64d, xrefs: 00007FF764B27E08
%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s, xrefs: 00007FF764B28065
%% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed, xrefs: 00007FF764B27E1B

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: fflush
String ID: %3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$** Resuming transfer from byte position %I64d
API String ID: 497872470-664487449
Opcode ID: 6cccfa41a6d27d6db75d2040a245d59e3c0e64fd56c562b47c1075dd90aa74e0
Instruction ID: f7cb526664f951c87cd923b38d4a35dfbf4788efacded4957af32db1095837be
Opcode Fuzzy Hash: 6cccfa41a6d27d6db75d2040a245d59e3c0e64fd56c562b47c1075dd90aa74e0
Instruction Fuzzy Hash: 5A916E22609BC6C5DA60EF06E595BBAB368FB88BC0F821036DE5D47B95EF78D401D710

Function 00007FF764B20750 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 178COMMON

Download Yara Rule

APIs

tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B2094A
_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF764B2099A

Strings

:%u, xrefs: 00007FF764B2095E
Shuffling %i addresses, xrefs: 00007FF764B207CA

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _time64tolower
String ID: :%u$Shuffling %i addresses
API String ID: 3062723450-338667637
Opcode ID: fe2104729dfae562175844e28f1551288ce39708149e2e8a62f1cc8a454530a4
Instruction ID: bd9de72d293fd3d11c92dcf9b41a8b50e08a9e32cc5344c8c80fe58d0348578f
Opcode Fuzzy Hash: fe2104729dfae562175844e28f1551288ce39708149e2e8a62f1cc8a454530a4
Instruction Fuzzy Hash: FB719E72A09A92C2EB14AF16E4947BAB7A0FB4EB94F844531CF4E07794EE3CD445C720

Function 00007FF764B2E280 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 172COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764B2E3B6

Strings

schannel: timed out sending data (bytes sent: %zd), xrefs: 00007FF764B2E4B4
select/poll on SSL socket, errno: %d, xrefs: 00007FF764B2E494

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID: schannel: timed out sending data (bytes sent: %zd)$select/poll on SSL socket, errno: %d
API String ID: 3510742995-3891197721
Opcode ID: d5576317f6a87a9b70ac251b43971724f3d2e544ace3a96b125e5eb7b076e2c4
Instruction ID: 079442918f14340347b8f53561870fb1011be5812a45c8fa27d79b9a8f2085f6
Opcode Fuzzy Hash: d5576317f6a87a9b70ac251b43971724f3d2e544ace3a96b125e5eb7b076e2c4
Instruction Fuzzy Hash: F971AE72B09B41CAEB10DF6AD4806BE73A1BB48BA8F404235DE2D577C4EE38E406C350

Function 00007FF764AF72B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF739C
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF73EB
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF745E

Strings

ange, xrefs: 00007FF764AF7302

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ange
API String ID: 3668304517-4159947239
Opcode ID: 67960379d5456b9b3f796bebfa400e581bec2e2c452e07588ebac276588f90de
Instruction ID: 889d09e87cff1c470b555ccbd262ad167b89fbd6e81444f51413d2569ff2add8
Opcode Fuzzy Hash: 67960379d5456b9b3f796bebfa400e581bec2e2c452e07588ebac276588f90de
Instruction Fuzzy Hash: 1151D462F14B41D5FB04EF7AD4903ACA361EB99798F949336EA6C126D9DF38E480C350

Function 00007FF764B34BD0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 120COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764B4C7E0: memcpy.VCRUNTIME140 ref: 00007FF764B4C888

#111.WS2_32 ref: 00007FF764B34D3A

Strings

FTP response aborted due to select/poll error: %d, xrefs: 00007FF764B34D48
FTP response timeout, xrefs: 00007FF764B34D87
We got a 421 - timeout!, xrefs: 00007FF764B34D5E

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111memcpy
String ID: FTP response aborted due to select/poll error: %d$FTP response timeout$We got a 421 - timeout!
API String ID: 1499133761-2064316097
Opcode ID: 8b370f37a2ed70fab206008036db02e804e63c67b62e47dbcfc5f6f146937e81
Instruction ID: 19673a5bad1281a967029a28bbf7e812bdc5f5a06daf19ecd418b583bd0a03ea
Opcode Fuzzy Hash: 8b370f37a2ed70fab206008036db02e804e63c67b62e47dbcfc5f6f146937e81
Instruction Fuzzy Hash: 12419421608A86D5EB61BF27E4803B9A3A1FB8DB94F844131DE5D87B91EF3DE845C710

Function 00007FF764B19250 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 112COMMON

Download Yara Rule

APIs

#16.WS2_32 ref: 00007FF764B19340
#19.WS2_32 ref: 00007FF764B19363
#111.WS2_32 ref: 00007FF764B19375

Strings

Send failure: %s, xrefs: 00007FF764B193A5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111
String ID: Send failure: %s
API String ID: 568940515-857917747
Opcode ID: 8d92b31d7bf8e4eb0d809f1c9dc9d8954dbd2e4362cecf9982f1e43b174314bf
Instruction ID: 4acd0a12974600ccb1723cdd37824dc079885412752df5ca0c3276c60bdc5143
Opcode Fuzzy Hash: 8d92b31d7bf8e4eb0d809f1c9dc9d8954dbd2e4362cecf9982f1e43b174314bf
Instruction Fuzzy Hash: 5B41A132B05B81C5EB66AF26E884779A6A1AB0DBA8F844235CE6D473D4DF3CD455C310

Function 00007FF764B4B848 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON

Download Yara Rule

APIs

isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B4BC13
isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B4BC27

Strings

%u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s, xrefs: 00007FF764B4B8F6
GMT, xrefs: 00007FF764B4B8A4

