Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe
Analysis ID:	1521521
MD5:	8a060e06880e61f9eb9d2d8ef96a48f6
SHA1:	fb656d66d703409ac18807bc170c2a0369da9a71
SHA256:	9fc4251fdd8639dea3335ba27063cc60904bd54fac7e1f0ba5ffca79c14cd10a
Tags:	exe
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Machine Learning detection for sample

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to read the clipboard data

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Potential key logger detected (key state polling based)

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe (PID: 7388 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe" MD5: 8A060E06880E61F9EB9D2D8EF96A48F6)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

ReversingLabs: Detection: 50%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Joe Sandbox ML: detected

Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00408840 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA,	0_2_00408840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00470FD3 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,	0_2_00470FD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00411700 FindNextFileA,FindClose,FindFirstFileA,FindClose,	0_2_00411700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00419BC0 FindFirstFileA,FindClose,	0_2_00419BC0

Source: unknown

DNS traffic detected: query: 15.164.165.52.in-addr.arpa replaycode: Name error (3)

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_00424C30 ioctlsocket,recvfrom,

0_2_00424C30

Source: global traffic

DNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa

Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

String found in binary or memory: http://www.eyuyan.com)DVarFileInfo$

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_0042DCD0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0042DCD0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_0042DCD0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_0042DCD0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_0042DE30 OpenClipboard,GetClipboardData,CloseClipboard,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,

0_2_0042DE30

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00418050 IsWindowEnabled,TranslateAcceleratorA,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow,	0_2_00418050
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0042C530 GetKeyState,GetKeyState,GetKeyState,CopyRect,	0_2_0042C530
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_004756AD GetKeyState,GetKeyState,GetKeyState,GetKeyState,	0_2_004756AD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00473B86 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,	0_2_00473B86
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00419D70 GetKeyState,GetKeyState,GetKeyState,GetKeyState,	0_2_00419D70

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0043C040	0_2_0043C040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0041C110	0_2_0041C110
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_004621C0	0_2_004621C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044A2E0	0_2_0044A2E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0043E2F3	0_2_0043E2F3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_004542B0	0_2_004542B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00436450	0_2_00436450
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0041A430	0_2_0041A430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_004404B0	0_2_004404B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044C4B9	0_2_0044C4B9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_004385E0	0_2_004385E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044E600	0_2_0044E600
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044C976	0_2_0044C976
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00428930	0_2_00428930
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00448AF0	0_2_00448AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0045CC50	0_2_0045CC50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044CC61	0_2_0044CC61
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00458D30	0_2_00458D30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0045EDA0	0_2_0045EDA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044CE14	0_2_0044CE14
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00472E27	0_2_00472E27
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0045AF60	0_2_0045AF60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0046CFEE	0_2_0046CFEE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00449030	0_2_00449030
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_004230E0	0_2_004230E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_004690F6	0_2_004690F6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044D08E	0_2_0044D08E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0043F0A0	0_2_0043F0A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_004530BE	0_2_004530BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00445120	0_2_00445120
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0045D1D0	0_2_0045D1D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00413200	0_2_00413200
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0045330E	0_2_0045330E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00445430	0_2_00445430
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044D4C0	0_2_0044D4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044B760	0_2_0044B760
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_004597D0	0_2_004597D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00445860	0_2_00445860
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044D990	0_2_0044D990
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0040F9A0	0_2_0040F9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00449AF0	0_2_00449AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044DBC0	0_2_0044DBC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0043BB80	0_2_0043BB80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00411D10	0_2_00411D10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00453E10	0_2_00453E10
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0043BEB0	0_2_0043BEB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0044BFA0	0_2_0044BFA0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: String function: 00462F28 appears 94 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: String function: 00444B60 appears 77 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: String function: 004448E0 appears 39 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: String function: 00444750 appears 81 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: String function: 00471EE8 appears 44 times

Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal56.winEXE@1/0@1/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_00474040 FindResourceA,LoadResource,LockResource,

0_2_00474040

Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

ReversingLabs: Detection: 50%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_0047435D GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary,

0_2_0047435D

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00462F28 push eax; ret		0_2_00462F46
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00461690 push eax; ret		0_2_004616BE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00414D40 DestroyCursor,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu,	0_2_00414D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00419240 IsIconic,IsZoomed,LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,SystemParametersInfoA,IsWindow,ShowWindow,	0_2_00419240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00415410 IsIconic,	0_2_00415410
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0040F9A0 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus,	0_2_0040F9A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0045FCDF IsIconic,GetWindowPlacement,GetWindowRect,	0_2_0045FCDF

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_00401811 rdtsc

0_2_00401811

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

API coverage: 4.2 %

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00408840 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA,	0_2_00408840
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00470FD3 __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,	0_2_00470FD3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00411700 FindNextFileA,FindClose,FindFirstFileA,FindClose,	0_2_00411700
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_00419BC0 FindFirstFileA,FindClose,	0_2_00419BC0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_00401811 rdtsc

0_2_00401811

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_0047435D GetModuleHandleA,LoadLibraryA,GetProcAddress,#17,#17,FreeLibrary,

0_2_0047435D

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_004372B0 GetProcessHeap,OleInitialize,GetModuleFileNameA,SetCurrentDirectoryA,LoadCursorA,GetStockObject,GetCurrentThreadId,

0_2_004372B0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0046BDFD SetUnhandledExceptionFilter,		0_2_0046BDFD
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	Code function: 0_2_0046BE0F SetUnhandledExceptionFilter,		0_2_0046BE0F

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_0046348A GetLocalTime,GetSystemTime,GetTimeZoneInformation,

0_2_0046348A

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_0046348A GetLocalTime,GetSystemTime,GetTimeZoneInformation,

0_2_0046348A

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Code function: 0_2_0047AB8E GetVersion,GetProcessVersion,LoadCursorA,LoadCursorA,LoadCursorA,

