Edit tour

Windows Analysis Report
#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Overview

General Information

Sample name:	#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe renamed because original name is a hash value
Original sample name:	_uninstc.exe
Analysis ID:	1520462
MD5:	50c9853e37a18a5b5c2f5857ea1a5ab1
SHA1:	079079af20c8d68e7ac999ee28961eee9b61f4c9
SHA256:	31130b5f53f752897775b5a39ea3936e7afeff09dd3e381b15f1800efb68f2fb
Tags:	exesilverfoxwinosuser-vm001cn
Infos:

Detection

Score:	27
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Contain functionality to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

Potential time zone aware malware

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe (PID: 5932 cmdline: "C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe" MD5: 50C9853E37A18A5B5C2F5857EA1A5AB1)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F90DE2B8 FindFirstFileExW,

0_2_00007FF6F90DE2B8

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9071A40 GetCurrentProcess,NtQueryObject,NtQueryObject,RtlNtStatusToDosError,_CxxThrowException,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_CxxThrowException,		0_2_00007FF6F9071A40
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9071F6D GetCurrentProcess,NtQueryObject,NtQueryObject,		0_2_00007FF6F9071F6D

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F907BAC0	0_2_00007FF6F907BAC0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9084CE0	0_2_00007FF6F9084CE0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90C8064	0_2_00007FF6F90C8064
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F909F144	0_2_00007FF6F909F144
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D9580	0_2_00007FF6F90D9580
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9093876	0_2_00007FF6F9093876
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90C5A48	0_2_00007FF6F90C5A48
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9090A40	0_2_00007FF6F9090A40
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F908FA78	0_2_00007FF6F908FA78
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90E7AA4	0_2_00007FF6F90E7AA4
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D0AE4	0_2_00007FF6F90D0AE4
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D7AE0	0_2_00007FF6F90D7AE0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90A0B14	0_2_00007FF6F90A0B14
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90CB990	0_2_00007FF6F90CB990
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D0980	0_2_00007FF6F90D0980
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90829B0	0_2_00007FF6F90829B0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90959BC	0_2_00007FF6F90959BC
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F908C9FC	0_2_00007FF6F908C9FC
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90C8C88	0_2_00007FF6F90C8C88
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90DFC84	0_2_00007FF6F90DFC84
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90C5CE0	0_2_00007FF6F90C5CE0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90DAB3C	0_2_00007FF6F90DAB3C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F908DB64	0_2_00007FF6F908DB64
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9092B78	0_2_00007FF6F9092B78
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9099C1C	0_2_00007FF6F9099C1C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90CBEC4	0_2_00007FF6F90CBEC4
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9075EC0	0_2_00007FF6F9075EC0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F909DD40	0_2_00007FF6F909DD40
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9094D38	0_2_00007FF6F9094D38
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90CDD60	0_2_00007FF6F90CDD60
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D4DB8	0_2_00007FF6F90D4DB8
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D2070	0_2_00007FF6F90D2070
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F909B064	0_2_00007FF6F909B064
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90DE088	0_2_00007FF6F90DE088
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D509C	0_2_00007FF6F90D509C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90E10C8	0_2_00007FF6F90E10C8
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F909A0F4	0_2_00007FF6F909A0F4
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D0F7C	0_2_00007FF6F90D0F7C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D7020	0_2_00007FF6F90D7020
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D42B4	0_2_00007FF6F90D42B4
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F908D2B0	0_2_00007FF6F908D2B0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90CE44C	0_2_00007FF6F90CE44C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F907A490	0_2_00007FF6F907A490
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9086520	0_2_00007FF6F9086520
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90C938C	0_2_00007FF6F90C938C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F908E37C	0_2_00007FF6F908E37C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90843AC	0_2_00007FF6F90843AC
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90AE3C0	0_2_00007FF6F90AE3C0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90C83FC	0_2_00007FF6F90C83FC
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9078690	0_2_00007FF6F9078690
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F908367C	0_2_00007FF6F908367C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D2728	0_2_00007FF6F90D2728
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F909A72C	0_2_00007FF6F909A72C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F9094554	0_2_00007FF6F9094554
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D2588	0_2_00007FF6F90D2588
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90D28C8	0_2_00007FF6F90D28C8
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90E2908	0_2_00007FF6F90E2908
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F909F918	0_2_00007FF6F909F918
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90A1788	0_2_00007FF6F90A1788

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: String function: 00007FF6F90D9BEC appears 32 times

Source: classification engine

Classification label: sus27.evad.winEXE@1/0@0/0

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F9074350 FormatMessageA,LocalFree,std::ios_base::_Ios_base_dtor,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetLastError,_CxxThrowException,

0_2_00007FF6F9074350

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F907BAC0 LoadLibraryW,GetProcAddress,IsDebuggerPresent,FreeLibrary,GetModuleHandleA,FindResourceA,LoadResource,SizeofResource,LockResource,CreateToolhelp32Snapshot,Process32First,CloseHandle,LoadLibraryA,GetProcAddress,allocator,allocator,_CxxThrowException,_invalid_parameter_noinfo_noreturn,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,

0_2_00007FF6F907BAC0

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

0_2_00007FF6F907BAC0

Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Section loaded: wintypes.dll	Jump to behavior

Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

0_2_00007FF6F907BAC0

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F90B5C18 GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetModuleHandleW,GetProcAddress,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,GetLastError,Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error,_CxxThrowException,

0_2_00007FF6F90B5C18

Malware Analysis System Evasion

Contain functionality to detect virtual machines

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: VBoxMouse.sys VBoxGuest.sys VBoxSF.sys		0_2_00007FF6F90789A0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: qemu qemu vbox vbox vbox		0_2_00007FF6F9079680

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-45872

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

API coverage: 5.1 %

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe TID: 5976	Thread sleep time: -50000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe TID: 5976	Thread sleep time: -50000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

System information queried: CurrentTimeZoneInformation

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F90DE2B8 FindFirstFileExW,

0_2_00007FF6F90DE2B8

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Thread delayed: delay time: 50000			Jump to behavior
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Thread delayed: delay time: 50000			Jump to behavior

Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Binary or memory string: vmci.sys
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Binary or memory string: vmhgfs.sys
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Binary or memory string: VBoxMouse.sys
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Binary or memory string: VBoxSF.sys
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Binary or memory string: VBoxGuest.sys
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Binary or memory string: vmmouse.sys
Source: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Binary or memory string: vmmouse.sysvmhgfs.sysvm3dmp.sysvmu**mouse.sysvmx_svga.sysvmxnet.sysvmci.sysVBoxMouse.sysVBoxGuest.sysVBoxSF.sysFailed to find shellcode resourceFailed to load shellcode resourceShellcode resource size is 0Failed to lock shellcode resourceFailed to find lsass.exe processFailed to get RtlAdjustPrivilege addressGET

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

0_2_00007FF6F907BAC0

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

0_2_00007FF6F907BAC0

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F90DF708 GetProcessHeap,

0_2_00007FF6F90DF708

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90A3E20 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6F90A3E20
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90A4004 SetUnhandledExceptionFilter,	0_2_00007FF6F90A4004
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90C4158 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6F90C4158
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90A3694 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF6F90A3694

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F90DDBA0 cpuid

0_2_00007FF6F90DDBA0

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: GetLocaleInfoEx,__crtDownlevelLocaleNameToLCID,GetLocaleInfoW,	0_2_00007FF6F90A2628
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: __crtGetLocaleInfoEx,	0_2_00007FF6F90A2884
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: EnumSystemLocalesW,	0_2_00007FF6F90E1A38
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: EnumSystemLocalesW,	0_2_00007FF6F90E1B08
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: EnumSystemLocalesW,	0_2_00007FF6F90D9B54
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF6F90E1BA4
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF6F90E1F30
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: GetLocaleInfoW,	0_2_00007FF6F90E1DE4
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF6F90E210C
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: GetLocaleInfoW,	0_2_00007FF6F90E1FE0
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: try_get_function,GetLocaleInfoW,	0_2_00007FF6F90DA1BC
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,wcschr,wcschr,GetLocaleInfoW,	0_2_00007FF6F90E1720

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F9086BAC GetSystemTimeAsFileTime,

0_2_00007FF6F9086BAC

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F90D9580 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_00007FF6F90D9580

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Code function: 0_2_00007FF6F90AB290 GetVersionExW,Concurrency::details::platform::InitializeSystemFunctionPointers,Concurrency::details::WinRT::Initialize,_CxxThrowException,_CxxThrowException,

0_2_00007FF6F90AB290

Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90B94C8 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind,Concurrency::details::SchedulerBase::GetInternalContext,		0_2_00007FF6F90B94C8
Source: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	Code function: 0_2_00007FF6F90BA4F4 Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent,Concurrency::details::InternalContextBase::SwitchOut,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::InternalContextBase::SwitchTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::WorkItem::Bind,		0_2_00007FF6F90BA4F4

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	112 Virtualization/Sandbox Evasion	OS Credential Dumping	12 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Deobfuscate/Decode Files or Information	LSASS Memory	121 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	112 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	23 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe	8%	ReversingLabs

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520462
Start date and time:	2024-09-27 11:23:28 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	2
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe renamed because original name is a hash value
Original Sample Name:	_uninstc.exe
Detection:	SUS
Classification:	sus27.evad.winEXE@1/0@0/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 96% Number of executed functions: 28 Number of non-executed functions: 206
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
VT rate limit hit for: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Simulations

Behavior and APIs

Time	Type	Description
05:24:36	API Interceptor	2x Sleep call for process: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe modified

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.532534399779066
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe
File size:	887'808 bytes
MD5:	50c9853e37a18a5b5c2f5857ea1a5ab1
SHA1:	079079af20c8d68e7ac999ee28961eee9b61f4c9
SHA256:	31130b5f53f752897775b5a39ea3936e7afeff09dd3e381b15f1800efb68f2fb
SHA512:	af8c0cd6f960a2a98eca3a56496461260c56a2ef0500b5470266ffb568bc608ff8b224f7fdc5f0d40294188342de4b0baa7f257dc79c148674ae6d661fbb58a5
SSDEEP:	12288:75wUl0+S9fNs974kg4B3ohHAbZioA2O4TmKBLf6:75wUl0+S9f8c8B3ohkZiEOmD
TLSH:	AA158C16AAD445FCE0239336CB578567F7B274061A319B9F03AC066A1F272A14EFF721
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v...%...%...%...$...%...$...%...$u..%...$...%...$...%...%\|..%...$...%...$...%{..$...%{.x%...%...%...%{..$...%Rich...%.......

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x140033bec
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x56EB4C6D [Fri Mar 18 00:31:41 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	1d878e2886045880ff55ccfced8fd653

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F5515054A7Ch
dec eax
add esp, 28h
jmp 00007F551505449Fh
int3
int3
jmp 00007F5515053BC4h
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
dec eax
mov eax, edx
dec eax
lea ecx, dword ptr [00045A4Dh]
dec eax
mov dword ptr [ebx], ecx
dec eax
lea edx, dword ptr [ebx+08h]
xor ecx, ecx
dec eax
mov dword ptr [edx], ecx
dec eax
mov dword ptr [edx+08h], ecx
dec eax
lea ecx, dword ptr [eax+08h]
call 00007F5515071499h
dec eax
lea eax, dword ptr [0004E8CDh]
dec eax
mov dword ptr [ebx], eax
dec eax
mov eax, ebx
dec eax
add esp, 20h
pop ebx
ret
int3
dec eax
and dword ptr [ecx+10h], 00000000h
dec eax
lea eax, dword ptr [0004E8C4h]
dec eax
mov dword ptr [ecx+08h], eax
dec eax
lea eax, dword ptr [0004E8A9h]
dec eax
mov dword ptr [ecx], eax
dec eax
mov eax, ecx
ret
int3
int3
dec eax
sub esp, 48h
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F55150545F7h
dec eax
lea edx, dword ptr [0006D9D3h]
dec eax
lea ecx, dword ptr [esp+20h]
call 00007F55150714FEh
int3
jmp 00007F5515075214h
int3
int3
int3
dec eax
mov dword ptr [esp+10h], ebx
dec eax
mov dword ptr [esp+18h], esi
push edi
dec eax
sub esp, 10h
xor eax, eax
mov dword ptr [0006F4C9h], 00000002h
xor ecx, ecx
mov dword ptr [0006F4B9h], 00000001h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa1dac	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb0000	0x2b580	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0xa9000	0x6138	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xdc000	0x165c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x919b0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x919d0	0x100	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x79000	0x488	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x77e74	0x78000	5fc22c4fd8ce7fd6389e5fec6eaaac70	False	0.494903564453125	data	6.472719007713046	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x79000	0x29d5c	0x29e00	9d081de1d188f689daedea7c0e9ed169	False	0.3739563899253731	data	4.735870485264002	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa3000	0x5b2c	0x3a00	b4c1acef0fb8e97fa77d58062b928ec1	False	0.16419719827586207	data	4.194091435024407	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0xa9000	0x6138	0x6200	fe97fb6ad42f89bee1fc926d910dcf0f	False	0.4925063775510204	data	5.80549196958669	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xb0000	0x2b580	0x2b600	02a6e821f37f3fe0b12a318313864399	False	0.4194659582132565	data	5.245510363952572	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xdc000	0x165c	0x1800	7bec397984cd14f99fb5a63c78f5cacc	False	0.3336588541666667	data	5.318436076636775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_RCDATA	0xb00a0	0x2b2ac	ASCII text, with very long lines (65536), with no line terminators	Chinese	China	0.4190043662194874
RT_MANIFEST	0xdb350	0x22f	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (499), with CRLF line terminators	English	United States	0.5295169946332737

Imports

DLL	Import
ntdll.dll	RtlNtStatusToDosError, RtlPcToFileHeader, RtlUnwindEx, TpAllocJobNotification, NtQueryObject, NtQueryInformationProcess, RtlUnwind
WINHTTP.dll	WinHttpCrackUrl
KERNEL32.dll	RtlVirtualUnwind, SetStdHandle, GetProcessHeap, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, IsValidCodePage, FindNextFileW, FindFirstFileExW, WriteConsoleW, FindClose, HeapReAlloc, GetCurrentProcess, GetLastError, LocalFree, FormatMessageA, SearchPathA, CreateFileA, WriteFile, IsDebuggerPresent, CloseHandle, FreeLibrary, GetModuleHandleA, GetProcAddress, LoadResource, LockResource, SizeofResource, LoadLibraryA, LoadLibraryW, FindResourceA, CreateToolhelp32Snapshot, Process32First, Process32Next, CreateFileW, DuplicateHandle, SetEvent, CreateEventW, OpenProcess, VirtualAllocEx, WriteProcessMemory, CreateJobObjectW, AssignProcessToJobObject, SetInformationJobObject, WideCharToMultiByte, WaitForSingleObjectEx, Sleep, SwitchToThread, GetCurrentThread, GetCurrentThreadId, GetExitCodeThread, QueryPerformanceCounter, EnterCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, MultiByteToWideChar, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetStringTypeW, GetCPInfo, RtlCaptureContext, RtlLookupFunctionEntry, SetFilePointerEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, GetStartupInfoW, GetCurrentProcessId, InitializeSListHead, CreateTimerQueue, SignalObjectAndWait, CreateThread, SetThreadPriority, GetThreadPriority, GetLogicalProcessorInformation, CreateTimerQueueTimer, ChangeTimerQueueTimer, DeleteTimerQueueTimer, GetNumaHighestNodeNumber, GetProcessAffinityMask, SetThreadAffinityMask, RegisterWaitForSingleObject, UnregisterWait, GetThreadTimes, FreeLibraryAndExitThread, GetModuleFileNameW, LoadLibraryExW, GetVersionExW, VirtualAlloc, VirtualProtect, VirtualFree, ReleaseSemaphore, InterlockedPopEntrySList, InterlockedPushEntrySList, InterlockedFlushSList, QueryDepthSList, UnregisterWaitEx, ReadConsoleW, ReadFile, GetConsoleMode, GetConsoleCP, RaiseException, ExitProcess, GetModuleHandleExW, ExitThread, GetStdHandle, GetACP, HeapAlloc, HeapFree, GetFileType, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, HeapSize

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China
English	United States

Target ID:	0
Start time:	05:24:36
Start date:	27/09/2024
Path:	C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe"
Imagebase:	0x7ff6f9070000
File size:	887'808 bytes
MD5 hash:	50C9853E37A18A5B5C2F5857EA1A5AB1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	37.1%
Total number of Nodes:	1106
Total number of Limit Nodes:	24

Executed Functions

Function 00007FF6F9093876 Relevance: 119.3, APIs: 79, Instructions: 763COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093891
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90938BA
_Getctype.LIBCPMT ref: 00007FF6F90938EE
_Getcvt.LIBCPMT ref: 00007FF6F9093906
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093937
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093953
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909397C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093999
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90939C3
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90939EC
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093A27
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093A3E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093A67
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093AA2
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093AB9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093AE2
numpunct.LIBCPMT ref: 00007FF6F9093B1B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093B3B
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093B64
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093B81
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093B98
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093BC1
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093BDE
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093BF5
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093C1E
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093C3B
collate.LIBCPMT ref: 00007FF6F9093C44
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093C7C
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093CA5
_Getcoll.LIBCPMT ref: 00007FF6F9093CD9
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093CF3
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093D0F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093D38
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093D55
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093D7B
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093DA4
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093DE3
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093E0C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093E29
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093E53
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093E7C
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093EB7
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093ECE
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093EF7
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093F32
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093F49
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9093F72
_Mpunct.LIBCPMT ref: 00007FF6F9093FAF
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9093FC8
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9093FDF
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9094008
_Mpunct.LIBCPMT ref: 00007FF6F9094045
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909406F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9094098
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F90940B5
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90940CC
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90940F5
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9094112
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9094129
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9094152
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F909416F
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9094186
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90941AF
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F90941CC
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90941F9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9094222
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F909426C
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9094283
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90942AC
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F90942FE
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909431A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9094343
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9094360
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9094377
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90943A0
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90943E6
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909440F
_Getcvt.LIBCPMT ref: 00007FF6F9094443
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F90944C2

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$AddfacLocimp::_Locimp_std::locale::_$GetcvtMpunct$GetcollGetctypecollatenumpunct
String ID:
API String ID: 2498672018-0
Opcode ID: fb4a00f2c8653ac94c97500f7d9e0ea90b91f5ef66c12361f09c1cdd5456df5b
Instruction ID: f8b40413a1cbdd82e2d260fd3f99c12898aa67640a17689688bcf079d24be689
Opcode Fuzzy Hash: fb4a00f2c8653ac94c97500f7d9e0ea90b91f5ef66c12361f09c1cdd5456df5b
Instruction Fuzzy Hash: 06720B21E4AA1295E755DF21AC402B937A9AF65780F044139E92ED77EEFF3CE486C340

Function 00007FF6F907BAC0 Relevance: 72.5, APIs: 23, Strings: 18, Instructions: 767
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

gj==, xrefs: 00007FF6F907C711
ntdl, xrefs: 00007FF6F907C2D9
Shellcode resource size is 0, xrefs: 00007FF6F907CE7A
158, xrefs: 00007FF6F907C1D6
wp9=, xrefs: 00007FF6F907BB64
Failed to lock shellcode resource, xrefs: 00007FF6F907CEA1
l.dl, xrefs: 00007FF6F907C2E3
gerP, xrefs: 00007FF6F907BFF8
agxs, xrefs: 00007FF6F907BB50
Failed to load shellcode resource, xrefs: 00007FF6F907CE53
gj==, xrefs: 00007FF6F907C72F
7YsC, xrefs: 00007FF6F907C707
Failed to get RtlAdjustPrivilege address, xrefs: 00007FF6F907CEC1
Failed to find lsass.exe process, xrefs: 00007FF6F907CDFF
7YsC, xrefs: 00007FF6F907C728
rese, xrefs: 00007FF6F907C002
YzsH, xrefs: 00007FF6F907BB5A
Failed to find shellcode resource, xrefs: 00007FF6F907CE2C

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID: 158$7YsC$7YsC$Failed to find lsass.exe process$Failed to find shellcode resource$Failed to get RtlAdjustPrivilege address$Failed to load shellcode resource$Failed to lock shellcode resource$Shellcode resource size is 0$YzsH$agxs$gerP$gj==$gj==$l.dl$ntdl$rese$wp9=
API String ID: 0-2991562347
Opcode ID: 977e809e7aae9650e66132d33d392e4e7de19001329471ffbb6c7019d6b61f18
Instruction ID: 4f9f81eb538102ba4541f44ee81944227f70963f0c61d252f97e2ba95b704ed6
Opcode Fuzzy Hash: 977e809e7aae9650e66132d33d392e4e7de19001329471ffbb6c7019d6b61f18
Instruction Fuzzy Hash: 36927E62D18BC689E761DF34DC412F92760FB99388F405239DA9C96A9EFF38D248C341

Function 00007FF6F9084CE0 Relevance: 48.3, APIs: 32, Instructions: 313
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9084CFB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9084D24
_Getctype.LIBCPMT ref: 00007FF6F9084D58
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9084D79
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9084D94
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9084DBD
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9084DDA
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9084E04
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9084E2D
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9084E67
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9084E7E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9084EA7
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9084EE1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9084EF8
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9084F21
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9084F7A
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9084FA3
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F9084FC0
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9084FD7
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9085000
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F908501D
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9085034
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908505D
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F908507A
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90850A1
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90850CA
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9085108
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9085131
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F908514E
std::locale::_Locimp::_Makexloc.LIBCPMT ref: 00007FF6F908515F
std::locale::_Locimp::_Makeushloc.LIBCPMT ref: 00007FF6F9085181
_Yarn.LIBCPMT ref: 00007FF6F908519B

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Locimp::_Lockit::_Lockit::~_std::locale::_$AddfacLocimp_$GetctypeMakeushlocMakexlocYarn
String ID:
API String ID: 2183446013-0
Opcode ID: 4460336c54669a8e75083f648a9d816190a8b1f1dafdd6e4fd5649da36198e74
Instruction ID: 6229c22bbb3dffb9b5f12df35b2b503b73f57507814689fc00a52758a16bdb98
Opcode Fuzzy Hash: 4460336c54669a8e75083f648a9d816190a8b1f1dafdd6e4fd5649da36198e74
Instruction Fuzzy Hash: FDE10B61E09A0295EB5ADF15AC402B932A9EFA27D4F044039D96DC3BEDFF2DE495C340

Function 00007FF6F90D9580 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 368
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF6F90D95C4

Part of subcall function 00007FF6F90D8D50: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D8D64

_get_daylight.LIBCMT ref: 00007FF6F90D95B3

Part of subcall function 00007FF6F90D8DB0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D8DC4

_get_daylight.LIBCMT ref: 00007FF6F90D9807
_get_daylight.LIBCMT ref: 00007FF6F90D9818
_get_daylight.LIBCMT ref: 00007FF6F90D9829
GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90D9A89), ref: 00007FF6F90D9850
WideCharToMultiByte.KERNEL32 ref: 00007FF6F90D98E6
WideCharToMultiByte.KERNEL32 ref: 00007FF6F90D9932

Strings

?, xrefs: 00007FF6F90D9925
Eastern Summer Time, xrefs: 00007FF6F90D9911
Eastern Standard Time, xrefs: 00007FF6F90D98BA

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _get_daylight$ByteCharMultiWide_invalid_parameter_noinfo$InformationTimeZone
String ID: ?$Eastern Standard Time$Eastern Summer Time
API String ID: 3440502458-688781733
Opcode ID: e056f1c026c43fca07be4a7889b5f158ef908aecc4012eb7e40475d80ec204aa
Instruction ID: a5f6a301fc4df20aff79b8c35aef081a6b61083228e78d2a954c863758eaec90
Opcode Fuzzy Hash: e056f1c026c43fca07be4a7889b5f158ef908aecc4012eb7e40475d80ec204aa
Instruction Fuzzy Hash: 26E1B032A0868286E764DF359C406A97B96FB94788F44513AEB7E83BDDEF3CD4418740

Function 00007FF6F90C8064 Relevance: 9.2, APIs: 6, Instructions: 235
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90C8086
_get_daylight.LIBCMT ref: 00007FF6F90C80E2
_get_daylight.LIBCMT ref: 00007FF6F90C80F3
_get_daylight.LIBCMT ref: 00007FF6F90C8104
_isindst.LIBCMT ref: 00007FF6F90C8155
_isindst.LIBCMT ref: 00007FF6F90C81A8

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
String ID:
API String ID: 1405656091-0
Opcode ID: 980db3feaa98d670d0e2179d87a31a66d4ae0fee66c7df8ba197ac5009a55739
Instruction ID: 3b064435234f3f821561dd59db51a1fc968ae3111a21ce2bad5cdc5fc8de339c
Opcode Fuzzy Hash: 980db3feaa98d670d0e2179d87a31a66d4ae0fee66c7df8ba197ac5009a55739
Instruction Fuzzy Hash: 2881BFB2B046464BEB6C8E65CD05BA822A5EB54788F04903DEE1DCABCDFF3CE4018614

Function 00007FF6F9079020 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 114
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32 ref: 00007FF6F90790CB
GetProcAddress.KERNEL32 ref: 00007FF6F90790FC
GetProcAddress.KERNEL32 ref: 00007FF6F907910C
GetProcAddress.KERNEL32 ref: 00007FF6F907911C
FreeLibrary.KERNEL32 ref: 00007FF6F90791F4

Part of subcall function 00007FF6F90783F0: _Thrd_sleep.LIBCPMT ref: 00007FF6F907846C

Part of subcall function 00007FF6F90783F0: _Xtime_get_ticks.LIBCPMT ref: 00007FF6F907841B

FreeLibrary.KERNEL32 ref: 00007FF6F90791DE

Strings

ount, xrefs: 00007FF6F90790BE
Coun, xrefs: 00007FF6F90790A2
GetT, xrefs: 00007FF6F90790B0
uenc, xrefs: 00007FF6F9079095
ickC, xrefs: 00007FF6F90790B7
ter, xrefs: 00007FF6F90790A9
Freq, xrefs: 00007FF6F907908E

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AddressLibraryProc$Free$LoadThrd_sleepXtime_get_ticks
String ID: Coun$Freq$GetT$ickC$ount$ter$uenc
API String ID: 2031778473-2732439934
Opcode ID: 9d20d7a5e47f1f04f8d83ee82bee1d022dc6d366e3615be8b05c3e2c4efe27fc
Instruction ID: 4f0394729fd4a83db509006c4e2fd47b0ec46bae5d54006c7cd02ab2899171d7
Opcode Fuzzy Hash: 9d20d7a5e47f1f04f8d83ee82bee1d022dc6d366e3615be8b05c3e2c4efe27fc
Instruction Fuzzy Hash: FA518D22F04A8289E711DFB0E8503AD73B5EF58788F05413ACE1E67A88EF38D156C704

Function 00007FF6F90D97E4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155
timeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_get_daylight.LIBCMT ref: 00007FF6F90D9807

Part of subcall function 00007FF6F90D8DB0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D8DC4

_get_daylight.LIBCMT ref: 00007FF6F90D9818

Part of subcall function 00007FF6F90D8D50: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D8D64

_get_daylight.LIBCMT ref: 00007FF6F90D9829

Part of subcall function 00007FF6F90D8D80: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D8D94

Part of subcall function 00007FF6F90D6AF0: HeapFree.KERNEL32 ref: 00007FF6F90D6B06

GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90D9A89), ref: 00007FF6F90D9850
WideCharToMultiByte.KERNEL32 ref: 00007FF6F90D98E6
WideCharToMultiByte.KERNEL32 ref: 00007FF6F90D9932

Strings

?, xrefs: 00007FF6F90D9925
Eastern Summer Time, xrefs: 00007FF6F90D9911
Eastern Standard Time, xrefs: 00007FF6F90D98BA

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ByteCharMultiWide$FreeHeapInformationTimeZone
String ID: ?$Eastern Standard Time$Eastern Summer Time
API String ID: 2401661991-688781733
Opcode ID: 90b8dfbf901003e42658c5151d9198e74a5229eedeac75c91a888f9b87f65051
Instruction ID: 666bc6050a01a32c5098018b52d3fd7894fc48636186e54a1bdcc5779be2ac47
Opcode Fuzzy Hash: 90b8dfbf901003e42658c5151d9198e74a5229eedeac75c91a888f9b87f65051
Instruction Fuzzy Hash: 9A619B32A186428AE764DF25EC801A977A5FF84794F84413AEA6D827DDFF3CE581C740

Function 00007FF6F90A3A78 Relevance: 15.1, APIs: 10, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF6F90A3A87

Part of subcall function 00007FF6F90A341C: __vcrt_initialize.LIBVCRUNTIME ref: 00007FF6F90A343E

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF6F90A3A9C
__scrt_release_startup_lock.LIBCMT ref: 00007FF6F90A3B0A
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FF6F90A3B20
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FF6F90A3B4C
__scrt_get_show_window_mode.LIBCMT ref: 00007FF6F90A3B5D
__scrt_is_managed_app.LIBCMT ref: 00007FF6F90A3B80
__scrt_uninitialize_crt.LIBCMT ref: 00007FF6F90A3B97
__scrt_fastfail.LIBCMT ref: 00007FF6F90A3BC9
__scrt_fastfail.LIBCMT ref: 00007FF6F90A3BD4

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: __scrt_fastfail__scrt_is_nonwritable_in_current_image$__scrt_acquire_startup_lock__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt__vcrt_initialize
String ID:
API String ID: 1664584033-0
Opcode ID: 55bc8d2aca4288ef9c140cd2ccc4de8dbba448ad7001838a59fca08c757d4f52
Instruction ID: 0f13f2777bbadda3fe7d2d88f462521c1c1b9ba01227b974e393a271da94ace4
Opcode Fuzzy Hash: 55bc8d2aca4288ef9c140cd2ccc4de8dbba448ad7001838a59fca08c757d4f52
Instruction Fuzzy Hash: B2312A21E1C20345FB15AF65DC513BA6692AF51744F44403DEA7ECB6DFFE2CE8458290

Function 00007FF6F90788E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55
libraryloaderwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE ref: 00007FF6F907894C
GetProcAddress.KERNEL32 ref: 00007FF6F9078961
MessageBoxW.USER32 ref: 00007FF6F9078978
FreeLibrary.KERNEL32 ref: 00007FF6F907897F

Strings

ageB, xrefs: 00007FF6F907893E
oxW, xrefs: 00007FF6F9078945
Mess, xrefs: 00007FF6F9078937

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Library$AddressFreeLoadMessageProc
String ID: Mess$ageB$oxW
API String ID: 2780580303-3069161946
Opcode ID: 4bc8adc1b78907f513fc786450d80eda5fc97488af26e0ef22ab6344f0554d06
Instruction ID: f68a6d0ce47383922797cfad8da60263b28b6e43cc9f186b343ec8843fa133d4
Opcode Fuzzy Hash: 4bc8adc1b78907f513fc786450d80eda5fc97488af26e0ef22ab6344f0554d06
Instruction Fuzzy Hash: 24117C62B156519DFB01CFA2AC446BC3AB06B09BE8F484438CE2D97B48EF38C5858711

Function 00007FF6F907D8A4 Relevance: 9.1, APIs: 6, Instructions: 134
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F907D8C5
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF6F907D934

Part of subcall function 00007FF6F907F708: _Yarn.LIBCPMT ref: 00007FF6F907F736

_Getcvt.LIBCPMT ref: 00007FF6F907D93F
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F907D9AD
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F907D9D9
std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00007FF6F907D9EB

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_$AddfacGetcvtLocimp::_Locimp_Locinfo::_Locinfo_ctorLockit::~_Yarnstd::locale::_
String ID:
API String ID: 3597945955-0
Opcode ID: 517802372387ccde4f7721f051ca2a997f446734f4bc9ce07f05ac2489fa750e
Instruction ID: b16d4bacd03ce2a3feeb1e9a2ca81aa5c0ea4e256a939da3059ba70240707ac1
Opcode Fuzzy Hash: 517802372387ccde4f7721f051ca2a997f446734f4bc9ce07f05ac2489fa750e
Instruction Fuzzy Hash: 4151A732A0CB8592EB21DF25E8502B973A4FB95B90F484139D79D83B99EF3CE485C705