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: isupper
String ID: %u%.2s-%.2s-%.2s %.2s:%.2s:%.2s %.*s$GMT
API String ID: 2794029478-632690687
Opcode ID: f2f868c57a94c1b1861eddc9ca38c4af300686fe9858f66dd0a451bfd22381a2
Instruction ID: 735070421e26ccf4e4a5277e239900f7cf316c05ffa3f0057c76c8ad143108d6
Opcode Fuzzy Hash: f2f868c57a94c1b1861eddc9ca38c4af300686fe9858f66dd0a451bfd22381a2
Instruction Fuzzy Hash: 3F41D321E0DA96D5FB15AF26D0C027CEBA1EB09B80FC84531C78E02A99CF3CD559C320

Function 00007FF764B19100 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764B1917E

Part of subcall function 00007FF764B02F00: GetLastError.KERNEL32 ref: 00007FF764B02F22
Part of subcall function 00007FF764B02F00: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B02F2A

#16.WS2_32 ref: 00007FF764B191C7
#111.WS2_32 ref: 00007FF764B191D9

Strings

Recv failure: %s, xrefs: 00007FF764B19205

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111ErrorLast_errnomemcpy
String ID: Recv failure: %s
API String ID: 385566392-4276829032
Opcode ID: 7fd92435d5c8567512de1d284d19cefd86ef06e45df1eeaf7c42b910317b4656
Instruction ID: 3e79d4ac202da261a8b0ac543dec99f28074fc9e58520c8775b119b5c0c6b377
Opcode Fuzzy Hash: 7fd92435d5c8567512de1d284d19cefd86ef06e45df1eeaf7c42b910317b4656
Instruction Fuzzy Hash: 52318C72B05B81C1EB15AF16E8842A9B3A1BB5CFD8F904135DE1D07788DE3CD866C350

Function 00007FF764AE92C8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

_Subatomic.LIBCONCRTD ref: 00007FF764AE9336
_Subatomic.LIBCONCRTD ref: 00007FF764AE93D1

Strings

d, xrefs: 00007FF764AE9305

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Subatomic
String ID: d
API String ID: 3648745215-2564639436
Opcode ID: b420bd663670ec390d3dfb8b7ad65dc5be8b86aa06125daee4a14887ace8662f
Instruction ID: 4b665a3c4e8aa716b049fd930d628bc27c84b83c081270494f2db6ac8c2004d1
Opcode Fuzzy Hash: b420bd663670ec390d3dfb8b7ad65dc5be8b86aa06125daee4a14887ace8662f
Instruction Fuzzy Hash: 8031E222609B85C1DA60EF5AF4913AAF7A5F7C8784F504126E6CE46BA9DF3CD1048B00

Function 00007FF764B18E70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77fileCOMMON

Download Yara Rule

APIs

fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B18F95
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B18FB0

Strings

..., xrefs: 00007FF764B18F18
..., xrefs: 00007FF764B18F02

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: fwrite
String ID: ...$...
API String ID: 3559309478-2253869979
Opcode ID: c60ed2c57bbc5d6bf75e50af04b018496d7e83d28997a9d18a77793123a5d51a
Instruction ID: ded69d0ce115cee65f099af7ced85031a979180856da0ab71058c60bd7636a98
Opcode Fuzzy Hash: c60ed2c57bbc5d6bf75e50af04b018496d7e83d28997a9d18a77793123a5d51a
Instruction Fuzzy Hash: D131C222A18A81C1EB65EF12D4847F9F3A2FB88B94F808531DA5E43794CF3DE555C790

Function 00007FF764B349B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 73COMMON

Download Yara Rule

APIs

#6.WS2_32 ref: 00007FF764B34A02
#1.WS2_32 ref: 00007FF764B34A21

Part of subcall function 00007FF764B27280: #10.WS2_32(?,?,?,?,00007FF764B091A9,?,?,?,?,00000000,00007FF764B03B56,?,?,?,?,00000000), ref: 00007FF764B27299

Strings

Error accept()ing server connect, xrefs: 00007FF764B34A3E
Connection accepted from server, xrefs: 00007FF764B34A4F

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Connection accepted from server$Error accept()ing server connect
API String ID: 0-2331703088
Opcode ID: 541deb93d2eb031f6cb41cfc168cf1dc7da36f14afcfc955e7793bbaafeda4e3
Instruction ID: 0043b06a9f1d5ca62bfb70e709c6d6bf7b6dd59a4725e9b082a5894a88b19f2d
Opcode Fuzzy Hash: 541deb93d2eb031f6cb41cfc168cf1dc7da36f14afcfc955e7793bbaafeda4e3
Instruction Fuzzy Hash: 3831A421608681C5EB94EF23E4943AAB3A1FB4CBA4F880231DA6D477D5CF7DE505C750

Function 00007FF764B18A70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46stringCOMMON

Download Yara Rule

APIs

strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF764B15DEC), ref: 00007FF764B18AA5
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF764B15DEC), ref: 00007FF764B18AD1
strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF764B15DEC), ref: 00007FF764B18AD9

Strings

Invalid zoneid: %s; %s, xrefs: 00007FF764B18AE4

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _errnostrerrorstrtoul
String ID: Invalid zoneid: %s; %s
API String ID: 996883736-2159854051
Opcode ID: 21d6c58c1f31324221e60205f2311d85600a26287a0fadc8e8bb1f57f01546c2
Instruction ID: e0d6114759283b1bbd1622bd9bf098369a426c4a14ff15cda17e2b80d30c37f1
Opcode Fuzzy Hash: 21d6c58c1f31324221e60205f2311d85600a26287a0fadc8e8bb1f57f01546c2
Instruction Fuzzy Hash: 6E113D62A09642C2EB15EF26E8D0679B371FF8AB84F944031DA0D476A4DE3DE885C760