0_2_0047AB8E

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 Input Capture	2 System Time Discovery	Remote Services	1 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	2 Obfuscated Files or Information	LSASS Memory	2 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	3 Clipboard Data	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	3 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	50%	ReversingLabs	Win32.Trojan.Generic
SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Antivirus Detection	Reputation
15.164.165.52.in-addr.arpa	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.eyuyan.com)DVarFileInfo$	SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521521
Start date and time:	2024-09-28 20:35:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe
Detection:	MAL
Classification:	mal56.winEXE@1/0@1/0
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 30 Number of non-executed functions: 237
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.338929192962035
TrID:	Win32 Executable (generic) a (10002005/4) 99.53% InstallShield setup (43055/19) 0.43% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe
File size:	704'512 bytes
MD5:	8a060e06880e61f9eb9d2d8ef96a48f6
SHA1:	fb656d66d703409ac18807bc170c2a0369da9a71
SHA256:	9fc4251fdd8639dea3335ba27063cc60904bd54fac7e1f0ba5ffca79c14cd10a
SHA512:	e11aee6e033f4e32d1a5daedb490ebdc22a182524413860ac5f86a41496f4b9126f7d86efc7227df6bea2284f003ccf216533787ce397f4bf649c600999b74ee
SSDEEP:	12288:ZZzOmPumUkotxLorXfJ6/O8I9+7uOvmpI:Zx1UkgxUrXf2/S+COvm6
TLSH:	F1E49F03F5C280F5C655193118AA7776DE3A9E0A0B25CBC79364EF6D7D32181AD3723A
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+.X.J...J...J..lV...J...l..TJ...l...J...V...J...U...J...U...J...J...H...U...J...U...J...J...J..(L...J..Rich.J..........PE..L..

File Icon


Icon Hash:	9eb3c18c2ceea99a

Static PE Info

General

Entrypoint:	0x4600e1
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x661BFBA4 [Sun Apr 14 15:52:04 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e1dfd53cc288da24e001618c92a60cad

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 0048A5A0h
push 00462948h
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 58h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
call dword ptr [0048033Ch]
xor edx, edx
mov dl, ah
mov dword ptr [004B4320h], edx
mov ecx, eax
and ecx, 000000FFh
mov dword ptr [004B431Ch], ecx
shl ecx, 08h
add ecx, edx
mov dword ptr [004B4318h], ecx
shr eax, 10h
mov dword ptr [004B4314h], eax
push 00000001h
call 00007FA544ED567Ch
pop ecx
test eax, eax
jne 00007FA544ED081Ah
push 0000001Ch
call 00007FA544ED08D8h
pop ecx
call 00007FA544ED5427h
test eax, eax
jne 00007FA544ED081Ah
push 00000010h
call 00007FA544ED08C7h
pop ecx
xor esi, esi
mov dword ptr [ebp-04h], esi
call 00007FA544ED5255h
call dword ptr [00480358h]
mov dword ptr [004B5A04h], eax
call 00007FA544ED5113h
mov dword ptr [004B4290h], eax
call 00007FA544ED4EBCh
call 00007FA544ED4DFEh
call 00007FA544ED40B5h
mov dword ptr [ebp-30h], esi
lea eax, dword ptr [ebp-5Ch]
push eax
call dword ptr [004802E8h]
call 00007FA544ED4D8Fh
mov dword ptr [ebp-64h], eax
test byte ptr [ebp-30h], 00000001h
je 00007FA544ED0818h
movzx eax, word ptr [ebp+00h]

Rich Headers

Programming Language:

[ C ] VS98 (6.0) SP6 build 8804
[C++] VS98 (6.0) SP6 build 8804
[C++] VS98 (6.0) build 8168
[ C ] VS98 (6.0) build 8168
[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x91c20	0x104	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb6000	0x5958	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x80000	0x69c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x7e01a	0x7f000	40195397218d7a50f0a6b152a0c0371b	False	0.5550911970964567	data	6.5516630448737985	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x80000	0x13e86	0x14000	2b2450f2c8a9e709e3dcf33d439ba847	False	0.323681640625	data	4.590978150923262	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x94000	0x21a08	0x12000	e4898e329fbaa01ddce0f26e1e85ace8	False	0.3099772135416667	data	5.074127551389419	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xb6000	0x5958	0x6000	f097ce60d52a1777722e317072722e88	False	0.2976888020833333	data	4.822538322138317	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
TEXTINCLUDE	0xb6bfc	0xb	ASCII text, with no line terminators	Chinese	China	1.7272727272727273
TEXTINCLUDE	0xb6c08	0x16	data	Chinese	China	1.3636363636363635
TEXTINCLUDE	0xb6c20	0x151	C source, ASCII text, with CRLF line terminators	Chinese	China	0.6201780415430267
RT_CURSOR	0xb6d74	0x134	data	Chinese	China	0.5811688311688312
RT_CURSOR	0xb6ea8	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	Chinese	China	0.37662337662337664
RT_CURSOR	0xb6fdc	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	Chinese	China	0.4805194805194805
RT_CURSOR	0xb7110	0xb4	Targa image data - Map 32 x 65536 x 1 +16 "\001"	Chinese	China	0.7
RT_BITMAP	0xb71c4	0x248	Device independent bitmap graphic, 64 x 15 x 4, image size 480	Chinese	China	0.3407534246575342
RT_BITMAP	0xb740c	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	China	0.4444444444444444
RT_BITMAP	0xb7550	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.26453488372093026
RT_BITMAP	0xb76a8	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.2616279069767442
RT_BITMAP	0xb7800	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.2441860465116279
RT_BITMAP	0xb7958	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.24709302325581395
RT_BITMAP	0xb7ab0	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240, resolution 3780 x 3780 px/m	Chinese	China	0.2238372093023256
RT_BITMAP	0xb7c08	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240	Chinese	China	0.19476744186046513
RT_BITMAP	0xb7d60	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240	Chinese	China	0.20930232558139536
RT_BITMAP	0xb7eb8	0x158	Device independent bitmap graphic, 20 x 20 x 4, image size 240	Chinese	China	0.18895348837209303
RT_BITMAP	0xb8010	0x5e4	Device independent bitmap graphic, 70 x 39 x 4, image size 1404	Chinese	China	0.34615384615384615
RT_BITMAP	0xb85f4	0xb8	Device independent bitmap graphic, 12 x 10 x 4, image size 80	Chinese	China	0.44565217391304346
RT_BITMAP	0xb86ac	0x16c	Device independent bitmap graphic, 39 x 13 x 4, image size 260	Chinese	China	0.28296703296703296
RT_BITMAP	0xb8818	0x144	Device independent bitmap graphic, 33 x 11 x 4, image size 220	Chinese	China	0.37962962962962965
RT_ICON	0xb895c	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	Chinese	China	0.26344086021505375
RT_ICON	0xb8c44	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	Chinese	China	0.41216216216216217
RT_ICON	0xb8d6c	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192			0.3885135135135135
RT_ICON	0xb8e94	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640			0.33198924731182794
RT_ICON	0xb917c	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1536			0.22378048780487805
RT_MENU	0xb97e4	0xc	data	Chinese	China	1.5
RT_MENU	0xb97f0	0x284	data	Chinese	China	0.5
RT_DIALOG	0xb9a74	0x98	data	Chinese	China	0.7171052631578947
RT_DIALOG	0xb9b0c	0x17a	data	Chinese	China	0.5185185185185185
RT_DIALOG	0xb9c88	0xfa	data	Chinese	China	0.696
RT_DIALOG	0xb9d84	0xea	data	Chinese	China	0.6239316239316239
RT_DIALOG	0xb9e70	0x8ae	data	Chinese	China	0.39603960396039606
RT_DIALOG	0xba720	0xb2	data	Chinese	China	0.7359550561797753
RT_DIALOG	0xba7d4	0xcc	data	Chinese	China	0.7647058823529411
RT_DIALOG	0xba8a0	0xb2	data	Chinese	China	0.6629213483146067
RT_DIALOG	0xba954	0xe2	data	Chinese	China	0.6637168141592921
RT_DIALOG	0xbaa38	0x18c	data	Chinese	China	0.5227272727272727
RT_STRING	0xbabc4	0x50	data	Chinese	China	0.85
RT_STRING	0xbac14	0x2c	data	Chinese	China	0.5909090909090909
RT_STRING	0xbac40	0x78	data	Chinese	China	0.925
RT_STRING	0xbacb8	0x1c4	data	Chinese	China	0.8141592920353983
RT_STRING	0xbae7c	0x12a	data	Chinese	China	0.5201342281879194
RT_STRING	0xbafa8	0x146	data	Chinese	China	0.6288343558282209
RT_STRING	0xbb0f0	0x40	data	Chinese	China	0.65625
RT_STRING	0xbb130	0x64	data	Chinese	China	0.73
RT_STRING	0xbb194	0x1d8	data	Chinese	China	0.6758474576271186
RT_STRING	0xbb36c	0x114	data	Chinese	China	0.6376811594202898
RT_STRING	0xbb480	0x24	data	Chinese	China	0.4444444444444444
RT_GROUP_CURSOR	0xbb4a4	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.25
RT_GROUP_CURSOR	0xbb4b8	0x14	Lotus unknown worksheet or configuration, revision 0x1	Chinese	China	1.25
RT_GROUP_CURSOR	0xbb4cc	0x22	Lotus unknown worksheet or configuration, revision 0x2	Chinese	China	1.0294117647058822
RT_GROUP_ICON	0xbb4f0	0x30	data			0.9166666666666666
RT_GROUP_ICON	0xbb520	0x14	data	Chinese	China	1.2
RT_GROUP_ICON	0xbb534	0x14	data	Chinese	China	1.25
RT_VERSION	0xbb548	0x240	data	Chinese	China	0.5642361111111112
RT_MANIFEST	0xbb788	0x1cd	XML 1.0 document, ASCII text, with very long lines (461), with no line terminators			0.5878524945770065