Function 00007FF6F907AD40 Relevance: 7.6, APIs: 5, Instructions: 116
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6F907ADFA
std::_Throw_Cpp_error.LIBCPMT ref: 00007FF6F907AE09
_Thrd_join.LIBCPMT ref: 00007FF6F907AE1D
std::_Throw_Cpp_error.LIBCPMT ref: 00007FF6F907AE2B

Part of subcall function 00007FF6F9077BB0: _Mtx_init.LIBCPMT ref: 00007FF6F9077C27
Part of subcall function 00007FF6F9077BB0: _Thrd_start.LIBCPMT ref: 00007FF6F9077C84
Part of subcall function 00007FF6F9077BB0: _Mtx_unlock.LIBCPMT ref: 00007FF6F9077CE0
Part of subcall function 00007FF6F9077BB0: _Mtx_destroy.LIBCPMT ref: 00007FF6F9077CF3
Part of subcall function 00007FF6F9077BB0: _Cnd_destroy.LIBCPMT ref: 00007FF6F9077CFB

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907AEBF

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$Cnd_destroyCurrentMtx_destroyMtx_initMtx_unlockThrd_joinThrd_startThread_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 4061800114-0
Opcode ID: d214aeb6ccc95a562b8402ab828d4bd30d0fe96f4a953e3290569f0e53d15e30
Instruction ID: 6391fe09e7584a5c006789d047ea8e97d3f2a7076feb8039cfa5d2f55b298bf8
Opcode Fuzzy Hash: d214aeb6ccc95a562b8402ab828d4bd30d0fe96f4a953e3290569f0e53d15e30
Instruction Fuzzy Hash: 4C41A222B1868182EB509F65D9442AEA361EF847F0F144639EBBD47BCDEF7CE4808701

Function 00007FF6F9077BB0 Relevance: 7.6, APIs: 5, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_Mtx_init.LIBCPMT ref: 00007FF6F9077C27
_Thrd_start.LIBCPMT ref: 00007FF6F9077C84
_Mtx_unlock.LIBCPMT ref: 00007FF6F9077CE0
_Mtx_destroy.LIBCPMT ref: 00007FF6F9077CF3
_Cnd_destroy.LIBCPMT ref: 00007FF6F9077CFB

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Cnd_destroyMtx_destroyMtx_initMtx_unlockThrd_start
String ID:
API String ID: 2938124238-0
Opcode ID: f1868420eb924195e895775748ceeaedc62e5277740351bb7f5fc450f9ca8990
Instruction ID: 3f0ff5aed7290c3b68fb7f180ea7cfd66d5e10e7a2dc00328f6372b39531e38f
Opcode Fuzzy Hash: f1868420eb924195e895775748ceeaedc62e5277740351bb7f5fc450f9ca8990
Instruction Fuzzy Hash: CC412722F09B5288FB549BB19C513ED26B5AB487A8F040139DE6DD7BCEEF38E4408745

Function 00007FF6F90C99B0 Relevance: 7.6, APIs: 5, Instructions: 60
threadCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90C99D4
CreateThread.KERNELBASE ref: 00007FF6F90C9A15
GetLastError.KERNEL32 ref: 00007FF6F90C9A23
CloseHandle.KERNEL32 ref: 00007FF6F90C9A40
FreeLibrary.KERNEL32 ref: 00007FF6F90C9A4F

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
String ID:
API String ID: 2067211477-0
Opcode ID: 08ed1d4c42050ec392658845bfe524db88aa4d3b07c01d7ba851e1dce114c3a8
Instruction ID: c3df5d89eddcd2f149e68fd82fbfd0dea00590a1bbc47f47359ea095d7ffeeb8
Opcode Fuzzy Hash: 08ed1d4c42050ec392658845bfe524db88aa4d3b07c01d7ba851e1dce114c3a8
Instruction Fuzzy Hash: 9F214225B0974286EF15DF66985017963A0AF84B80F084539EF7E837DDFE3CE400C660

Function 00007FF6F90C98DC Relevance: 7.5, APIs: 5, Instructions: 31
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6F90D6948: GetLastError.KERNEL32(?,?,8000000000000000,00007FF6F90C9335,?,?,?,?,00007FF6F90D6B15), ref: 00007FF6F90D6952
Part of subcall function 00007FF6F90D6948: SetLastError.KERNEL32(?,?,8000000000000000,00007FF6F90C9335,?,?,?,?,00007FF6F90D6B15), ref: 00007FF6F90D697E

ExitThread.KERNEL32 ref: 00007FF6F90C98F4
ExitThread.KERNEL32 ref: 00007FF6F90C9909

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 59c4a6963072dc2200774ba5c96d922b26b8fb9d4c7ee41bf7ea5306705dfb46
Instruction ID: 6af7fb97e736304bca4423a88e4476e3c0232a16d4fd52a1b008deb4f4920d40
Opcode Fuzzy Hash: 59c4a6963072dc2200774ba5c96d922b26b8fb9d4c7ee41bf7ea5306705dfb46
Instruction Fuzzy Hash: 0E012821B08A8292EB056F748D8423C62A5EF40B74F14173DD73E827E9FF2CE8598350

Function 00007FF6F90C70C4 Relevance: 4.5, APIs: 3, Instructions: 19
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF6F90C70C3), ref: 00007FF6F90C70ED
TerminateProcess.KERNEL32(?,?,?,00007FF6F90C70C3), ref: 00007FF6F90C70F8
ExitProcess.KERNEL32 ref: 00007FF6F90C7107

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 53077afccc69a4dd1a010a808ad812dcf372d9b3d2230ae3ee0c212679bdc2ff
Instruction ID: eec04d50a4a736bbef98ed184cd6a0dc71880ff33015c51839d08b3e6083e56b
Opcode Fuzzy Hash: 53077afccc69a4dd1a010a808ad812dcf372d9b3d2230ae3ee0c212679bdc2ff
Instruction Fuzzy Hash: 5DE04F20B0830686FB687F759C952B92256AF84741F20543CC92E863DEED3DE8488310

Function 00007FF6F907B470 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 211
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907B66B

Strings

, xrefs: 00007FF6F907B4F1

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-3916222277
Opcode ID: 34b7a81319f3a570114e4e6290e8e85e272063c0dc67f372ae795c383e11763f
Instruction ID: 77540769cce22b686bedb5ae88b37507be7e97d2013a755a2e52d40c2944efe9
Opcode Fuzzy Hash: 34b7a81319f3a570114e4e6290e8e85e272063c0dc67f372ae795c383e11763f
Instruction Fuzzy Hash: 50818572A15B8182EB148F29D8513B9A760FB85BA4F14833ADB6D877D9EF3CD481C701

Function 00007FF6F90D9E14 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90D9E37

Strings

AppPolicyGetThreadInitializationType, xrefs: 00007FF6F90D9E30

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: try_get_function
String ID: AppPolicyGetThreadInitializationType
API String ID: 2742660187-3350320272
Opcode ID: ce75949736fbde21343834cb8b50f4a006a4a1040df50360689b242f64e1e7b6
Instruction ID: 7803894a7781b48e984d3247dcebff8091a6260997087fc60ac284618d737b77
Opcode Fuzzy Hash: ce75949736fbde21343834cb8b50f4a006a4a1040df50360689b242f64e1e7b6
Instruction Fuzzy Hash: 8FE04F91E0950AD1FF455F91AC001B01211DF087BCE48033AEA3C863D8FE2CEA99D304

Function 00007FF6F9077920 Relevance: 3.2, APIs: 2, Instructions: 189COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9077B93
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9077B9F

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: c44ed366d8de4c662e0f08cb95b8fa742348f4d5b0e0f82980a6293a64fa6d62
Instruction ID: c2b7da164ad758b39d7bf86c4290950a3aa30a7e8ea0f1111b878d45f2d436e4
Opcode Fuzzy Hash: c44ed366d8de4c662e0f08cb95b8fa742348f4d5b0e0f82980a6293a64fa6d62
Instruction Fuzzy Hash: 91718D62B09A8581EF148F29E80427966A5EB84BF4F558739DE7D43BD9EF3CE481C301

Function 00007FF6F907AB70 Relevance: 3.1, APIs: 2, Instructions: 74COMMON

Download Yara Rule

APIs

_Mtx_unlock.LIBCPMT ref: 00007FF6F907AC0F
_Cnd_do_broadcast_at_thread_exit.LIBCPMT ref: 00007FF6F907AC37

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Cnd_do_broadcast_at_thread_exitMtx_unlock
String ID:
API String ID: 3664743064-0
Opcode ID: 83e0adefe17ca9ad8f5b03030cf6eb1a18c82bd3fef7bf9ec5c94f197ceba56b
Instruction ID: 4296dd6d2f1f469601b09d6eeeff2e94b82d7ca86298a1d45fa5e1d384225c93
Opcode Fuzzy Hash: 83e0adefe17ca9ad8f5b03030cf6eb1a18c82bd3fef7bf9ec5c94f197ceba56b
Instruction Fuzzy Hash: 81217531F0864182EB549F25D84127A62A5FF84754F540139EAADC7BDEEF3CE4928B04

Function 00007FF6F90783F0 Relevance: 3.0, APIs: 2, Instructions: 36COMMON

Download Yara Rule

APIs

_Xtime_get_ticks.LIBCPMT ref: 00007FF6F907841B
_Thrd_sleep.LIBCPMT ref: 00007FF6F907846C

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Thrd_sleepXtime_get_ticks
String ID:
API String ID: 2736526484-0
Opcode ID: ad8e22bb93492d7c1794e8284a8eab5c434cdef3aa11ebb6d7be5d99d615c568
Instruction ID: 4f899f0818758d3c59d3163bb5669ac07faaecbc1882f0ea90bf3a37124ecbec
Opcode Fuzzy Hash: ad8e22bb93492d7c1794e8284a8eab5c434cdef3aa11ebb6d7be5d99d615c568
Instruction Fuzzy Hash: AF01B9A2B1978942EB648F24A851369A3D4FB8C3C8F445135EADE86789FF2CD1414B04

Function 00007FF6F90C9874 Relevance: 3.0, APIs: 2, Instructions: 30threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6F90C9882
ExitThread.KERNEL32 ref: 00007FF6F90C988A

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 60b4ac61bffc80a819f642a658f2081e26c96e24864ec600703ed24e0d73b1e5
Instruction ID: 0022dcb5550f5d7e3355fbb53406be5b163cbf0158ac3cfd8cf67aabeff7f1df
Opcode Fuzzy Hash: 60b4ac61bffc80a819f642a658f2081e26c96e24864ec600703ed24e0d73b1e5
Instruction Fuzzy Hash: 9EF03A66E0964286EF19AFB59C155BC12A1AF94B14F041039EA39C33DAFE2CE944C210

Function 00007FF6F90A3168 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6F90A3198

Part of subcall function 00007FF6F907EDF8: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F907EE01
Part of subcall function 00007FF6F907EDF8: _CxxThrowException.LIBVCRUNTIME ref: 00007FF6F907EE12

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6F90A319E

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::cancel_current_task$ExceptionThrowstd::bad_alloc::bad_alloc
String ID:
API String ID: 2386360001-0
Opcode ID: 23f425f8a334c2b16384e28a3fa6a9e2980a0f072a9231f595175fb2069c4236
Instruction ID: 6315a40245ea76870e434193a8541a40f7510a96834a84c64ca07ffc225dee7a
Opcode Fuzzy Hash: 23f425f8a334c2b16384e28a3fa6a9e2980a0f072a9231f595175fb2069c4236
Instruction Fuzzy Hash: 95E0EC40E0920751FB697E629C1617401440F25370E1C1B39E97EC82CFFD1CE5558291

Function 00007FF6F909F108 Relevance: 3.0, APIs: 2, Instructions: 17COMMONLIBRARYCODE

Download Yara Rule

APIs

_Getvals.LIBCPMT ref: 00007FF6F909F131

Part of subcall function 00007FF6F909C444: _Getcvt.LIBCPMT ref: 00007FF6F909C466
Part of subcall function 00007FF6F909C444: _Yarn.LIBCPMT ref: 00007FF6F909C4A2
Part of subcall function 00007FF6F909C444: _Yarn.LIBCPMT ref: 00007FF6F909C51D

_Getdateorder.LIBCPMT ref: 00007FF6F909F136

Part of subcall function 00007FF6F90A2884: __crtGetLocaleInfoEx.LIBCPMT ref: 00007FF6F90A28A8

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Yarn$GetcvtGetdateorderGetvalsInfoLocale__crt
String ID:
API String ID: 228185232-0
Opcode ID: 9bd1aeecd99623c410cbf8d4a302e2f0fb334ace1778b8932efd3ba5b1ef268a
Instruction ID: 1c5564a348419144ac1c386be68f7b60e3c71b721f4c4771b9d1d21322f7d817
Opcode Fuzzy Hash: 9bd1aeecd99623c410cbf8d4a302e2f0fb334ace1778b8932efd3ba5b1ef268a
Instruction Fuzzy Hash: 1EE08673915B4286D7189B78A80116972E4E7487747304738DAFC893E9EF38C1638780

Function 00007FF6F90C7008 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6F90C7027

Part of subcall function 00007FF6F90C7110: GetModuleHandleExW.KERNEL32 ref: 00007FF6F90C712C
Part of subcall function 00007FF6F90C7110: GetProcAddress.KERNEL32 ref: 00007FF6F90C7142
Part of subcall function 00007FF6F90C7110: FreeLibrary.KERNEL32 ref: 00007FF6F90C715F

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: a400e2c35ec8908003dcc9e2bd86db1e572eab0855f1136fcd494bcdbee10d9d
Instruction ID: f8a239b2d006ca0573e9d3ff6559e4a7ee4250432a8b638bbd4441eb45ee8fd9
Opcode Fuzzy Hash: a400e2c35ec8908003dcc9e2bd86db1e572eab0855f1136fcd494bcdbee10d9d
Instruction Fuzzy Hash: 78214C32E14741CAEF159F64C8542EC37A4EB44708F54453AEA2D82BCAEF39D594CBA0

Function 00007FF6F907AAF0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907AB52

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: e993fabd9ee2871ea03103400a04aa23078cd60f1600e9e8e69424d7a1892393
Instruction ID: 679895317aeda9e713936942c8b71c3e9eca03fd17b3cdd5d09fc20a1644667d
Opcode Fuzzy Hash: e993fabd9ee2871ea03103400a04aa23078cd60f1600e9e8e69424d7a1892393
Instruction Fuzzy Hash: E0F0C262B0468581EF049F62E8843AD6321EB48FC8F584035DB2D4BB8ADE2CC4D18300

Function 00007FF6F907F41B Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_Yarn.LIBCPMT ref: 00007FF6F907F426

Part of subcall function 00007FF6F9084AD0: std::_Locinfo::_Locinfo.LIBCPMT ref: 00007FF6F9084BFA
Part of subcall function 00007FF6F9084AD0: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 00007FF6F9084C0F

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Locimp::_LocinfoLocinfo::_MakelocYarnstd::_std::locale::_
String ID:
API String ID: 1170983839-0
Opcode ID: bc804f9a403f99231c964db1dbc11832e4a21dda8f36c0b1ad1263aac2b511c3
Instruction ID: 37449f1bf7c6c79be92d8c8443304991188fb9d1969aa158d07ffae6aa3606bc
Opcode Fuzzy Hash: bc804f9a403f99231c964db1dbc11832e4a21dda8f36c0b1ad1263aac2b511c3
Instruction Fuzzy Hash: 62D0A92270A30082DA009F3EE980419A315AB82BC8768A030CF1C0379BDD2CD0B18204

Function 00007FF6F9071082 Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

_onexit.LIBCMT ref: 00007FF6F90A3680

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _onexit
String ID:
API String ID: 572287377-0
Opcode ID: f53fe8b83b4cf940d88fb519a97dba29c9c636b0e1b6b6c3e345df8328d18f50
Instruction ID: 50635b45e105d947b894d373a8ac8f488ad19fbe2998281efdf0cb8693a89f92
Opcode Fuzzy Hash: f53fe8b83b4cf940d88fb519a97dba29c9c636b0e1b6b6c3e345df8328d18f50
Instruction Fuzzy Hash: B5C04C51E6940FC5E71C7F75CC8647401505B69704FD1463AC52DC13D5EC4CD1E64641

Function 00007FF6F90D7704 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF6F90DDAF5,?,?,00000000,00007FF6F90DF6CF,?,?,?,00007FF6F90D4379,?,?,?,00007FF6F90D429D), ref: 00007FF6F90D7742

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 96d74318c8102fb9f3c7f8e035594f168e2d973853a897eca0e36dd17639f2e5
Instruction ID: 29471d53f9f4f7cc8bdb2f1c25d4f1123a7cbbdb986a878aacc3e2c57b6c604a
Opcode Fuzzy Hash: 96d74318c8102fb9f3c7f8e035594f168e2d973853a897eca0e36dd17639f2e5
Instruction Fuzzy Hash: 0CF0F895A1D20645FF646FB15D412B522D65F847A0F585A3ADE3EC53CAFE2CE4809120

Non-executed Functions

Function 00007FF6F90B5C18 Relevance: 180.6, APIs: 85, Strings: 18, Instructions: 371libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5C37
GetProcAddress.KERNEL32 ref: 00007FF6F90B5C47
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5C68
GetProcAddress.KERNEL32 ref: 00007FF6F90B5C78
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5C99
GetProcAddress.KERNEL32 ref: 00007FF6F90B5CA9
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5CCA
GetProcAddress.KERNEL32 ref: 00007FF6F90B5CDA
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5CFB
GetProcAddress.KERNEL32 ref: 00007FF6F90B5D0B
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5D2C
GetProcAddress.KERNEL32 ref: 00007FF6F90B5D3C
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5D5D
GetProcAddress.KERNEL32 ref: 00007FF6F90B5D6D
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5D8E
GetProcAddress.KERNEL32 ref: 00007FF6F90B5D9E
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5DBF
GetProcAddress.KERNEL32 ref: 00007FF6F90B5DCF
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5DF0
GetProcAddress.KERNEL32 ref: 00007FF6F90B5E00
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5E21
GetProcAddress.KERNEL32 ref: 00007FF6F90B5E31
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5E52
GetProcAddress.KERNEL32 ref: 00007FF6F90B5E62
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5E83
GetProcAddress.KERNEL32 ref: 00007FF6F90B5E93
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5EB4
GetProcAddress.KERNEL32 ref: 00007FF6F90B5EC4
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5EE5
GetProcAddress.KERNEL32 ref: 00007FF6F90B5EF5
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5F16
GetProcAddress.KERNEL32 ref: 00007FF6F90B5F26
GetModuleHandleW.KERNEL32 ref: 00007FF6F90B5F47
GetProcAddress.KERNEL32 ref: 00007FF6F90B5F57
GetLastError.KERNEL32 ref: 00007FF6F90B5F91
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B5FAA
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B5FBB
GetLastError.KERNEL32 ref: 00007FF6F90B5FC1
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B5FDA
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B5FEB
GetLastError.KERNEL32 ref: 00007FF6F90B5FF1
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B600A
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B601B
GetLastError.KERNEL32 ref: 00007FF6F90B6021
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B6039
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B6049
GetLastError.KERNEL32 ref: 00007FF6F90B604F
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B6067
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B6077
GetLastError.KERNEL32 ref: 00007FF6F90B607D
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B6095
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B60A5
GetLastError.KERNEL32 ref: 00007FF6F90B60AB
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B60C3
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B60D3
GetLastError.KERNEL32 ref: 00007FF6F90B60D9
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B60F1
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B6101
GetLastError.KERNEL32 ref: 00007FF6F90B6107
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B611F
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B612F
GetLastError.KERNEL32 ref: 00007FF6F90B6135
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B614D
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B615D
GetLastError.KERNEL32 ref: 00007FF6F90B6163
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B617B
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B618B
GetLastError.KERNEL32 ref: 00007FF6F90B6191
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B61AC
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B61BF
GetLastError.KERNEL32 ref: 00007FF6F90B61C5
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B61E0
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B61F3
GetLastError.KERNEL32 ref: 00007FF6F90B61F9
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B6214
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B6227
GetLastError.KERNEL32 ref: 00007FF6F90B622D
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B6248
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B625B
GetLastError.KERNEL32 ref: 00007FF6F90B6261
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B627C
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B628F
GetLastError.KERNEL32 ref: 00007FF6F90B6295
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90B62B0
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B62C3

Strings

UpdateProcThreadAttribute, xrefs: 00007FF6F90B5F50
DeleteProcThreadAttributeList, xrefs: 00007FF6F90B5CD3
GetCurrentUmsThread, xrefs: 00007FF6F90B5DF9
QueryUmsThreadInformation, xrefs: 00007FF6F90B5EBD
CreateRemoteThreadEx, xrefs: 00007FF6F90B5C40
DeleteUmsThreadContext, xrefs: 00007FF6F90B5D35
GetUmsCompletionListEvent, xrefs: 00007FF6F90B5E5B
ExecuteUmsThread, xrefs: 00007FF6F90B5DC8
SetUmsThreadInformation, xrefs: 00007FF6F90B5EEE
CreateUmsThreadContext, xrefs: 00007FF6F90B5CA2
kernel32.dll, xrefs: 00007FF6F90B5C2D
GetNextUmsListItem, xrefs: 00007FF6F90B5E2A
DequeueUmsCompletionListItems, xrefs: 00007FF6F90B5D66
InitializeProcThreadAttributeList, xrefs: 00007FF6F90B5E8C
UmsThreadYield, xrefs: 00007FF6F90B5F1F
DeleteUmsCompletionList, xrefs: 00007FF6F90B5D04
EnterUmsSchedulingMode, xrefs: 00007FF6F90B5D97
CreateUmsCompletionList, xrefs: 00007FF6F90B5C71

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AddressConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionHandleLastModuleProcThrow
String ID: CreateRemoteThreadEx$CreateUmsCompletionList$CreateUmsThreadContext$DeleteProcThreadAttributeList$DeleteUmsCompletionList$DeleteUmsThreadContext$DequeueUmsCompletionListItems$EnterUmsSchedulingMode$ExecuteUmsThread$GetCurrentUmsThread$GetNextUmsListItem$GetUmsCompletionListEvent$InitializeProcThreadAttributeList$QueryUmsThreadInformation$SetUmsThreadInformation$UmsThreadYield$UpdateProcThreadAttribute$kernel32.dll
API String ID: 1942842289-2643937717
Opcode ID: a32647a2585ad13fa15972578e42c76dba6805246e239683fc8797d020c1c341
Instruction ID: b49a689b4a18d079d137b145d6f29ac8e6cf6e8c3d0dce3df808425b790546b6
Opcode Fuzzy Hash: a32647a2585ad13fa15972578e42c76dba6805246e239683fc8797d020c1c341
Instruction Fuzzy Hash: 3D020960E09A0395FF19EF61EC592B922A5BF84B54F404439E96EC62EDFE3CE548C344

Function 00007FF6F9086520 Relevance: 145.5, APIs: 42, Strings: 41, Instructions: 226libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(?,?,?,?,00007FF6F907F861), ref: 00007FF6F908653A
GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F908656D
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F9086580
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F908659E
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F90865BC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F90865DA
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F90865F8
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F9086616
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F9086634
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F9086652
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F9086670
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F908668E
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F90866AC
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F90866CA
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F90866E8
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F9086706
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F9086724
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F9086742
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F9086760
GetProcAddress.KERNEL32(?,?,?,?,?,?,?,?,00007FF6F907F861), ref: 00007FF6F908677E

Strings

FlushProcessWriteBuffers, xrefs: 00007FF6F908674F
ReleaseSRWLockExclusive, xrefs: 00007FF6F908692F
CreateThreadpoolWork, xrefs: 00007FF6F908696B
FlsAlloc, xrefs: 00007FF6F9086576
SleepConditionVariableSRW, xrefs: 00007FF6F908694D
CloseThreadpoolWork, xrefs: 00007FF6F90869A7
GetSystemTimePreciseAsFileTime, xrefs: 00007FF6F908683F
LCMapStringEx, xrefs: 00007FF6F9086A01
CreateThreadpoolWait, xrefs: 00007FF6F90866F5
kernel32.dll, xrefs: 00007FF6F9086566
InitializeSRWLock, xrefs: 00007FF6F90868D5
CreateSemaphoreW, xrefs: 00007FF6F9086641
SetThreadpoolTimer, xrefs: 00007FF6F908669B
SleepConditionVariableCS, xrefs: 00007FF6F90868B7
FlsSetValue, xrefs: 00007FF6F90865C9
SubmitThreadpoolWork, xrefs: 00007FF6F9086989
FreeLibraryWhenCallbackReturns, xrefs: 00007FF6F908676D
CreateThreadpoolTimer, xrefs: 00007FF6F908667D
GetTickCount64, xrefs: 00007FF6F90867E5
InitializeCriticalSectionEx, xrefs: 00007FF6F90865E7
FlsGetValue, xrefs: 00007FF6F90865AB
CreateSymbolicLinkW, xrefs: 00007FF6F90867A9
AcquireSRWLockExclusive, xrefs: 00007FF6F90868F3
InitializeConditionVariable, xrefs: 00007FF6F908685D
CloseThreadpoolWait, xrefs: 00007FF6F9086731
FlsFree, xrefs: 00007FF6F908658D
SetFileInformationByHandle, xrefs: 00007FF6F9086821
CreateSemaphoreExW, xrefs: 00007FF6F908665F
CompareStringEx, xrefs: 00007FF6F90869C5
SetThreadpoolWait, xrefs: 00007FF6F9086713
GetLocaleInfoEx, xrefs: 00007FF6F90869E3
GetCurrentPackageId, xrefs: 00007FF6F90867C7
GetFileInformationByHandleEx, xrefs: 00007FF6F9086803
WaitForThreadpoolTimerCallbacks, xrefs: 00007FF6F90866B9
CloseThreadpoolTimer, xrefs: 00007FF6F90866D7
InitOnceExecuteOnce, xrefs: 00007FF6F9086605
CreateEventExW, xrefs: 00007FF6F9086623
WakeConditionVariable, xrefs: 00007FF6F908687B
GetCurrentProcessorNumber, xrefs: 00007FF6F908678B
WakeAllConditionVariable, xrefs: 00007FF6F9086899
TryAcquireSRWLockExclusive, xrefs: 00007FF6F9086911

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AddressProc$EncodeHandleModulePointer
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 73157160-295688737
Opcode ID: cae96f76881c60b9b48b9cd7771779038fb8d5d0b045166fafa3d84d0d47c3e7
Instruction ID: 515b58c75edd8dcded931f27ea90f7a2a07cae1141669ab0f937676c5a75e9c2
Opcode Fuzzy Hash: cae96f76881c60b9b48b9cd7771779038fb8d5d0b045166fafa3d84d0d47c3e7
Instruction Fuzzy Hash: A6E15D64E19B47A1EB08EF50FC9816523A9BF5A744B841439C97E863BCFE3CE189C300

Function 00007FF6F9079680 Relevance: 101.9, APIs: 24, Strings: 34, Instructions: 438libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF6F9079711
LoadLibraryA.KERNEL32 ref: 00007FF6F9079726
GetProcAddress.KERNEL32 ref: 00007FF6F90797E3
GetProcAddress.KERNEL32 ref: 00007FF6F90797F6
GetProcAddress.KERNEL32 ref: 00007FF6F9079809
GetProcAddress.KERNEL32 ref: 00007FF6F9079821
GetProcAddress.KERNEL32 ref: 00007FF6F9079834
FreeLibrary.KERNEL32 ref: 00007FF6F9079B87
FreeLibrary.KERNEL32 ref: 00007FF6F9079B92
FreeLibrary.KERNEL32 ref: 00007FF6F9079BCD
FreeLibrary.KERNEL32 ref: 00007FF6F9079BD8
FreeLibrary.KERNEL32 ref: 00007FF6F9079D73
FreeLibrary.KERNEL32 ref: 00007FF6F9079D7E
FreeLibrary.KERNEL32 ref: 00007FF6F9079E74
FreeLibrary.KERNEL32 ref: 00007FF6F9079E7D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9079EB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9079EBB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9079EC1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9079EC7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9079ECD

Strings

papi, xrefs: 00007FF6F90796EF
cuck, xrefs: 00007FF6F90798A3
bitd, xrefs: 00007FF6F9079885
are, xrefs: 00007FF6F90798C7
efen, xrefs: 00007FF6F907988F
gsA, xrefs: 00007FF6F907979E
malw, xrefs: 00007FF6F90798BD
avas, xrefs: 00007FF6F907986A
GetS, xrefs: 00007FF6F907975D
vbox, xrefs: 00007FF6F9079959
.dll, xrefs: 00007FF6F90796F9
kern, xrefs: 00007FF6F90796C0
ice, xrefs: 00007FF6F907998A
vbox, xrefs: 00007FF6F9079976
gues, xrefs: 00007FF6F9079963
ual, xrefs: 00007FF6F90798EF
sand, xrefs: 00007FF6F90798D1
box, xrefs: 00007FF6F90798DB
el32, xrefs: 00007FF6F90796CA
trin, xrefs: 00007FF6F9079794
qemu, xrefs: 00007FF6F9079937
serv, xrefs: 00007FF6F9079980
.dll, xrefs: 00007FF6F90796D4
virt, xrefs: 00007FF6F90798E5
virt, xrefs: 00007FF6F9079913
mInf, xrefs: 00007FF6F9079771
vmwa, xrefs: 00007FF6F90798F9
ualb, xrefs: 00007FF6F907991D
yste, xrefs: 00007FF6F9079767
usEx, xrefs: 00007FF6F90797B8
vbox, xrefs: 00007FF6F9079948
iphl, xrefs: 00007FF6F90796E5
der, xrefs: 00007FF6F9079899
avg, xrefs: 00007FF6F907999F

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Library$Free$AddressProc_invalid_parameter_noinfo_noreturn$Load
String ID: .dll$.dll$GetS$are$avas$avg$bitd$box$cuck$der$efen$el32$gsA$gues$ice$iphl$kern$mInf$malw$papi$qemu$sand$serv$trin$ual$ualb$usEx$vbox$vbox$vbox$virt$virt$vmwa$yste
API String ID: 13129336-110364904
Opcode ID: 926e3a317a4876145a7f7000ee2f48dbbeeec46091013ed1cb7c4727af655c68
Instruction ID: f020b6ea7b04fb1b0336ec930be01b413ae71507fd38145fcf7e5d7ebd17f78b
Opcode Fuzzy Hash: 926e3a317a4876145a7f7000ee2f48dbbeeec46091013ed1cb7c4727af655c68
Instruction Fuzzy Hash: A0224662A19BC28AEB208F25D8443E93761FB457A8F504239DA7D4BBDCEF78D644C701

Function 00007FF6F907A490 Relevance: 52.8, APIs: 18, Strings: 12, Instructions: 253libraryloaderfileCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000000), ref: 00007FF6F907A58A
GetProcAddress.KERNEL32 ref: 00007FF6F907A59E
LoadLibraryA.KERNEL32 ref: 00007FF6F907A5B8
GetProcAddress.KERNEL32 ref: 00007FF6F907A5CA
LoadLibraryA.KERNEL32 ref: 00007FF6F907A5E4
GetProcAddress.KERNEL32 ref: 00007FF6F907A5F6
LoadLibraryA.KERNEL32 ref: 00007FF6F907A610
GetProcAddress.KERNEL32 ref: 00007FF6F907A622
LoadLibraryA.KERNEL32 ref: 00007FF6F907A63C
GetProcAddress.KERNEL32 ref: 00007FF6F907A64E
LoadLibraryA.KERNEL32 ref: 00007FF6F907A668
GetProcAddress.KERNEL32 ref: 00007FF6F907A67D
LoadLibraryA.KERNEL32 ref: 00007FF6F907A68F
GetProcAddress.KERNEL32 ref: 00007FF6F907A6A1
WinHttpCrackUrl.WINHTTP ref: 00007FF6F907A756
CreateFileA.KERNEL32 ref: 00007FF6F907A818
WriteFile.KERNEL32 ref: 00007FF6F907A87B
CloseHandle.KERNEL32 ref: 00007FF6F907A886