Function 00007FF764B3C8B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

#19.WS2_32 ref: 00007FF764B3C8ED
#111.WS2_32 ref: 00007FF764B3C8F7

Strings

Sending data failed (%d), xrefs: 00007FF764B3C8FD
SENT, xrefs: 00007FF764B3C912

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #111
String ID: SENT$Sending data failed (%d)
API String ID: 568940515-3459338696
Opcode ID: f9d15a579aad29e75c01121da834675c38f34f627af03ddb1cd45d043cb08031
Instruction ID: 2cfbeed85bae69f29c716c90a2b5965ac638a0495270b8e9692fd69a5478c876
Opcode Fuzzy Hash: f9d15a579aad29e75c01121da834675c38f34f627af03ddb1cd45d043cb08031
Instruction Fuzzy Hash: 40019E22718AA2C1EB55AF2BE880469BB30FB98FC8B995131DF5D43B15DF38D605C790

Function 00007FF764B44760 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764B1B940: GetModuleHandleA.KERNEL32(00000000,?,00000000,00007FF764B4479A,?,?,?,?,00007FF764B1BCCB), ref: 00007FF764B1B954

GetProcAddress.KERNEL32(?,?,?,?,00007FF764B1BCCB), ref: 00007FF764B447B0

Strings

security.dll, xrefs: 00007FF764B4478A
secur32.dll, xrefs: 00007FF764B44783
InitSecurityInterfaceA, xrefs: 00007FF764B447A6

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: InitSecurityInterfaceA$secur32.dll$security.dll
API String ID: 1646373207-3788156360
Opcode ID: e8515f82d7c85ed60cca826eec6cceb3b9ca3fb72f5750a4ff2080fb412044d6
Instruction ID: a25bb63116c0ad84cbaddaaab57b827b95cf7946abf23d4a708667f2264d9a40
Opcode Fuzzy Hash: e8515f82d7c85ed60cca826eec6cceb3b9ca3fb72f5750a4ff2080fb412044d6
Instruction Fuzzy Hash: D9F0E7A0E1AB07C0EE59BF17E9C177192E1AF6E784FC54038C41D42395EE3CA56A8720

Function 00007FF764B550A4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

APIs

__current_exception.VCRUNTIME140 ref: 00007FF764B550D9
__current_exception_context.VCRUNTIME140 ref: 00007FF764B550ED
terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B550F5

Strings

csm, xrefs: 00007FF764B550C5

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: __current_exception__current_exception_contextterminate
String ID: csm
API String ID: 2542180945-1018135373
Opcode ID: aa5b16dbc73e5f8f99e1141ac138c9ac0d4d0c82587af2f146086e728412a47c
Instruction ID: c8433712cebc22df6de1a1e7f0d048bf665271b611c301be3b9628a239207d78
Opcode Fuzzy Hash: aa5b16dbc73e5f8f99e1141ac138c9ac0d4d0c82587af2f146086e728412a47c
Instruction Fuzzy Hash: 61F0F937505B44CAD718AF62E8804ACB364FB4CB99B895131FA4D47759CF38D890C760

Function 00007FF764B15090 Relevance: 6.4, APIs: 5, Instructions: 164stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140 ref: 00007FF764B150C8
strchr.VCRUNTIME140 ref: 00007FF764B150EF
memcpy.VCRUNTIME140 ref: 00007FF764B15223
memcpy.VCRUNTIME140 ref: 00007FF764B15254
memcpy.VCRUNTIME140 ref: 00007FF764B15281

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$strchr
String ID:
API String ID: 921174694-0
Opcode ID: b93bc4c337fb3342a75f1d7f0f2fca0115af7bba2293e56034c72443ee3018bc
Instruction ID: 5565025aecccdb5d697499f21efc0e1e7a38016cbcea4db3d5d454c37cddeeb0
Opcode Fuzzy Hash: b93bc4c337fb3342a75f1d7f0f2fca0115af7bba2293e56034c72443ee3018bc
Instruction Fuzzy Hash: 2E516222B0AB85C5EB66AF16E584279E3A2BF4DB84F884430DE4D47744DF3CE8558324

Function 00007FF764AC2A98 Relevance: 6.4, APIs: 4, Instructions: 358COMMON

Download Yara Rule

APIs

powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC2C20
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC2C46
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC2F30
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC2F8D

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: dac87a0953dcdd3c42da84c7a357301b1c93d1faf7e56d51de9b7322739023a0
Instruction ID: e7dd6418cad7c9195faed82155a0f36776874467f624895370adbef49beb7fc8
Opcode Fuzzy Hash: dac87a0953dcdd3c42da84c7a357301b1c93d1faf7e56d51de9b7322739023a0
Instruction Fuzzy Hash: 65F1C933E186C9D5E263AF3794815F9F350AF6E344F69D732ED48722A1DF2974818A10

Function 00007FF764AC3684 Relevance: 6.3, APIs: 4, Instructions: 332COMMON

Download Yara Rule

APIs

powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC3815
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC382C
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC3B25
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764AC3B6D

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf
String ID:
API String ID: 3445610689-0
Opcode ID: 1c709771a11456423f3f94f400e1951aa38938beb164a7790a4f6ae5c775a87c
Instruction ID: 023e5148fe88d85ab4b64d1aeac56bf2f04ebf2613b6cdc1ee95f2e51962cd55
Opcode Fuzzy Hash: 1c709771a11456423f3f94f400e1951aa38938beb164a7790a4f6ae5c775a87c
Instruction Fuzzy Hash: 2FF1DA22D0868DD5E263AF3754825F9F350AF7E384F6CD732ED88356B1DB2975818A10

Function 00007FF764AA17D0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AA1EF0: memset.VCRUNTIME140(?,?,?,00007FF764AA17F2), ref: 00007FF764AA1F69
Part of subcall function 00007FF764AA1EF0: memset.VCRUNTIME140(?,?,?,00007FF764AA17F2), ref: 00007FF764AA1FBB

memset.VCRUNTIME140 ref: 00007FF764AA1B52
memset.VCRUNTIME140 ref: 00007FF764AA1EA6
memset.VCRUNTIME140 ref: 00007FF764AA1ED6