Imports

DLL	Import
KERNEL32.dll	SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, GetCurrentProcess, DuplicateHandle, lstrcpynA, SetLastError, FileTimeToLocalFileTime, FileTimeToSystemTime, LocalFree, InterlockedDecrement, CreateSemaphoreA, ResumeThread, ReleaseSemaphore, EnterCriticalSection, LeaveCriticalSection, GetProfileStringA, SetStdHandle, IsBadCodePtr, IsBadReadPtr, CompareStringW, CompareStringA, SetUnhandledExceptionFilter, GetStringTypeW, GetStringTypeA, IsBadWritePtr, VirtualAlloc, LCMapStringW, LCMapStringA, SetEnvironmentVariableA, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetACP, HeapSize, TerminateProcess, GetLocalTime, GetSystemTime, GetTimeZoneInformation, WriteFile, WaitForMultipleObjects, CreateFileA, SetEvent, FindResourceA, LoadResource, LockResource, ReadFile, GetModuleFileNameA, WideCharToMultiByte, MultiByteToWideChar, GetCurrentThreadId, ExitProcess, GlobalSize, GlobalFree, DeleteCriticalSection, InitializeCriticalSection, lstrcatA, lstrlenA, WinExec, lstrcpyA, FindNextFileA, GlobalReAlloc, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetFullPathNameA, FreeLibrary, LoadLibraryA, GetLastError, GetVersionExA, WritePrivateProfileStringA, CreateThread, CreateEventA, Sleep, GlobalAlloc, GlobalLock, GlobalUnlock, FindFirstFileA, FindClose, GetFileAttributesA, RaiseException, RtlUnwind, GetStartupInfoA, GetOEMCP, GetCPInfo, GetProcessVersion, SetErrorMode, GlobalFlags, GetCurrentThread, GetFileTime, GetFileSize, TlsGetValue, LocalReAlloc, TlsSetValue, TlsFree, GlobalHandle, SetCurrentDirectoryA, GetVolumeInformationA, GetModuleHandleA, GetProcAddress, TlsAlloc, LocalAlloc, lstrcmpA, GetVersion, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpiA, MulDiv, GetCommandLineA, GetTickCount, WaitForSingleObject, CloseHandle, InterlockedIncrement
USER32.dll	OpenClipboard, SetClipboardData, EmptyClipboard, GetSystemMetrics, GetCursorPos, MessageBoxA, SetWindowPos, SendMessageA, DestroyCursor, SetParent, GetClipboardData, PostMessageA, GetTopWindow, GetParent, CloseClipboard, wsprintfA, GetFocus, GetClientRect, InvalidateRect, ValidateRect, UpdateWindow, EqualRect, GetWindowRect, SetForegroundWindow, IsWindow, RegisterClassA, DestroyMenu, IsChild, ReleaseDC, IsRectEmpty, FillRect, GetDC, SetCursor, LoadCursorA, SetCursorPos, SetActiveWindow, GetSysColor, SetWindowLongA, GetWindowLongA, RedrawWindow, EnableWindow, IsWindowVisible, OffsetRect, PtInRect, DestroyIcon, IntersectRect, InflateRect, SetRect, SetScrollPos, SetScrollRange, GetScrollRange, SetCapture, LoadIconA, TranslateMessage, DrawFrameControl, DrawEdge, DrawFocusRect, WindowFromPoint, GetMessageA, DispatchMessageA, SetRectEmpty, RegisterClipboardFormatA, CreateIconFromResourceEx, CreateIconFromResource, DrawIconEx, CreatePopupMenu, AppendMenuA, ModifyMenuA, CreateMenu, CreateAcceleratorTableA, GetDlgCtrlID, GetSubMenu, EnableMenuItem, ClientToScreen, EnumDisplaySettingsA, LoadImageA, SystemParametersInfoA, ShowWindow, IsWindowEnabled, TranslateAcceleratorA, GetKeyState, CopyAcceleratorTableA, PostQuitMessage, IsZoomed, GetClassInfoA, DefWindowProcA, GetSystemMenu, DeleteMenu, GetMenu, SetMenu, PeekMessageA, GetWindowTextA, GetWindowTextLengthA, CharUpperA, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, GetDlgItem, DestroyWindow, CreateDialogIndirectParamA, EndDialog, GetNextDlgTabItem, GetWindowPlacement, RegisterWindowMessageA, GetForegroundWindow, GetLastActivePopup, GetMessageTime, RemovePropA, CallWindowProcA, GetPropA, UnhookWindowsHookEx, SetPropA, GetClassLongA, CallNextHookEx, SetWindowsHookExA, CreateWindowExA, GetMenuItemID, GetMenuItemCount, UnregisterClassA, GetScrollPos, AdjustWindowRectEx, MapWindowPoints, SendDlgItemMessageA, ScrollWindowEx, IsDialogMessageA, SetWindowTextA, MoveWindow, CheckMenuItem, SetMenuItemBitmaps, GetMenuState, GetMenuCheckMarkDimensions, GetClassNameA, GetDesktopWindow, LoadStringA, GetSysColorBrush, IsIconic, SetFocus, GetActiveWindow, GetWindow, DestroyAcceleratorTable, SetWindowRgn, GetMessagePos, ScreenToClient, ChildWindowFromPointEx, CopyRect, LoadBitmapA, WinHelpA, KillTimer, SetTimer, ReleaseCapture, GetCapture
GDI32.dll	GetClipRgn, CreatePolygonRgn, SelectClipRgn, DeleteObject, CreateDIBitmap, GetSystemPaletteEntries, CreatePalette, StretchBlt, SelectPalette, RealizePalette, GetDIBits, GetWindowExtEx, GetViewportOrgEx, GetWindowOrgEx, BeginPath, EndPath, PathToRegion, CreateEllipticRgn, CreateRoundRectRgn, GetTextColor, GetBkMode, GetBkColor, GetROP2, GetStretchBltMode, GetPolyFillMode, CreateCompatibleBitmap, CreateDCA, CreateBitmap, SelectObject, GetObjectA, CreatePen, PatBlt, SetStretchBltMode, CreateRectRgn, FillRgn, CreateSolidBrush, GetStockObject, CreateFontIndirectA, EndPage, EndDoc, DeleteDC, StartDocA, StartPage, BitBlt, CreateCompatibleDC, Ellipse, Rectangle, LPtoDP, DPtoLP, GetCurrentObject, RoundRect, GetTextExtentPoint32A, GetDeviceCaps, SaveDC, RestoreDC, SetBkMode, SetPolyFillMode, SetROP2, SetTextColor, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, ExcludeClipRect, MoveToEx, LineTo, CreateRectRgnIndirect, SetBkColor, CombineRgn, GetTextMetricsA, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetViewportExtEx, ExtSelectClipRgn
WINMM.dll	midiStreamRestart, midiStreamClose, midiOutReset, midiStreamStop, midiStreamOut, midiOutPrepareHeader, midiStreamProperty, midiStreamOpen, midiOutUnprepareHeader, waveOutOpen, waveOutGetNumDevs, waveOutClose, waveOutReset, waveOutPause, waveOutWrite, waveOutPrepareHeader, waveOutUnprepareHeader
WINSPOOL.DRV	ClosePrinter, DocumentPropertiesA, OpenPrinterA
ADVAPI32.dll	RegCloseKey, RegOpenKeyExA, RegSetValueExA, RegQueryValueA, RegCreateKeyExA
SHELL32.dll	ShellExecuteA, Shell_NotifyIconA
ole32.dll	OleInitialize, OleUninitialize, CLSIDFromString
OLEAUT32.dll	UnRegisterTypeLib, RegisterTypeLib, LoadTypeLib
COMCTL32.dll	ImageList_Destroy
WS2_32.dll	ioctlsocket, recv, getpeername, accept, recvfrom, WSAAsyncSelect, closesocket, inet_ntoa, WSACleanup
comdlg32.dll	ChooseColorA, GetSaveFileNameA, GetOpenFileNameA, GetFileTitleA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Chinese	China