Strings

ttp., xrefs: 00007FF6F907A50E
pen, xrefs: 00007FF6F907A52A
ttpO, xrefs: 00007FF6F907A523
onne, xrefs: 00007FF6F907A53F
WinH, xrefs: 00007FF6F907A531
dll, xrefs: 00007FF6F907A515
h, xrefs: 00007FF6F907A736
GET, xrefs: 00007FF6F907A7AA
ttpC, xrefs: 00007FF6F907A538
WinH, xrefs: 00007FF6F907A51C
winh, xrefs: 00007FF6F907A4F7
spon, xrefs: 00007FF6F907A564

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AddressLibraryLoadProc$File$CloseCrackCreateHandleHttpWrite
String ID: GET$WinH$WinH$dll$h$onne$pen$spon$ttp.$ttpC$ttpO$winh
API String ID: 1374871504-1302821344
Opcode ID: 0cef8fc70c4840044f696872ced4eea2a2330069dfb2d0534f483a879132f51a
Instruction ID: 128c88a37677b3bb17ebce76db3e5894dd38ffaefc49c7d61e02b24e93208483
Opcode Fuzzy Hash: 0cef8fc70c4840044f696872ced4eea2a2330069dfb2d0534f483a879132f51a
Instruction Fuzzy Hash: F5C16E72A097828AEB60DF61E8447AD37B0FB48788F844139EA5D47B98EF3CD605C741

Function 00007FF6F90CBEC4 Relevance: 33.4, APIs: 21, Instructions: 1857COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CC240
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CC461
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CC77E
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CC98F
memcpy_s.LIBCPMT ref: 00007FF6F90CCBD3
memcpy_s.LIBCPMT ref: 00007FF6F90CCC6A
memcpy_s.LIBCPMT ref: 00007FF6F90CCE21
memcpy_s.LIBCPMT ref: 00007FF6F90CCFF9
memcpy_s.LIBCPMT ref: 00007FF6F90CD0F5
memcpy_s.LIBCPMT ref: 00007FF6F90CD12D
memcpy_s.LIBCPMT ref: 00007FF6F90CD15F
memcpy_s.LIBCPMT ref: 00007FF6F90CD1F6
memcpy_s.LIBCPMT ref: 00007FF6F90CD309
memcpy_s.LIBCPMT ref: 00007FF6F90CD3B1
memcpy_s.LIBCPMT ref: 00007FF6F90CD3F8
memcpy_s.LIBCPMT ref: 00007FF6F90CD62F
memcpy_s.LIBCPMT ref: 00007FF6F90CD69E
memcpy_s.LIBCPMT ref: 00007FF6F90CD6DC
memcpy_s.LIBCPMT ref: 00007FF6F90CD786
memcpy_s.LIBCPMT ref: 00007FF6F90CD9A1
memcpy_s.LIBCPMT ref: 00007FF6F90CDB7D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: memcpy_s$_invalid_parameter_noinfo
String ID:
API String ID: 2880407647-0
Opcode ID: 8063efdc9de485ee38816a67eff462435e340b8218a1daf9c0f97be6f423fd99
Instruction ID: e8e838cb3260c0ef275f5688d2c79e2471557871e7dc870881bfa95754b2c666
Opcode Fuzzy Hash: 8063efdc9de485ee38816a67eff462435e340b8218a1daf9c0f97be6f423fd99
Instruction Fuzzy Hash: D003A372A081D28BD7758E25D840BF937A5FB8478CF401139DA1AA7B9DEF38E944CB50

Function 00007FF6F909DD40 Relevance: 25.8, APIs: 12, Strings: 2, Instructions: 1260COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F909CA98: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CAB8
Part of subcall function 00007FF6F909CA98: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CADD
Part of subcall function 00007FF6F909CA98: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CB07
Part of subcall function 00007FF6F909CA98: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CB9A

Part of subcall function 00007FF6F9080F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908107D

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF1A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF20
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF26
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF2C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF32
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF38
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF3E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF44
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF4A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF50
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF56
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909EF5C

Strings

0123456789-, xrefs: 00007FF6F909DF3B, 00007FF6F909E14C, 00007FF6F909E4C2, 00007FF6F909E6BB
, xrefs: 00007FF6F909DFE6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Lockitstd::_$Lockit::_Lockit::~_
String ID: $0123456789-
API String ID: 3469846696-700845222
Opcode ID: 218e53bb72e9e0f6f2464561835006351a3cffe6a85929c02ad2d2bb034f6a30
Instruction ID: c7245b6bd4bcfaa742aed03338062fe6f4a1336517daa92ba178c08d47834f6c
Opcode Fuzzy Hash: 218e53bb72e9e0f6f2464561835006351a3cffe6a85929c02ad2d2bb034f6a30
Instruction Fuzzy Hash: 7BC2AC62B08A8685FB058F65C8943BD2761BB85B98F54413ADE6E877DDEF3CE845C300

Function 00007FF6F9071A40 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 354nativeCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6F9071B57

Part of subcall function 00007FF6F907E720: DuplicateHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000000), ref: 00007FF6F907E7C8

NtQueryObject.NTDLL ref: 00007FF6F9071CB7
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9072064

Strings

3, xrefs: 00007FF6F9071AE4
NtQueryInformationProcess, xrefs: 00007FF6F9071ACE
Failed to hijack object handle, xrefs: 00007FF6F9072041
NtQueryObject, xrefs: 00007FF6F9071C36

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CurrentDuplicateExceptionHandleObjectProcessQueryThrow
String ID: 3$Failed to hijack object handle$NtQueryInformationProcess$NtQueryObject
API String ID: 2506526296-3432217144
Opcode ID: bdc0d6f03d999707b1706eac007eb8bcff8f77c28476bb6890dfaee55542d95f
Instruction ID: c972eeb3e13b379fdd41ad0cdd5d9c0f7ad900bbcf1c56a29022865ef6d21941
Opcode Fuzzy Hash: bdc0d6f03d999707b1706eac007eb8bcff8f77c28476bb6890dfaee55542d95f
Instruction Fuzzy Hash: 5FF18572A1878681EB60DF15E8443AE7365FB85BA0F14423ADAAD877D9EF3CD485C700

Function 00007FF6F90E2908 Relevance: 24.1, APIs: 9, Strings: 4, Instructions: 1309COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF6F90E2951
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90E2FA0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90E3171
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90E3389

Part of subcall function 00007FF6F90D6338: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D635D

memcpy_s.LIBCPMT ref: 00007FF6F90E395D
memcpy_s.LIBCPMT ref: 00007FF6F90E3A04
memcpy_s.LIBCPMT ref: 00007FF6F90E3ACD

Strings

1#IND, xrefs: 00007FF6F90E3B48
1#SNAN, xrefs: 00007FF6F90E3B67
1#QNAN, xrefs: 00007FF6F90E3B86
1#INF, xrefs: 00007FF6F90E3BA5

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: ebf695d740cf9b684e7ef851c7b95ff5751eb3b0c0db158049e32c2b887eacab
Instruction ID: 5f17b1241c333b72eb4a6150067260ea65e2d63e3970d5c2a87e2ad037632928
Opcode Fuzzy Hash: ebf695d740cf9b684e7ef851c7b95ff5751eb3b0c0db158049e32c2b887eacab
Instruction Fuzzy Hash: 0DB2F872E081928AE7759E699C406FD3B95FB84788F40513DDA2AD7BCCEF39E5408B40

Function 00007FF6F90789A0 Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 183COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9072130: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907227B

SearchPathA.KERNEL32 ref: 00007FF6F9078C09
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9078CBB

Strings

vmci.sys, xrefs: 00007FF6F9078AF9
vmmouse.sys, xrefs: 00007FF6F9078A05
VBoxGuest.sys, xrefs: 00007FF6F9078B49
vmu**mouse.sys, xrefs: 00007FF6F9078A81
vm3dmp.sys, xrefs: 00007FF6F9078A59
vmxnet.sys, xrefs: 00007FF6F9078AD1
VBoxSF.sys, xrefs: 00007FF6F9078B71
vmhgfs.sys, xrefs: 00007FF6F9078A30
vmx_svga.sys, xrefs: 00007FF6F9078AA9
VBoxMouse.sys, xrefs: 00007FF6F9078B21

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$PathSearch
String ID: VBoxGuest.sys$VBoxMouse.sys$VBoxSF.sys$vm3dmp.sys$vmci.sys$vmhgfs.sys$vmmouse.sys$vmu**mouse.sys$vmx_svga.sys$vmxnet.sys
API String ID: 828134698-2441281973
Opcode ID: 3473c4336cfb70c788b506f784a42a88fedf4026b6987b3718f2866aafcf0a69
Instruction ID: 505642f459a25f93b8f61342745e859c9a7c51c74fd578c5d884db02848e0f03
Opcode Fuzzy Hash: 3473c4336cfb70c788b506f784a42a88fedf4026b6987b3718f2866aafcf0a69
Instruction Fuzzy Hash: 39919322A18BC289EB10DF38DC417E96760FB95758F405239DAAC97ADDEF6CD644C340

Function 00007FF6F9090A40 Relevance: 18.6, APIs: 8, Strings: 2, Instructions: 1082COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F90893C4: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90893E4
Part of subcall function 00007FF6F90893C4: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089409
Part of subcall function 00007FF6F90893C4: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089433
Part of subcall function 00007FF6F90893C4: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90894C6

Part of subcall function 00007FF6F9080F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908107D

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90919D2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90919D8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90919DE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90919E4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90919EA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90919F0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90919FC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9091A02

Strings

0123456789-, xrefs: 00007FF6F9090C3C, 00007FF6F9090E03, 00007FF6F90910C4, 00007FF6F90911CA
, xrefs: 00007FF6F9090D01

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Lockitstd::_$Lockit::_Lockit::~_
String ID: $0123456789-
API String ID: 3469846696-700845222
Opcode ID: 15ce30c2212c6f06e5edbfa142deb670f3ac7c0d19db035e79cfa460bae040cf
Instruction ID: 7938ef340c7ca9c7e037a2a46d915cedf088c0c86fd4036e259b8ef270f56e34
Opcode Fuzzy Hash: 15ce30c2212c6f06e5edbfa142deb670f3ac7c0d19db035e79cfa460bae040cf
Instruction Fuzzy Hash: A3A29C62B08A8285EB50DF65D8401AD67B1FB85B94F444139EE6E97BEDEF3CE485C300

Function 00007FF6F908FA78 Relevance: 18.6, APIs: 8, Strings: 2, Instructions: 1082COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F908915C: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F908917C

Part of subcall function 00007FF6F9080F30: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908107D

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9090A0A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9090A10
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9090A16
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9090A1C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9090A22
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9090A28
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9090A34
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9090A3A

Strings

0123456789-, xrefs: 00007FF6F908FC74, 00007FF6F908FE3B, 00007FF6F90900FC, 00007FF6F9090202
, xrefs: 00007FF6F908FD39

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$LockitLockit::_std::_
String ID: $0123456789-
API String ID: 2793160773-700845222
Opcode ID: 038d15bf6612fc9aa228cb0d1058634f8596754a6de6c4b57b85ec738651ce16
Instruction ID: 3026918eb5db9dfc92015bedafd1564443c0307a166220867923c62298f4e465
Opcode Fuzzy Hash: 038d15bf6612fc9aa228cb0d1058634f8596754a6de6c4b57b85ec738651ce16
Instruction Fuzzy Hash: D5A2BC22B09A8285EB449F66D8401BD67B1FB85B94F444139EE6E97BDDEF3CE481C700

Function 00007FF6F9074350 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 203windowCOMMON

Download Yara Rule

APIs

FormatMessageA.KERNEL32 ref: 00007FF6F90743BD
LocalFree.KERNEL32 ref: 00007FF6F90743FD
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00007FF6F907453F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90745F6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90745FC
GetLastError.KERNEL32 ref: 00007FF6F9074629
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9074679

Strings

failed: , xrefs: 00007FF6F9074445
FormatMessageA failed: , xrefs: 00007FF6F9074631

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ErrorExceptionFormatFreeIos_base_dtorLastLocalMessageThrowstd::ios_base::_
String ID: failed: $FormatMessageA failed:
API String ID: 1499771356-1331817580
Opcode ID: e7243b5f99f5f77f2b2ec79b7d6c0f808e915cfb64451c21881e69f4f4339de5
Instruction ID: e1692471f51f972e1f75df5f65821bd6b2bb9103cd30f3b3bf9f3e630a9c7848
Opcode Fuzzy Hash: e7243b5f99f5f77f2b2ec79b7d6c0f808e915cfb64451c21881e69f4f4339de5
Instruction Fuzzy Hash: D2915862B14B8689EB10DF64D8443ED3762FB84BA8F50423ADA6D97ADDEF38D441C341

Function 00007FF6F90A1788 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 468COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9072DC0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9072E03
Part of subcall function 00007FF6F9072DC0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9072E26
Part of subcall function 00007FF6F9072DC0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9072E53
Part of subcall function 00007FF6F9072DC0: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9072F5B

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90A1A98
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90A1A9E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90A1AA4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90A1CCC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90A1E31

Strings

0123456789-, xrefs: 00007FF6F90A1839
!%x, xrefs: 00007FF6F90A1D10
%.0Lf, xrefs: 00007FF6F90A1B40

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Lockitstd::_$Lockit::_Lockit::~_
String ID: !%x$%.0Lf$0123456789-
API String ID: 3469846696-778084515
Opcode ID: 7193d8051715aa0c45b371c397311df4a68ec5840703d6c70ff1fab96844a15f
Instruction ID: 98a94df6bcb367488644e67c4a8d5ff3279976ac67de96274d59cc9b32e4b51d
Opcode Fuzzy Hash: 7193d8051715aa0c45b371c397311df4a68ec5840703d6c70ff1fab96844a15f
Instruction Fuzzy Hash: 8412AD22B08B8599EB10CF65D8403AD6761EB89BA8F04423ADE6D57BDDEF38D145C380

Function 00007FF6F909F918 Relevance: 12.7, APIs: 8, Instructions: 653COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 593203224-0
Opcode ID: 79b529a21420bb1d95d23f7bfbb35f8bc13078b797c853a695b558ebcb7ed740
Instruction ID: cf5d3bdebe7e24472eeba7b7b899ef0faef85687d82fcd0cff0243e47d8412cc
Opcode Fuzzy Hash: 79b529a21420bb1d95d23f7bfbb35f8bc13078b797c853a695b558ebcb7ed740
Instruction Fuzzy Hash: 2E52AC62B18A9685FB118F6AD8441AD6B71FB59B98F044135DFAD83BDDEF38D881C300

Function 00007FF6F90E1720 Relevance: 10.7, APIs: 7, Instructions: 209COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6F90D67D4: GetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D67DE
Part of subcall function 00007FF6F90D67D4: SetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D6893

TranslateName.LIBCMT ref: 00007FF6F90E178A
TranslateName.LIBCMT ref: 00007FF6F90E17C5
GetACP.KERNEL32(?,?,?,?,?,00007FF6F90D5248), ref: 00007FF6F90E1824
IsValidCodePage.KERNEL32(?,?,?,?,?,00007FF6F90D5248), ref: 00007FF6F90E1835
wcschr.LIBVCRUNTIME ref: 00007FF6F90E18C8
wcschr.LIBVCRUNTIME ref: 00007FF6F90E18D8

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorLastNameTranslatewcschr$CodePageValid
String ID:
API String ID: 4034593509-0
Opcode ID: be655004c0dd4ea7d75b64525a0fb309909eb3b7571d9666ab2fe5d424677240
Instruction ID: 9044491755195e1da3a2a8a2d1b8e5ef9c7937a47a75d43786dfebee7fa99452
Opcode Fuzzy Hash: be655004c0dd4ea7d75b64525a0fb309909eb3b7571d9666ab2fe5d424677240
Instruction Fuzzy Hash: 43817032B0878285EBB4AF21DC512B923A5EB84B84F454139DA6D877C9EF3CE995C740

Function 00007FF6F90E210C Relevance: 10.7, APIs: 7, Instructions: 174COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6F90D67D4: GetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D67DE
Part of subcall function 00007FF6F90D67D4: SetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D6893

GetUserDefaultLCID.KERNEL32(?,?,?,00000000), ref: 00007FF6F90E227C

Part of subcall function 00007FF6F90D67D4: SetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D687D

EnumSystemLocalesW.KERNEL32(?,?,?,00000000,00000001,00000000,?,00007FF6F90D5241), ref: 00007FF6F90E2263
ProcessCodePage.LIBCMT ref: 00007FF6F90E22A6
IsValidCodePage.KERNEL32 ref: 00007FF6F90E22C7
IsValidLocale.KERNEL32 ref: 00007FF6F90E22DD
GetLocaleInfoW.KERNEL32 ref: 00007FF6F90E2339
GetLocaleInfoW.KERNEL32 ref: 00007FF6F90E2355

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorLastLocale$CodeInfoPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2187550130-0
Opcode ID: 9789a35afcd32da5a1f841fd6f1c50f3075dbd0776c0b463e5a1a7728d490b4b
Instruction ID: 862925f521f02857b77ca17273ec9e9ad0ec683bf8a212783d2b04546ec1e523
Opcode Fuzzy Hash: 9789a35afcd32da5a1f841fd6f1c50f3075dbd0776c0b463e5a1a7728d490b4b
Instruction Fuzzy Hash: 6A716762F086039AEB55AF68DC506BD33A0AF48748F44453ACA2D936D9FF3CE985C750

Function 00007FF6F90C4158 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6F90C41D1
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6F90C41E9
RtlVirtualUnwind.KERNEL32 ref: 00007FF6F90C4224
IsDebuggerPresent.KERNEL32 ref: 00007FF6F90C425D
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6F90C4267
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6F90C4272

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: d71fd12e5e487183928d2d7f5b32ebd81a83957dfd7d479d62cecfdd9694a98d
Instruction ID: e93739efa4f8f197f254d0707839f1fa8f8913faa2dd2cef79129dbe717d5653
Opcode Fuzzy Hash: d71fd12e5e487183928d2d7f5b32ebd81a83957dfd7d479d62cecfdd9694a98d
Instruction Fuzzy Hash: CA317336608B8185DB64DF65EC402AE73A4FB88758F54013AEAAD83BD9EF3CC555CB00

Function 00007FF6F90959BC Relevance: 8.0, APIs: 5, Instructions: 510COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9095AF7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9095C78
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9095DBB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9095F3C
_Stoulx.LIBCPMT ref: 00007FF6F9096031

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Stoulx
String ID:
API String ID: 4138948651-0
Opcode ID: 880db0e2458fae6dd4bf6cf23656f5417a6f540675da826ecc3f7676cd842955
Instruction ID: 99fb9a22a8d3d9d9a9b804f5fae1396c6a72173bbf0ada0da282dc59e48f9831
Opcode Fuzzy Hash: 880db0e2458fae6dd4bf6cf23656f5417a6f540675da826ecc3f7676cd842955
Instruction Fuzzy Hash: B3128062B18B4589EB10CF66D8442AD6361FB49BE4F504235EE6D87BDDEF38E486C700

Function 00007FF6F90DE088 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 169COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90DE0C8

Part of subcall function 00007FF6F90C43BC: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6F90C4369), ref: 00007FF6F90C43C5
Part of subcall function 00007FF6F90C43BC: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6F90C4369), ref: 00007FF6F90C43EA

Strings

., xrefs: 00007FF6F90DE587
*, xrefs: 00007FF6F90DE0EF
., xrefs: 00007FF6F90DE596

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
String ID: *$.$.
API String ID: 4036615347-2112782162
Opcode ID: a6d757489066476fcc46afb15dd7695ea2c54c907a3e814965bdc3569c4a7e37
Instruction ID: 8b8fecc671a47b4392afb219da1352b4a6ac8e991fe42a93204c617d8a56eaae
Opcode Fuzzy Hash: a6d757489066476fcc46afb15dd7695ea2c54c907a3e814965bdc3569c4a7e37
Instruction Fuzzy Hash: 7B51E072F14A5585FB11DFA69C402BD67A5BB84BC8F14853ADE6D97BC9EE38D0428300

Function 00007FF6F908367C Relevance: 6.3, APIs: 2, Strings: 1, Instructions: 1025COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9073150: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9073190
Part of subcall function 00007FF6F9073150: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90731B3
Part of subcall function 00007FF6F9073150: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90731E0
Part of subcall function 00007FF6F9073150: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90732FA

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908439D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90843A3

Strings

0123456789ABCDEFabcdef-+XxPp, xrefs: 00007FF6F90837AC, 00007FF6F9083B31, 00007FF6F9083D6B, 00007FF6F9083F5C, 00007FF6F9084271

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn
String ID: 0123456789ABCDEFabcdef-+XxPp
API String ID: 4156930308-3606100449
Opcode ID: 3633239660b73ed081228dc85ef6291688b3ac6d91e8ced24a93fb3393aeaf9d
Instruction ID: e1a5098fe77bb535402d097e202d56d148f8c9bb9afff391765079213c546126
Opcode Fuzzy Hash: 3633239660b73ed081228dc85ef6291688b3ac6d91e8ced24a93fb3393aeaf9d
Instruction Fuzzy Hash: 2692B162B0C68285EB188F25C95027D3BA1BF91B84F588439DEBD877DAEF2DE455C300

Function 00007FF6F90829B0 Relevance: 6.2, APIs: 2, Strings: 1, Instructions: 985COMMON

Download Yara Rule

Strings

0123456789-+Ee, xrefs: 00007FF6F9082B15, 00007FF6F9082D5D, 00007FF6F9082FEF, 00007FF6F90831AC, 00007FF6F90835C5

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID: 0123456789-+Ee
API String ID: 0-1347306980
Opcode ID: 9767abdae08f1cb72ae322cb19fbee991ab45f555d6599d034a6d20d9305e107
Instruction ID: 58cb1bac2e8e70a5ad005dc9ea9f8d58332eaa65b7824abb4c7adda957e25d07
Opcode Fuzzy Hash: 9767abdae08f1cb72ae322cb19fbee991ab45f555d6599d034a6d20d9305e107
Instruction Fuzzy Hash: BB92C422B0D68286EB198F29C95027D3BA1BF91B84F588139DE7D877D9EF2DE455C300

Function 00007FF6F908C9FC Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 628COMMON

Download Yara Rule

Strings

0123456789-+Ee, xrefs: 00007FF6F908CB60, 00007FF6F908CCC7, 00007FF6F908CF1F, 00007FF6F908D03C, 00007FF6F908D1FF

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID: 0123456789-+Ee
API String ID: 0-1347306980
Opcode ID: 1ecac08825bed5d0864dd42242ff2fd273c294098825da341b59f7a68b7ed73e
Instruction ID: 8564dfed4b0c05a833533b9c0d7e47e7cf21f48a4ebf812b7251ed33355e51c2
Opcode Fuzzy Hash: 1ecac08825bed5d0864dd42242ff2fd273c294098825da341b59f7a68b7ed73e
Instruction Fuzzy Hash: 9742B222B0D65295EF599F2599502BD27A1BF51B88F404039DE6E87BDEEF3CE44AC300

Function 00007FF6F908D2B0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 628COMMON

Download Yara Rule

Strings

0123456789-+Ee, xrefs: 00007FF6F908D414, 00007FF6F908D57B, 00007FF6F908D7D3, 00007FF6F908D8F0, 00007FF6F908DAB3

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID: 0123456789-+Ee
API String ID: 0-1347306980
Opcode ID: 1914edf34c204729da52728933ba711342b689c81a02235e78f222bd4673cf17
Instruction ID: e89a6dfc6fde6101b86853dd560b234f300c880a609d716ed6e68c126c2217d5
Opcode Fuzzy Hash: 1914edf34c204729da52728933ba711342b689c81a02235e78f222bd4673cf17
Instruction Fuzzy Hash: 2D42C262B0D64285EB589F2599502BD27A1BB51B88F404139DE6E87BDEFF7CE44EC300

Function 00007FF6F908DB64 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 597COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9089AFC: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089B1C
Part of subcall function 00007FF6F9089AFC: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089B41
Part of subcall function 00007FF6F9089AFC: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089B6B
Part of subcall function 00007FF6F9089AFC: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089BFE

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908E370
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908E376

Strings

0123456789ABCDEFabcdef-+XxPp, xrefs: 00007FF6F908DC9B, 00007FF6F908DE55, 00007FF6F908E0F5, 00007FF6F908E17D, 00007FF6F908E290

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn
String ID: 0123456789ABCDEFabcdef-+XxPp
API String ID: 4156930308-3606100449
Opcode ID: 607a296d5e7dfd75b5dc0ed7497f3229c8378f6c26fa29b403a558ab07fa1522
Instruction ID: 77afab554e716c14b16ee071676da1a564396d89f149f86262418ff23bf407b8
Opcode Fuzzy Hash: 607a296d5e7dfd75b5dc0ed7497f3229c8378f6c26fa29b403a558ab07fa1522
Instruction Fuzzy Hash: 01329222B0C64285EF59AF2599502BD6761BF95B84F404139DE6E87BDEEF3CE44AC300

Function 00007FF6F908E37C Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 597COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9089C30: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089C50
Part of subcall function 00007FF6F9089C30: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089C75
Part of subcall function 00007FF6F9089C30: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089C9F
Part of subcall function 00007FF6F9089C30: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089D32

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908EB88
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908EB8E

Strings

0123456789ABCDEFabcdef-+XxPp, xrefs: 00007FF6F908E4B3, 00007FF6F908E66D, 00007FF6F908E90D, 00007FF6F908E995, 00007FF6F908EAA8

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn
String ID: 0123456789ABCDEFabcdef-+XxPp
API String ID: 4156930308-3606100449
Opcode ID: 6108c203123dee2b6d8b0ba2902f8ccf347d79332082c6713db5a326c5305ef1
Instruction ID: 13b0df1f9bcc6a5bbd354247bfb79cc0a275a68980e278e82e9dd4bb7533dd08
Opcode Fuzzy Hash: 6108c203123dee2b6d8b0ba2902f8ccf347d79332082c6713db5a326c5305ef1
Instruction Fuzzy Hash: 94327162B0C65285EF59AF2599502BD2762BF95B84F404439DE6E87BDEEF3CE442C300

Function 00007FF6F90843AC Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 511COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9073150: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9073190
Part of subcall function 00007FF6F9073150: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90731B3
Part of subcall function 00007FF6F9073150: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90731E0
Part of subcall function 00007FF6F9073150: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90732FA

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9084A58
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9084A5E

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 00007FF6F9084453, 00007FF6F90847EB

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 4156930308-2799312399
Opcode ID: 3f51415d3456d7500b8b1a663bf33415d654550858592d87f938501d504091f0
Instruction ID: b0be1413ed9a0fdf528120ec1fd1a2a9bc15e24d421c9ea1815f8bead82218ac
Opcode Fuzzy Hash: 3f51415d3456d7500b8b1a663bf33415d654550858592d87f938501d504091f0
Instruction Fuzzy Hash: BF22B162B0C69285FB19CF65C85027D3BA1AB81B98F545139CE6E9B7DEEF2CD446C300

Function 00007FF6F9099C1C Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 327COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F90887BC: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90887DC

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9099EF5

Strings

0123456789-, xrefs: 00007FF6F9099CD0
%.0Lf, xrefs: 00007FF6F9099CC9, 00007FF6F9099F90

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::__invalid_parameter_noinfo_noreturnstd::_
String ID: %.0Lf$0123456789-
API String ID: 3145298356-3094241602
Opcode ID: 1e8dfe5823d39aca4df6c52db93dcd819832284230f8f6049cc36ed5c2aa593c
Instruction ID: 6dd52fe300923380cb38b917d986e28c3151db42e4fe4a455760dd0ee5f10d13
Opcode Fuzzy Hash: 1e8dfe5823d39aca4df6c52db93dcd819832284230f8f6049cc36ed5c2aa593c
Instruction Fuzzy Hash: 74E17D22B09B858AEB11CF65D8402AD6371FB94B88F50413ADE6DA7BADEF38D445C340

Function 00007FF6F909A0F4 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 327COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F90888F0: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088910

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909A3CD

Strings

0123456789-, xrefs: 00007FF6F909A1A8
%.0Lf, xrefs: 00007FF6F909A468

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::__invalid_parameter_noinfo_noreturnstd::_
String ID: %.0Lf$0123456789-
API String ID: 3145298356-3094241602
Opcode ID: 76a8486d43a9fd38dca75a486efcc2a1624efcc32a55aba72adab17a63d7fc4a
Instruction ID: f6f47db5467989fdbe761e0c76c1b07faa90607aceb8fd18e4664097645772f0
Opcode Fuzzy Hash: 76a8486d43a9fd38dca75a486efcc2a1624efcc32a55aba72adab17a63d7fc4a
Instruction Fuzzy Hash: 67E16D22B08B8595EB11CF65D8502AD7371FB84B98F40413ADE6DA7BADEF38D455C340

Function 00007FF6F90D0F7C Relevance: 5.6, APIs: 3, Instructions: 1058COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D13A5
_get_daylight.LIBCMT ref: 00007FF6F90D1483
_get_daylight.LIBCMT ref: 00007FF6F90D149C

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID:
API String ID: 1286766494-0
Opcode ID: d21bfbbfdd8519a0b8afb1af7b3b50d6130fb840f8323c99a1e2a18ec3cf5119
Instruction ID: d3c5120e62c83811305ace82fec12f77b3bbd98bf8f2e04cf167f91db7c1fad8
Opcode Fuzzy Hash: d21bfbbfdd8519a0b8afb1af7b3b50d6130fb840f8323c99a1e2a18ec3cf5119
Instruction Fuzzy Hash: 28A25C72A0868286E7B88F28D9501B937A2FF55B88B14413ADB9D87BDDEF3DD5118700

Function 00007FF6F90D7AE0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 241COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D7B44

Strings

gfffffff, xrefs: 00007FF6F90D7DC6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: gfffffff
API String ID: 3215553584-1523873471
Opcode ID: 55e31a2a53492d449e3f7d6c0a8c789c62ac8188ad68ceeeb8b97270eb7f7bb5
Instruction ID: d4f4e88ab9e066466f5fda456a329529ef61a9a5029716056b42d5f8defe06f4
Opcode Fuzzy Hash: 55e31a2a53492d449e3f7d6c0a8c789c62ac8188ad68ceeeb8b97270eb7f7bb5
Instruction Fuzzy Hash: 61913AA3B097C686EB118F2598003BDB7A6AB55784F05903BCE6D877D9EE3DE506C301

Function 00007FF6F9071F6D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104nativeCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6F9071B57

Part of subcall function 00007FF6F907E720: DuplicateHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,00000000), ref: 00007FF6F907E7C8

NtQueryObject.NTDLL ref: 00007FF6F9071CB7
RtlNtStatusToDosError.NTDLL ref: 00007FF6F9071FE5
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F907201D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9072023
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9072029
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907202F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9072035
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907203B
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9072064

Strings

NtQueryObject, xrefs: 00007FF6F9071C36

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow$CurrentDuplicateErrorHandleObjectProcessQueryStatus
String ID: NtQueryObject
API String ID: 3024610690-1504830893
Opcode ID: 9e4e735f7a1f6e367f68973d3c9e99cef007dba3a5fc152fa8b7dfcfac9b97db
Instruction ID: 66c243a159272c775e0d95ed9b5bb781522ab3629c79b9720bbb33c0612cc406
Opcode Fuzzy Hash: 9e4e735f7a1f6e367f68973d3c9e99cef007dba3a5fc152fa8b7dfcfac9b97db
Instruction Fuzzy Hash: F8514F76608B8186D760DF15E88439EB7A4F789B90F148126DB8DC3799EF3CD485CB41

Function 00007FF6F90DA1BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA1F5
GetLocaleInfoW.KERNEL32(?,?,?,?,00000000,00007FF6F90D52CF), ref: 00007FF6F90DA223

Strings

GetLocaleInfoEx, xrefs: 00007FF6F90DA1D8, 00007FF6F90DA1E9

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: InfoLocaletry_get_function
String ID: GetLocaleInfoEx
API String ID: 2200034068-2904428671
Opcode ID: 5c644f459f267c95513bb6b31a8f7d728b38b0c72f1211787eb50d6fa98e0d31
Instruction ID: f862d5e701066f76a4c53c3fcc976f85a9f8517aa9f6675729d0a60641618af6
Opcode Fuzzy Hash: 5c644f459f267c95513bb6b31a8f7d728b38b0c72f1211787eb50d6fa98e0d31
Instruction Fuzzy Hash: B6016225B0CB4182EB809F56B9404BAA761FF85BC4F58403AEE6C87B9DEE3CD9018744