Strings

##Overlay, xrefs: 00007FF764AA1DCE

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memset
String ID: ##Overlay
API String ID: 2221118986-3248624929
Opcode ID: 086a24582ce124e11ed5a971287841fd1d1da795bb8612b9dc3262785c369b70
Instruction ID: 50c9b2056ac9c87ebddbb9d38a7d96b2a2e2dee3430eb352fab4bb7c48fd3519
Opcode Fuzzy Hash: 086a24582ce124e11ed5a971287841fd1d1da795bb8612b9dc3262785c369b70
Instruction Fuzzy Hash: 6A128BB3505BC09AD301DF35E9944D87BE8F745F88F9C423ADE880A658DF34A4A1CB69

Function 00007FF764AE2508 Relevance: 6.2, APIs: 4, Instructions: 177COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AD66E0: _wcsftime_l.LIBCMTD ref: 00007FF764AD6716

Part of subcall function 00007FF764AE3164: MultiByteToWideChar.KERNEL32 ref: 00007FF764AE31AE
Part of subcall function 00007FF764AE3164: memset.VCRUNTIME140 ref: 00007FF764AE3209
Part of subcall function 00007FF764AE3164: MultiByteToWideChar.KERNEL32 ref: 00007FF764AE3232

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AE2599

Part of subcall function 00007FF764AE5DF4: WideCharToMultiByte.KERNEL32 ref: 00007FF764AE5E42
Part of subcall function 00007FF764AE5DF4: memset.VCRUNTIME140 ref: 00007FF764AE5E7D
Part of subcall function 00007FF764AE5DF4: WideCharToMultiByte.KERNEL32 ref: 00007FF764AE5EBB

Part of subcall function 00007FF764AD9F30: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AD9F4B

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AE25D0
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00007FF764AE2743

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharConcurrency::details::EmptyMultiQueue::StructuredWideWork$memset$_wcsftime_l
String ID:
API String ID: 4062211085-0
Opcode ID: daaf9c08f034aab568a35ac876c33eb18a7a73d61085528aee37d945ac157e62
Instruction ID: c3113a70c3a1b26757d1999a9430bf5aa9b12b6cb52eae0804bc58737e92c442
Opcode Fuzzy Hash: daaf9c08f034aab568a35ac876c33eb18a7a73d61085528aee37d945ac157e62
Instruction Fuzzy Hash: 82A1103290DAC5D6D661EF26E4807AEF3A0FB99340F548235E69C52AA5EF3CE444CF10

Function 00007FF764B326E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764B32841
memcpy.VCRUNTIME140 ref: 00007FF764B328B2

Strings

Failed to alloc scratch buffer!, xrefs: 00007FF764B32740

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy
String ID: Failed to alloc scratch buffer!
API String ID: 3510742995-1446904845
Opcode ID: 0cc9cde2c018c5d4d948d0962da2d240905d1330620ff4c2eb029b87efdada49
Instruction ID: 0f131b93c3553e469a243b76692814bc9f3f3a74a88d6db1aeabc73db421b6a7
Opcode Fuzzy Hash: 0cc9cde2c018c5d4d948d0962da2d240905d1330620ff4c2eb029b87efdada49
Instruction Fuzzy Hash: 36518E22A197C1D6E62A9F67E4806EAF7A0FB09784F840535CF8D07B55DF3CE1948760

Function 00007FF764ABF01C Relevance: 6.1, APIs: 4, Instructions: 143COMMON

Download Yara Rule

APIs

floorf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ABF143
floorf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ABF16E
ceilf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ABF194
ceilf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ABF1BA

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: ceilffloorf
String ID:
API String ID: 300201839-0
Opcode ID: c6ff9d98dced2134e0d620cfc252d46bd6a40ada0f6d85b6858fc8b1b1b0362f
Instruction ID: 7181750a293f3d69e777982e91742aba1276b3f2a7a97347098f92c697952a15
Opcode Fuzzy Hash: c6ff9d98dced2134e0d620cfc252d46bd6a40ada0f6d85b6858fc8b1b1b0362f
Instruction Fuzzy Hash: 9F51F533B2979089E3169F31D0817BCB7A1AF6D745F588336EE48B6395DB38A841C710

Function 00007FF764AC0A3C Relevance: 6.1, APIs: 4, Instructions: 138COMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 00007FF764AC0B02
ReleaseCapture.USER32 ref: 00007FF764AC0B11
GetCapture.USER32 ref: 00007FF764AC0C46
SetCapture.USER32 ref: 00007FF764AC0C54

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Capture$Release
String ID:
API String ID: 1520983071-0
Opcode ID: a03c055bef64fe398b60b8378971c186b4728057ec82a35d6f29f61c7b5fb72e
Instruction ID: 242af5b3c107ae808d5dd3595f0da6d72230ccce25d40c1e1898306b4cbe339d
Opcode Fuzzy Hash: a03c055bef64fe398b60b8378971c186b4728057ec82a35d6f29f61c7b5fb72e
Instruction Fuzzy Hash: 38518596E0D643E5FAF87EBB41C4BB8D5C0AF1A740FE84534CA4D56786DE2CB8904A70

Function 00007FF764AAB274 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140 ref: 00007FF764AAB2DC
memchr.VCRUNTIME140 ref: 00007FF764AAB360
memchr.VCRUNTIME140 ref: 00007FF764AAB37C