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2024 20:37:05.491175890 CEST	53	64273	162.159.36.2	192.168.2.9
Sep 28, 2024 20:37:05.985747099 CEST	65336	53	192.168.2.9	1.1.1.1
Sep 28, 2024 20:37:05.994416952 CEST	53	65336	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2024 20:37:05.985747099 CEST	192.168.2.9	1.1.1.1	0xc313	Standard query (0)	15.164.165.52.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 28, 2024 20:37:05.994416952 CEST	1.1.1.1	192.168.2.9	0xc313	Name error (3)	15.164.165.52.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

Target ID:	0
Start time:	14:36:18
Start date:	28/09/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe"
Imagebase:	0x400000
File size:	704'512 bytes
MD5 hash:	8A060E06880E61F9EB9D2D8EF96A48F6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	5.9%
Total number of Nodes:	681
Total number of Limit Nodes:	46

Executed Functions

Function 004372B0 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 370
commemorythreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 004372D9
OleInitialize.OLE32(00000000), ref: 00437315
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00437333
SetCurrentDirectoryA.KERNEL32(006F5B98,?), ref: 0043738D
LoadCursorA.USER32(00000000,00007F00), ref: 004373E8
GetStockObject.GDI32(00000005), ref: 00437409
GetCurrentThreadId.KERNEL32 ref: 00437431

Strings

XTH, xrefs: 004375F4
HTH, xrefs: 004377D8
_EL_HideOwner, xrefs: 00437413

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Current$CursorDirectoryFileHeapInitializeLoadModuleNameObjectProcessStockThread
String ID: HTH$XTH$_EL_HideOwner
API String ID: 3783217854-797716108
Opcode ID: cb3d4e0a3d63d757de2257d38bfdfaf2a105c388d54b8a020941730e6c5986e1
Instruction ID: 1914345210ed2ff3495e03ad8142625d6870991d91b6ce34866407e4b9de301b
Opcode Fuzzy Hash: cb3d4e0a3d63d757de2257d38bfdfaf2a105c388d54b8a020941730e6c5986e1
Instruction Fuzzy Hash: 2CE1E2B0A002059FCB24EF65CC91FEE77B4BF48308F14456EE945B7292DB78A945CB98

Function 0047AB8E Relevance: 6.1, APIs: 4, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(?,?,?,0047AB89), ref: 0047AC05
GetProcessVersion.KERNELBASE(00000000,?,?,?,0047AB89), ref: 0047AC42
LoadCursorA.USER32(00000000,00007F02), ref: 0047AC70
LoadCursorA.USER32(00000000,00007F00), ref: 0047AC7B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorLoadVersion$Process
String ID:
API String ID: 2246821583-0
Opcode ID: 65717bced7d038e4907d4dc16a88fd120fd14bbc6d3e890548065f87c59ee817
Instruction ID: 51458a6294e5f0da6d49e1580fba211a1da373452864a7d71652b81569682ab7
Opcode Fuzzy Hash: 65717bced7d038e4907d4dc16a88fd120fd14bbc6d3e890548065f87c59ee817
Instruction Fuzzy Hash: 10118CB1A10B109FD728DF3A998456ABBE5FB487047118D3FE18BC6B80D7B8E400CB58

Function 00472259 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 170
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0047A078: TlsGetValue.KERNEL32(004B3F3C,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C,?,00000000,?,0046E0C1,00000000,00000000,00000000,00000000), ref: 0047A0B7

CallNextHookEx.USER32(?,00000003,?,?), ref: 00472283
GetClassLongA.USER32(?,000000E6), ref: 004722CA
GlobalGetAtomNameA.KERNEL32(?,?,00000005,?,?,?,Function_000793FE), ref: 004722F6
lstrcmpiA.KERNEL32(?,ime), ref: 00472305
GetWindowLongA.USER32(?,000000FC), ref: 00472378
SetWindowLongA.USER32(?,000000FC,00000000), ref: 00472399

Strings

,?K, xrefs: 00472264
AfxOldWndProc423, xrefs: 004723DA, 004723DF, 004723EA, 004723F2, 004723FB
ime, xrefs: 004722FF

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Long$Window$AtomCallClassGlobalHookNameNextValuelstrcmpi
String ID: ,?K$AfxOldWndProc423$ime
API String ID: 3731301195-1428519668
Opcode ID: 5bfc446d60fc51f8eea7a174e64a98e87646d6d69fc27bb46a48b2f854f02dae
Instruction ID: fbce1521125c7fad0b765fb537752d1f1382e549c3d948a49ecd8758adefe6c3
Opcode Fuzzy Hash: 5bfc446d60fc51f8eea7a174e64a98e87646d6d69fc27bb46a48b2f854f02dae
Instruction Fuzzy Hash: A4519231500225BBCB219F64CD48BAF7BB9FF04355F108529FE19A7291D778D904CBA8

Function 00417CF0 Relevance: 19.7, APIs: 13, Instructions: 187
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetParent.USER32(?), ref: 00417D3A

Part of subcall function 0047497F: IsWindowEnabled.USER32(?), ref: 00474989

IsWindow.USER32(?), ref: 00417DDB
GetParent.USER32(?), ref: 00417DF6
IsWindowVisible.USER32(?), ref: 00417E0A
SetActiveWindow.USER32(?), ref: 00417E2B
IsWindow.USER32(?), ref: 00417E48
KiUserCallbackDispatcher.NTDLL(?), ref: 00417E56
IsWindow.USER32(?), ref: 00417E5D
IsWindow.USER32(?), ref: 00417EB8
IsWindow.USER32(?), ref: 00417F12
GetFocus.USER32 ref: 00417F26
IsWindow.USER32(00000000), ref: 00417F33
IsChild.USER32(?,00000000), ref: 00417F42

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Parent$ActiveCallbackChildDispatcherEnabledFocusUserVisible
String ID:
API String ID: 416498738-0
Opcode ID: 2e3d2c37a266148ab8d31f6fcbc22de62d38d4db529921df303c08f3477b5709
Instruction ID: 8a167c4e8529244fdbeb43df4adc2576338162f3c3af94de45207999e780c3ae
Opcode Fuzzy Hash: 2e3d2c37a266148ab8d31f6fcbc22de62d38d4db529921df303c08f3477b5709
Instruction Fuzzy Hash: E15165756083059BD7249F61D844AAFBBF8BF44341F044A2FF94AD3250DB38E885CBA9