Function 00007FF6F90CDD60 Relevance: 4.8, APIs: 3, Instructions: 328COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF6F90CDDEA

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: f5d40666c0f671f225113b7e5c3b0db6b340d98f509cddb77ea7f59479a0c1cc
Instruction ID: 79abff3a5d23a652acdc0f575153318ca2d79f9665fbe39ca3e31bbbeadca5e7
Opcode Fuzzy Hash: f5d40666c0f671f225113b7e5c3b0db6b340d98f509cddb77ea7f59479a0c1cc
Instruction Fuzzy Hash: F3C10572B1868587D734CF15E44866AB7A1FB94784F148139DB5E93B88EF3CE845CB40

Function 00007FF6F90C83FC Relevance: 4.8, APIs: 3, Instructions: 254COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90C8435
_get_daylight.LIBCMT ref: 00007FF6F90C869C
_get_daylight.LIBCMT ref: 00007FF6F90C86AD

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID:
API String ID: 1286766494-0
Opcode ID: 6a917a330a65a9d1bbd685c2f67503f1e4b9e650ec2cf0748861dad91b55190e
Instruction ID: b9f893d4043367c2f10334253c90a68d4c4b70156621a61ef45d63c152b96fd1
Opcode Fuzzy Hash: 6a917a330a65a9d1bbd685c2f67503f1e4b9e650ec2cf0748861dad91b55190e
Instruction Fuzzy Hash: E5A17A66B0961286FF1DCE64D960AB923B0AF54788F00453EDE2EC66D9FF79F5028314

Function 00007FF6F90E1BA4 Relevance: 4.7, APIs: 3, Instructions: 164COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F90D67D4: GetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D67DE
Part of subcall function 00007FF6F90D67D4: SetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D6893

GetLocaleInfoW.KERNEL32 ref: 00007FF6F90E1C11
GetLocaleInfoW.KERNEL32 ref: 00007FF6F90E1C63
GetLocaleInfoW.KERNEL32 ref: 00007FF6F90E1D22

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: a95e9a3af592e11b89632737c661631c55e9aeaedbdcc31dcb240e94767d76cf
Instruction ID: 2c716200e4dc835ab71207838d15d66cde0357963e5f2e6b1b51d11988560fef
Opcode Fuzzy Hash: a95e9a3af592e11b89632737c661631c55e9aeaedbdcc31dcb240e94767d76cf
Instruction Fuzzy Hash: B1614E72A0854286EBB4EF25D9802BD73A6FB94744F008139DB6EC76D9EF3CE5558700

Function 00007FF6F90DE2B8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 100COMMON

Download Yara Rule

Strings

., xrefs: 00007FF6F90DE587

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: a6be5fa504fde9f4d0ebe0174f8db6fad87117daa0e9344f4536ee8ed2d017bc
Instruction ID: 37d480bac58ecb09fcb829163a621496a085e4d40ba90a7cb7d65a3745d447e4
Opcode Fuzzy Hash: a6be5fa504fde9f4d0ebe0174f8db6fad87117daa0e9344f4536ee8ed2d017bc
Instruction Fuzzy Hash: 2A310862F1469149E7609F62AC046BA7791FB85BE4F44863AEE7D87BCCEE3CD4018700

Function 00007FF6F9075EC0 Relevance: 3.4, APIs: 2, Instructions: 432COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9076176

Part of subcall function 00007FF6F9072C20: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9072DAA

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907643A

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 38ed7583e5665c8963f21477d1b7db81941ea29b8d3edf18cde8fdf9913d15f5
Instruction ID: 7c7768d72f277c0e0ec639b547d27c4b354c92ae9a881a2daa8d1b0168ef9725
Opcode Fuzzy Hash: 38ed7583e5665c8963f21477d1b7db81941ea29b8d3edf18cde8fdf9913d15f5
Instruction Fuzzy Hash: 41021412F08A8589FB24CF65D8503ED2761AB487A8F044639EE6E97BCDEE3CD445C342

Function 00007FF6F909A72C Relevance: 3.3, APIs: 2, Instructions: 310COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909A905
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909AAE5

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: fba4dfd50f8ee03b1c2a605ba8e61a494a64ca1d8c70f50af349776d5520e385
Instruction ID: 6abc20aad73a9b30eee00072b46504c3288e0858da93493a8e1a0f960a2d007b
Opcode Fuzzy Hash: fba4dfd50f8ee03b1c2a605ba8e61a494a64ca1d8c70f50af349776d5520e385
Instruction Fuzzy Hash: AAC1B262B14A848AFB10CFA5E8017AD6361FB49B98F404636EE5D67BDDEF38D446C340

Function 00007FF6F909B064 Relevance: 3.3, APIs: 2, Instructions: 309COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909B23D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F909B41D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 9c8b913d795b83a487dd84b8f31e81fe796e7b63a77d071d3dc75286b90031ae
Instruction ID: 763be0e1a54d1617d0cc5ac849b07682f82842c11aca51ce40343715cf845242
Opcode Fuzzy Hash: 9c8b913d795b83a487dd84b8f31e81fe796e7b63a77d071d3dc75286b90031ae
Instruction Fuzzy Hash: D1C1D462B18A848AFB10DFA5E8017AD6361EB497A8F404635EE6D67BDCEF38D4458340

Function 00007FF6F90D509C Relevance: 3.3, APIs: 2, Instructions: 287COMMONLIBRARYCODE

Download Yara Rule

APIs

__lc_wcstolc.LIBCMT ref: 00007FF6F90D521C

Part of subcall function 00007FF6F90E1720: TranslateName.LIBCMT ref: 00007FF6F90E178A
Part of subcall function 00007FF6F90E1720: TranslateName.LIBCMT ref: 00007FF6F90E17C5
Part of subcall function 00007FF6F90E1720: GetACP.KERNEL32(?,?,?,?,?,00007FF6F90D5248), ref: 00007FF6F90E1824
Part of subcall function 00007FF6F90E1720: IsValidCodePage.KERNEL32(?,?,?,?,?,00007FF6F90D5248), ref: 00007FF6F90E1835

Part of subcall function 00007FF6F90DA3FC: try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA41F

Part of subcall function 00007FF6F90DA1BC: try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA1F5

GetACP.KERNEL32 ref: 00007FF6F90D52DB

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: NameTranslatetry_get_function$CodePageValid__lc_wcstolc
String ID:
API String ID: 1314065171-0
Opcode ID: fd7f6c7a82a4e92604cf90730bfb4a3ef9ffd3fb8a2967312237a13ccd6ea120
Instruction ID: b1c872e338ce03dcdd43d1b89d8a8a57ee1aba0da4e2290110c164ed02c2af16
Opcode Fuzzy Hash: fd7f6c7a82a4e92604cf90730bfb4a3ef9ffd3fb8a2967312237a13ccd6ea120
Instruction Fuzzy Hash: 19B1A426A1878242EB649F669D117BA6292FFD57C8F10403EEE6D87BCDEF3DD5018600

Function 00007FF6F90D7020 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF6F90D726F
RaiseException.KERNEL32 ref: 00007FF6F90D7280

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: b1f77e4dbea57c49a0da3710d827af29517322e94797f121fcdc4ae307bcfe3f
Instruction ID: e9730fce620b4ab8e7a24e0c417c8e3f982f3d2f1b287498d8314f187966ff4f
Opcode Fuzzy Hash: b1f77e4dbea57c49a0da3710d827af29517322e94797f121fcdc4ae307bcfe3f
Instruction Fuzzy Hash: 72B15CB7605B858BEB15CF29C84636C7BA1F784B48F188926DB6D837A8DF39D451C700

Function 00007FF6F90C938C Relevance: 3.2, APIs: 2, Instructions: 221COMMONLIBRARYCODE

Download Yara Rule

APIs

_Wcsftime.LIBCMT ref: 00007FF6F90C93DF

Part of subcall function 00007FF6F90D5500: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D552B

Part of subcall function 00007FF6F90D7704: HeapAlloc.KERNEL32(?,?,?,00007FF6F90DDAF5,?,?,00000000,00007FF6F90DF6CF,?,?,?,00007FF6F90D4379,?,?,?,00007FF6F90D429D), ref: 00007FF6F90D7742

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AllocHeapWcsftime_invalid_parameter_noinfo
String ID:
API String ID: 3834302206-0
Opcode ID: ab943573138329c4fa326bd78fd5cb6832f1f729ee0c53977e0d8d1ca3eb2000
Instruction ID: 8761372169e99bbecdc3a39bfc53865e9d26a86309f3a80681e3658e7bfd54b2
Opcode Fuzzy Hash: ab943573138329c4fa326bd78fd5cb6832f1f729ee0c53977e0d8d1ca3eb2000
Instruction Fuzzy Hash: FB91A072A04A5186EB608E65D89177D23A1FB84B98F10863AEF7EC77DDEF38D0418310

Function 00007FF6F90D2070 Relevance: 2.9, Strings: 2, Instructions: 354COMMONLIBRARYCODE

Download Yara Rule

Strings

a/p, xrefs: 00007FF6F90D2373
am/pm, xrefs: 00007FF6F90D2308

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID: a/p$am/pm
API String ID: 0-3206640213
Opcode ID: 5b017f1334bb343455c8fc1f177543630685a7b9a25ac512998af95de81a46d2
Instruction ID: 4fb218c3cd9b3285a992235b8688fc697ec02ef04ea7913ed562d8b881b189a3
Opcode Fuzzy Hash: 5b017f1334bb343455c8fc1f177543630685a7b9a25ac512998af95de81a46d2
Instruction Fuzzy Hash: 1AE1BD22A0864381EB648F2C89546B923A6FF55784F54813BEA6E877DCFF3CE951D300

Function 00007FF6F9094D38 Relevance: 2.0, APIs: 1, Instructions: 537COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F90893C4: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90893E4
Part of subcall function 00007FF6F90893C4: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089409
Part of subcall function 00007FF6F90893C4: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089433
Part of subcall function 00007FF6F90893C4: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90894C6

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9095515

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 533778753-0
Opcode ID: 0d0f552eed7cb280ce7abd8355b168796df7f44f2c8157a778b7e075f0eba648
Instruction ID: 1e500590330293dd4d71ccf4b30bdf698360b3258194cd246a11ed257a666971
Opcode Fuzzy Hash: 0d0f552eed7cb280ce7abd8355b168796df7f44f2c8157a778b7e075f0eba648
Instruction Fuzzy Hash: 8F327E22F18A9585EB118F6AD8441BD63B0FB99B88F454135EEAD93BDDEF38D581C300

Function 00007FF6F9094554 Relevance: 2.0, APIs: 1, Instructions: 537COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F908915C: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F908917C

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9094D31

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::__invalid_parameter_noinfo_noreturnstd::_
String ID:
API String ID: 3145298356-0
Opcode ID: 7288ccf1f75c163a8ae776ddd85e95c011243fb121527eb75be87c8daad37c91
Instruction ID: 86e2b916262fae0d19aa038c2f85a7117f771a2f56063ffdf356b83975d9b1bc
Opcode Fuzzy Hash: 7288ccf1f75c163a8ae776ddd85e95c011243fb121527eb75be87c8daad37c91
Instruction Fuzzy Hash: B0328C22F08AA585EB118F69D8441BD73B1FB98B88F455135DEAD93BADEF38D581C300

Function 00007FF6F90C8C88 Relevance: 1.8, APIs: 1, Instructions: 345COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF6F90C8DD6

Part of subcall function 00007FF6F90DAD04: MultiByteToWideChar.KERNEL32 ref: 00007FF6F90DAD77

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ByteCharInfoMultiWide
String ID:
API String ID: 2366317374-0
Opcode ID: 970bf0923c1d13ea3cbc42fb022d988f21b10d21fc08255e680184457e09c24d
Instruction ID: 33a565707c97dc1881293a9a4f31f163542e2afd0325340a972e4e0ce51e641a
Opcode Fuzzy Hash: 970bf0923c1d13ea3cbc42fb022d988f21b10d21fc08255e680184457e09c24d
Instruction Fuzzy Hash: BD02AD22E08BC186E751CF3898456F973A4FB58748F459239EFAC87696EF78E191C700

Function 00007FF6F90DFC84 Relevance: 1.8, APIs: 1, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55c7793efff6e1a7b457cea5cf84b6998e37ec664203431fd890545ffcf507ad
Instruction ID: 15af6373e884a5ef71a97d31296819965d4fb01d056e6644a4ffe3692d7b5778
Opcode Fuzzy Hash: 55c7793efff6e1a7b457cea5cf84b6998e37ec664203431fd890545ffcf507ad
Instruction Fuzzy Hash: 52E17032A08B8185E710DF61E8406FE27A6FB59784F418636DFAD9779AEF38D245C700

Function 00007FF6F90E1DE4 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F90D67D4: GetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D67DE
Part of subcall function 00007FF6F90D67D4: SetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D6893

GetLocaleInfoW.KERNEL32 ref: 00007FF6F90E1E4D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: e0cf389e8eb778650d8237c4c940b8ea085efe1e87aa576b1d9d210fa1ab4da1
Instruction ID: 25d6608d954f11d938df898d047ea40f0a1800a1c31db8ca0f3bed5d910b4911
Opcode Fuzzy Hash: e0cf389e8eb778650d8237c4c940b8ea085efe1e87aa576b1d9d210fa1ab4da1
Instruction Fuzzy Hash: C7217132A08642C6EB74DF25E8416A972A1FB94780F408139EB6DC37D9EF3CE555C740

Function 00007FF6F90E1A38 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6F90D67D4: GetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D67DE
Part of subcall function 00007FF6F90D67D4: SetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D6893

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6F90E220F,?,?,?,00000000,00000001,00000000,?,00007FF6F90D5241), ref: 00007FF6F90E1AD6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 06b9d6f5964766a179f0f3cfb44b17b74a26384d3fd05f017e55ff37fbfe4f28
Instruction ID: 22972edce414cbf839d2f7d26ca8e3ee12912aa2b63dc20f28fb59574bd7e3d6
Opcode Fuzzy Hash: 06b9d6f5964766a179f0f3cfb44b17b74a26384d3fd05f017e55ff37fbfe4f28
Instruction Fuzzy Hash: 4411D667E18645CAEB649F15D8806B877A1FB90FA0F488139D63D873C8EE78D5D1C740

Function 00007FF6F90E1FE0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F90D67D4: GetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D67DE
Part of subcall function 00007FF6F90D67D4: SetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D6893

GetLocaleInfoW.KERNEL32(?,?,?,00007FF6F90E1D9E), ref: 00007FF6F90E2017

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 738b8bdd37ae94de1e87c2eeacf389ecfd379fc0f8903fdc7b35fff345786fc4
Instruction ID: dd7bb2d45ab130ed166348be7c1e1c8a97e620ddb18525f5876c8c11cce1f55a
Opcode Fuzzy Hash: 738b8bdd37ae94de1e87c2eeacf389ecfd379fc0f8903fdc7b35fff345786fc4
Instruction Fuzzy Hash: 81110A22E1C19782EB64BF16D4446792291EB40764F10553ADB3E876DEEE3DEC81C740

Function 00007FF6F90E1B08 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6F90D67D4: GetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D67DE
Part of subcall function 00007FF6F90D67D4: SetLastError.KERNEL32(?,?,?,00007FF6F90DC4DE,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC3B9), ref: 00007FF6F90D6893

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6F90E21CB,?,?,?,00000000,00000001,00000000,?,00007FF6F90D5241), ref: 00007FF6F90E1B8A

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 18e4a387b4a2991d5e80ac9927e0b74267005d752bada3651eb45c3a41e952f7
Instruction ID: 3383d47bc2ae2264e1ee0fbbf63cb6ac0becde65308bcab69f317da45dc4c192
Opcode Fuzzy Hash: 18e4a387b4a2991d5e80ac9927e0b74267005d752bada3651eb45c3a41e952f7
Instruction Fuzzy Hash: 1701D666E082818AE7606F16E8407B976D2EB50764F448336D638876D8FF68D480C700

Function 00007FF6F90D9B54 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF6F90D9FC5,?,?,?,?,?,?,?,?,00000000,00007FF6F90E1000), ref: 00007FF6F90D9BA8

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 5dbcfa246fc451c4969a4a479fe0dd4d3197f93e36e857ab14c75e33123e5648
Instruction ID: ec8ccf62bcde4cd15254f1c7c0f191093e3eb9ce01e227dc52efdd396bd7f679
Opcode Fuzzy Hash: 5dbcfa246fc451c4969a4a479fe0dd4d3197f93e36e857ab14c75e33123e5648
Instruction Fuzzy Hash: 13018472B14B4183E708DF25EC404A97366E799B80B04C13ADE69977ACEF3CD4958340

Function 00007FF6F90C5A48 Relevance: 1.5, Strings: 1, Instructions: 203COMMON

Download Yara Rule

Strings

0, xrefs: 00007FF6F90C5BEE

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 6c5f29fb049f8c23788bf49bec50a2971d683713d9a1a86d3abeb24b3c4c7e14
Instruction ID: f59da649d1f3a1f02c43402f43585f5b11b6a7a2fe3fe8967582599d16991b55
Opcode Fuzzy Hash: 6c5f29fb049f8c23788bf49bec50a2971d683713d9a1a86d3abeb24b3c4c7e14
Instruction Fuzzy Hash: 73712629A0C24646EB788E19888037D6B92AF41B44F54053DDD6DCB6DDEF2FE845C721

Function 00007FF6F90C5CE0 Relevance: 1.4, Strings: 1, Instructions: 193COMMON

Download Yara Rule

Strings

0, xrefs: 00007FF6F90C5E82

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 6254dfefb1850aee79c5b533ea55ea327a7645dd020de98c594c08c9c8e1ed2b
Instruction ID: 785ca58a069f1fcc5d2d006179c8760a53b6e2466b10cd18d26553d4187a049f
Opcode Fuzzy Hash: 6254dfefb1850aee79c5b533ea55ea327a7645dd020de98c594c08c9c8e1ed2b
Instruction Fuzzy Hash: 7A713829A1C34246FB788E1988482BD2390AF41748F58063DDD6DCB7DDEE2FE8469721

Function 00007FF6F90DAB3C Relevance: 1.4, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6F90DABE1

Part of subcall function 00007FF6F90D6A78: HeapAlloc.KERNEL32(?,?,00000000,00007FF6F90D69B6,?,?,8000000000000000,00007FF6F90C9335,?,?,?,?,00007FF6F90D6B15), ref: 00007FF6F90D6ACD

Part of subcall function 00007FF6F90D6AF0: HeapFree.KERNEL32 ref: 00007FF6F90D6B06

Part of subcall function 00007FF6F90E3E4C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90E3E77

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Heap$AllocErrorFreeLast_invalid_parameter_noinfo
String ID:
API String ID: 3361962657-0
Opcode ID: 2c31ddf1c833a7717effb875131b6cb155bee2f4f5ed9fb6d94a3e1702af6623
Instruction ID: 55467c42ba7122b06a09c480368fbcff2e89bab82e526b932eea471f5b1a1917
Opcode Fuzzy Hash: 2c31ddf1c833a7717effb875131b6cb155bee2f4f5ed9fb6d94a3e1702af6623
Instruction Fuzzy Hash: 6641C721F0964342FBB05E266C5177AA296AF957E0F44553EEE6DC77C9FE3CE4018600

Function 00007FF6F90DF708 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF6F90DF70C

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: ac0caae950e66478979915d12c06c86b826de5dfe6479bdecca7230833496965
Instruction ID: 63d60665dd4d5b416bc4d630c64fb07c95356a995baf5172f30a6b4333a0b8b8
Opcode Fuzzy Hash: ac0caae950e66478979915d12c06c86b826de5dfe6479bdecca7230833496965
Instruction Fuzzy Hash: B7B09224E07A06C6EB08BF226C4221422A87F98700F858078C26C81364EF2C25A69B01

Function 00007FF6F90D28C8 Relevance: .6, Instructions: 604COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AllocHeap_invalid_parameter_noinfo
String ID:
API String ID: 2314373116-0
Opcode ID: c5199ffe8d08066759e8e2a21b71ae925e4799fcb8dd42fa0fe0f250b762205e
Instruction ID: 1d20b29e2b6efb6f88dbbb23f78268b7dd12f317710a2430f12628bd85310e96
Opcode Fuzzy Hash: c5199ffe8d08066759e8e2a21b71ae925e4799fcb8dd42fa0fe0f250b762205e
Instruction Fuzzy Hash: 69221571F14A9742EB64DE299D142AA6392FB947A8F14523ACF7E877DCEF2DD4018300

Function 00007FF6F90A0B14 Relevance: .6, Instructions: 585COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$Stollx
String ID:
API String ID: 568052979-0
Opcode ID: fb2f00c43c33c9158ea7a8aa29b3d87ac7ca452d07932dd4f240cc50cd01c606
Instruction ID: f708eb0c5944ee09050d229128e786d592187817396e35914467c71dc48dcd8f
Opcode Fuzzy Hash: fb2f00c43c33c9158ea7a8aa29b3d87ac7ca452d07932dd4f240cc50cd01c606
Instruction Fuzzy Hash: EA42CF62A08A8685EB648F26C98027D3771FB85B88F048239DF6D877D9EF3CE455C744

Function 00007FF6F90CE44C Relevance: .5, Instructions: 535COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b4645939430158448760eafff18a4533f5fe2984b39d2026c67a5a4cf993723
Instruction ID: 42823004401942e1d57af170dbec0c57c27cf084ef174d7c253826857e8a7baa
Opcode Fuzzy Hash: 1b4645939430158448760eafff18a4533f5fe2984b39d2026c67a5a4cf993723
Instruction Fuzzy Hash: 32424026D29E4685E7538F35AC115752328FF5138CF00973BE82EB66D9FF2CE6468209

Function 00007FF6F90E10C8 Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorLast$try_get_function
String ID:
API String ID: 762735579-0
Opcode ID: cd1af57cbec9541ec63f2d745ac25408d7a1eda785b0fcdb2962e55478490840
Instruction ID: ae4396fa53f5b2f93f359035271bbb6e3f25de52b590eccdad6863043598e15e
Opcode Fuzzy Hash: cd1af57cbec9541ec63f2d745ac25408d7a1eda785b0fcdb2962e55478490840
Instruction Fuzzy Hash: 39C1C562A1868682EBB4AF71DC116BA3391FB84B88F444139DE69C3ACDEF3CD555C740

Function 00007FF6F90CB990 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e520398f4660cb9380e41c43c5202e2ae4ff50d1c8c851b26be1c2eb8a750aa
Instruction ID: 15c2cae3e55719da4b8fc208e83393e4e1222ffcc0d3c4d1b1de28f42c2c251c
Opcode Fuzzy Hash: 8e520398f4660cb9380e41c43c5202e2ae4ff50d1c8c851b26be1c2eb8a750aa
Instruction Fuzzy Hash: D7A12623A086624AFB288E2598913B922D0BF50758F14063DDA7EC77DDFE6CE509D720

Function 00007FF6F9078690 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f592e73326d3148f9e44476cd46fc395a78076866fb379bc7f5fd125498cd0bb
Instruction ID: af8744726b3fa4f8869d98387bac983aaeb69cd8f1e0cb2498bcf36e962c7feb
Opcode Fuzzy Hash: f592e73326d3148f9e44476cd46fc395a78076866fb379bc7f5fd125498cd0bb
Instruction Fuzzy Hash: 18518F337155918BE348CF2AC854AAD77A6F7C8750F49C23ADA1983789EF36D905CB40

Function 00007FF6F90D42B4 Relevance: .1, Instructions: 135COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca5663d3315edfa89b2372b8c74f5c88b694e85a9d54ad7857828c788f29c833
Instruction ID: b297cd1b2b988fd923295f67cb9fa75db89ed5717e35ea63467175ea9224e050
Opcode Fuzzy Hash: ca5663d3315edfa89b2372b8c74f5c88b694e85a9d54ad7857828c788f29c833
Instruction Fuzzy Hash: 0241A562B14B5482EF04CF2AD9241A9B796AB49FD4B499037DE1ED7B9CEE3CD4468300

Function 00007FF6F90D2728 Relevance: .1, Instructions: 120COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 13600dbca5ff03b695715bb408f94d6037378f6f3352864caf0a704fe4c8565b
Instruction ID: bf8aca3ee32cd418209dfc97aba5638a4ebb1ca6d5096099946a8a9e47df70ec
Opcode Fuzzy Hash: 13600dbca5ff03b695715bb408f94d6037378f6f3352864caf0a704fe4c8565b
Instruction Fuzzy Hash: 6E410762B2475A81EF10DF2AD90466963A6FB84FD8F14453ADE6E477E8EE3CD442C300

Function 00007FF6F90D2588 Relevance: .1, Instructions: 120COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d3ca32a3791865b6b7188888d186ad1617919cebf05d269dfce1ac40cee68598
Instruction ID: 9570d71a50b049f415916441cb3702b7e9a41a881ad9eebe54ac2b30725a5ab6
Opcode Fuzzy Hash: d3ca32a3791865b6b7188888d186ad1617919cebf05d269dfce1ac40cee68598
Instruction Fuzzy Hash: FF410562B2475A81EF109F29D80466D62A6FB84FD8F14453ADE6D477E8EE3CD442C300

Function 00007FF6F90D0AE4 Relevance: .1, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 2a8c941fff02a8b033ff8e71c6bdb45d23515a846cef4ac911cf9aa7ea2450bf
Instruction ID: 4bbf5e6dc54b1948db4f9e65316b4d110fbe9a8082413f2a029cbca5aeb992cb
Opcode Fuzzy Hash: 2a8c941fff02a8b033ff8e71c6bdb45d23515a846cef4ac911cf9aa7ea2450bf
Instruction Fuzzy Hash: 5A412662F1868945FB119F359C087697BA2EB45BE8F44823ADE6E477C9EE3CD402C704

Function 00007FF6F90D0980 Relevance: .1, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 1f054c1d9e7c0c7af088510d46025ee51d9a770e6be353259681b1da38aa552a
Instruction ID: 411325f7a5a80703a78ebbb2bb7d0046a36f4173908c9ac1dcadd18723335e10
Opcode Fuzzy Hash: 1f054c1d9e7c0c7af088510d46025ee51d9a770e6be353259681b1da38aa552a
Instruction Fuzzy Hash: 8A412962F1468945FB659F25980836D67A2EB45BD0F08823FDE6E8B7C9EE3CD442C704

Function 00007FF6F90DDBA0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db000112929a43aa55be0a0b8687f1710b62cb56d2ba30bcdf18646c8374d5fa
Instruction ID: 52921299b27027f4f093eaa41c8af7c1559ff4969d6f265fef77b1dc1390fb76
Opcode Fuzzy Hash: db000112929a43aa55be0a0b8687f1710b62cb56d2ba30bcdf18646c8374d5fa
Instruction Fuzzy Hash: B8F0C271B192958ADBA8CF28A84262977D4F758380F90C07DD69CC3B48EA3C91A09F44

Function 00007FF6F90A4004 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcdf9a7923ffcd36fa13054744af46b831ea375b7f997aaa7f90ff56d6ffd0fd
Instruction ID: cf32f3573aea95fe7f5de1f7d8e9b2a9050d5ed478c1d81c579ec2f638328cf1
Opcode Fuzzy Hash: fcdf9a7923ffcd36fa13054744af46b831ea375b7f997aaa7f90ff56d6ffd0fd
Instruction Fuzzy Hash: 2DA0012590880290EB189F54ED904B03220AB90300B51027AC22E910B8EE3CE540A255

Function 00007FF6F90DA6E4 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA6FF
try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA71E

Part of subcall function 00007FF6F90D9BEC: GetProcAddress.KERNEL32(?,?,0000000100000005,00007FF6F90DA0DE,?,?,8000000000000000,00007FF6F90D69A3,?,?,8000000000000000,00007FF6F90C9335), ref: 00007FF6F90D9D44

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA73D

Part of subcall function 00007FF6F90D9BEC: LoadLibraryExW.KERNELBASE(?,?,0000000100000005,00007FF6F90DA0DE,?,?,8000000000000000,00007FF6F90D69A3,?,?,8000000000000000,00007FF6F90C9335), ref: 00007FF6F90D9C8F
Part of subcall function 00007FF6F90D9BEC: GetLastError.KERNEL32(?,?,0000000100000005,00007FF6F90DA0DE,?,?,8000000000000000,00007FF6F90D69A3,?,?,8000000000000000,00007FF6F90C9335), ref: 00007FF6F90D9C9D
Part of subcall function 00007FF6F90D9BEC: LoadLibraryExW.KERNEL32(?,?,0000000100000005,00007FF6F90DA0DE,?,?,8000000000000000,00007FF6F90D69A3,?,?,8000000000000000,00007FF6F90C9335), ref: 00007FF6F90D9CDF

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA75C

Part of subcall function 00007FF6F90D9BEC: FreeLibrary.KERNEL32(?,?,0000000100000005,00007FF6F90DA0DE,?,?,8000000000000000,00007FF6F90D69A3,?,?,8000000000000000,00007FF6F90C9335), ref: 00007FF6F90D9D18

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA77B
try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA79A
try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA7B9
try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA7D8
try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA7F7
try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA816

Strings

GetTimeFormatEx, xrefs: 00007FF6F90DA780, 00007FF6F90DA793
GetUserDefaultLocaleName, xrefs: 00007FF6F90DA79F, 00007FF6F90DA7B2
EnumSystemLocalesEx, xrefs: 00007FF6F90DA723, 00007FF6F90DA736
AreFileApisANSI, xrefs: 00007FF6F90DA6F8
IsValidLocaleName, xrefs: 00007FF6F90DA7BE, 00007FF6F90DA7D1
GetDateFormatEx, xrefs: 00007FF6F90DA742, 00007FF6F90DA755
LCIDToLocaleName, xrefs: 00007FF6F90DA7FC, 00007FF6F90DA80F
LCMapStringEx, xrefs: 00007FF6F90DA7DD, 00007FF6F90DA7F0
LocaleNameToLCID, xrefs: 00007FF6F90DA81B, 00007FF6F90DA82E
GetLocaleInfoEx, xrefs: 00007FF6F90DA761, 00007FF6F90DA774
CompareStringEx, xrefs: 00007FF6F90DA704, 00007FF6F90DA717

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
API String ID: 3255926029-3252031757
Opcode ID: d9a017a2f42a4a8a0d4d7784366a78a826f99904011b822b84b5e2bbea456847
Instruction ID: f687496baca3f933c6ac9dd90a3030b6f3e186926b13f9230e27dd016b9fd22d
Opcode Fuzzy Hash: d9a017a2f42a4a8a0d4d7784366a78a826f99904011b822b84b5e2bbea456847
Instruction Fuzzy Hash: C8314260A0DA47A1EB84DF54ED516F0232AEB4435CF81403BE52D822E9FE7DE749D348

Function 00007FF6F907B680 Relevance: 34.6, APIs: 1, Strings: 22, Instructions: 119COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F907B81A

Strings

gj==, xrefs: 00007FF6F907C711
Shellcode resource size is 0, xrefs: 00007FF6F907CE7A
dll, xrefs: 00007FF6F907CAA8
158, xrefs: 00007FF6F907C1D6
wp9=, xrefs: 00007FF6F907BB64
Failed to lock shellcode resource, xrefs: 00007FF6F907CEA1
l.dl, xrefs: 00007FF6F907C2E3
ios_base::badbit set, xrefs: 00007FF6F907B7D2
gerP, xrefs: 00007FF6F907BFF8
ios_base::failbit set, xrefs: 00007FF6F907B7DD
Failed to load shellcode resource, xrefs: 00007FF6F907CE53
gj==, xrefs: 00007FF6F907C72F
7YsC, xrefs: 00007FF6F907C707
Failed to get RtlAdjustPrivilege address, xrefs: 00007FF6F907CEC1
shel, xrefs: 00007FF6F907CA94
7YsC, xrefs: 00007FF6F907C728
l32., xrefs: 00007FF6F907CA9E
p, xrefs: 00007FF6F907CAF1
runa, xrefs: 00007FF6F907CAD9
rese, xrefs: 00007FF6F907C002
Failed to find shellcode resource, xrefs: 00007FF6F907CE2C
ios_base::eofbit set, xrefs: 00007FF6F907B7E4