Strings

Window, xrefs: 00007FF764AAB393

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memchr$memcpy
String ID: Window
API String ID: 91563352-2353593579
Opcode ID: f24a3e0487934e0a8c66ae6fa2b2fc3cf8fbd98d55f74113c631a6c8eaf8268c
Instruction ID: 80216efa4851108e4e623df52e0aa784323c8eaacd39a938522afa7609505f53
Opcode Fuzzy Hash: f24a3e0487934e0a8c66ae6fa2b2fc3cf8fbd98d55f74113c631a6c8eaf8268c
Instruction Fuzzy Hash: 01519312A0D789D5FB55AF6784847B9A790AB05F84F984632CB0D07F85DF7CE485C360

Function 00007FF764B2ACC0 Relevance: 6.1, APIs: 4, Instructions: 128COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32 ref: 00007FF764B2ACE2
memcpy.VCRUNTIME140(?,?,?,00007FF764B0E645), ref: 00007FF764B2ADA1
freeaddrinfo.WS2_32(?,?,?,00007FF764B0E645), ref: 00007FF764B2AE21
#112.WS2_32(?,?,?,00007FF764B0E645), ref: 00007FF764B2AE6D

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: #112freeaddrinfogetaddrinfomemcpy
String ID:
API String ID: 3714524441-0
Opcode ID: e7ee6ac6a3354ca78e614da824ec1b657fa5541e6e0b13dbd2fbea3f99f7f457
Instruction ID: fdac270fd75abf02075987c3b01586ff91cbc12a88ca2ca4ab716be47c80a5f2
Opcode Fuzzy Hash: e7ee6ac6a3354ca78e614da824ec1b657fa5541e6e0b13dbd2fbea3f99f7f457
Instruction Fuzzy Hash: 17512136A09B81C6EA69AF13E59053AF7A0FB4CB90F944435DE4E13754DF3CE8459B20

Function 00007FF764AEFDA0 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

APIs

memmove.VCRUNTIME140(?,?,00000000,?,?,?,00000000,00007FF764B002CC), ref: 00007FF764AEFEA7
memmove.VCRUNTIME140(?,?,00000000,?,?,?,00000000,00007FF764B002CC), ref: 00007FF764AEFEBA
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,?,?,00000000,00007FF764B002CC), ref: 00007FF764AEFF25

Part of subcall function 00007FF764B51A80: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF764AE6143,?,?,?,?,?,?,?,?,?,00007FF764AE78A8), ref: 00007FF764B51A9A

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF764AEFF32

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memmove$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 2075926362-0
Opcode ID: 0e14f6c198ee7ad0a6628660afe6d28f415e8cfc770cb9f37454295346bb7cbd
Instruction ID: 44fc3bb31909575d2e20cbaf74580f8a3ef9e37e3026e92067de6efe38e97040
Opcode Fuzzy Hash: 0e14f6c198ee7ad0a6628660afe6d28f415e8cfc770cb9f37454295346bb7cbd
Instruction Fuzzy Hash: 3D41A362609A85E1DA24DF17F584579E7A1FB48BD0FA44635EEAD03785DE3CE440C214

Function 00007FF764B0FD80 Relevance: 6.1, APIs: 4, Instructions: 119stringCOMMON

Download Yara Rule

APIs

_stat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF764B0FDC7
_access.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF764B0FDD7
strrchr.VCRUNTIME140 ref: 00007FF764B0FE87
strrchr.VCRUNTIME140 ref: 00007FF764B0FE97

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strrchr$_access_stat64
String ID:
API String ID: 1333711615-0
Opcode ID: a59de58fedc502476aa026d1f7fd800ce15ccae1f7ab9264b47c47bf0446ef2b
Instruction ID: de69fe940829abf0d290bdc0ee4140ce9a71c23f5abf23af5bb1b565bc632acc
Opcode Fuzzy Hash: a59de58fedc502476aa026d1f7fd800ce15ccae1f7ab9264b47c47bf0446ef2b
Instruction Fuzzy Hash: 32416B21B09B02C6EA54BF13E4D46B9B2A1FF4DF91F880534DA4E47B91EF7CE8558224

Function 00007FF764B30870 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 118COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764B29D90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764B29DB1

memmove.VCRUNTIME140 ref: 00007FF764B309E1

Strings

Written %zu bytes, %I64u bytes are left for transfer, xrefs: 00007FF764B309AD
Found %I64d bytes to download, xrefs: 00007FF764B30942
Failed to parse FETCH response., xrefs: 00007FF764B308CE

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _errnomemmove
String ID: Failed to parse FETCH response.$Found %I64d bytes to download$Written %zu bytes, %I64u bytes are left for transfer
API String ID: 1164378428-4268564757
Opcode ID: 48a3f1c8d9d6afa63e558a296608a3d75ecb4c732fe717dc8f256b8883c1aabb
Instruction ID: 35ab19bc0ecdf56787353520eb5b592183c91b0b4596cbe695d37e2cf2597c1d
Opcode Fuzzy Hash: 48a3f1c8d9d6afa63e558a296608a3d75ecb4c732fe717dc8f256b8883c1aabb
Instruction Fuzzy Hash: 88518162A08BC6C2EB15AE67D4802BDE760FF4AB94F844032DA9D13A99DF7CE4558350

Function 00007FF764AF52E0 Relevance: 6.1, APIs: 4, Instructions: 113COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF5331
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF5395
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF764AF53F5
__std_exception_destroy.VCRUNTIME140 ref: 00007FF764AF541C

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID:
API String ID: 1346393832-0
Opcode ID: 46ffdd70acf55faf0afbd14e7d89f255f246d2df86b4bc772ee52d1875f91901
Instruction ID: 6dafd8f364aa7ebbf9931f882e69807e92f9c40a47a86f39105373f9c24905f9
Opcode Fuzzy Hash: 46ffdd70acf55faf0afbd14e7d89f255f246d2df86b4bc772ee52d1875f91901
Instruction Fuzzy Hash: 1C31E872B15B45D5EF499F7AD49437CA3E1EF08FA8FA88631CA6C46685DF6CC8908310