Function 0047207E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 00472083
GetPropA.USER32(?,AfxOldWndProc423), ref: 0047209B
CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 004720F9

Part of subcall function 00471C66: GetWindowRect.USER32(?,?), ref: 00471C8B
Part of subcall function 00471C66: GetWindow.USER32(?,00000004), ref: 00471CA8

SetWindowLongA.USER32(?,000000FC,?), ref: 00472129
RemovePropA.USER32(?,AfxOldWndProc423), ref: 00472131
GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 00472138
GlobalDeleteAtom.KERNEL32(00000000), ref: 0047213F

Part of subcall function 00471C43: GetWindowRect.USER32(?,?), ref: 00471C4F

CallWindowProcA.USER32(?,?,?,?,00000000), ref: 00472193

Strings

AfxOldWndProc423, xrefs: 00472091, 00472099, 0047212F, 00472137

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prologLongRemove
String ID: AfxOldWndProc423
API String ID: 2397448395-1060338832
Opcode ID: 2af01404807e8cb2011267f451141ffa6c9373311a6642314919e1dfb413b1d0
Instruction ID: 307deb8289635f519eba116dc0498a80e855deb16b8d46373569378f2aa1e92f
Opcode Fuzzy Hash: 2af01404807e8cb2011267f451141ffa6c9373311a6642314919e1dfb413b1d0
Instruction Fuzzy Hash: F931607290051ABFCB129FA9DE49DFF7A78FF45310F00851AFA09A1160C7798A11DBA9

Function 00479D11 Relevance: 15.1, APIs: 10, Instructions: 99
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

EnterCriticalSection.KERNEL32(004B3F58,004B3F2C,00000000,?,004B3F3C,004B3F3C,0047A0AC,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C,?,00000000), ref: 00479D20
GlobalAlloc.KERNELBASE(00002002,00000000,?,?,004B3F3C,004B3F3C,0047A0AC,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C,?,00000000), ref: 00479D75
GlobalHandle.KERNEL32(00762A20), ref: 00479D7E
GlobalUnlock.KERNEL32(00000000), ref: 00479D87
GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 00479D99
GlobalHandle.KERNEL32(00762A20), ref: 00479DB0
GlobalLock.KERNEL32(00000000), ref: 00479DB7
LeaveCriticalSection.KERNEL32(004601C1,?,?,004B3F3C,004B3F3C,0047A0AC,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C,?,00000000), ref: 00479DBD
GlobalLock.KERNEL32(00000000), ref: 00479DCC
LeaveCriticalSection.KERNEL32(?), ref: 00479E15

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
String ID:
API String ID: 2667261700-0
Opcode ID: 97ff5145cf662007581b4cc3b9d0553c5456597b08cc25631c6f55d94e18ccf9
Instruction ID: b3dbe4a179b5851f5c58325d188dfcbbc1840c47501683c279f3690381d456b7
Opcode Fuzzy Hash: 97ff5145cf662007581b4cc3b9d0553c5456597b08cc25631c6f55d94e18ccf9
Instruction Fuzzy Hash: 4831AF752107099FD7249F28DC89A6AB7E9FF44305B008E2EF866C3661E775EC088B18

Function 004037E0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 267
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateSolidBrush.GDI32(00000000), ref: 00403928
SendMessageA.USER32(?,000000C5,?,00000000), ref: 004039B9
SendMessageA.USER32(?,000000CC,?,00000000), ref: 004039D1
SendMessageA.USER32(?,00000465,00000000,?), ref: 00403A9B
SendMessageA.USER32(?,000000B1,?,?), ref: 00403AD8
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00403AE7

Strings

msctls_updown32, xrefs: 00403A2F
EDIT, xrefs: 00403967

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$BrushCreateSolid
String ID: EDIT$msctls_updown32
API String ID: 943060551-1401569126
Opcode ID: 45f362369c7d1d8b75ad778e937802042f4e51cfe5d83fe8f665a7767b5385c5
Instruction ID: 8d18a3f192dc15b8a6ae7e32fc904e5408dd1d8c9696b1feeb8b4757f87dc594
Opcode Fuzzy Hash: 45f362369c7d1d8b75ad778e937802042f4e51cfe5d83fe8f665a7767b5385c5
Instruction Fuzzy Hash: 8191B4717047009FE724EF64CC45B677BE9AB84705F10892EF296A73C0DAB8ED048B59

Function 00414880 Relevance: 13.8, APIs: 9, Instructions: 289
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2444f796397835f0b498327c1a7d68f3047a87be97f3c998faf3cbd66260b386
Instruction ID: 8d11593c00278cb38fa96861ddbb9cf32e110356fa10e9b351741ae295b5fccf
Opcode Fuzzy Hash: 2444f796397835f0b498327c1a7d68f3047a87be97f3c998faf3cbd66260b386
Instruction Fuzzy Hash: 8BB199B06087009FD724DF65C884BABB7E5AFC4744F508A2EF59687390D778E881CB5A

Function 00403B10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTextExtentPoint32A.GDI32(?,00497C4C,?,?), ref: 00403BB1
GetSystemMetrics.USER32(0000002E), ref: 00403BC5
GetWindowRect.USER32(?,?), ref: 00403BE5
GetStockObject.GDI32(00000011), ref: 00403C32
SendMessageA.USER32(?,00000030,00000000,00000001), ref: 00403C41

Strings

L|I, xrefs: 00403B92

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExtentMessageMetricsObjectPoint32RectSendStockSystemTextWindow
String ID: L|I
API String ID: 3316701254-172712568
Opcode ID: a292d6a0d154091ec71623a53fd5816bab1762a68ce2f9fcfcacc753cb520ffd
Instruction ID: b37535c9641761676778fcdb2891a9ea44193152e58cdab19c5f78bf686246b7
Opcode Fuzzy Hash: a292d6a0d154091ec71623a53fd5816bab1762a68ce2f9fcfcacc753cb520ffd
Instruction Fuzzy Hash: E341C372248700AFD324DF65CD85F6B7BA9AB84705F00492EFA46A62C1DB78E904CB59