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrow
String ID: 158$7YsC$7YsC$Failed to find shellcode resource$Failed to get RtlAdjustPrivilege address$Failed to load shellcode resource$Failed to lock shellcode resource$Shellcode resource size is 0$dll$gerP$gj==$gj==$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$l.dl$l32.$p$rese$runa$shel$wp9=
API String ID: 432778473-29599500
Opcode ID: 1467987442ddf86f021a06e3839a386a85251c636058390d01c8d2cfda5f13a7
Instruction ID: 8f2fe83ac8a471915a0e80f3ae515ceaf5aa7fd7d505f764bef6b0eaabbcfc8e
Opcode Fuzzy Hash: 1467987442ddf86f021a06e3839a386a85251c636058390d01c8d2cfda5f13a7
Instruction Fuzzy Hash: 38516D72609A4192EF148F19D89037967A0FB84FA4F54813ADA6EC37E8EF3DD885C341

Function 00007FF6F9079EE0 Relevance: 33.5, APIs: 10, Strings: 9, Instructions: 221libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF6F9079F34
GetProcAddress.KERNEL32 ref: 00007FF6F9079F78
GetProcAddress.KERNEL32 ref: 00007FF6F9079F88
FreeLibrary.KERNEL32 ref: 00007FF6F907A048
FreeLibrary.KERNEL32 ref: 00007FF6F907A1A4
FreeLibrary.KERNEL32 ref: 00007FF6F907A1F0
FreeLibrary.KERNEL32 ref: 00007FF6F907A239
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907A26A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907A270
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907A276

Strings

VM, xrefs: 00007FF6F9079FF9
VMwa, xrefs: 00007FF6F907A0C8
kern, xrefs: 00007FF6F9079F17
Virt, xrefs: 00007FF6F907A0D9
ual, xrefs: 00007FF6F907A0E0
el32, xrefs: 00007FF6F9079F1E
tion, xrefs: 00007FF6F9079F64
C:\, xrefs: 00007FF6F907A07F
.dll, xrefs: 00007FF6F9079F25

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Library$Free$_invalid_parameter_noinfo_noreturn$AddressProc$Load
String ID: .dll$C:\$VM$VMwa$Virt$el32$kern$tion$ual
API String ID: 1437614955-3798700775
Opcode ID: 54476f12b3d7411ff82bd32d19affdec9b623e19e5a37a04263ca3be26910e3a
Instruction ID: 75b00cca890eecbb41a5abcd6b2c561eab0d636ced7ae4d8437ba41064a6648d
Opcode Fuzzy Hash: 54476f12b3d7411ff82bd32d19affdec9b623e19e5a37a04263ca3be26910e3a
Instruction Fuzzy Hash: 36A18C62A18A8189FB40CF68D8403AD6BA0FB857B4F501239DABD46BEDEF3CD545C701

Function 00007FF6F907A280 Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 110libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF6F907A31E
GetProcAddress.KERNEL32 ref: 00007FF6F907A337
GetProcAddress.KERNEL32 ref: 00007FF6F907A34B

Strings

ddre, xrefs: 00007FF6F907A2EF
rocA, xrefs: 00007FF6F907A2E8
aryA, xrefs: 00007FF6F907A2D6
GetP, xrefs: 00007FF6F907A2E1
File, xrefs: 00007FF6F907A311
el32, xrefs: 00007FF6F907A2B6
Libr, xrefs: 00007FF6F907A2CF
Load, xrefs: 00007FF6F907A2C8
.dll, xrefs: 00007FF6F907A2BD
Move, xrefs: 00007FF6F907A30A
kern, xrefs: 00007FF6F907A2AF

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: .dll$File$GetP$Libr$Load$Move$aryA$ddre$el32$kern$rocA
API String ID: 667068680-126220184
Opcode ID: 4454fb24077ff5455a89e90f9902d5b7fe5697f4b894a93879f4a8ce81e0cae1
Instruction ID: 7a4a36b5ec166965d31b8233fc66902e8832c5204939c17279dee20c4cf0d9df
Opcode Fuzzy Hash: 4454fb24077ff5455a89e90f9902d5b7fe5697f4b894a93879f4a8ce81e0cae1
Instruction Fuzzy Hash: A7515461E19A0299FB04EF68EC943A837B1AF44788F444039DE2D8A6EDFE7DE544C341

Function 00007FF6F90882EC Relevance: 18.1, APIs: 12, Instructions: 146COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F908830C
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088331
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908835B
codecvt.LIBCPMT ref: 00007FF6F90883B5
std::_Facet_Register.LIBCPMT ref: 00007FF6F90883CD
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90883EE
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F9088408
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9088419
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088440
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088465
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908848F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9088522

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowcodecvtstd::bad_alloc::bad_alloc
String ID:
API String ID: 3742870595-0
Opcode ID: df2e4a7e4f07289f7e4a08e44b43e456a4844c0e1e2ce282e63d166bc0f429f4
Instruction ID: 51e38c541672d2556664e3f5ea2efe086d2c9684fcaeaed8ab7820a557734cc7
Opcode Fuzzy Hash: df2e4a7e4f07289f7e4a08e44b43e456a4844c0e1e2ce282e63d166bc0f429f4
Instruction Fuzzy Hash: B7513D22F0DA4291EB19DF15EC404B96764FB94BA4F184239EA7D876EDEF2CE481C700

Function 00007FF6F90CAEA0 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 412COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CAED6
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CAFB7

Strings

0, xrefs: 00007FF6F90CAFDE
0, xrefs: 00007FF6F90CAF87
0, xrefs: 00007FF6F90CAFF0
-, xrefs: 00007FF6F90CAF44

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$0$0$0
API String ID: 3215553584-3524293751
Opcode ID: ccb662a9822b5dcfd1cdd1cf4ac0bd3c5a7645ba60182f379fe4881fa860732a
Instruction ID: 60488f0062cd4c285ab104ccb92b8f67b4cd7db2e90dbefeba61fef660cc0a2e
Opcode Fuzzy Hash: ccb662a9822b5dcfd1cdd1cf4ac0bd3c5a7645ba60182f379fe4881fa860732a
Instruction Fuzzy Hash: 97F1F732A0D6A685E7608F2598502BC3795EB51B84F94803ACB7DC77DAEF3DE415D320

Function 00007FF6F90A6490 Relevance: 16.6, APIs: 11, Instructions: 53COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(?,?,?,?,?,?,00000000,00007FF6F90A95CB,?,?,?,?,00007FF6F90A9D0E), ref: 00007FF6F90A64A2
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF6F90A95CB,?,?,?,?,00007FF6F90A9D0E), ref: 00007FF6F90A64A8
GetLogicalProcessorInformation.KERNEL32(?,?,?,?,?,?,00000000,00007FF6F90A95CB,?,?,?,?,00007FF6F90A9D0E), ref: 00007FF6F90A64C8
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF6F90A95CB,?,?,?,?,00007FF6F90A9D0E), ref: 00007FF6F90A64E0
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90A64F9
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A650A
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F90A6515
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A6526
GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF6F90A95CB,?,?,?,?,00007FF6F90A9D0E), ref: 00007FF6F90A652C
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90A6545
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A6556

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorExceptionLastThrow$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorInformationLogicalProcessor$std::bad_alloc::bad_alloc
String ID:
API String ID: 503786641-0
Opcode ID: 788b10bfa82d8fc6f87998b6076669e9f4836150f6e12274fd37ebb58a4c5beb
Instruction ID: a0dc032f75d9433522a3b76e6e0fb1d33f6e1d5b804550c462542ec5e6df21e5
Opcode Fuzzy Hash: 788b10bfa82d8fc6f87998b6076669e9f4836150f6e12274fd37ebb58a4c5beb
Instruction Fuzzy Hash: DA114261E0864792FF25EF21EC551BA62B1BF84B84F404439E66DC65EDFE2DD904C740

Function 00007FF6F9078CD0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF6F9078D20
GetProcAddress.KERNEL32 ref: 00007FF6F9078D50
FreeLibrary.KERNEL32 ref: 00007FF6F9078D5E
FreeLibrary.KERNEL32 ref: 00007FF6F9078D84
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9078E6D

Strings

el32, xrefs: 00007FF6F9078D0B
eA, xrefs: 00007FF6F9078D3E
.dll, xrefs: 00007FF6F9078D13
kern, xrefs: 00007FF6F9078D06

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Library$Free$AddressLoadProc_invalid_parameter_noinfo_noreturn
String ID: .dll$eA$el32$kern
API String ID: 519604945-407738492
Opcode ID: 76036b64e29c11404c7f97a55c5f22fbb22b18237d3b65f8baa8a4ee13aca0da
Instruction ID: 07d16de1bf8cb5cec56ee18d8dff2c5e89ef90fa1a82e7bdd5862a598502c9e2
Opcode Fuzzy Hash: 76036b64e29c11404c7f97a55c5f22fbb22b18237d3b65f8baa8a4ee13aca0da
Instruction Fuzzy Hash: 3F416632718B8186EB149F25E8447A96760FB89BA4F441239DABD47BCDEF7CD544C700

Function 00007FF6F90D8360 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 104COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D84CE

Strings

NAN, xrefs: 00007FF6F90D83BE
INF, xrefs: 00007FF6F90D83D4
nan(snan), xrefs: 00007FF6F90D8401
nan, xrefs: 00007FF6F90D83C5
inf, xrefs: 00007FF6F90D83E7
NAN(IND), xrefs: 00007FF6F90D840C
nan(ind), xrefs: 00007FF6F90D8426
NAN(SNAN), xrefs: 00007FF6F90D83F6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
API String ID: 3215553584-2617248754
Opcode ID: 5e02269aa9dbdbd6a54443a9696c2d26be7ea865e5a5fc89706890d50da2ae7f
Instruction ID: f47d5160fefeead4bf97ff0c8cf2923ab16a9de2bd7f3e1b9dff1cce15bf9f98
Opcode Fuzzy Hash: 5e02269aa9dbdbd6a54443a9696c2d26be7ea865e5a5fc89706890d50da2ae7f
Instruction Fuzzy Hash: 78415A32A09B4189E714CF65E8507AD33A5FB54398F40413AEE6C87B9DEE3CE525C344

Function 00007FF6F9080BA4 Relevance: 15.1, APIs: 10, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0946c3906f0796d99b4d5727145a69f8d3ffbcea19c82acd1799f6f778c7601
Instruction ID: 7f65f78a179600de392c9512cda5c3fc47f6bb2af2deccfa80c7576d1e79d719
Opcode Fuzzy Hash: b0946c3906f0796d99b4d5727145a69f8d3ffbcea19c82acd1799f6f778c7601
Instruction Fuzzy Hash: C841C162A09A0296EB14AF21DC413AD2360FB82794F504238DB7C87BDAFF3DE565C740

Function 00007FF6F90BE70C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 87COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90BE74D
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BE75E
Concurrency::details::FreeVirtualProcessorRoot::Affinitize.LIBCONCRT ref: 00007FF6F90BE7D9
SignalObjectAndWait.KERNEL32 ref: 00007FF6F90BE7F6
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90BE82F
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BE840

Strings

switchState, xrefs: 00007FF6F90BE741
pContext, xrefs: 00007FF6F90BE823

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrowstd::invalid_argument::invalid_argument$AffinitizeConcurrency::details::FreeObjectProcessorRoot::SignalVirtualWait
String ID: pContext$switchState
API String ID: 2956575298-2660820399
Opcode ID: f744664efa757ad388f7271cce7dd11baf795997056589853306e0b810f0b018
Instruction ID: ab4ac6466360781ac5beeee68184ebe47abd00ccf2e5dc223ccb7d8d32cca8e6
Opcode Fuzzy Hash: f744664efa757ad388f7271cce7dd11baf795997056589853306e0b810f0b018
Instruction Fuzzy Hash: 23319D73E08A0685EB22DF06DC401696371FF94B88F54413AEA6DC77E8EE3CE5458380

Function 00007FF6F90AFCCC Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 00007FF6F90AFCF7
Concurrency::details::_CriticalNonReentrantLock::_Acquire.LIBCMT ref: 00007FF6F90BC3BB

Strings

proc, xrefs: 00007FF6F90BC4EA

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AcquireConcurrency::details::_CriticalLock::_ReentrantValue
String ID: proc
API String ID: 2079939915-735085620
Opcode ID: ac0a681821c8f0057a54e597328bf8f6a09aa78352c52e4ff03553feb9cf0bea
Instruction ID: 6a1b8eee1207cf2b4b6671ceda9965582d866ff7a65a26e58bd81268a73c7fec
Opcode Fuzzy Hash: ac0a681821c8f0057a54e597328bf8f6a09aa78352c52e4ff03553feb9cf0bea
Instruction Fuzzy Hash: A2616972A08B4696EB249F1AD8402A977B0FB88F94F144139DB6D877E9EF38E451C740

Function 00007FF6F9074DC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

_Getcvt.LIBCPMT ref: 00007FF6F9074DF4
_Getcvt.LIBCPMT ref: 00007FF6F9074E1C
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6F9074F2A

Part of subcall function 00007FF6F907EDF8: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F907EE01
Part of subcall function 00007FF6F907EDF8: _CxxThrowException.LIBVCRUNTIME ref: 00007FF6F907EE12

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6F9074F30
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6F9074F35

Strings

true, xrefs: 00007FF6F9074EB4
false, xrefs: 00007FF6F9074E74

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::cancel_current_task$Getcvt$ExceptionThrowstd::bad_alloc::bad_alloc
String ID: false$true
API String ID: 846290698-2658103896
Opcode ID: d10fad1a80be36852cb8ce69145a44fc32a021828c63bf4e50dcd109f12b1c21
Instruction ID: 13801bd2024870e9dc0b880880aad01c3d3a5abf4f39c83e0c9176d28c65889b
Opcode Fuzzy Hash: d10fad1a80be36852cb8ce69145a44fc32a021828c63bf4e50dcd109f12b1c21
Instruction Fuzzy Hash: C641B022709B8681DB25DF25A8502BD77A2AB85BB0F584239DA7D473D9EF3CE511C301

Function 00007FF6F9080714 Relevance: 12.1, APIs: 8, Instructions: 104threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6F9080741
GetCurrentThreadId.KERNEL32 ref: 00007FF6F908075C
GetCurrentThreadId.KERNEL32 ref: 00007FF6F9080772
xtime_get.LIBCPMT ref: 00007FF6F90807AE
GetCurrentThreadId.KERNEL32 ref: 00007FF6F90807C9
_Xtime_diff_to_millis2.LIBCPMT ref: 00007FF6F90807E4
GetCurrentThreadId.KERNEL32 ref: 00007FF6F90807FE
GetCurrentThreadId.KERNEL32 ref: 00007FF6F9080857

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CurrentThread$Xtime_diff_to_millis2xtime_get
String ID:
API String ID: 3218647749-0
Opcode ID: e64e5a5447870c834285efcfb5828636cb2d9b04f6c682d295efe35556a715bc
Instruction ID: 726a33426511fe7f84c2d4777aeec2b80e5245b6b5327be29ee5dda2e54c3dbf
Opcode Fuzzy Hash: e64e5a5447870c834285efcfb5828636cb2d9b04f6c682d295efe35556a715bc
Instruction Fuzzy Hash: BB41DB32E0D646C6EB649F15D8442AA7370EB44B44F504039DBAE826E8EF3DE8C6CB44

Function 00007FF6F909CA98 Relevance: 12.1, APIs: 8, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CAB8
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CADD
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CB07
moneypunct.LIBCPMT ref: 00007FF6F909CB61
std::_Facet_Register.LIBCPMT ref: 00007FF6F909CB79
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CB9A
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F909CBB4
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F909CBC5

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmoneypunctstd::bad_alloc::bad_alloc
String ID:
API String ID: 1374409470-0
Opcode ID: 3b7485f7c00ff1d19314a4d5ecedfc3cba27b288fb54ced7f76bf4c99f727a4d
Instruction ID: 5358e8a3a5e8d55082145d98e422ede9845f95515e683d2b1baf6e80a3db6c2a
Opcode Fuzzy Hash: 3b7485f7c00ff1d19314a4d5ecedfc3cba27b288fb54ced7f76bf4c99f727a4d
Instruction Fuzzy Hash: F0314D21E48B42A5EB15DF15EC400B97365EB94BA4F184239EA7E877EDEF2CE485C700

Function 00007FF6F9089AFC Relevance: 12.1, APIs: 8, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089B1C
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089B41
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089B6B
numpunct.LIBCPMT ref: 00007FF6F9089BC5
std::_Facet_Register.LIBCPMT ref: 00007FF6F9089BDD
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089BFE
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F9089C18
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9089C29

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrownumpunctstd::bad_alloc::bad_alloc
String ID:
API String ID: 3444589844-0
Opcode ID: 10688b1269fd84e81cccb73df0bb7d4e167434d17e8e98487df4bbe4a2e07745
Instruction ID: db86bd1fe2dd68e58a8b5d2e00b640bd27dbb6a1008bda762ecfdcccf93dd27c
Opcode Fuzzy Hash: 10688b1269fd84e81cccb73df0bb7d4e167434d17e8e98487df4bbe4a2e07745
Instruction Fuzzy Hash: E4312121B0DA4291EB15DF15ED400796365EB947A4F18423AEB7D877EDEF2CE485C700

Function 00007FF6F909C964 Relevance: 12.1, APIs: 8, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909C984
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909C9A9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909C9D3
messages.LIBCPMT ref: 00007FF6F909CA2D
std::_Facet_Register.LIBCPMT ref: 00007FF6F909CA45
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CA66
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F909CA80
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F909CA91

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
String ID:
API String ID: 3381189198-0
Opcode ID: 8564da937ee4bb52c3f21f8f14370469168e64e98a0d0afab44b17aa5a83a80b
Instruction ID: d39edcfead9608fe9cb063694a637f53ea805d9830316c1b553bec957ec57752
Opcode Fuzzy Hash: 8564da937ee4bb52c3f21f8f14370469168e64e98a0d0afab44b17aa5a83a80b
Instruction Fuzzy Hash: 49315D22E48B4291EB11DF19EC400B96764EB95BA4F184239EA7D877EDFF2CE585C700

Function 00007FF6F90899C8 Relevance: 12.1, APIs: 8, Instructions: 84COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90899E8
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089A0D
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089A37
messages.LIBCPMT ref: 00007FF6F9089A91
std::_Facet_Register.LIBCPMT ref: 00007FF6F9089AA9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089ACA
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F9089AE4
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9089AF5

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
String ID:
API String ID: 3381189198-0
Opcode ID: d102ee66f869b1f4d530f8e8e65fec3da162bfb0f6312889922cb4a8ea9a7b80
Instruction ID: 3a4535ff434d4165f2f54696f6f1cc6b1e8c95ba41bcba754d678b95ac6e7c5c
Opcode Fuzzy Hash: d102ee66f869b1f4d530f8e8e65fec3da162bfb0f6312889922cb4a8ea9a7b80
Instruction Fuzzy Hash: 38317B25B0DA02A1EB15EF65EC400B96360FB947A4F080639EB7D877EDEF2CE4468740

Function 00007FF6F909CBCC Relevance: 12.1, APIs: 8, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CBEC
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CC11
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CC3B
moneypunct.LIBCPMT ref: 00007FF6F909CC95
std::_Facet_Register.LIBCPMT ref: 00007FF6F909CCAD
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CCCE
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F909CCE8
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F909CCF9

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmoneypunctstd::bad_alloc::bad_alloc
String ID:
API String ID: 1374409470-0
Opcode ID: 3cb086bca6b3932f25bd418e78416ea28e76308afd68103b3908442e50c2bea3
Instruction ID: 3b965c1c688bc1e24a3e3ec860f16f066081022ef5804b7c2233241395a014bd
Opcode Fuzzy Hash: 3cb086bca6b3932f25bd418e78416ea28e76308afd68103b3908442e50c2bea3
Instruction Fuzzy Hash: 13317B62E08A4295EB15DF25EC400B96760FB95BA0F080239EA7D837EDFF2CE445C700

Function 00007FF6F9089C30 Relevance: 12.1, APIs: 8, Instructions: 84COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089C50
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089C75
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089C9F
numpunct.LIBCPMT ref: 00007FF6F9089CF9
std::_Facet_Register.LIBCPMT ref: 00007FF6F9089D11
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089D32
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F9089D4C
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9089D5D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrownumpunctstd::bad_alloc::bad_alloc
String ID:
API String ID: 3444589844-0
Opcode ID: 9a14a6e17cdb2768e5a339c65fab37816b8eeff472eb2a6330f2d5078aa8c804
Instruction ID: 06560c1b6e3fcb65c9a43c348b0fe40dc49a3caa9d05163a4ba00ba7e0617306
Opcode Fuzzy Hash: 9a14a6e17cdb2768e5a339c65fab37816b8eeff472eb2a6330f2d5078aa8c804
Instruction Fuzzy Hash: 64312C21A4DA4291EB15EF15EC400B967A4FB947A4F184239EB7D877EDEE2CE486C700

Function 00007FF6F908108C Relevance: 12.1, APIs: 8, Instructions: 84COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90810AC
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90810D1
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90810FB
messages.LIBCPMT ref: 00007FF6F9081155
std::_Facet_Register.LIBCPMT ref: 00007FF6F908116D
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908118E
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F90811A8
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90811B9

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
String ID:
API String ID: 3381189198-0
Opcode ID: 96cc5ed84c0ad44b3912cf8a647946ed8e13329890bd03cab1b3d0fd541989ec
Instruction ID: e927012cf802df5b76f5ffca49e42e7876984bfd0b61aae1754c6377b9940edf
Opcode Fuzzy Hash: 96cc5ed84c0ad44b3912cf8a647946ed8e13329890bd03cab1b3d0fd541989ec
Instruction Fuzzy Hash: D0313A22E0DA4291EB65DF15EC400B96368AF95BA4F184239DA7D876EDEE2CE485C700

Function 00007FF6F9089290 Relevance: 12.1, APIs: 8, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90892B0
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90892D5
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90892FF
moneypunct.LIBCPMT ref: 00007FF6F9089359
std::_Facet_Register.LIBCPMT ref: 00007FF6F9089371
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089392
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F90893AC
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90893BD

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmoneypunctstd::bad_alloc::bad_alloc
String ID:
API String ID: 1374409470-0
Opcode ID: 459d7b77116365acc94093b7e405309e730f83908df264e21d4b44966fa83f43
Instruction ID: 13e58b4fbf049d6e94343a879dbd218b75136528c7201a7aefb0f968c980145c
Opcode Fuzzy Hash: 459d7b77116365acc94093b7e405309e730f83908df264e21d4b44966fa83f43
Instruction Fuzzy Hash: 97310E21B0DA4291EB15EF55EC400B96365EB94BA4F184239EB7D876EDFF2CE445C700

Function 00007FF6F90894F8 Relevance: 12.1, APIs: 8, Instructions: 84COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089518
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F908953D
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089567
moneypunct.LIBCPMT ref: 00007FF6F90895C1
std::_Facet_Register.LIBCPMT ref: 00007FF6F90895D9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90895FA
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F9089614
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9089625

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmoneypunctstd::bad_alloc::bad_alloc
String ID:
API String ID: 1374409470-0
Opcode ID: 2f632cc1c20a26362cdab046b27027203a2c4e262fdf1182743a93095fba4e61
Instruction ID: a93f0c0a911f9bc303a4d4336a7be7b6e56351ac7307e4304620e6c5a955e4c4
Opcode Fuzzy Hash: 2f632cc1c20a26362cdab046b27027203a2c4e262fdf1182743a93095fba4e61
Instruction Fuzzy Hash: 75310E21A0DA4291EB15EF15EC400B96365EB95BA4F184235EB7DC77EDEF2CE4868700

Function 00007FF6F90893C4 Relevance: 12.1, APIs: 8, Instructions: 84COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90893E4
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089409
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089433
moneypunct.LIBCPMT ref: 00007FF6F908948D
std::_Facet_Register.LIBCPMT ref: 00007FF6F90894A5
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90894C6
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F90894E0
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90894F1

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmoneypunctstd::bad_alloc::bad_alloc
String ID:
API String ID: 1374409470-0
Opcode ID: 4d85737bd72922c63ffee81f12e5edae82289409f64832017a782d7f22625acf
Instruction ID: 645d640520f8b5ce096ea3e4e7b856b780883199fd072a0d136a7c155e7e31cc
Opcode Fuzzy Hash: 4d85737bd72922c63ffee81f12e5edae82289409f64832017a782d7f22625acf
Instruction Fuzzy Hash: B5315C21A0DA0291EB15EF15EC404B96364EF947A4F181235EB7E837EDEF2CE486C700

Function 00007FF6F9082660 Relevance: 12.1, APIs: 8, Instructions: 84COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9082680
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90826A5
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90826CF
messages.LIBCPMT ref: 00007FF6F9082729
std::_Facet_Register.LIBCPMT ref: 00007FF6F9082741
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9082762
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F908277C
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F908278D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
String ID:
API String ID: 3381189198-0
Opcode ID: cc986269916903b1f4ca633500454660843ea81379766bb38ac0f126560e9fd9
Instruction ID: c45f2d2eacc09095935ddff8efb9ff7a8a1714711a5ea68b0cddf2934157513b
Opcode Fuzzy Hash: cc986269916903b1f4ca633500454660843ea81379766bb38ac0f126560e9fd9
Instruction Fuzzy Hash: 2D314C25B0CB4291EB15DF1AEC400B96364EB95BE4F180639DA7D876EDEF2CE496C700

Function 00007FF6F909C6FC Relevance: 12.1, APIs: 8, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909C71C
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909C741
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909C76B
messages.LIBCPMT ref: 00007FF6F909C7C5
std::_Facet_Register.LIBCPMT ref: 00007FF6F909C7DD
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909C7FE
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F909C818
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F909C829

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
String ID:
API String ID: 3381189198-0
Opcode ID: 9a012c7a3332397a21073f42406b88680b884ee24ab4b75df02fa1f39f591b39
Instruction ID: 06173d1205ddcda05021844de1ac559b509fcc431838a630afff7e4973ea2571
Opcode Fuzzy Hash: 9a012c7a3332397a21073f42406b88680b884ee24ab4b75df02fa1f39f591b39
Instruction Fuzzy Hash: E3313E21E58B42A1EB15DF25EC400B96364EB94BA4F18423ADA7D877EDFF2CE585C700

Function 00007FF6F908962C Relevance: 12.1, APIs: 8, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F908964C
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089671
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908969B
messages.LIBCPMT ref: 00007FF6F90896F5
std::_Facet_Register.LIBCPMT ref: 00007FF6F908970D
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908972E
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F9089748
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9089759

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
String ID:
API String ID: 3381189198-0
Opcode ID: 787ef293c19ed1666d925d887057f502cfe4918e344ca5f519e98c96513b0932
Instruction ID: a21eb2adab37833f148ec3c02f39b5edd20b3b3f92069a997754ea6b7108e8bb
Opcode Fuzzy Hash: 787ef293c19ed1666d925d887057f502cfe4918e344ca5f519e98c96513b0932
Instruction Fuzzy Hash: D6313D61B0DA4291EB15EF15EC400B96364AB94BA4F180235EB7E877EDEE2CE496C700

Function 00007FF6F9089894 Relevance: 12.1, APIs: 8, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90898B4
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90898D9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089903
messages.LIBCPMT ref: 00007FF6F908995D
std::_Facet_Register.LIBCPMT ref: 00007FF6F9089975
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089996
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F90899B0
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90899C1

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
String ID:
API String ID: 3381189198-0
Opcode ID: 4cfd44ccc9993a6baebe831ef451af701858d4ebc743b38aab345ce5a672cfe3
Instruction ID: c87863432791dcc24d21b4ac09c5d772c058e576139da440b4da069474cf0c6d
Opcode Fuzzy Hash: 4cfd44ccc9993a6baebe831ef451af701858d4ebc743b38aab345ce5a672cfe3
Instruction Fuzzy Hash: E8312122B0DA4291EB15DF19EC4007967A4EB957A4F180635EBBD877EDEF2CE446C700

Function 00007FF6F9089760 Relevance: 12.1, APIs: 8, Instructions: 84COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089780
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90897A5
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90897CF
messages.LIBCPMT ref: 00007FF6F9089829
std::_Facet_Register.LIBCPMT ref: 00007FF6F9089841
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089862
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F908987C
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F908988D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
String ID:
API String ID: 3381189198-0
Opcode ID: bd6c7f70aa7a086b9df065dfff25bfaef2899a811436cf7bad175b024ae4f0d7
Instruction ID: 1e711a043400892ed98ee506137bf561f38c019f19aaac0d3f72b73f21799a25
Opcode Fuzzy Hash: bd6c7f70aa7a086b9df065dfff25bfaef2899a811436cf7bad175b024ae4f0d7
Instruction Fuzzy Hash: FE314F22A0DA4291EB15EF15EC400796365EB95BA4F184239EB7D877EDEF2CE486C700

Function 00007FF6F909C830 Relevance: 12.1, APIs: 8, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909C850
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909C875
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909C89F
messages.LIBCPMT ref: 00007FF6F909C8F9
std::_Facet_Register.LIBCPMT ref: 00007FF6F909C911
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909C932
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F909C94C
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F909C95D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowmessagesstd::bad_alloc::bad_alloc
String ID:
API String ID: 3381189198-0
Opcode ID: 1e557ae58a6be1c1c89c2f8c13843b85a31bedc3d0174689acf4afa9ce3eb672
Instruction ID: 27348a2a49c98c079c3904fb3a272e8c6183629389d2eea36fd06d72c7fe5aa3
Opcode Fuzzy Hash: 1e557ae58a6be1c1c89c2f8c13843b85a31bedc3d0174689acf4afa9ce3eb672
Instruction Fuzzy Hash: 90313D22E08A42A1EB15DF19EC400B96364FB95BA4F184239EA7D877EDFF2CE445C700

Function 00007FF6F90DD44C Relevance: 10.8, APIs: 7, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90DD8B5

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 388f10cd296e545faa9b3c947cf95eb3c133e808b1fc39d2b8799aa3514dc878
Instruction ID: 6bbb392df6c737f7cbf20602e660030c9051254d0b1af8d5d0fddc352d2597aa
Opcode Fuzzy Hash: 388f10cd296e545faa9b3c947cf95eb3c133e808b1fc39d2b8799aa3514dc878
Instruction Fuzzy Hash: 9CC1D862A0878245E7659F259C002BD2B92BF80B80F45513EEA6E87BDDFF3CE549C711

Function 00007FF6F907B150 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 196COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907B45C

Strings

WXYZ, xrefs: 00007FF6F907B1D8
.exe, xrefs: 00007FF6F907B1FC
4567, xrefs: 00007FF6F907B1E8
89, xrefs: 00007FF6F907B1F0
0123, xrefs: 00007FF6F907B1E0

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: .exe$0123$4567$89$WXYZ
API String ID: 3668304517-3065352625
Opcode ID: 090fc058a325bb5840cfb1d1aeee143479e0404b3b7d232949cd0abe2971d524
Instruction ID: 70e8a39db8e512f6720b97736f7f963e77e6c65ea3f31e76b1f47752d6eb49b1
Opcode Fuzzy Hash: 090fc058a325bb5840cfb1d1aeee143479e0404b3b7d232949cd0abe2971d524
Instruction Fuzzy Hash: E281B032B18B8189EB20CF65E8443AD67A1FB457A4F540239EA6D87FD9EF38D181C701

Function 00007FF6F90D0C80 Relevance: 10.6, APIs: 7, Instructions: 122COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D0CE8
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6F90D0C79), ref: 00007FF6F90D0D06
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6F90D0C79), ref: 00007FF6F90D0D13
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6F90D0C79), ref: 00007FF6F90D0D4E
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6F90D0C79), ref: 00007FF6F90D0D58
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90D0C79), ref: 00007FF6F90D0DFC
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90D0C79), ref: 00007FF6F90D0E06