Function 00007FF764AEE970 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000008,?,00000000,00000004,00000001,00007FF764AF98B1), ref: 00007FF764AEEA51
memcpy.VCRUNTIME140(?,?,00000008,?,00000000,00000004,00000001,00007FF764AF98B1), ref: 00007FF764AEEA7E
memcpy.VCRUNTIME140(?,?,00000008,?,00000000,00000004,00000001,00007FF764AF98B1), ref: 00007FF764AEEA8D
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF764AEEAB9

Part of subcall function 00007FF764B51A80: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF764AE6143,?,?,?,?,?,?,?,?,?,00007FF764AE78A8), ref: 00007FF764B51A9A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: memcpy$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturnmalloc
String ID:
API String ID: 1155477157-0
Opcode ID: 2ac4e50872fc51fb3db330bdc62381bbba021f0f2bedb40d78a99b576c5eac72
Instruction ID: def41150c6b27a8df85c15cf4f660b8ed58f3b91494bae839192d8d68876f725
Opcode Fuzzy Hash: 2ac4e50872fc51fb3db330bdc62381bbba021f0f2bedb40d78a99b576c5eac72
Instruction Fuzzy Hash: 83310362E0AB91E1EA14EF03A48453AA255BB04BE0FE58B35DE7E077C5DF3CD481A314

Function 00007FF764B06670 Relevance: 6.1, APIs: 4, Instructions: 104COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FF764B064AF,?,?,00000010,00007FF764B06F85), ref: 00007FF764B06765
memset.VCRUNTIME140(?,?,?,?,?,?,?,00007FF764B064AF,?,?,00000010,00007FF764B06F85), ref: 00007FF764B0676E
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF764B064AF,?,?,00000010,00007FF764B06F85), ref: 00007FF764B06773
_invalid_parameter_noinfo.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FF764B064AF,?,?,00000010,00007FF764B06F85), ref: 00007FF764B0677F

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _errno_invalid_parameter_noinfomemcpymemset
String ID:
API String ID: 187659361-0
Opcode ID: 093563eaaf640b969b016e17e96f78b100e6f441cf925f0fc1730a6eb3c5f511
Instruction ID: 6e73cef4446ed87ed1600dda6ca5d435c0885d3575b0b00d738188060ca35d46
Opcode Fuzzy Hash: 093563eaaf640b969b016e17e96f78b100e6f441cf925f0fc1730a6eb3c5f511
Instruction Fuzzy Hash: E1419F36A09B45C2DB04AF2AE48866CB3A0FB88F95F599126DF1C03795CF38D891C750

Function 00007FF764AE8F08 Relevance: 6.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF764AE8F28

Part of subcall function 00007FF764AE92C8: _Subatomic.LIBCONCRTD ref: 00007FF764AE9336

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF764AE9071

Part of subcall function 00007FF764ADA018: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00007FF764ADA029

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF764AE90BF
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF764AE90DC

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lock$Scoped_lock::~_$Base::Concurrency::details::ContextIdentityQueueScoped_lock::_SubatomicWork
String ID:
API String ID: 4009713878-0
Opcode ID: ed30f7fbb91212a737d56d288316611b18de0b9e180a8d0ec3996026bbfcf161
Instruction ID: 578c4aea5aa7ac1b82442ce6e352dee835cef770e69c23a307b1ac7bb7c2d9c7
Opcode Fuzzy Hash: ed30f7fbb91212a737d56d288316611b18de0b9e180a8d0ec3996026bbfcf161
Instruction Fuzzy Hash: 2C413F22A0C682D0EE20FF16E4917AEE7A1EFC5784FA04035E6CD47B9ADE2CD505CB54

Function 00007FF764AE9778 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE978A
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE97A2
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z.MSVCP140 ref: 00007FF764AE981C
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ.MSVCP140 ref: 00007FF764AE984B

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?gptr@?$basic_streambuf@$?eback@?$basic_streambuf@?gbump@?$basic_streambuf@
String ID:
API String ID: 3536508186-0
Opcode ID: cb05aeaa2247c254d7e09700061beb2960697500f71817ec0dc863f0246f4e49
Instruction ID: bb1edfc811f5c50334130db80f3c922893e87cc5e67399519f44704f1b0185e5
Opcode Fuzzy Hash: cb05aeaa2247c254d7e09700061beb2960697500f71817ec0dc863f0246f4e49
Instruction Fuzzy Hash: 6F21892290CA81D2D625BF26E49057EFBB4EBC5340FA00134E6ED477A6CE2CD845DF24

Function 00007FF764AD535C Relevance: 6.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF764AD5F54: shared_ptr.LIBCMTD ref: 00007FF764AD5FB9
Part of subcall function 00007FF764AD5F54: _Ptr_base.LIBCPMTD ref: 00007FF764AD5FEC

Part of subcall function 00007FF764AE85D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF764AE85EA
Part of subcall function 00007FF764AE85D0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF764AE8606

shared_ptr.LIBCMTD ref: 00007FF764AD53B0

Part of subcall function 00007FF764AD9110: _Ptr_base.LIBCMTD ref: 00007FF764AD9123

UnDecorator::getVbTableType.LIBCMTD ref: 00007FF764AD53DB

Part of subcall function 00007FF764AD6864: shared_ptr.LIBCMTD ref: 00007FF764AD68A1

UnDecorator::getVbTableType.LIBCMTD ref: 00007FF764AD5423

Part of subcall function 00007FF764AE751C: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 00007FF764AE7543
Part of subcall function 00007FF764AE751C: type_info::_name_internal_method.LIBCMTD ref: 00007FF764AE7581
Part of subcall function 00007FF764AE751C: type_info::_name_internal_method.LIBCMTD ref: 00007FF764AE75AF
Part of subcall function 00007FF764AE751C: type_info::_name_internal_method.LIBCMTD ref: 00007FF764AE75D7
Part of subcall function 00007FF764AE751C: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF764AE75E2