Function 00476529 Relevance: 9.0, APIs: 6, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL(0000000B), ref: 00476536
GetSystemMetrics.USER32(0000000C), ref: 0047653D
GetDC.USER32(00000000), ref: 00476556
GetDeviceCaps.GDI32(00000000,00000058), ref: 00476567
GetDeviceCaps.GDI32(00000000,0000005A), ref: 0047656F
ReleaseDC.USER32(00000000,00000000), ref: 00476577

Part of subcall function 0047ABAE: GetSystemMetrics.USER32(00000002), ref: 0047ABC0
Part of subcall function 0047ABAE: GetSystemMetrics.USER32(00000003), ref: 0047ABCA

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
String ID:
API String ID: 1031845853-0
Opcode ID: 7cd2066971f54fd43de16df30fdae5816457d8c5b9ce06f8d50be5bb5b84ee53
Instruction ID: 1e22802597157253e34d8aebdf1bf02fcf353e530c81b98f3bdb915036a73c27
Opcode Fuzzy Hash: 7cd2066971f54fd43de16df30fdae5816457d8c5b9ce06f8d50be5bb5b84ee53
Instruction Fuzzy Hash: 89F02430580700AFE3602B729C49F5BB7A5DFC0B11F01882EEA05572D0CA7498089FA5

Function 004074E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 207
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColor.USER32(0000000F), ref: 004075EC
DestroyCursor.USER32(?), ref: 0040764A
SendMessageA.USER32(?,000000F7,00000001,?), ref: 004076EC
SendMessageA.USER32(?,000000F7,00000000,?), ref: 0040771E

Strings

BUTTON, xrefs: 004076AB

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$ColorCursorDestroy
String ID: BUTTON
API String ID: 3592366650-3405671355
Opcode ID: 5bca244c16a081a7a05ce806aaf0b8ecaf65133c7bedeeb753eda11576afbfc9
Instruction ID: 89b9e555693fdac89192840127de5cfadf264e941bb109c5349a2ef5eb883d01
Opcode Fuzzy Hash: 5bca244c16a081a7a05ce806aaf0b8ecaf65133c7bedeeb753eda11576afbfc9
Instruction Fuzzy Hash: B26195B5A08B04AFD224DF15D880B6BB7E5FB44710F50892EE586937C0DB39F845CB5A

Function 00404F70 Relevance: 7.6, APIs: 5, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00476FFA: __EH_prolog.LIBCMT ref: 00476FFF
Part of subcall function 00476FFA: GetWindowDC.USER32(?,?,?,00404FA1), ref: 00477028

GetClientRect.USER32 ref: 00404FB2
GetWindowRect.USER32(?,?), ref: 00404FC1

Part of subcall function 00476DB4: ScreenToClient.USER32(?,?), ref: 00476DC8
Part of subcall function 00476DB4: ScreenToClient.USER32(?,?), ref: 00476DD1

OffsetRect.USER32(?,?,?), ref: 00404FEC

Part of subcall function 00476CF1: ExcludeClipRect.GDI32(?,?,?,?,?,753DA5C0,?,?,00404FFC,?), ref: 00476D16
Part of subcall function 00476CF1: ExcludeClipRect.GDI32(?,?,?,?,?,753DA5C0,?,?,00404FFC,?), ref: 00476D2B

OffsetRect.USER32(?,?,?), ref: 0040500F
FillRect.USER32(?,?,?), ref: 0040502A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Client$ClipExcludeOffsetScreenWindow$FillH_prolog
String ID:
API String ID: 2829754061-0
Opcode ID: 8768cf6e3bcaf26e3bb3db7a16850f71eaeb9cb9d089f426a44d09c422a79609
Instruction ID: f36dbc806d1563819f1ff3170cecdc89e0ba3ab4ca843f937820cb9d7e4caadc
Opcode Fuzzy Hash: 8768cf6e3bcaf26e3bb3db7a16850f71eaeb9cb9d089f426a44d09c422a79609
Instruction Fuzzy Hash: 5C319176208742AFD714DF24C845EABB7E8EBC8714F008A1DF49AD3290DB34E909CB56

Function 00414760 Relevance: 6.1, APIs: 4, Instructions: 94
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageA.USER32(?,00000080,00000001,?), ref: 00414808
SendMessageA.USER32(?,00000080,00000000,?), ref: 0041481A
DestroyCursor.USER32(?), ref: 0041482D
DestroyCursor.USER32(?), ref: 0041483A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDestroyMessageSend
String ID:
API String ID: 3501257726-0
Opcode ID: 7935fae1339fb56012e25430c83898475105beffadc435e724d506eddd92a88b
Instruction ID: 3a9e04737065370deb163e8cbe53de3a501ed407446d3c24aea8b30305ef010b
Opcode Fuzzy Hash: 7935fae1339fb56012e25430c83898475105beffadc435e724d506eddd92a88b
Instruction Fuzzy Hash: 6F312E756043016FD760DF69D880B9BB3E8AFC5710F50882EF9A597380D778E8498B66

Function 00475300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00475313
SetWindowsHookExA.USER32(000000FF,00475655,00000000,00000000), ref: 00475323

Part of subcall function 0047A10D: __EH_prolog.LIBCMT ref: 0047A112

Strings

?K, xrefs: 00475353

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentH_prologHookThreadWindows
String ID: ?K
API String ID: 2183259885-1575036600
Opcode ID: 9ae517c7cf69b7008fe8d134ff747363525f5b34caa87cd8dabe530bdd6d1019
Instruction ID: 4e5a4303184f4ee6d47528fe665117048a61106a34f9d5e5e022b7716b5622ee
Opcode Fuzzy Hash: 9ae517c7cf69b7008fe8d134ff747363525f5b34caa87cd8dabe530bdd6d1019
Instruction Fuzzy Hash: 5FF0A7318416506AC7203F719C0EBEA37645B00355F058A6FF51A5A1E1CBFC8C49C76E