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide$_invalid_parameter_noinfo
String ID:
API String ID: 351348912-0
Opcode ID: 5867f64a99bd49bd0d8054cd6f6ffac70b4abd963a733690479a945ad6c9b596
Instruction ID: e2198019e18a90dbc63f02c818f549cb47768a46fac47f64fdf03608a53467db
Opcode Fuzzy Hash: 5867f64a99bd49bd0d8054cd6f6ffac70b4abd963a733690479a945ad6c9b596
Instruction Fuzzy Hash: 4C418162B08B4681EB659F26AC04379A6A5BF84B94F04413EEE6D837D9FF3CE401C704

Function 00007FF6F9076BC0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 113COMMON

Download Yara Rule

APIs

std::locale::_Init.LIBCPMT ref: 00007FF6F9076C38

Part of subcall function 00007FF6F907F5D4: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F907F5F2
Part of subcall function 00007FF6F907F5D4: std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00007FF6F907F606
Part of subcall function 00007FF6F907F5D4: std::locale::_Setgloballocale.LIBCPMT ref: 00007FF6F907F611
Part of subcall function 00007FF6F907F5D4: _Yarn.LIBCPMT ref: 00007FF6F907F628
Part of subcall function 00007FF6F907F5D4: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F907F66D

std::ios_base::_Addstd.LIBCPMT ref: 00007FF6F9076CC3
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9076D2F

Strings

ios_base::badbit set, xrefs: 00007FF6F9076CE7
ios_base::failbit set, xrefs: 00007FF6F9076CF2
ios_base::eofbit set, xrefs: 00007FF6F9076CF9

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::locale::_$Lockitstd::_$AddstdExceptionInitLocimpLocimp::_Lockit::_Lockit::~_New_SetgloballocaleThrowYarnstd::ios_base::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2033144875-1866435925
Opcode ID: 83824d63f6dd518ec7a716ce279713dc2d1319dcb7a74af62807e9dfe8645359
Instruction ID: 87a5ffed36ab7de1d05dee94768e17391d6cba970acf0e4557dbbaf910e189a7
Opcode Fuzzy Hash: 83824d63f6dd518ec7a716ce279713dc2d1319dcb7a74af62807e9dfe8645359
Instruction Fuzzy Hash: 6E41C632A04B4186EB14DF15E8802AD37A4FB44FA4F544139EB6E977E9EF39E452C341

Function 00007FF6F9072DC0 Relevance: 10.6, APIs: 7, Instructions: 111COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9072E03
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9072E26
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9072E53
std::_Locinfo::_Locinfo.LIBCPMT ref: 00007FF6F9072EEB
_Getctype.LIBCPMT ref: 00007FF6F9072F0B
std::_Facet_Register.LIBCPMT ref: 00007FF6F9072F3E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9072F5B

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfoLocinfo::_Register
String ID:
API String ID: 1048444095-0
Opcode ID: 1117332309c7cbc8d21ddff4dd82d100fbe68fa51b7b9168f0fddeace453fcd6
Instruction ID: dee9daadff9a03c3a63ec9e38355925f0bdb30ccb6f6ed1319c33f4b5d5e0f83
Opcode Fuzzy Hash: 1117332309c7cbc8d21ddff4dd82d100fbe68fa51b7b9168f0fddeace453fcd6
Instruction Fuzzy Hash: 9C516B21A09B4281EB21DF19EC403B973A4FB94BA4F058139DA6D833E9EF3CE485C301

Function 00007FF6F90C2344 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.NTDLL ref: 00007FF6F90C23BB
FindSITargetTypeInstance.LIBVCRUNTIME ref: 00007FF6F90C23EF
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00007FF6F90C2417
FindVITargetTypeInstance.LIBVCRUNTIME ref: 00007FF6F90C241E

Strings

Bad dynamic_cast!, xrefs: 00007FF6F90C2486

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: FindInstanceTargetType$FileHeader
String ID: Bad dynamic_cast!
API String ID: 1429038817-2956939130
Opcode ID: d4fad69649a260f20efbd95d980eae0fe95562dbdae86f46c21a25584120a0be
Instruction ID: 8100206c461abc828d22c18d1872c80d34b76033f07ce695e09e71635ebef57b
Opcode Fuzzy Hash: d4fad69649a260f20efbd95d980eae0fe95562dbdae86f46c21a25584120a0be
Instruction Fuzzy Hash: BE41B222B19A8793EB64CF65DC806796390BF44B94F004539DE6D83B88EF3CE045C710

Function 00007FF6F9089E98 Relevance: 10.6, APIs: 7, Instructions: 84COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089EB8
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089EDD
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089F07
std::_Facet_Register.LIBCPMT ref: 00007FF6F9089F79
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089F9A
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F9089FB4
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9089FC5

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
String ID:
API String ID: 4235596951-0
Opcode ID: cce80c1528d2971b2fc71faaa615b8cd69dc9224225962b24e8b0fd87f9db37b
Instruction ID: 7a08a2045342f0e9dc283a822a981662e4bc2274a6c116b9260071947a5631a5
Opcode Fuzzy Hash: cce80c1528d2971b2fc71faaa615b8cd69dc9224225962b24e8b0fd87f9db37b
Instruction Fuzzy Hash: 01314D21A0DA4291EB19EF25EC400B96365FB957A4F084235EB7D877EEEF2CE445C700

Function 00007FF6F909CE34 Relevance: 10.6, APIs: 7, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CE54
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CE79
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CEA3
std::_Facet_Register.LIBCPMT ref: 00007FF6F909CF15
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CF36
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F909CF50
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F909CF61

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
String ID:
API String ID: 4235596951-0
Opcode ID: f67a88f065306ac4569016a9ccd68073b067aeabf4232f1473efa7adb572a843
Instruction ID: dfff6e52e10f3aedef8584aac22289d8badc85cc9d0eaf942d0520389565c7a6
Opcode Fuzzy Hash: f67a88f065306ac4569016a9ccd68073b067aeabf4232f1473efa7adb572a843
Instruction Fuzzy Hash: 3C317321E0DB4291EB15DF15EC400B96364EB95BA4F180235EA7E837EDEF2CE485C700

Function 00007FF6F908A100 Relevance: 10.6, APIs: 7, Instructions: 84COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F908A120
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F908A145
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908A16F
std::_Facet_Register.LIBCPMT ref: 00007FF6F908A1E1
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908A202
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F908A21C
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F908A22D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
String ID:
API String ID: 4235596951-0
Opcode ID: ad43b0b21893440a6b5cfa61db75e69c0fd79c7b1a4809ae3aa0d9c3a333083a
Instruction ID: 3f7090bbf8755222fbb0f30ef28f5dc3327c595080e657eeb0c2ef2865747208
Opcode Fuzzy Hash: ad43b0b21893440a6b5cfa61db75e69c0fd79c7b1a4809ae3aa0d9c3a333083a
Instruction Fuzzy Hash: 44313021B0DA4291EB56DF15EC400B96365EB94BA4F184235EA7D87BEDEF2CE486C700

Function 00007FF6F9089FCC Relevance: 10.6, APIs: 7, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089FEC
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F908A011
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908A03B
std::_Facet_Register.LIBCPMT ref: 00007FF6F908A0AD
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908A0CE
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F908A0E8
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F908A0F9

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$ExceptionFacet_RegisterThrowstd::bad_alloc::bad_alloc
String ID:
API String ID: 4235596951-0
Opcode ID: 7d968b1df914a71798d3e0a9f5744b92dbdcf9654c340ff1752623abb446fda4
Instruction ID: 5f60bb60212854d507e1a549a83d0d4c27d4bfec0b1acdbaab5e3ef1f00ca061
Opcode Fuzzy Hash: 7d968b1df914a71798d3e0a9f5744b92dbdcf9654c340ff1752623abb446fda4
Instruction Fuzzy Hash: F7314121A1EA4291EB55DF15EC400796364EB947A4F184235EA7D87BEDFF2CE446C700

Function 00007FF6F9089D64 Relevance: 10.6, APIs: 7, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089D84
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089DA9
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089DD3
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089E66

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 593203224-0
Opcode ID: f30e898e6549f00571e8546b7cce91e437940e85354038f9996e2233ca21565c
Instruction ID: dd6667ea90125610782648cb5b1c34805eccca916122d12deee629398e06b093
Opcode Fuzzy Hash: f30e898e6549f00571e8546b7cce91e437940e85354038f9996e2233ca21565c
Instruction Fuzzy Hash: 95310B22A0DA4291EB15EF15EC400B96764EB95BA4F184235EB7D87BEDEF2CE445C700

Function 00007FF6F909CD00 Relevance: 10.6, APIs: 7, Instructions: 82COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CD20
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909CD45
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CD6F
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F909CE02

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID:
API String ID: 593203224-0
Opcode ID: 0ab486d89b916da3138881fe39bba0c11599e7c2e34847b66f0bc9008059230e
Instruction ID: 9a7eb49405a0a75dd06087ef5d1312eaf5bb1da6e799e5c81ae51fcf197ab324
Opcode Fuzzy Hash: 0ab486d89b916da3138881fe39bba0c11599e7c2e34847b66f0bc9008059230e
Instruction Fuzzy Hash: C9316022E09A4295EB11DF15EC400B96764FB94BA4F08423AEA7E877EDEF2CE445C700

Function 00007FF6F907E9D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32 ref: 00007FF6F907EA27
GetLastError.KERNEL32 ref: 00007FF6F907EA60
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F907EA90

Strings

lloc, xrefs: 00007FF6F907EA06
ualA, xrefs: 00007FF6F907E9FE
Virt, xrefs: 00007FF6F907E9F6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AllocErrorExceptionLastThrowVirtual
String ID: Virt$lloc$ualA
API String ID: 907125667-1619206022
Opcode ID: 0096d44dffaf4607507c0c90516fdef95b6fb7c5494e70a4045b5ae478b51b74
Instruction ID: 6ed1e5ab97975d3f2ffedc0008e2619121c573227e0e9c4dc6daf915cf670a7c
Opcode Fuzzy Hash: 0096d44dffaf4607507c0c90516fdef95b6fb7c5494e70a4045b5ae478b51b74
Instruction Fuzzy Hash: BA11C1A1B1868191EB20DF25E8453AA7760AB867A0F044139DABC8B7EDFF3DD5458B00

Function 00007FF6F90E552C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6F90E555D
GetLastError.KERNEL32 ref: 00007FF6F90E5569
CloseHandle.KERNEL32 ref: 00007FF6F90E5581
CreateFileW.KERNEL32 ref: 00007FF6F90E55AC
WriteConsoleW.KERNEL32 ref: 00007FF6F90E55CB

Strings

CONOUT$, xrefs: 00007FF6F90E558D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: e08065fa919532bd172bc3d0274e671b7715f678acaef7576f04e0797315584c
Instruction ID: 095da8d0eef68b091e9d21efd068a2e50d63bf580b11fbc982c94a0a63b21968
Opcode Fuzzy Hash: e08065fa919532bd172bc3d0274e671b7715f678acaef7576f04e0797315584c
Instruction Fuzzy Hash: AF118162B18A4186E750AF46EC5432976B4FB98BE4F440238EA7DC77E8EF3CD9548740

Function 00007FF6F90AAA6C Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90AAA93
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90AAAA4
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90AAAB6
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90AAAC7

Strings

version, xrefs: 00007FF6F90AAAAA
pScheduler, xrefs: 00007FF6F90AAA87

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrowstd::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 1079095653-3154422776
Opcode ID: 72ef138237fec66464d4bb8e9962ed5c05b4bf87a9061cac3b4de145a4568324
Instruction ID: 89a224c54492f6891aa4be55ab03eab9a4cc14c280eb6268b37160bd3edc739e
Opcode Fuzzy Hash: 72ef138237fec66464d4bb8e9962ed5c05b4bf87a9061cac3b4de145a4568324
Instruction Fuzzy Hash: 77F067A2E1850BA4EF25DF00EC400A46362FB60388FA0043AE17D868EDFF2CE249C705

Function 00007FF6F9073150 Relevance: 9.1, APIs: 6, Instructions: 119COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9073190
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90731B3
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90731E0
std::_Locinfo::_Locinfo.LIBCPMT ref: 00007FF6F907328E
std::_Facet_Register.LIBCPMT ref: 00007FF6F90732DD
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90732FA

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::_Register
String ID:
API String ID: 1750885376-0
Opcode ID: 42cb51d2101887a47301346b431fa299c0f77afd89874528af20c3fe4dd02fa1
Instruction ID: 965a697104de2ca594f18c374950370e3ab185dd6c9436d03c5a74dfa954e716
Opcode Fuzzy Hash: 42cb51d2101887a47301346b431fa299c0f77afd89874528af20c3fe4dd02fa1
Instruction Fuzzy Hash: DF514A32A09B4284EB65DF25E8403A973A4FB59BA4F544139DA6D833D9EF3CE446C341

Function 00007FF6F9072F90 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9072FD3
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9072FF6
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9073023
std::_Locinfo::_Locinfo.LIBCPMT ref: 00007FF6F90730BB
std::_Facet_Register.LIBCPMT ref: 00007FF6F90730F5
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9073112

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::_Register
String ID:
API String ID: 1750885376-0
Opcode ID: e13b4916b3d0b7b1f29c18ef919b3000c1c4477abb046fe9e9ce4f3ea682de5f
Instruction ID: 21a15c5ff143e1953cf3de82307867c9884ae9ebee7c6235c95894735df589db
Opcode Fuzzy Hash: e13b4916b3d0b7b1f29c18ef919b3000c1c4477abb046fe9e9ce4f3ea682de5f
Instruction Fuzzy Hash: 88416861A09B4290FB25DF15EC503B963A4EB55BA0F09413ACA6D833DDEF3DE885C342

Function 00007FF6F909C5C8 Relevance: 9.1, APIs: 6, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F909C5E8

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: dc51cb4e30d41db8caa03f08c5183aca40d5ea447b0cedc8d4ebb7de1ab473f0
Instruction ID: 92b0d37cfedc0ef53c8d87412c0b45984dcadc025e87ceb6588be7a349577624
Opcode Fuzzy Hash: dc51cb4e30d41db8caa03f08c5183aca40d5ea447b0cedc8d4ebb7de1ab473f0
Instruction Fuzzy Hash: BB21A422E08B4291EB15DF29EC000796364EB94BA4F181235EBBD877EDEF2CE446C700

Function 00007FF6F9091F64 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

_Getcvt.LIBCPMT ref: 00007FF6F9091F6D
_Getvals.LIBCPMT ref: 00007FF6F90920E0

Strings

,, xrefs: 00007FF6F9092035
true, xrefs: 00007FF6F9091FDF
false, xrefs: 00007FF6F9091FC5

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: GetcvtGetvals
String ID: ,$false$true
API String ID: 1915861045-760133229
Opcode ID: 5a6db18cb9aaf7a7c40cd0816283021d5bfb6c8945b8ccbb6c2466d079df25f8
Instruction ID: 45e6cfe97b3c6f1f635e91450fe805beba8a40766d101987280584405212f3f0
Opcode Fuzzy Hash: 5a6db18cb9aaf7a7c40cd0816283021d5bfb6c8945b8ccbb6c2466d079df25f8
Instruction Fuzzy Hash: BE41512661CAC182E761CF24E4401EAB7A0FB853A4F445226EB9E4369DEF3CD185CB00

Function 00007FF6F9073640 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907377C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9073782

Strings

ios_base::badbit set, xrefs: 00007FF6F90738B0
ios_base::failbit set, xrefs: 00007FF6F9073640, 00007FF6F90738BC
ios_base::eofbit set, xrefs: 00007FF6F90738C3

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 3668304517-1866435925
Opcode ID: ce5efb31be3d80cf0ce667bb522ec130d027e30b745915f044dcf0a40c8a15f9
Instruction ID: a95a79cc7295686db55d56f21d6f96425ccda0e6ba60b7046e9bd517d44535e9
Opcode Fuzzy Hash: ce5efb31be3d80cf0ce667bb522ec130d027e30b745915f044dcf0a40c8a15f9
Instruction Fuzzy Hash: C7318562A18B8651FB109F68E8053AAA311FB957B4F405335E6BD827DDFF6CD180C741

Function 00007FF6F90D7384 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_ctrlfp.LIBCMT ref: 00007FF6F90D741B
_set_errno_from_matherr.LIBCMT ref: 00007FF6F90D7430
_ctrlfp.LIBCMT ref: 00007FF6F90D743D
_set_errno_from_matherr.LIBCMT ref: 00007FF6F90D7444

Strings

exp, xrefs: 00007FF6F90D73AB

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _ctrlfp_set_errno_from_matherr
String ID: exp
API String ID: 4230380726-113136155
Opcode ID: 4a0b32c48e246b9a52872eedfe415e23741a1b697d816cba6a4ef9322b349a1b
Instruction ID: 2ecda8f18cf7e974b4119b25ec31168f2e08d3c5b54e992db81cd29525c6f018
Opcode Fuzzy Hash: 4a0b32c48e246b9a52872eedfe415e23741a1b697d816cba6a4ef9322b349a1b
Instruction Fuzzy Hash: 9E211076A186858BD760CF28E84016E76A1FF88740F50513AFAADC2B9DEF3CD5049F00

Function 00007FF6F90B3D74 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90B3DC3
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B3DD4
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B3DF0
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B3E0C

Part of subcall function 00007FF6F90B5230: TlsGetValue.KERNEL32(?,?,?,00007FF6F90B3D92), ref: 00007FF6F90B5242

Strings

pScheduler, xrefs: 00007FF6F90B3DB7

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrow$Valuestd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 1003427811-923244539
Opcode ID: 23c3d0de890831ee0a9add91377922055746caf07640ccc199c89593e127323f
Instruction ID: 494c45827073b167bee82e709768ff7b7b9f494bb6c6e5c065c1c9fb76d6f7e4
Opcode Fuzzy Hash: 23c3d0de890831ee0a9add91377922055746caf07640ccc199c89593e127323f
Instruction Fuzzy Hash: FC014FA2A1894652EF25EF05D8500B96371FF94788FA04035E6ADC69FEFE2CE549C700

Function 00007FF6F90BE4A4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90BE4F8
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BE509
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BE525
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BE541

Strings

pContext, xrefs: 00007FF6F90BE4EC

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrow$std::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3084224051-2046700901
Opcode ID: c13d226b9dfa8510147f47651518070281f47e175b8fb78a2b9b51c3fc1173e0
Instruction ID: 176a9ae259875553757d5b1574a5fea27a48801cd6b7af5368f34cf368b73fbc
Opcode Fuzzy Hash: c13d226b9dfa8510147f47651518070281f47e175b8fb78a2b9b51c3fc1173e0
Instruction Fuzzy Hash: 56115A62A1894A91EF15EF15DC500B96361FF90B88F905035EA7EC66F9FE2CE549C300

Function 00007FF6F9087442 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

_Yarn.LIBCPMT ref: 00007FF6F9087449
_Yarn.LIBCPMT ref: 00007FF6F9087489

Strings

:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December, xrefs: 00007FF6F908749B
:AM:am:PM:pm, xrefs: 00007FF6F90874BA
:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday, xrefs: 00007FF6F908745B

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Yarn
String ID: :AM:am:PM:pm$:Jan:January:Feb:February:Mar:March:Apr:April:May:May:Jun:June:Jul:July:Aug:August:Sep:September:Oct:October:Nov:November:Dec:December$:Sun:Sunday:Mon:Monday:Tue:Tuesday:Wed:Wednesday:Thu:Thursday:Fri:Friday:Sat:Saturday
API String ID: 1767336200-35662545
Opcode ID: 79e69241a29a73c47b507ba0a4561c25bb9ca2756b70f31496cc51e7068838eb
Instruction ID: f9d9203bf0fa0e987d9fafbe702354d8c388bb48c91cc10c18354f58d150e304
Opcode Fuzzy Hash: 79e69241a29a73c47b507ba0a4561c25bb9ca2756b70f31496cc51e7068838eb
Instruction Fuzzy Hash: D7013C26A08B8281EB04EF22D8553B923A1EF88BD8F444139DA1C877CEEF3CD545C390

Function 00007FF6F90BDFF4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Concurrency::details::VirtualProcessorRoot::ResetSubscriptionLevel.LIBCONCRT ref: 00007FF6F90BE00C

Part of subcall function 00007FF6F90BE064: Concurrency::details::SchedulerProxy::DecrementCoreSubscription.LIBCONCRT ref: 00007FF6F90BE07D

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90BE02E
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BE03F
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BE05B

Strings

pScheduler, xrefs: 00007FF6F90BE022

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::details::ExceptionSubscriptionThrow$CoreDecrementLevelProcessorProxy::ResetRoot::SchedulerVirtualstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 3788913018-923244539
Opcode ID: b1dafd2b5d159991c940216b2016126b22ffd41fa414ac92279b832134687d83
Instruction ID: 1d3e5876de3227fedb2f60ca523b09e959b5930142bf5612203a2a80b40ebedd
Opcode Fuzzy Hash: b1dafd2b5d159991c940216b2016126b22ffd41fa414ac92279b832134687d83
Instruction Fuzzy Hash: 34F08CA2A2894B91EF25EF04D8500B85371FF50788F905435DA7DCAAEDFE2CE649C701

Function 00007FF6F90C7110 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6F90C712C
GetProcAddress.KERNEL32 ref: 00007FF6F90C7142
FreeLibrary.KERNEL32 ref: 00007FF6F90C715F

Strings

mscoree.dll, xrefs: 00007FF6F90C7123
CorExitProcess, xrefs: 00007FF6F90C713B

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 0f34e98f4a7d712abe554ed76f4c7fc3e1878c79dc3be099c6deeab263af7b68
Instruction ID: c7173b16f438b89afc354c612887c1ba36dd77ecc89f548940e902e40888613f
Opcode Fuzzy Hash: 0f34e98f4a7d712abe554ed76f4c7fc3e1878c79dc3be099c6deeab263af7b68
Instruction Fuzzy Hash: 6DF05EA1B1964282EF485F60EC843752365EF88744F44103DDA3FC66E8EE2CD588C310

Function 00007FF6F90E57FC Relevance: 7.7, APIs: 5, Instructions: 245COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a52775d09e562e435926eb87e210c581af98815a0a3b8116f756561f35ed8cbe
Instruction ID: 31c58f06c0ef98a2b9ffa5c8107832fbf07e0a25b339bb6e3d3b9d2297fa3326
Opcode Fuzzy Hash: a52775d09e562e435926eb87e210c581af98815a0a3b8116f756561f35ed8cbe
Instruction Fuzzy Hash: 08A1C462B0978246FF616F1189603BA66D2AF40BA4F584A39DA7D977CDFF3DE4448300

Function 00007FF6F90DC3FC Relevance: 7.7, APIs: 5, Instructions: 224COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90DC440

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2e2aae7eef73db643bb20f643d42d83acb24b7cea38b6c5a1ff1f306df41f32c
Instruction ID: b7db02cd82d9489b6ba59305e05086396f29976c7b435881b2c4c9b2431e2390
Opcode Fuzzy Hash: 2e2aae7eef73db643bb20f643d42d83acb24b7cea38b6c5a1ff1f306df41f32c
Instruction Fuzzy Hash: 8D91B022E18A22A5EB559F659C406BD2762BF54B84F00513ADE2E977DDEF38E442C310

Function 00007FF6F90C7C28 Relevance: 7.7, APIs: 5, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90C7C84

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 71d07e8bc5b4c40419a36865c1dc6e598739140e3669d3ce770438e2d6ad1965
Instruction ID: 63522b335d16a904e919c94d0a7fb776b1c66c290d8f64e0e0967b8f57c8af67
Opcode Fuzzy Hash: 71d07e8bc5b4c40419a36865c1dc6e598739140e3669d3ce770438e2d6ad1965
Instruction Fuzzy Hash: 2191A522A0964286EB618F119C806BD66A5BF44BA4F544639EE7D877DDFF3CD842C320

Function 00007FF6F90D6D88 Relevance: 7.7, APIs: 5, Instructions: 160COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6F90D6DC2
_set_statfp.LIBCMT ref: 00007FF6F90D6DE0
_set_statfp.LIBCMT ref: 00007FF6F90D6E09
_set_statfp.LIBCMT ref: 00007FF6F90D6FC4

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 5b39ec1b62ef9cb3d82bf92e2da72284b7f70405199098550c91011f644fc3f4
Instruction ID: b4e6b3dea8d0d9eabfa5926f80a68b04a1b342965f73c70c8132a79b5183598b
Opcode Fuzzy Hash: 5b39ec1b62ef9cb3d82bf92e2da72284b7f70405199098550c91011f644fc3f4
Instruction Fuzzy Hash: E851A512E18E4A85E7229F28DC5037AA352BF45754F40863EFA7D967D8FF3CE4818600

Function 00007FF6F90DBD58 Relevance: 7.7, APIs: 5, Instructions: 152fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6F90DC607), ref: 00007FF6F90DBDB9
WideCharToMultiByte.KERNEL32 ref: 00007FF6F90DBE9B
WriteFile.KERNEL32 ref: 00007FF6F90DBEC3
WriteFile.KERNEL32 ref: 00007FF6F90DBF02
GetLastError.KERNEL32 ref: 00007FF6F90DBF47

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
String ID:
API String ID: 3659116390-0
Opcode ID: 02fd73176117bd439747371dae0259dd7f702533b3b1dd400b979c524323b8e3
Instruction ID: 1892625a267cb9fb2d6d515a1fd832f80a123c8a888936382022c3cd430640e0
Opcode Fuzzy Hash: 02fd73176117bd439747371dae0259dd7f702533b3b1dd400b979c524323b8e3
Instruction Fuzzy Hash: 51517E72F14A5289E710CF65E8402AD3BB1FB08798F44853ADE6E877D8EE38D545C700

Function 00007FF6F90CB484 Relevance: 7.6, APIs: 5, Instructions: 145COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CB4EF
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CB537
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CB579
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CB5AE
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CB61A

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 95add7e9165ed8ea0344261a7692415332c02a2bd4c4ab729b10abc044ca4d0f
Instruction ID: 290ee7b7af3694f03db09cd6819ebe9fb2b006d7734b4d61573df83540f5d38c
Opcode Fuzzy Hash: 95add7e9165ed8ea0344261a7692415332c02a2bd4c4ab729b10abc044ca4d0f
Instruction Fuzzy Hash: A251956290D69685EB518F24D8503BC3BA1AB85F44F588079D7ACC73CEEF2DE416C722

Function 00007FF6F907B020 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 96COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F907B13B

Strings

ios_base::badbit set, xrefs: 00007FF6F907B0F2
ios_base::failbit set, xrefs: 00007FF6F907B0FE
, xrefs: 00007FF6F907B4F1
ios_base::eofbit set, xrefs: 00007FF6F907B105

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrow
String ID: $ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 432778473-3951162480
Opcode ID: 72ea5f8c44b095c2b341faa189da0af77ec9eaa9c2887ec51d0280da01b0b587
Instruction ID: d3012a76bdcc38ece8018156b4f365b23cc6481e8933ea91f144b361725be0d5
Opcode Fuzzy Hash: 72ea5f8c44b095c2b341faa189da0af77ec9eaa9c2887ec51d0280da01b0b587
Instruction Fuzzy Hash: 01316D72604A0581EF14DF19C89027967A0EF40FA5F548639DA3E873E8EF2DD846C342

Function 00007FF6F90BD0DC Relevance: 7.6, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent.LIBCONCRT ref: 00007FF6F90BD134
SetEvent.KERNEL32 ref: 00007FF6F90BD14D
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BD17D
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BD199
Concurrency::details::VirtualProcessor::ThrowVirtualProcessorEvent.LIBCONCRT ref: 00007FF6F90BD1DC

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ThrowVirtual$Event$Concurrency::details::ExceptionProcessorProcessor::
String ID:
API String ID: 2357715348-0
Opcode ID: c3ee152ca42d32e24890e8de32dc4a01bdf930be7a2fdba1709aaad9126b0b61
Instruction ID: be7d31cb12ff96daf29cc7d442d10b2ac1ac08823434d7c542f9d63edb76b2e2
Opcode Fuzzy Hash: c3ee152ca42d32e24890e8de32dc4a01bdf930be7a2fdba1709aaad9126b0b61
Instruction Fuzzy Hash: 6731AFA1E1894692EB24DF25EC501B963B5EF94B48F141039DA7EC73E9FE2DE488C700

Function 00007FF6F9080A7C Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

xtime_get.LIBCPMT ref: 00007FF6F9080ADC
_Xtime_diff_to_millis2.LIBCPMT ref: 00007FF6F9080AF8
xtime_get.LIBCPMT ref: 00007FF6F9080B1D
_Xtime_diff_to_millis2.LIBCPMT ref: 00007FF6F9080B2A
_Mtx_reset_owner.LIBCPMT ref: 00007FF6F9080B3C

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Xtime_diff_to_millis2xtime_get$Mtx_reset_owner
String ID:
API String ID: 638720424-0
Opcode ID: 44aa5243e6c6a4e6666a266b2b6eac0e1bc7a671ce2fcd92bd286f589ebaefcc
Instruction ID: ac16d39b31b68758299dd511a2955530ea6623c1427310d4aa2332205ff690ce
Opcode Fuzzy Hash: 44aa5243e6c6a4e6666a266b2b6eac0e1bc7a671ce2fcd92bd286f589ebaefcc
Instruction Fuzzy Hash: 5F212F52B0C54286EB18EF16EC511BA63A1BF88FC4F454035ED5D877DAEE3CD5468B08

Function 00007FF6F90E249C Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6F90E24C4
_set_statfp.LIBCMT ref: 00007FF6F90E24DF
_set_statfp.LIBCMT ref: 00007FF6F90E24FB
_set_statfp.LIBCMT ref: 00007FF6F90E2537

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: e85e589465e8c342b262a1cd7525f310e6f4d00c3f542fea3a454d13f6af990b
Instruction ID: 0ec741aa7fc214a4654e2b082e7769c4807876b68c733f1297d5b6719e05ae08
Opcode Fuzzy Hash: e85e589465e8c342b262a1cd7525f310e6f4d00c3f542fea3a454d13f6af990b
Instruction Fuzzy Hash: B3118C63E18A0346F7683D2CEE6637910526F58370F494A3DE97EC66EEFE2CE8414200

Function 00007FF6F9088A24 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088A44

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: a65d5929713a9101d83c6602be6fa7d320eb173ec439c386c1f6c77a5349f831
Instruction ID: b94fcf3e6a2414e60724fbec55e0e682073582def7d0cc5856ee3d43cf96b7ab
Opcode Fuzzy Hash: a65d5929713a9101d83c6602be6fa7d320eb173ec439c386c1f6c77a5349f831
Instruction Fuzzy Hash: 0B119322B0DA0251FF299F25DC404756755AB907B4F180335EA7D866EDFF2CE886C700

Function 00007FF6F9088C8C Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088CAC

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: 4546943baa67c76c94b2eb76d64478b3f0c4262e27f41adb309958f97f0364ef
Instruction ID: cddc8a48034c974b6f04ff314ed65a8cad51945cfa75be35df67b415a4ffc55e
Opcode Fuzzy Hash: 4546943baa67c76c94b2eb76d64478b3f0c4262e27f41adb309958f97f0364ef
Instruction Fuzzy Hash: 02116622B0DB4251EB299F25DC004B56755ABA07B4F184735EA7D876EDFE2CE886C700

Function 00007FF6F9088B58 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088B78

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: eb127ad6b9ab837b3096df53b011fb5a61d8475777e4108075ed068c02301838
Instruction ID: 1960b47d1ef043568a8dbd400d704f960fed7646f26084d259ded7c15afeee86
Opcode Fuzzy Hash: eb127ad6b9ab837b3096df53b011fb5a61d8475777e4108075ed068c02301838
Instruction Fuzzy Hash: F4119622B0DA0251FB29DF15DC404796664AB947F4F580335EA7D866EDFF2CE486C700

Function 00007FF6F9088EF4 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088F14