Part of subcall function 00007FF764ADA5E8: terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF764ADB073,?,?,?,?,00007FF764AD31CD), ref: 00007FF764ADA602

SafeRWList.LIBCMTD ref: 00007FF764AD5474

Part of subcall function 00007FF764ADA034: _Ptr_base.LIBCMTD ref: 00007FF764ADA042

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lock$Ptr_baseshared_ptrtype_info::_name_internal_method$Decorator::getScoped_lock::_Scoped_lock::~_TableType$ListSafeterminate
String ID:
API String ID: 1032766311-0
Opcode ID: cabaf9cd37f7465c216116691c96aa6d1bb832171720e115ff52493afb2b5e08
Instruction ID: 76be68aceaa9e41ede7554bec09e2310a0334eda32666c0c1826650aeea7495e
Opcode Fuzzy Hash: cabaf9cd37f7465c216116691c96aa6d1bb832171720e115ff52493afb2b5e08
Instruction Fuzzy Hash: 7531B632519B85E1DAA0EB15F48039AB7A4FB85780F909026E6CD43B69EF2CD549CB50

Function 00007FF764B0E4C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,00000000), ref: 00007FF764B0E4F3
LeaveCriticalSection.KERNEL32(?,?,?,00000000), ref: 00007FF764B0E507
CloseHandle.KERNEL32 ref: 00007FF764B0E514
#3.WS2_32(?,?,?,00000000), ref: 00007FF764B0E554

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$CloseEnterHandleLeave
String ID:
API String ID: 2394387412-0
Opcode ID: 21ea0b2f1f20c1504b3842c488cef29641be9f2a40391fd0283ff9accaa3dc80
Instruction ID: 8919f94127c1d446a830b6c3478f3e1e511a40d5dbfd4636a918a1c6b9be2d0e
Opcode Fuzzy Hash: 21ea0b2f1f20c1504b3842c488cef29641be9f2a40391fd0283ff9accaa3dc80
Instruction Fuzzy Hash: AA211736A08A41C6E664AF23E59467EB370FB8DB91F444531DF8E43B51DF38E8A58720

Function 00007FF764ADB260 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ADB28C
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ADB2C7
powf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ADB30F
sqrtf.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF764ADB322

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: powf$sqrtf
String ID:
API String ID: 2446433450-0
Opcode ID: f1da7208befa96aeb0ca9a3a6291ecc796589861b2d23501ff636b613de40484
Instruction ID: 2922db4d3498333188cdff7e04207c98875a00d496fca556bb63f3a595825756
Opcode Fuzzy Hash: f1da7208befa96aeb0ca9a3a6291ecc796589861b2d23501ff636b613de40484
Instruction Fuzzy Hash: F9211B32918B898AC612DF77E482019F360FFDE7D5B449722EA4D22575DF68E0959F00

Function 00007FF764AD30B8 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF764AD30D0
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF764AD30DF
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00007FF764AD30F1
memmove.VCRUNTIME140 ref: 00007FF764AD313D

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$memmove
String ID:
API String ID: 3712532346-0
Opcode ID: 87c6ba533f958ab421b4e4a474757cb58c91efe7eaabdc2b3cbc575b2e968638
Instruction ID: 4b77016de45fb8366418bd54e0408fd0c0f3bd32462f89f0563c3a403e7cf744
Opcode Fuzzy Hash: 87c6ba533f958ab421b4e4a474757cb58c91efe7eaabdc2b3cbc575b2e968638
Instruction Fuzzy Hash: 43016336629B8496CA60DB55F49115EBBA4F7C9790FA00126FACD43B29DF3CC1508F40

Function 00007FF764B434A0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 227COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF764B198F6), ref: 00007FF764B434B4

Strings

%lx, xrefs: 00007FF764B4379A

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _errno
String ID: %lx
API String ID: 2918714741-1448181948
Opcode ID: 45a86b4096b57363ea12641ceed27d1fa7b73d1b35bf9080902810032ca1955c
Instruction ID: a58d87d69fd6ea2ca06e775a818baebd3b51de52e83c16b378ee5d12c5064995
Opcode Fuzzy Hash: 45a86b4096b57363ea12641ceed27d1fa7b73d1b35bf9080902810032ca1955c
Instruction Fuzzy Hash: DB817B62B0C1D1C5E7699E2AD49063DFBD0EB89750F5C5235EA9E42BC8DA3CD845CB20

Function 00007FF764B38E30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

_open.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B38EEF
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF764B38F52

Strings

Couldn't open file %s, xrefs: 00007FF764B38F19

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: _close_open
String ID: Couldn't open file %s
API String ID: 3007559463-447283422
Opcode ID: d42fabb27b82ae9a4f0e9d1cd2147080f2bf779aa4f7dec411e094262328f485
Instruction ID: 4bae2215246726622be6d4278f43350ae5e7b89ef17c6a996230311eda23f64a
Opcode Fuzzy Hash: d42fabb27b82ae9a4f0e9d1cd2147080f2bf779aa4f7dec411e094262328f485
Instruction Fuzzy Hash: D841A121A0CA91C1EB169F27E48027AF7A2FB49BD4F844531EA9D87BD4CF7CE4458711

Function 00007FF764B4B76E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B4BC13
isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B4BC27

Strings

%s%lx, xrefs: 00007FF764B4B7D8

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: isupper
String ID: %s%lx
API String ID: 2794029478-530121141
Opcode ID: 53b9cc5a59b0064bfbe41248d2ebdfd46d98b8d4c1932e040fb89d30cb23132a
Instruction ID: eaa2ce07344fe9e2ad154706a35654cb834d202c5b2f244978e87d62b4a78cff
Opcode Fuzzy Hash: 53b9cc5a59b0064bfbe41248d2ebdfd46d98b8d4c1932e040fb89d30cb23132a
Instruction Fuzzy Hash: 25310221E0D5E6D5FB16AF26C0C437CEFA19B1DB84F844931C79E42A8ADE2CD449C320