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: b0e83be9bf6aaba18d94be4d62a9e6211a41dc93530d30c93cfd5e869af1e46a
Instruction ID: 7944d78abb8270473bf2d19250f8a4e54d01bb5b9c7270c6fcbda92dd5897850
Opcode Fuzzy Hash: b0e83be9bf6aaba18d94be4d62a9e6211a41dc93530d30c93cfd5e869af1e46a
Instruction Fuzzy Hash: E0115122B0DA0251EB299F25DC404796755AB947B4F580335FB7D866EEFE2CE4868700

Function 00007FF6F9088DC0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088DE0

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: 30dfa2ff92dbeee43e214081317e0c56dbbc9cb540c905661b8ecafb66fddc8d
Instruction ID: 54c92e78e751eca7ae3cdaf6ae528c97e38965238ef2a9d9e3caabd08dc9a6bb
Opcode Fuzzy Hash: 30dfa2ff92dbeee43e214081317e0c56dbbc9cb540c905661b8ecafb66fddc8d
Instruction Fuzzy Hash: 42119322B0DA0191EB29DF24DC400796650AB907B4F580335EA7D87AEDFF2CE8868700

Function 00007FF6F9089028 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089048

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: a322557ed60a39c747e9ebdbe2a12675070c8fbcc01f407c5ac2aaeae2414e80
Instruction ID: d0f433f44d444694d27c152c5fa77485a03cfba5c91feec28dc3a773f882af04
Opcode Fuzzy Hash: a322557ed60a39c747e9ebdbe2a12675070c8fbcc01f407c5ac2aaeae2414e80
Instruction Fuzzy Hash: 93115122B0DA4255FB25EF65EC400B96664AB907B4F584335EB7C866EDFE2CE486C700

Function 00007FF6F9088688 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90886A8

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: f489f292a9c3c9113bbd77258b93de16be446b0022f2ecf1b8e72f75ee2b235f
Instruction ID: b8b4eca188aa9b8c7db3966d4dc3640cf5574d839af0a4a1eccfe6595aeb574e
Opcode Fuzzy Hash: f489f292a9c3c9113bbd77258b93de16be446b0022f2ecf1b8e72f75ee2b235f
Instruction Fuzzy Hash: 69116622B0DA4251FB29DF65EC004756664AB907F4F584335EA7C876EDFF2CE8868704

Function 00007FF6F9088554 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088574

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: 1d1f7928f3e674a7a175fd1c19f71502ba8d9de63a0b3a9e2c17927bfa910516
Instruction ID: de9607c5a40aafe0d1e7cf927a91cbe9de6a2bfd2ddfddced55d3d79f4ca811c
Opcode Fuzzy Hash: 1d1f7928f3e674a7a175fd1c19f71502ba8d9de63a0b3a9e2c17927bfa910516
Instruction Fuzzy Hash: FA119362B0DA0251EB29DF24DC004B56660AB907B4F180339EA7C876EDFF2CE496C700

Function 00007FF6F90888F0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9088910

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: 3f9aad18514c2f48e749fa0293bed2deb02b0ab3f5a1de1b3968120941640670
Instruction ID: 63222e13b864ca98a0497fe87f4c052031f0479fcded4adc6faaa29d6b860e1b
Opcode Fuzzy Hash: 3f9aad18514c2f48e749fa0293bed2deb02b0ab3f5a1de1b3968120941640670
Instruction Fuzzy Hash: B911B422B0DA0151EB29DF15DC000756654AB907B4F084635EBBD876EDFE2CE446C700

Function 00007FF6F90887BC Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90887DC

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID:
API String ID: 3382485803-0
Opcode ID: 3714b395d732a18ebcfbeeec4bad1795663fdbde3c5f02f36dd8f0aaab1c9233
Instruction ID: baa07f3e4231b3eb9c7d6c8747740abd238af605b81ebdc9e556444137503938
Opcode Fuzzy Hash: 3714b395d732a18ebcfbeeec4bad1795663fdbde3c5f02f36dd8f0aaab1c9233
Instruction Fuzzy Hash: 16118422B0CA0291FB299F15DC004B56660AB907B4F180335EA7C866EDFE2CE882C700

Function 00007FF6F90A6774 Relevance: 7.5, APIs: 5, Instructions: 48registryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RegisterWaitForSingleObject.KERNEL32 ref: 00007FF6F90A6793
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6F90BD01D), ref: 00007FF6F90A67A7
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90A67C0
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A67D1

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastObjectRegisterSingleThrowWait
String ID:
API String ID: 733098319-0
Opcode ID: b578473ef8cb21ad8029f682bcf977bd624714aab27c3c4b37ac5aa09f5a84c4
Instruction ID: e7b7988b7f1d62f29b5f4b06964f43991b85dc4fd6695f9a0e05bf8bbbbd59f5
Opcode Fuzzy Hash: b578473ef8cb21ad8029f682bcf977bd624714aab27c3c4b37ac5aa09f5a84c4
Instruction Fuzzy Hash: 9511C161E18A4282FB15AF22EC441BA6361FF85FC4F504135EA6DC3AEDEE2CD1458B00

Function 00007FF6F90ACE8C Relevance: 7.5, APIs: 5, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Acquire.LIBCMT ref: 00007FF6F90ACEA8

Part of subcall function 00007FF6F90A6C94: _SpinWait.LIBCONCRT ref: 00007FF6F90A6CC3

Concurrency::details::SchedulerBase::UpdatePendingVersion.LIBCMT ref: 00007FF6F90ACEB0

Part of subcall function 00007FF6F90B060C: Concurrency::details::SchedulerBase::ComputeSafePointCommitVersion.LIBCONCRT ref: 00007FF6F90B0615

Concurrency::details::SchedulerBase::CommitToVersion.LIBCONCRT ref: 00007FF6F90ACEBC
Concurrency::details::_CriticalNonReentrantLock::_Acquire.LIBCMT ref: 00007FF6F90ACEC4
Concurrency::details::SchedulerBase::UpdateCommitVersion.LIBCMT ref: 00007FF6F90ACECE

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Base::Concurrency::details::SchedulerVersion$Commit$AcquireConcurrency::details::_CriticalLock::_ReentrantUpdate$ComputePendingPointSafeSpinWait
String ID:
API String ID: 4127798528-0
Opcode ID: 0c175fac23acd3e12448dc2c9f29d3f88a8089771e904cc33543f5b42713ed3c
Instruction ID: ce06491b72f54568f9bbbde1e7d5facb8a88413aee915a50aaf0bff423fe8763
Opcode Fuzzy Hash: 0c175fac23acd3e12448dc2c9f29d3f88a8089771e904cc33543f5b42713ed3c
Instruction Fuzzy Hash: CFF05411F5C29281EB14EF16A94107952649F84FC0F159435FD6A97BCEEE2CE44187C0

Function 00007FF6F90D7F10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 134COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D7F53

Strings

-, xrefs: 00007FF6F90D804A
e+000, xrefs: 00007FF6F90D7FF8
gfff, xrefs: 00007FF6F90D8075

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$e+000$gfff
API String ID: 3215553584-2620144452
Opcode ID: a3901d1a71b9ef73cf6801bac217ad80bc7d722183ce59e9fbcbd7962e656b91
Instruction ID: 809f57627eb3b6411c24c2f62289a5a85a608abd7970aea41c15369a3650bfa3
Opcode Fuzzy Hash: a3901d1a71b9ef73cf6801bac217ad80bc7d722183ce59e9fbcbd7962e656b91
Instruction Fuzzy Hash: 49511A62B187C546E7658F359C417697B92E780B90F08923ADBBC87BDAEE2DD444C700

Function 00007FF6F90DC19C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF6F90DC282
WriteFile.KERNEL32 ref: 00007FF6F90DC2B5
GetLastError.KERNEL32 ref: 00007FF6F90DC2D7

Strings

U, xrefs: 00007FF6F90DC260

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ByteCharErrorFileLastMultiWideWrite
String ID: U
API String ID: 2456169464-4171548499
Opcode ID: 5c2f8853b9d007c8ba63f8057913248889664fd97ede8168115dee2e5209a9ec
Instruction ID: c45d44931cc3921bbb0518afe7c024a14c1e13ca67a1ebbc9f8365c3eeac2ded
Opcode Fuzzy Hash: 5c2f8853b9d007c8ba63f8057913248889664fd97ede8168115dee2e5209a9ec
Instruction Fuzzy Hash: 3F41B432B1869192E720CF65E8443B96761FB99B94F844035EE5EC7798EF3CD442CB40

Function 00007FF6F9091C1B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

_Getvals.LIBCPMT ref: 00007FF6F9091C42

Strings

$+xv, xrefs: 00007FF6F9091C9B, 00007FF6F9091CA4
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v, xrefs: 00007FF6F9091C91, 00007FF6F9091CAE
$+xv, xrefs: 00007FF6F9091CF6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Getvals
String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
API String ID: 1336808981-3573081731
Opcode ID: 3a9987d22390b8fa3125d11084598a66408c4ac617ee6a49d9ec7c966cc0c5ab
Instruction ID: a5f9b5aa2453d7ab70c3eb9648a5182be330c52ced0361ee375ad2e4c7467307
Opcode Fuzzy Hash: 3a9987d22390b8fa3125d11084598a66408c4ac617ee6a49d9ec7c966cc0c5ab
Instruction Fuzzy Hash: 4531E676B086954AEBBACF2098D057D7BA1EF01B81748013ACA6EC378DEE7DE505C700

Function 00007FF6F9091DBF Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

_Getvals.LIBCPMT ref: 00007FF6F9091DE6

Strings

$+xv, xrefs: 00007FF6F9091E3F, 00007FF6F9091E48
+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v, xrefs: 00007FF6F9091E35, 00007FF6F9091E52
$+xv, xrefs: 00007FF6F9091E9A

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Getvals
String ID: $+xv$$+xv$+v$x+v$xv$+xv+$xv$+x+$vx+$vx$v+x+$vx$+vx+v $+v $v $+v +$v $++$ v+$ v$ v++$ v$+ v+xv$+ v$v$ +v+ $v$ ++x$v+ $v$v ++ $v$ +v
API String ID: 1336808981-3573081731
Opcode ID: df15b07e090aeb4a7218bf1cd50486f1aff17c383b34efdae4bc86ca9a501db9
Instruction ID: af73f0475e297f2d683f1c5c6ea52fb1947e97bd04433c47dc3a3ae6fd5af634
Opcode Fuzzy Hash: df15b07e090aeb4a7218bf1cd50486f1aff17c383b34efdae4bc86ca9a501db9
Instruction Fuzzy Hash: EE31A836B086968AE7B5CF20989057D7BA5EB45B81B44013ACA6EC37CCEF7DE546C700

Function 00007FF6F909218D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

_Getcvt.LIBCPMT ref: 00007FF6F9092196

Strings

true, xrefs: 00007FF6F9092208
false, xrefs: 00007FF6F90921EE
,, xrefs: 00007FF6F909225E

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Getcvt
String ID: ,$false$true
API String ID: 1921796781-760133229
Opcode ID: acce9e0a9a7ec6fa05143ac08c4826acdc95091abb3cc2d945c59aeb4dda9af2
Instruction ID: 85355fc4d6e74940c6541d98d0e139dfa07c4041a2083f77fe0130d6a41ba8d2
Opcode Fuzzy Hash: acce9e0a9a7ec6fa05143ac08c4826acdc95091abb3cc2d945c59aeb4dda9af2
Instruction Fuzzy Hash: 03314D26618BC181DB61DF25F8402AEB3A4FB84794F44112AEBAE477A9EF3CD145C740

Function 00007FF6F907E830 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 00007FF6F907E8B3

Strings

Open, xrefs: 00007FF6F907E857
ess, xrefs: 00007FF6F907E86C
Proc, xrefs: 00007FF6F907E862

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: OpenProcess
String ID: Open$Proc$ess
API String ID: 3743895883-633399097
Opcode ID: fc99a96c7583fcbc373fda103b06ff0073ab04cf23c5f454a5b4ddd3765f98fe
Instruction ID: c2fcfd75ca54742066ff8f192e55c116ad9977617048a0eb3aefc8d2c1f4855b
Opcode Fuzzy Hash: fc99a96c7583fcbc373fda103b06ff0073ab04cf23c5f454a5b4ddd3765f98fe
Instruction Fuzzy Hash: D411C362A0968045EB109F55FC4136ABBA0EB897F4F544238EAAD477E9EF3CD445CB40

Function 00007FF6F9087D9C Relevance: 6.4, APIs: 4, Instructions: 385COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9087ED5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9088050
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9088198
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90882E0

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 3d14564acb495c5a417a5bbc5b66ff28801d34afeed0559c2efc26276102e641
Instruction ID: a4213d1f2025e0b339eef95c5cfd5b740245a4229c96df38aec4ebabe19f84d3
Opcode Fuzzy Hash: 3d14564acb495c5a417a5bbc5b66ff28801d34afeed0559c2efc26276102e641
Instruction Fuzzy Hash: 10E1C262708A4691EF189F16E9045AAB366FB48FD4F544136DE6C8BBDDEE7CE081C304

Function 00007FF6F90877C1 Relevance: 6.3, APIs: 4, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b9790ddae54c4fae710acab6649481434d4fd9c84749f52d8544fd790fc6e8d
Instruction ID: 864d46da73216c02d4d1c4b3d430ac8233799ecc90a54c805ca4e476672c9376
Opcode Fuzzy Hash: 1b9790ddae54c4fae710acab6649481434d4fd9c84749f52d8544fd790fc6e8d
Instruction Fuzzy Hash: 17B1F462708A4191EB08DF26E9441A9B356FB44FC4F48453ADF6D87B9DEE7CE091C304

Function 00007FF6F9085D58 Relevance: 6.2, APIs: 4, Instructions: 248COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9073150: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9073190
Part of subcall function 00007FF6F9073150: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F90731B3
Part of subcall function 00007FF6F9073150: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90731E0
Part of subcall function 00007FF6F9073150: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F90732FA

_Stollx.LIBCPMT ref: 00007FF6F9086085
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90860B1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90860B7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F90860BD

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$_invalid_parameter_noinfo_noreturn$Lockit::_Lockit::~_$Stollx
String ID:
API String ID: 2178053848-0
Opcode ID: 0bf66218f0c70f9e50c2a319838f8f9f4a2a75dc4ce4537f8c6bb8daffc975e3
Instruction ID: c65757fa8205427da46e1b8f9e7de441f0d2d399599e7a725e11bf713265f472
Opcode Fuzzy Hash: 0bf66218f0c70f9e50c2a319838f8f9f4a2a75dc4ce4537f8c6bb8daffc975e3
Instruction Fuzzy Hash: E1A1AD62B18B468AFB04CFA5D8441AD2771FB85B98B41413ADE2D97BEDEF38D445C340

Function 00007FF6F9071220 Relevance: 6.2, APIs: 4, Instructions: 235COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F9071398
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907139E
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9071515
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F907151B

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExceptionThrow
String ID:
API String ID: 912942878-0
Opcode ID: 1beca4280fc7a8cee08e259ee377d055c7d21d729b25eaf46f5b86b0a78c62e5
Instruction ID: ede2a9cac572cdcf7b586f11c8e6990b5be37c5a9bfe827d84fdd058e91f2cfe
Opcode Fuzzy Hash: 1beca4280fc7a8cee08e259ee377d055c7d21d729b25eaf46f5b86b0a78c62e5
Instruction Fuzzy Hash: DA81A162B09A8181EB60DF25E8442BD63A5BB84BE4F544639DA7D87BD9EF3CD452C300

Function 00007FF6F9072410 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 178COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9072658

Strings

ios_base::badbit set, xrefs: 00007FF6F9072610
ios_base::failbit set, xrefs: 00007FF6F907261B
ios_base::eofbit set, xrefs: 00007FF6F9072622

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrow
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 432778473-1866435925
Opcode ID: 2d7ad143d1a076f5ee7fe952836cba1d552d21dbf52fa5c5d6611a7c311318a5
Instruction ID: 17cfee90441715d62bc85bc5cdd9946c40b7eda494fcf4a5b1362d9b946962b3
Opcode Fuzzy Hash: 2d7ad143d1a076f5ee7fe952836cba1d552d21dbf52fa5c5d6611a7c311318a5
Instruction Fuzzy Hash: 06714172608A4281EB608F1DD99036C67A1FB44FA5F548135DA6EC77E8EF3DD895C301

Function 00007FF6F9072680 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 174COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90728C6

Strings

ios_base::badbit set, xrefs: 00007FF6F907287E
ios_base::failbit set, xrefs: 00007FF6F9072889
ios_base::eofbit set, xrefs: 00007FF6F9072890

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrow
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 432778473-1866435925
Opcode ID: 33be099b1b17043a85ff60158e8f68dd7db81d29badbfa963d5871934304ce98
Instruction ID: e9376ccbab023c8fc25fe6b2863c46768c56a25e8833b886c818451a1d78062f
Opcode Fuzzy Hash: 33be099b1b17043a85ff60158e8f68dd7db81d29badbfa963d5871934304ce98
Instruction Fuzzy Hash: DF715272609A4291EB608F1DD980379A7A1FB44FA4F548136DA5EC77E8EF3ED885C301

Function 00007FF6F90DB244 Relevance: 6.1, APIs: 4, Instructions: 133COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90DB295

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3e12b3072926e37bbd89c5050a97d5adf74274eee81cea212d77db79ff21c1e7
Instruction ID: 1e06166e26646795251fad650f4adfd5045999015f17a298f646ced5bec1c343
Opcode Fuzzy Hash: 3e12b3072926e37bbd89c5050a97d5adf74274eee81cea212d77db79ff21c1e7
Instruction Fuzzy Hash: 3D51A622A0978285EB605F15A88017D7A95FF84BA0F19533BEA79877D9EF3CE441E700

Function 00007FF6F9073D00 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9072F90: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9072FD3
Part of subcall function 00007FF6F9072F90: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9072FF6
Part of subcall function 00007FF6F9072F90: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9073023
Part of subcall function 00007FF6F9072F90: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9073112

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9073EBA

Strings

ios_base::badbit set, xrefs: 00007FF6F9073E72
ios_base::failbit set, xrefs: 00007FF6F9073E7D
ios_base::eofbit set, xrefs: 00007FF6F9073E84

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$ExceptionThrow
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 4074540200-1866435925
Opcode ID: 097f471ae75fa6c1eaecd4d4248b39634aa2c18d3683b0c09e9b3e202bc4b258
Instruction ID: 0455f2520b41e2d7fe02efd0e98863d27eee6fae36672ad60517cc9f8e71702a
Opcode Fuzzy Hash: 097f471ae75fa6c1eaecd4d4248b39634aa2c18d3683b0c09e9b3e202bc4b258
Instruction Fuzzy Hash: D45198726086C582EB10DF19E4803A9B7A0FB84B94F44413AEB6D83BD8EF7CD445C701

Function 00007FF6F90B2F08 Relevance: 6.1, APIs: 4, Instructions: 105COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::event::wait_for_multiple.LIBCONCRT ref: 00007FF6F90B3035
Concurrency::event::wait.LIBCONCRT ref: 00007FF6F90B3055
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F90B3080
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B3090

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::event::waitConcurrency::event::wait_for_multipleExceptionThrowstd::bad_alloc::bad_alloc
String ID:
API String ID: 482297304-0
Opcode ID: 33c45967bdb5639e42c1e8442a502087a9e64da037af6c1f6d2b59d351ba53ff
Instruction ID: 09756547cb2b743c5251c0e63152085f0a99aac8faea1a3b06823ae569808d75
Opcode Fuzzy Hash: 33c45967bdb5639e42c1e8442a502087a9e64da037af6c1f6d2b59d351ba53ff
Instruction Fuzzy Hash: AE416C72A15B8689EB149F24CC502AC63A5FF14BA8F544639EA3D87BDCEF38E4558340

Function 00007FF6F90D78E0 Relevance: 6.1, APIs: 4, Instructions: 104COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D7933
WideCharToMultiByte.KERNEL32 ref: 00007FF6F90D7A05
GetLastError.KERNEL32 ref: 00007FF6F90D7A27
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D7A59

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
String ID:
API String ID: 4141327611-0
Opcode ID: a11e567576d705eda2d6a3eccd788de22924937d1bfeb7fb7984bbce765a91ac
Instruction ID: 1b622bb081ca9aebb262d41e325ec59aaa8ac8bb5482bf920387a78f218e677f
Opcode Fuzzy Hash: a11e567576d705eda2d6a3eccd788de22924937d1bfeb7fb7984bbce765a91ac
Instruction Fuzzy Hash: 6341B5A2A0C74286FB619F14984037DA2D2AF80794F54513ADBBD86BDEEF3CD9418701

Function 00007FF6F90CB344 Relevance: 6.1, APIs: 4, Instructions: 94COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CB3BA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CB416
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CB451
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90CB476

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: a0042ae1c7ee5d34df169b3ba048cd34896f17ff076d8b3e6c1fe45d86097910
Instruction ID: 51ffeac011521130a549d65159c74f422c92a86a3bb2439107e8cfee274a250e
Opcode Fuzzy Hash: a0042ae1c7ee5d34df169b3ba048cd34896f17ff076d8b3e6c1fe45d86097910
Instruction Fuzzy Hash: BB413C2290CA95D5EB52CF64C8102BC3BA0BB85F44F598076DAAC873CEEE3DD445D325

Function 00007FF6F90DF0B0 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6F90D3D9B,?,?,?,00007FF6F90D41E2), ref: 00007FF6F90DF0C9
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6F90D3D9B,?,?,?,00007FF6F90D41E2), ref: 00007FF6F90DF12B
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF6F90D3D9B,?,?,?,00007FF6F90D41E2), ref: 00007FF6F90DF165
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF6F90D3D9B,?,?,?,00007FF6F90D41E2), ref: 00007FF6F90DF18F

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$Free
String ID:
API String ID: 1557788787-0
Opcode ID: c7ed8db65c11c1bad54623ef608c877b64869ca86de7bae7657bd33c7a6a0948
Instruction ID: 4b080185c4aa0dd4277286e0c9a672477034c5bcabd543300f6b63c45f7d05f4
Opcode Fuzzy Hash: c7ed8db65c11c1bad54623ef608c877b64869ca86de7bae7657bd33c7a6a0948
Instruction Fuzzy Hash: 9B217525F1879181E7209F12AC0002966A9FF58BD0B488139DFAEA3BE8EF3CD452C700

Function 00007FF6F90E7130 Relevance: 6.1, APIs: 4, Instructions: 55COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90E714A

Part of subcall function 00007FF6F90C0B60: RtlPcToFileHeader.NTDLL ref: 00007FF6F90C0BD5
Part of subcall function 00007FF6F90C0B60: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6F907EE3A), ref: 00007FF6F90C0C07

allocator.LIBCONCRT ref: 00007FF6F90E7169
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90E7172
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90E71B4

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Exception$Throw$FileHeaderRaiseallocator
String ID:
API String ID: 2585430457-0
Opcode ID: f6b3750b338bd07d8d6b7b36dcc48045d36917ec134f0d48251f88cd9fd53527
Instruction ID: ae7fd65e27c4200a5430aace4083dcc5c00cd231e0269fe0d9164a9bbc85fb09
Opcode Fuzzy Hash: f6b3750b338bd07d8d6b7b36dcc48045d36917ec134f0d48251f88cd9fd53527
Instruction Fuzzy Hash: 5B0184A2615A8489D71CEE73DC510FE1362FB88BD8F04943AFE5D8769EDF24D4418740

Function 00007FF6F9075790 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 48COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9075838

Strings

ios_base::badbit set, xrefs: 00007FF6F90757EF
ios_base::failbit set, xrefs: 00007FF6F90757FB
ios_base::eofbit set, xrefs: 00007FF6F9075802

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrow
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 432778473-1866435925
Opcode ID: 4d1243f049a73087c7bff65184d901dbebf975780722cfe4b39578402451a5bf
Instruction ID: 280f4b78302f2750c26f1a1c952e930b7cc30c94cfc249349013bb628df2d891
Opcode Fuzzy Hash: 4d1243f049a73087c7bff65184d901dbebf975780722cfe4b39578402451a5bf
Instruction Fuzzy Hash: D011D662A04A4585EF10CF14D8822E86761FB40BB4F544239EA3ECB6E9EF3DD586C301

Function 00007FF6F9075B10 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 47COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9075B77

Strings

ios_base::badbit set, xrefs: 00007FF6F9075B2F
ios_base::failbit set, xrefs: 00007FF6F9075B3A
ios_base::eofbit set, xrefs: 00007FF6F9075B41

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrow
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 432778473-1866435925
Opcode ID: c50d87df547d8f479af870e3b8962347b50d3372f7b60b3851f4a5ce6c88b7db
Instruction ID: 09b670ef99bce353494e53b39b78e391979fe3d28027abee9c56d93c3af27120
Opcode Fuzzy Hash: c50d87df547d8f479af870e3b8962347b50d3372f7b60b3851f4a5ce6c88b7db
Instruction Fuzzy Hash: 98018F72A1868691EF14DF00DC411E96365FB40B88FD84039E66D87A99FF3CE511C741

Function 00007FF6F90A5190 Relevance: 6.0, APIs: 4, Instructions: 45timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateTimerQueue.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6F90A425F), ref: 00007FF6F90A51B9
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F90A522B
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A523C

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CreateExceptionQueueThrowTimerstd::bad_alloc::bad_alloc
String ID:
API String ID: 49178901-0
Opcode ID: 4a28ce72633afb586a3a1fd4c97582b96378884681afbf312a7af73c3ad2f2da
Instruction ID: f2a1919cb69b8d432b9614d6cbb56c529fd5f43dfac0e8f9cff1c1982a9f60ff
Opcode Fuzzy Hash: 4a28ce72633afb586a3a1fd4c97582b96378884681afbf312a7af73c3ad2f2da
Instruction Fuzzy Hash: 1B112371E0A60B95EB10DF44EC8017826A8BF66754F000539D93DC63EAFF2DE4888781

Function 00007FF6F90AB95C Relevance: 6.0, APIs: 4, Instructions: 35memorythreadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6F90AB989
Concurrency::details::SchedulerProxy::ReferenceCurrentThreadExecutionResource.LIBCONCRT ref: 00007FF6F90AB992

Part of subcall function 00007FF6F90B5828: TlsGetValue.KERNEL32 ref: 00007FF6F90B5844
Part of subcall function 00007FF6F90B5828: Concurrency::details::ExecutionResource::IncrementUseCounts.LIBCONCRT ref: 00007FF6F90B587E
Part of subcall function 00007FF6F90B5828: Concurrency::details::SchedulerProxy::GetResourceForNewSubscription.LIBCONCRT ref: 00007FF6F90B58DB

Concurrency::details::ResourceManager::PerformAllocation.LIBCONCRT ref: 00007FF6F90AB9AB

Part of subcall function 00007FF6F90A9E84: Concurrency::details::ResourceManager::CreateAllocatedNodeData.LIBCONCRT ref: 00007FF6F90A9EAB
Part of subcall function 00007FF6F90A9E84: Concurrency::details::ResourceManager::SetupStaticAllocationData.LIBCONCRT ref: 00007FF6F90A9F8F
Part of subcall function 00007FF6F90A9E84: Concurrency::details::ResourceManager::PreProcessStaticAllocationData.LIBCMT ref: 00007FF6F90A9F97
Part of subcall function 00007FF6F90A9E84: Concurrency::details::ResourceManager::ReserveCores.LIBCONCRT ref: 00007FF6F90A9FA8
Part of subcall function 00007FF6F90A9E84: Concurrency::details::ResourceManager::ReleaseCoresOnExistingSchedulers.LIBCONCRT ref: 00007FF6F90A9FD6
Part of subcall function 00007FF6F90A9E84: Concurrency::details::ResourceManager::RedistributeCoresAmongAll.LIBCONCRT ref: 00007FF6F90A9FFC

LeaveCriticalSection.KERNEL32 ref: 00007FF6F90AB9B6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::details::$Resource$Manager::$AllocationCoresData$CriticalExecutionProxy::SchedulerSectionStatic$AllocatedAmongCountsCreateCurrentEnterExistingIncrementLeaveNodePerformProcessRedistributeReferenceReleaseReserveResource::SchedulersSetupSubscriptionThreadValue
String ID:
API String ID: 2825417320-0
Opcode ID: 049d89592681e53489fe974ef302e7e8360a3b61bb890fa22b0cc8ae9562ebaf
Instruction ID: b842692c82dca1a39dbcb249785c1bcf078472fed54db2f617d04bfc1243ddce
Opcode Fuzzy Hash: 049d89592681e53489fe974ef302e7e8360a3b61bb890fa22b0cc8ae9562ebaf
Instruction Fuzzy Hash: 7BF0C221B09B9185EB44DF16E80016DA760EB85FE0B585234EF7D47BDAEE38D0028780

Function 00007FF6F90A790C Relevance: 6.0, APIs: 4, Instructions: 32threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::LoadLibraryAndCreateThread.LIBCMT ref: 00007FF6F90A7931

Part of subcall function 00007FF6F90A6A3C: CreateThread.KERNEL32 ref: 00007FF6F90A6A54
Part of subcall function 00007FF6F90A6A3C: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 00007FF6F90A6A75

GetLastError.KERNEL32 ref: 00007FF6F90A7951
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90A796A
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A797B

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::details::CreateLibraryLoadThread$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastReferenceThrow
String ID:
API String ID: 2629157235-0
Opcode ID: e73ce0fa291804275a6de18c66b4691d0968cc8faa617b2008bbf2ebab0b7332
Instruction ID: 19106f761e533b55e3d9885581b0a267adc3c63ab12ba4233dd7f1e1fad04c91
Opcode Fuzzy Hash: e73ce0fa291804275a6de18c66b4691d0968cc8faa617b2008bbf2ebab0b7332
Instruction Fuzzy Hash: 70F0C221E1860682FB259B60EC153B522A1EB84B44F504539F66DCAACDFF3CD545C680

Function 00007FF6F90AC9D8 Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::FastCurrentScheduler.LIBCMT ref: 00007FF6F90AC9E1

Part of subcall function 00007FF6F90AD39C: TlsGetValue.KERNEL32(?,?,?,?,00007FF6F90AC9E6), ref: 00007FF6F90AD3A6

Concurrency::details::SchedulerBase::AttachExternalContext.LIBCONCRT ref: 00007FF6F90AC9F0

Part of subcall function 00007FF6F90ACA40: Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 00007FF6F90ACA7B
Part of subcall function 00007FF6F90ACA40: Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00007FF6F90ACAA5

Concurrency::details::SchedulerBase::ThrowSchedulerEvent.LIBCONCRT ref: 00007FF6F90ACA17

Part of subcall function 00007FF6F90B0490: Concurrency::details::Etw::Trace.LIBCONCRT ref: 00007FF6F90B0501

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90ACA38

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Scheduler$Concurrency::details::$Base::$Context$ExternalThrow$AttachCurrentEtw::EventExceptionFastInternalLeaveTraceValue
String ID:
API String ID: 2625748029-0
Opcode ID: b13647bbccd46cf25b37e5fc7274d483705db42ff0fe46224583dae303edc2a1
Instruction ID: a16a83fa7919f72305ee5607cd625d31a051fcc1675f7aa2b7817d499e4efd5f
Opcode Fuzzy Hash: b13647bbccd46cf25b37e5fc7274d483705db42ff0fe46224583dae303edc2a1
Instruction Fuzzy Hash: FDF03AA1E1819795EB24EF10DC511F42321AF6134CF480038D9BDCB6EAFE2DF4898748

Function 00007FF6F90B3AB4 Relevance: 6.0, APIs: 4, Instructions: 28COMMONLIBRARYCODE

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90B3ADE
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B3AEF
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90B3B07
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B3B18

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrowstd::invalid_argument::invalid_argument
String ID:
API String ID: 1079095653-0
Opcode ID: 96c5f273c176d705afa000d38c0e5ca79654b11e737a8d6021a3a0f7f32d0f8c
Instruction ID: ad5fd8c327baa0ce371970b5222b63f29dc5b66e4d3cb543840cb3d57a658421
Opcode Fuzzy Hash: 96c5f273c176d705afa000d38c0e5ca79654b11e737a8d6021a3a0f7f32d0f8c
Instruction Fuzzy Hash: 6EF04F62A1844691EB24EF14D8552A96371FF90784F904139E26CC66EAFE2CE544C740