Function 00007FF764B4B739 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B4BC13
isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B4BC27

Strings

FALSE, xrefs: 00007FF764B4B755

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: isupper
String ID: FALSE
API String ID: 2794029478-3701058176
Opcode ID: 1d5338f048cf98573ee2830d0860e46e4ffe18ede9513fb327818a48beacd7a5
Instruction ID: f426eb4cd1c9743f8e6715c2cc93167f163fd9c840539edc18c7187ad4619ee5
Opcode Fuzzy Hash: 1d5338f048cf98573ee2830d0860e46e4ffe18ede9513fb327818a48beacd7a5
Instruction Fuzzy Hash: 2131F722E0D596C5FB16EF26D4C437CEF919B19BA4FC40631CBAE416D9CE2C958AC320

Function 00007FF764B331F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69stringCOMMON

Download Yara Rule

APIs

strpbrk.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF764B33271

Strings

RCPT TO:<%s>, xrefs: 00007FF764B332BB
RCPT TO:<%s@%s>, xrefs: 00007FF764B332AD

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strpbrk
String ID: RCPT TO:<%s>$RCPT TO:<%s@%s>
API String ID: 3024680390-579818044
Opcode ID: 6998ca19ac6e6fb7c0bd144dd24357a0ca53b5f6b410c0603efdca8992748e43
Instruction ID: d027acb56ae5768543fd91a76398223f712f94ccf0cac06387625e8ea8c1bfb3
Opcode Fuzzy Hash: 6998ca19ac6e6fb7c0bd144dd24357a0ca53b5f6b410c0603efdca8992748e43
Instruction Fuzzy Hash: A7316562A18B81C1EB01EF1BE4802B9E3A1FB89B94F885235EA5D03BD5DF7CD545C310

Function 00007FF764B1A390 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

#7.WS2_32 ref: 00007FF764B1A40F
#21.WS2_32 ref: 00007FF764B1A43E

Strings

@, xrefs: 00007FF764B1A39F

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2726393805
Opcode ID: 27f103a068dc2debb507e883cdcbdb31f38eff00c1f54ccc3e98b17e50fab539
Instruction ID: fd0f7aa976bf43b6fc413095ea93318202a5b03f11fabbd28ca47d0ce9ed3bf0
Opcode Fuzzy Hash: 27f103a068dc2debb507e883cdcbdb31f38eff00c1f54ccc3e98b17e50fab539
Instruction Fuzzy Hash: 52116071A1C282C7E721AF16F884266F7A1EB8D348F944031DA4D07A95DBBDE989CF10

Function 00007FF764AC06C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FF764AC06D8
QueryPerformanceCounter.KERNEL32 ref: 00007FF764AC06ED

Strings

imgui_impl_win32, xrefs: 00007FF764AC0707

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: PerformanceQuery$CounterFrequency
String ID: imgui_impl_win32
API String ID: 774501991-1219393600
Opcode ID: cf2bb89c4231e5aab4431d8ccffef29cfec415a79c7de1e4fdbd81bc261390ac
Instruction ID: dec377748b1162a51a334c6d18e05de49708de397589b0816e0af720e1e99d86
Opcode Fuzzy Hash: cf2bb89c4231e5aab4431d8ccffef29cfec415a79c7de1e4fdbd81bc261390ac
Instruction Fuzzy Hash: 7021C5B2505741DAE790AF52E9883A97FE0F785B08F966068C2584B790DBBEC849CF10

Function 00007FF764B24680 Relevance: 5.1, APIs: 4, Instructions: 82stringCOMMON

Download Yara Rule

APIs

strchr.VCRUNTIME140 ref: 00007FF764B246E4
strchr.VCRUNTIME140 ref: 00007FF764B246F7
strchr.VCRUNTIME140 ref: 00007FF764B24709
memcpy.VCRUNTIME140 ref: 00007FF764B24765

Memory Dump Source

Source File: 00000000.00000002.2913639840.00007FF764AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF764AA0000, based on PE: true

Associated: 00000000.00000002.2913621826.00007FF764AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913722134.00007FF764B56000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913738861.00007FF764B57000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913768021.00007FF764B7B000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913792892.00007FF764B92000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913808948.00007FF764B93000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2913825341.00007FF764B95000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff764aa0000_SecuriteInfo.jbxd

Similarity

API ID: strchr$memcpy
String ID:
API String ID: 3777437356-0
Opcode ID: f45dc5094d54db5561f291011f2600ec1770eff9855de374ab51653b4114c681
Instruction ID: c956b835875b0956eb2665ecaa7472ec74811eb60af091527aa9a23aa18f57b1
Opcode Fuzzy Hash: f45dc5094d54db5561f291011f2600ec1770eff9855de374ab51653b4114c681
Instruction Fuzzy Hash: 3121C211A0D6D181EE59AF13E1902BAE7D19F4DBC4F884171DE9D0BBCAEF1DE5068A20

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. A common goal for post-compromise exploitation of remote services is for lateral movement to enable access to a remote system.
Tactics:	Lateral Movement
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.
Tactics:	Impact
Data Sources:	Cloud Storage: Cloud Storage Modification, Command: Command Execution, File: File Creation, File: File Modification, Network Share: Network Share Access, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.FileRepMalware.8697.17037.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Exploits

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: SecuriteInfo.com.FileRepMalware.8697.17037.exePID: 7484, Parent PID: 2580

General

Chronological Activities

Analysis Process: conhost.exePID: 7492, Parent PID: 7484

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.8697.17037.exe