Function 00007FF6F908922A Relevance: 6.0, APIs: 4, Instructions: 27COMMON

Download Yara Rule

APIs

std::_Facet_Register.LIBCPMT ref: 00007FF6F908923D
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F908925E
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6F9089278
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F9089289

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: std::_$ExceptionFacet_LockitLockit::~_RegisterThrowstd::bad_alloc::bad_alloc
String ID:
API String ID: 1786031634-0
Opcode ID: d3f255f332f2a5b63e5776209d7872b2a3c23c35e7cb4416977c398b47104de7
Instruction ID: c3103b58a0b9a4f315a84fc54142f782882650c378781e1c77590ae5d6651725
Opcode Fuzzy Hash: d3f255f332f2a5b63e5776209d7872b2a3c23c35e7cb4416977c398b47104de7
Instruction Fuzzy Hash: 96F0FF26A08A0691EB15DF59E8500A96324BB847B8F480235EB7D827FAEF3CE595C704

Function 00007FF6F90C2463 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90C2480

Part of subcall function 00007FF6F90C0B60: RtlPcToFileHeader.NTDLL ref: 00007FF6F90C0BD5
Part of subcall function 00007FF6F90C0B60: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6F907EE3A), ref: 00007FF6F90C0C07

_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90C24A3

Strings

Bad dynamic_cast!, xrefs: 00007FF6F90C2486
Access violation - no RTTI data!, xrefs: 00007FF6F90C2463

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Exception$Throw$FileHeaderRaise
String ID: Access violation - no RTTI data!$Bad dynamic_cast!
API String ID: 3102897148-3176238549
Opcode ID: 32d14d53810e6e10d26a95acb230c1802583cd312274b1cf9ecce54dc8fd8f26
Instruction ID: 63bb2dfb507d02eac440598a7fc6a94d136ed3a91138d2f64ed927a6aa11ec41
Opcode Fuzzy Hash: 32d14d53810e6e10d26a95acb230c1802583cd312274b1cf9ecce54dc8fd8f26
Instruction Fuzzy Hash: F0F01D51E2A507A1EF04EF54DC910B82321FF91704F805435E12E869EEFF6CE549C724

Function 00007FF6F90BD43C Relevance: 6.0, APIs: 4, Instructions: 20memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 00007FF6F90BD440
GetLastError.KERNEL32 ref: 00007FF6F90BD456
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90BD46F
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90BD480

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastThrow
String ID:
API String ID: 1741573935-0
Opcode ID: 887054bd17b7c21e1673a4a65352cd3f7c6998ef4f2318afbda64b7d44bec155
Instruction ID: 1817c0679913dee461383cad3ed8906703fb9394ba145bdbf9163e276b2cbe19
Opcode Fuzzy Hash: 887054bd17b7c21e1673a4a65352cd3f7c6998ef4f2318afbda64b7d44bec155
Instruction Fuzzy Hash: A8E09265E0864696E724AF24DC451B522A1BF90314F900635D27DC26ECFF3CE149C600

Function 00007FF6F90A66A4 Relevance: 6.0, APIs: 4, Instructions: 19COMMONLIBRARYCODE

Download Yara Rule

APIs

GetNumaHighestNodeNumber.KERNEL32 ref: 00007FF6F90A66AD
GetLastError.KERNEL32 ref: 00007FF6F90A66C0
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90A66D9
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A66EA

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionHighestLastNodeNumaNumberThrow
String ID:
API String ID: 2755226096-0
Opcode ID: e2b6f529b5f13b6efadea9c7a50f79f421ab5a9f2a279a381b6ef5a6ebe2241d
Instruction ID: bff563ebb739ba5bd8a3d6f56afd355fbeab19a3f749a1154145290f0ff8a6de
Opcode Fuzzy Hash: e2b6f529b5f13b6efadea9c7a50f79f421ab5a9f2a279a381b6ef5a6ebe2241d
Instruction Fuzzy Hash: 83E06D61E0854296EB10EF20DC411B663B1BF80700F804035E2ADC25ECFE6CD509C740

Function 00007FF6F90A68DC Relevance: 6.0, APIs: 4, Instructions: 18COMMONLIBRARYCODE

Download Yara Rule

APIs

TlsSetValue.KERNEL32 ref: 00007FF6F90A68E0
GetLastError.KERNEL32 ref: 00007FF6F90A68EF
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90A6908
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A6919

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastThrowValue
String ID:
API String ID: 1894548659-0
Opcode ID: 1623d7455d6e5692fccac301e55d87f12ee9a5e2f9c20dc68d39f39fa042617a
Instruction ID: de7ba7e519899e2c6b8bb2e3643ec318d2030fbd12e1466b6d70275939f201c7
Opcode Fuzzy Hash: 1623d7455d6e5692fccac301e55d87f12ee9a5e2f9c20dc68d39f39fa042617a
Instruction Fuzzy Hash: 82E04661E0864696FB24AF21DC562B622A1BF90B44F805139E2ADC25ECFE2DE609C650

Function 00007FF6F90A682C Relevance: 6.0, APIs: 4, Instructions: 18threadCOMMON

Download Yara Rule

APIs

SetThreadPriority.KERNEL32 ref: 00007FF6F90A6830
GetLastError.KERNEL32 ref: 00007FF6F90A683F
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90A6858
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A6869

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastPriorityThreadThrow
String ID:
API String ID: 152467346-0
Opcode ID: 850e2196c4765034904f65ce08261fb0d0b214f5dfc86e83cae4623598e52235
Instruction ID: 80cefb0e2a56abc7dd66d7244b148e05ff0641018ca8dd23fa9cdf032081ea5b
Opcode Fuzzy Hash: 850e2196c4765034904f65ce08261fb0d0b214f5dfc86e83cae4623598e52235
Instruction Fuzzy Hash: C6E04F61E0864796FB24AF21DC552B962A1BF90B44F805139E26DC65DCFE2CD509C650

Function 00007FF6F90A6888 Relevance: 6.0, APIs: 4, Instructions: 17memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 00007FF6F90A688C
GetLastError.KERNEL32 ref: 00007FF6F90A689C
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00007FF6F90A68B5
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90A68C6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AllocConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorExceptionLastThrow
String ID:
API String ID: 1741573935-0
Opcode ID: 5e4bf07b4cc18031c2b4b66f154d1205326e4510a187a6d650e950e69b0539c1
Instruction ID: 1130ab4d16d749e235006f7deba846c7bfb1830327957659a2bf6ce01b134703
Opcode Fuzzy Hash: 5e4bf07b4cc18031c2b4b66f154d1205326e4510a187a6d650e950e69b0539c1
Instruction Fuzzy Hash: 74E04F61E0854696E714AB24DC451B922A1BF90714F905235E17DC15ECFF3DD5198640

Function 00007FF6F908EF5C Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 339COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9089AFC: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089B1C
Part of subcall function 00007FF6F9089AFC: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089B41
Part of subcall function 00007FF6F9089AFC: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089B6B
Part of subcall function 00007FF6F9089AFC: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089BFE

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908F3F6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908F3FC

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 00007FF6F908F005, 00007FF6F908F1DB

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 4156930308-2799312399
Opcode ID: 7cae201fb6047541e79a5767e4e613e0f74ef01a0ebb7330a8c5ea5e7a91fbfc
Instruction ID: 9698db1444f23067da76a811942354cd8b38f2491c800e45656dfef980f9410d
Opcode Fuzzy Hash: 7cae201fb6047541e79a5767e4e613e0f74ef01a0ebb7330a8c5ea5e7a91fbfc
Instruction Fuzzy Hash: D6D1C022B0C68289EB58DF76D8402BD2761AB95B94F805139DF6E977CDEE3CE446C340

Function 00007FF6F908F404 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 339COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6F9089C30: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089C50
Part of subcall function 00007FF6F9089C30: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6F9089C75
Part of subcall function 00007FF6F9089C30: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089C9F
Part of subcall function 00007FF6F9089C30: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6F9089D32

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908F89E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6F908F8A4

Strings

0123456789ABCDEFabcdef-+Xx, xrefs: 00007FF6F908F4AD, 00007FF6F908F683

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~__invalid_parameter_noinfo_noreturn
String ID: 0123456789ABCDEFabcdef-+Xx
API String ID: 4156930308-2799312399
Opcode ID: 1dc00d8fcada3d7558fa675a16d402792629313f86a7bcd271e1ac8adf3e27d7
Instruction ID: 8a56f73f056f2dd1f0ce1611472335b140e8b14ea265a9d898e3e3cf9f01ad60
Opcode Fuzzy Hash: 1dc00d8fcada3d7558fa675a16d402792629313f86a7bcd271e1ac8adf3e27d7
Instruction Fuzzy Hash: EAD1DF22B0C68289FB58DF7699402BD2761AB85B94F404139DF6E977CDEE7CE446C380

Function 00007FF6F90C531C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90C5349
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90C552F

Strings

, xrefs: 00007FF6F90C54AD

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-3916222277
Opcode ID: 429754e866dc2bbcd6181d576b0bfde65bde3842853cc3fda8aa79a5a0fa78f0
Instruction ID: 758ebeb0fb45cab85108e9cc46f596d8305b4c0e54c54a3c7a3bff27ac559111
Opcode Fuzzy Hash: 429754e866dc2bbcd6181d576b0bfde65bde3842853cc3fda8aa79a5a0fa78f0
Instruction Fuzzy Hash: 4D61C57A90C21296E7648F28985417C37A0FF05B1DF64123ED66EC62DDEF2AE441DB20

Function 00007FF6F90C5108 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90C5131
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90C5312

Strings

, xrefs: 00007FF6F90C529B

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-3916222277
Opcode ID: 6279f47928a1544ff9292a4a9be30ab0fb741c67cfe6d46b6919420d111a3257
Instruction ID: e94328dd96cac9f9a6b688a98f27082444cac157f87debd8a43efbffe4a3f507
Opcode Fuzzy Hash: 6279f47928a1544ff9292a4a9be30ab0fb741c67cfe6d46b6919420d111a3257
Instruction Fuzzy Hash: 1461963A90C60286F7648E28884837C37E4FB57B18F54113DDA6AC62DEEF2EE445D721

Function 00007FF6F90D3BF4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6F90D3C26

Part of subcall function 00007FF6F90D6AF0: HeapFree.KERNEL32 ref: 00007FF6F90D6B06

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6F90A39EA), ref: 00007FF6F90D3C44

Strings

C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe, xrefs: 00007FF6F90D3C32

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: FileFreeHeapModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe
API String ID: 13503096-2733368497
Opcode ID: b776ba6da8c3556491d25e101a6681b806031bc3f622bdbfc6dee3235063a310
Instruction ID: 49f699c10fcee0dd6e5f4385beef008de4f8b4bfa15534028015d769c6591085
Opcode Fuzzy Hash: b776ba6da8c3556491d25e101a6681b806031bc3f622bdbfc6dee3235063a310
Instruction Fuzzy Hash: 64418332E08B5685EB14DF25AC410B9B795FF45798B54403AEA6E83BD9EF3CE4818700

Function 00007FF6F90DDD34 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

_handle_errorf.LIBCMT ref: 00007FF6F90DDEA6

Strings

", xrefs: 00007FF6F90DDE51
powf, xrefs: 00007FF6F90DDE9F

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _handle_errorf
String ID: "$powf
API String ID: 2315412904-603753351
Opcode ID: 1f7ec3c1cad5386b290e1b080345c1ec0e852f4a9f94ffcf34dcaea9eb7656d7
Instruction ID: 461155f435eefcfa3400f1980b32716ebcca13f0b74438bb76c1d5f97ad25289
Opcode Fuzzy Hash: 1f7ec3c1cad5386b290e1b080345c1ec0e852f4a9f94ffcf34dcaea9eb7656d7
Instruction Fuzzy Hash: 20416273D28681DAD370DF22E4807AAB6A0F7A9348F11232AF74942ED8DF7DD5549B00

Function 00007FF6F90D895C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32 ref: 00007FF6F90D89CE
GetFileType.KERNEL32 ref: 00007FF6F90D89E4

Strings

@, xrefs: 00007FF6F90D8A0F

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: FileHandleType
String ID: @
API String ID: 3000768030-2766056989
Opcode ID: d429798f18a8b69d17c8251e41d55c6f7bd7bd8a02af226ff63664266fb2709a
Instruction ID: 6da5f8840ad294f767cd70d716e413a2b07e6ea0b30d77428d7cf79c95314ab7
Opcode Fuzzy Hash: d429798f18a8b69d17c8251e41d55c6f7bd7bd8a02af226ff63664266fb2709a
Instruction Fuzzy Hash: 9D219A22A0874241FB688F289C905386696FB45774F28133ADBBE877DCEE39D881D301

Function 00007FF6F90DDC10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

_handle_error.LIBCMT ref: 00007FF6F90DDD22

Strings

pow, xrefs: 00007FF6F90DDD11
", xrefs: 00007FF6F90DDCFB

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _handle_error
String ID: "$pow
API String ID: 1757819995-713443511
Opcode ID: 83fa541469f52ee94b3bbb6fca9bb61eb36b327e2fb5272a65add76b6bf72c3a
Instruction ID: fc1878f37aeaad2fb7a7d1b5b127731130a29c8fbdb0983c082ef3bd9f9e9b38
Opcode Fuzzy Hash: 83fa541469f52ee94b3bbb6fca9bb61eb36b327e2fb5272a65add76b6bf72c3a
Instruction Fuzzy Hash: 20317E72D1CA8586D770CF14E44076ABAB1FBDA344F20232AF69946E98DFBCD1859F00

Function 00007FF6F907E630 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

CreateJobObjectW.KERNEL32 ref: 00007FF6F907E6A5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6F907DEEA), ref: 00007FF6F907E6BB

Strings

WARNING: The job `%S` already exists, xrefs: 00007FF6F907E6CB

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CreateErrorLastObject
String ID: WARNING: The job `%S` already exists
API String ID: 4248079190-4281581335
Opcode ID: e8eb07b07746e81c035ddb58384e0e4cc2eb3e19b8a6143ed706fcabccce5dbf
Instruction ID: 46e19ad1de0ef65fa0897282c463eeebf88ba8b9777d3b2da7edaf454ab58057
Opcode Fuzzy Hash: e8eb07b07746e81c035ddb58384e0e4cc2eb3e19b8a6143ed706fcabccce5dbf
Instruction Fuzzy Hash: 7721D722A0864280FB119F15EC1536A6760EF95BF4F444238EAAD877EDEF3CD485C740

Function 00007FF6F907E040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

RtlNtStatusToDosError.NTDLL ref: 00007FF6F907E0C4
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F907E0F3

Strings

TpAllocJobNotification, xrefs: 00007FF6F907E0AE

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ErrorExceptionStatusThrow
String ID: TpAllocJobNotification
API String ID: 2975549888-4284020128
Opcode ID: f61927787d72852f9fdaac7f0c0e8998226a466aeebdffbd7c02f35b4d58cf14
Instruction ID: 050f33a49b73c7a70943968ee75e8b08d72b2537e38a93759a6136132fd04eef
Opcode Fuzzy Hash: f61927787d72852f9fdaac7f0c0e8998226a466aeebdffbd7c02f35b4d58cf14
Instruction Fuzzy Hash: 3911E061B18A8641EB10DF25EC513AAA364AF917E4F400239EA7C8B3EDFF2CD449C700

Function 00007FF6F90D9E64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90D9E9D
CompareStringW.KERNEL32 ref: 00007FF6F90D9F25

Strings

CompareStringEx, xrefs: 00007FF6F90D9E80, 00007FF6F90D9E91

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CompareStringtry_get_function
String ID: CompareStringEx
API String ID: 3328479835-2590796910
Opcode ID: e30708fdca9faa82ee4021967cefd942d08ea59ea1a288b6a40aae4427e55f08
Instruction ID: 62672d2c2e9db63926ce6f6c0676ae9bb587a4c8b1d236e237066c9c09a24bc6
Opcode Fuzzy Hash: e30708fdca9faa82ee4021967cefd942d08ea59ea1a288b6a40aae4427e55f08
Instruction Fuzzy Hash: F0112932608B8186D760CF06B8402AAB7A5FBC9B94F14413AEE9D83B5DEF3CD540CB40

Function 00007FF6F90DA4C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA4FD
LCMapStringW.KERNEL32 ref: 00007FF6F90DA585

Strings

LCMapStringEx, xrefs: 00007FF6F90DA4E0, 00007FF6F90DA4F1

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Stringtry_get_function
String ID: LCMapStringEx
API String ID: 2588686239-3893581201
Opcode ID: c917a20356cf0e2e39461f52218a24a10f5fcfe25c90a44d35acd6f07afe251e
Instruction ID: 16f7f338c07a939b8c792efcf9fcff3d686fa31cbde937f9d4fb4a14ba99cfda
Opcode Fuzzy Hash: c917a20356cf0e2e39461f52218a24a10f5fcfe25c90a44d35acd6f07afe251e
Instruction Fuzzy Hash: B7113E31608B8186D760CF15B8402AAB7A5FBC9B94F54413AEE9D83B5DEF3CD5448B40

Function 00007FF6F90E1568 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetACP.KERNEL32(?,?,000000A0,00007FF6F90E1806,?,?,?,?,?,00007FF6F90D5248), ref: 00007FF6F90E1606

Part of subcall function 00007FF6F90DA1BC: try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA1F5

Strings

ACP, xrefs: 00007FF6F90E1589
OCP, xrefs: 00007FF6F90E1599

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: try_get_function
String ID: ACP$OCP
API String ID: 2742660187-711371036
Opcode ID: 3f5ba32ff7b6033933c62adbd892b7fdbe58143f38fad2fa4be7ef050a0555ac
Instruction ID: 9d4a2fdf5baa1b920a1169445d5e3aae15f5884c702670545bbbcd9f1c0f746e
Opcode Fuzzy Hash: 3f5ba32ff7b6033933c62adbd892b7fdbe58143f38fad2fa4be7ef050a0555ac
Instruction Fuzzy Hash: 7F111F66A1864281FBB4EF22AD405BA6354AF58784F944039EA6EC36CDFF2CE945C740

Function 00007FF6F90D6188 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

_handle_error.LIBCMT ref: 00007FF6F90D6217

Strings

!, xrefs: 00007FF6F90D6203
sqrt, xrefs: 00007FF6F90D61D8

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _handle_error
String ID: !$sqrt
API String ID: 1757819995-799759792
Opcode ID: 348202b51492dce202419fc9437d461dd1193513091198cbca563ddb68c51668
Instruction ID: a9515c66bc2263d2e8e4254b167c1f21568ef0ea198bdea8ae7fc78fde7d3575
Opcode Fuzzy Hash: 348202b51492dce202419fc9437d461dd1193513091198cbca563ddb68c51668
Instruction Fuzzy Hash: C8119676E18B8582DF01CF15A94032A6662FB967E4F108335FABC567CCEF2CE0859A00

Function 00007FF6F90DA104 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA13D
GetDateFormatW.KERNEL32(?,?,?,?,?,?,?,00007FF6F90D216F,?,?,?,?,?,?,00000000,?), ref: 00007FF6F90DA19F

Strings

GetDateFormatEx, xrefs: 00007FF6F90DA120, 00007FF6F90DA131

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: DateFormattry_get_function
String ID: GetDateFormatEx
API String ID: 595753042-159735388
Opcode ID: 2bf0957a3943ed249e3f4e5b25a9bf8a193e9f2cf9eb8c57c5090b071b9b4efc
Instruction ID: 005774c4ad54102b820880d6438ca77e833753c4d0a967cf38fc7ec4957a2795
Opcode Fuzzy Hash: 2bf0957a3943ed249e3f4e5b25a9bf8a193e9f2cf9eb8c57c5090b071b9b4efc
Instruction Fuzzy Hash: 6D114F35A0C78186E750CF55B84019AB7A5FB88BD4F14413AEE9D83BADDE3CD5448B40

Function 00007FF6F90DA288 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA2C1
GetTimeFormatW.KERNEL32(?,?,?,?,?,?,?,00007FF6F90D221C,?,?,?,?,?,?,00000000,?), ref: 00007FF6F90DA318

Strings

GetTimeFormatEx, xrefs: 00007FF6F90DA2A4, 00007FF6F90DA2B5

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: FormatTimetry_get_function
String ID: GetTimeFormatEx
API String ID: 3261793192-1692793031
Opcode ID: 3f565d0934326b8aa429ea9e8609bb467a998215688a4ff4575eafb9de89481e
Instruction ID: 7c43e60bf60dac0748601a7e71ecdecb84dffba8c2db026fab7fab3f8eabb8d5
Opcode Fuzzy Hash: 3f565d0934326b8aa429ea9e8609bb467a998215688a4ff4575eafb9de89481e
Instruction Fuzzy Hash: AE114271A0878186D7509F5AA80006AB7A5FB88BD4F58413AEF9D83BADDE3CD541CB00

Function 00007FF6F907E920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON

Download Yara Rule

APIs

SetInformationJobObject.KERNEL32 ref: 00007FF6F907E9A8

Strings

bObj, xrefs: 00007FF6F907E948
ect, xrefs: 00007FF6F907E959

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: InformationObject
String ID: bObj$ect
API String ID: 1757262956-2883911777
Opcode ID: 181f8773557602518332b39cfab75dc2eab3facf77df02703d3059a275ed80a4
Instruction ID: 1922895889bdb776eddebde94cebceab0447b5b8ef9657ed34b4047b824e1521
Opcode Fuzzy Hash: 181f8773557602518332b39cfab75dc2eab3facf77df02703d3059a275ed80a4
Instruction Fuzzy Hash: F311A322A0878585E7009F15F8003AABB60EBD6BB4F501234EBA9477E9EF3CD445CB00

Function 00007FF6F907E570 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON

Download Yara Rule

APIs

AssignProcessToJobObject.KERNEL32 ref: 00007FF6F907E5F4

Strings

obOb, xrefs: 00007FF6F907E59F
ject, xrefs: 00007FF6F907E5AA

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: AssignObjectProcess
String ID: ject$obOb
API String ID: 1819803957-1437108869
Opcode ID: 026b69001e6f5926d1c7d5d81b9544aa90aedd84aa45b1ea6bc8c0301b96e945
Instruction ID: 96a280e9cc272d19730f9dacaaadf16d680fbf5d2c853108c98c545313ca3f88
Opcode Fuzzy Hash: 026b69001e6f5926d1c7d5d81b9544aa90aedd84aa45b1ea6bc8c0301b96e945
Instruction Fuzzy Hash: 26119E22A0868585EB109B14E85036ABB60EB957A4F201234E6A946AEEEF3CD185CB40

Function 00007FF6F90E239C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

_handle_error.LIBCMT ref: 00007FF6F90E2422

Strings

exp, xrefs: 00007FF6F90E2411
", xrefs: 00007FF6F90E23FB

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: _handle_error
String ID: "$exp
API String ID: 1757819995-2878093337
Opcode ID: 5a6c6d975f34168b8b8bcb3c0312aff62d09fa0c83abc7666c3210c43f7286e6
Instruction ID: 1050749fab65424b091e7895bd053446ce827b61e5b8964aafcb2d5e7c5a5dca
Opcode Fuzzy Hash: 5a6c6d975f34168b8b8bcb3c0312aff62d09fa0c83abc7666c3210c43f7286e6
Instruction Fuzzy Hash: FA01C876928B89C3E320CF24D4496AA7670FFEA704F201319E744166A4DB7DD0C1DF00

Function 00007FF6F90B4BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90B4C3C
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B4C4D

Strings

pContext, xrefs: 00007FF6F90B4C30

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrowstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 1079095653-2046700901
Opcode ID: a63eeca57b122d3f82af4e720a215af2ed958f378462ecbf4202b0998b7d0082
Instruction ID: d14035080e2cfa28fd8c569226a3290f64c99297bebd143967de68e49b691a6f
Opcode Fuzzy Hash: a63eeca57b122d3f82af4e720a215af2ed958f378462ecbf4202b0998b7d0082
Instruction Fuzzy Hash: ABF03CA2A08A4A91EF55DF06ED400696331FF84BC8B448035DA2D877B8EE2CD554C304

Function 00007FF6F90DA334 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA35D
GetUserDefaultLCID.KERNEL32(?,?,000000A0,00007FF6F90E0EEC), ref: 00007FF6F90DA374

Strings

GetUserDefaultLocaleName, xrefs: 00007FF6F90DA340, 00007FF6F90DA34A

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: DefaultUsertry_get_function
String ID: GetUserDefaultLocaleName
API String ID: 3217810228-151340334
Opcode ID: 953e090cd37d012c1926a9250a7ae5437c1c115a0ac37595c061395919b20f14
Instruction ID: ce09210e24a6ad54dc0676f54084e4caf529bbbb394604771761b327d3f8b6a1
Opcode Fuzzy Hash: 953e090cd37d012c1926a9250a7ae5437c1c115a0ac37595c061395919b20f14
Instruction Fuzzy Hash: C1F0DA50B0C58282EB959F55AA846B95352AF887C8F44503AEA3D867D9EE2CE5448710

Function 00007FF6F90DA398 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA3C9
InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00000003,00007FF6F90C88ED), ref: 00007FF6F90DA3E3

Strings

InitializeCriticalSectionEx, xrefs: 00007FF6F90DA3AA, 00007FF6F90DA3BD

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpintry_get_function
String ID: InitializeCriticalSectionEx
API String ID: 539475747-3084827643
Opcode ID: 8e7c9e4892d63184810f56739f4c18e6cf80bfe9966347dd0e2536f2d0056b81
Instruction ID: 9d22119bf28bbe33023494e136b4abbc0d091d96a852340a87c9d32dbfb45bd6
Opcode Fuzzy Hash: 8e7c9e4892d63184810f56739f4c18e6cf80bfe9966347dd0e2536f2d0056b81
Instruction Fuzzy Hash: CFF05E25B0C64282EB849F45A9804A96222FF48B84F48413AFA7D83B9DEE3CE645C744

Function 00007FF6F90DA0B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA0D9
TlsSetValue.KERNEL32(?,?,8000000000000000,00007FF6F90D69A3,?,?,8000000000000000,00007FF6F90C9335,?,?,?,?,00007FF6F90D6B15), ref: 00007FF6F90DA0F0

Strings

FlsSetValue, xrefs: 00007FF6F90DA0BD, 00007FF6F90DA0C6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: 931aeb7f1220c766093666277d4b86b90bb8f83355d16acf48f3da58c7a5e309
Instruction ID: 897a70df2db8ddb8af5217ab8655021312ffc708aac69486e2c0f0b67473912a
Opcode Fuzzy Hash: 931aeb7f1220c766093666277d4b86b90bb8f83355d16acf48f3da58c7a5e309
Instruction Fuzzy Hash: B3E03961A0C64282EF985F54AD005B52222AF48798F48803ADA3D863E8FE2DE984C214

Function 00007FF6F90C3F7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90C3FA5
TlsSetValue.KERNEL32(?,?,00000000,00007FF6F90C253A,?,?,?,00007FF6F90C24D5,?,?,?,?,00007FF6F90C11B2), ref: 00007FF6F90C3FBC

Strings

FlsSetValue, xrefs: 00007FF6F90C3F92

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: Valuetry_get_function
String ID: FlsSetValue
API String ID: 738293619-3750699315
Opcode ID: 7f996b25490785f67e52861f284fb4e0bd7cd4a8db9972613c5d2c426176c3a1
Instruction ID: e13a949c3b63eaea97961af7bd15c843aeae01d5070c47238ddf2f5507196450
Opcode Fuzzy Hash: 7f996b25490785f67e52861f284fb4e0bd7cd4a8db9972613c5d2c426176c3a1
Instruction Fuzzy Hash: 9FE06DA1A1860292EB096F54FC408B96261EF48784F58503EDA3D863DCEE3CEA96C310

Function 00007FF6F90DA5A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF6F90DA5C9
__crtDownlevelLocaleNameToLCID.LIBCPMT ref: 00007FF6F90DA5E0

Strings

LocaleNameToLCID, xrefs: 00007FF6F90DA5AC, 00007FF6F90DA5B6

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: DownlevelLocaleName__crttry_get_function
String ID: LocaleNameToLCID
API String ID: 404522899-2050040251
Opcode ID: 8f7a26459eebdbe9ebcdac47c1d9243744081d28dddbc00ce074c770542b637c
Instruction ID: a7967e779c59df15d4a625dc1f692546d83da70a3c137ec6a41ebe7d5addb32d
Opcode Fuzzy Hash: 8f7a26459eebdbe9ebcdac47c1d9243744081d28dddbc00ce074c770542b637c
Instruction Fuzzy Hash: 09E0ED61E0C64792EB85AF55AC414F53222AF84748F58803AF63D863DDFE3CEA59D204

Function 00007FF6F90B9C68 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00007FF6F90B9C89
_CxxThrowException.LIBVCRUNTIME ref: 00007FF6F90B9C9A

Strings

pThreadProxy, xrefs: 00007FF6F90B9C7D

Memory Dump Source

Source File: 00000000.00000002.1434859185.00007FF6F9071000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6F9070000, based on PE: true

Associated: 00000000.00000002.1434843294.00007FF6F9070000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434905579.00007FF6F90E9000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434929076.00007FF6F9113000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434941788.00007FF6F9114000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434954651.00007FF6F9116000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9119000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1434968214.00007FF6F9146000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6f9070000_#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.jbxd

Similarity

API ID: ExceptionThrowstd::invalid_argument::invalid_argument
String ID: pThreadProxy
API String ID: 1079095653-3651400591
Opcode ID: 2ca3c2a8cdd9b7f389f3caa147fc552e775271ba4e2d69ac51743d6edc72005a
Instruction ID: b50da53e3e5200b9a16540090bfa594768e04d7049ee0453d13b0a02c2edf0ae
Opcode Fuzzy Hash: 2ca3c2a8cdd9b7f389f3caa147fc552e775271ba4e2d69ac51743d6edc72005a
Instruction Fuzzy Hash: 0FD08CA2A1860390EF15AF00EC000A82232FB90388F904038D17D865FDFF1CE20A8700

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exePID: 5932, Parent PID: 4056

General

Chronological Activities

Disassembly

Analysis Process: #U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exePID: 5932, Parent PID: 4056COMMON

Execution Graph

Graph

Executed Functions

Function 00007FF6F9093876 Relevance: 119.3, APIs: 79, Instructions: 763COMMON

Function 00007FF6F907BAC0 Relevance: 72.5, APIs: 23, Strings: 18, Instructions: 767COMMON

Control-flow Graph

Function 00007FF6F9084CE0 Relevance: 48.3, APIs: 32, Instructions: 313COMMON

Windows Analysis Report
#U8f6f#U4ef6#U5b89#U88c5#U7a0b#U5e8f_uninstc.exe

Function 00007FF6F907BAC0 Relevance: 72.5, APIs: 23, Strings: 18, Instructions: 767
COMMON

Function 00007FF6F9084CE0 Relevance: 48.3, APIs: 32, Instructions: 313
COMMON

Function 00007FF6F90D9580 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 368
timeCOMMONLIBRARYCODE

Function 00007FF6F90C8064 Relevance: 9.2, APIs: 6, Instructions: 235
COMMON

Function 00007FF6F9079020 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 114
libraryloaderCOMMON

Function 00007FF6F90D97E4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155
timeCOMMONLIBRARYCODE

Function 00007FF6F90A3A78 Relevance: 15.1, APIs: 10, Instructions: 94
COMMON

Function 00007FF6F90788E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55
libraryloaderwindowCOMMON

Function 00007FF6F907D8A4 Relevance: 9.1, APIs: 6, Instructions: 134
COMMON

Function 00007FF6F907AD40 Relevance: 7.6, APIs: 5, Instructions: 116
threadCOMMON

Function 00007FF6F9077BB0 Relevance: 7.6, APIs: 5, Instructions: 102
COMMON

Function 00007FF6F90C99B0 Relevance: 7.6, APIs: 5, Instructions: 60
threadCOMMONLIBRARYCODE

Function 00007FF6F90C98DC Relevance: 7.5, APIs: 5, Instructions: 31
threadCOMMON

Function 00007FF6F90C70C4 Relevance: 4.5, APIs: 3, Instructions: 19
COMMON

Function 00007FF6F907B470 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 211
COMMON