Function 0047244F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0047A078: TlsGetValue.KERNEL32(004B3F3C,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C,?,00000000,?,0046E0C1,00000000,00000000,00000000,00000000), ref: 0047A0B7

GetCurrentThreadId.KERNEL32 ref: 00472471
SetWindowsHookExA.USER32(00000005,00472259,00000000,00000000), ref: 00472481

Strings

,?K, xrefs: 00472456

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentHookThreadValueWindows
String ID: ,?K
API String ID: 933525246-2009519282
Opcode ID: 93627bef7ba6b73e97a078f6fc58baca823219e623557755f0c652d8f30f7b2b
Instruction ID: be0e77011221d11070df1578ac37e916c0c97512714781440922a4cd033699be
Opcode Fuzzy Hash: 93627bef7ba6b73e97a078f6fc58baca823219e623557755f0c652d8f30f7b2b
Instruction Fuzzy Hash: 29E06535604710AED330DF269D0579F76E4DB94751F10C57FF14991180D3B498058B7E

Function 00410910 Relevance: 4.6, APIs: 3, Instructions: 110windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00410939
IsWindow.USER32 ref: 00410967
PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00410A36

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessagePeek$Window
String ID:
API String ID: 1210580970-0
Opcode ID: dcb30a65f47188d76c12b8880ec8cb6d057ab2d1f2df60404e694bec40a3e74b
Instruction ID: 2e85a6258bd0a8ce8250a71d26efb6dca43bff0835269fe5654cccedc8cb2ac4
Opcode Fuzzy Hash: dcb30a65f47188d76c12b8880ec8cb6d057ab2d1f2df60404e694bec40a3e74b
Instruction Fuzzy Hash: 37318FB1710306AFE714DF20D994AEBB3A8FF54348F00012EE95593242D7B4ED99CBA9

Function 0047585D Relevance: 4.5, APIs: 3, Instructions: 29windowCOMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 0047586A
TranslateMessage.USER32(?), ref: 0047588A
DispatchMessageA.USER32(?), ref: 00475891

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$CallbackDispatchDispatcherTranslateUser
String ID:
API String ID: 2960505505-0
Opcode ID: 2e4949dc2edd089c7573b12ba10a0eb82a51d9b48e0cd485f3d327b6e3e2d587
Instruction ID: 762146d23b616449ed472a42ef2190d406b7035d0d7b3bb24d89ff3de1cc9b7b
Opcode Fuzzy Hash: 2e4949dc2edd089c7573b12ba10a0eb82a51d9b48e0cd485f3d327b6e3e2d587
Instruction Fuzzy Hash: B8E09232310900ABE3616B64AC48DBF37ACFFC1F01B05082EF541CA110CBA49C458F6A

Function 00471DB6 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00471DBB

Part of subcall function 0047A078: TlsGetValue.KERNEL32(004B3F3C,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C,?,00000000,?,0046E0C1,00000000,00000000,00000000,00000000), ref: 0047A0B7

Strings

,?K, xrefs: 00471DC6

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologValue
String ID: ,?K
API String ID: 3700342317-2009519282
Opcode ID: afaf0c227267922ffbcd9b9935d92e082e0ad31039f1e395a6bbd3862919703d
Instruction ID: 9998c9d0d5e0e502710816877678d73e1ade38e2e86cb62283e11b00ce752836
Opcode Fuzzy Hash: afaf0c227267922ffbcd9b9935d92e082e0ad31039f1e395a6bbd3862919703d
Instruction Fuzzy Hash: 4C213772900209EFCF05DF58C581AEE7BB9FB44314F00806AF809AB250D378AE54CBA5

Function 0047A8E0 Relevance: 3.0, APIs: 2, Instructions: 32COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000000,00000000,004765AB,00000000,00000000,00000000,00000000,?,00000000,?,0046E0C1,00000000,00000000,00000000,00000000,004601C1), ref: 0047A8E9
SetErrorMode.KERNELBASE(00000000,?,00000000,?,0046E0C1,00000000,00000000,00000000,00000000,004601C1,00000000), ref: 0047A8F0

Part of subcall function 0047A943: GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 0047A974
Part of subcall function 0047A943: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0047AA15
Part of subcall function 0047A943: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0047AA42

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
String ID:
API String ID: 3389432936-0
Opcode ID: a12842eb53be0f8edd813947339827de68dff67189c0a4f3b764bb2e9e70e42b
Instruction ID: 38b7a9bd611c4507b0739b76c000bd6764d8efe859a2babbee3fcda21c0a3732
Opcode Fuzzy Hash: a12842eb53be0f8edd813947339827de68dff67189c0a4f3b764bb2e9e70e42b
Instruction Fuzzy Hash: 6AF03CB49152504FD714AF25D485B8E7BA5AF44710F06C89FF4498B3A2CBB8D840CB9A

Function 00464FA6 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000,0046013F,00000001), ref: 00464FB7

Part of subcall function 00464E5E: GetVersionExA.KERNEL32 ref: 00464E7D

HeapDestroy.KERNEL32 ref: 00464FF6

Part of subcall function 004688A5: HeapAlloc.KERNEL32(00000000,00000140,00464FDF,000003F8), ref: 004688B2

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$AllocCreateDestroyVersion
String ID:
API String ID: 2507506473-0
Opcode ID: 666a6547bd8cad78f52a1f1ba66685a778b3b14628a30bafa7e09ead2506633b
Instruction ID: c7b2ab3f5faa6aa4c20418dfde7e50536f31d560faacf49361236ffa2c4385b0
Opcode Fuzzy Hash: 666a6547bd8cad78f52a1f1ba66685a778b3b14628a30bafa7e09ead2506633b
Instruction Fuzzy Hash: 60F06571655302ABDFA817715C4572A36989BC0756F10483BF800C41E1FB7989C1962F

Function 0041B120 Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

LoadImageA.USER32(?,?,00000001,00000020,00000020,00000000), ref: 0041B13B
LoadImageA.USER32(?,?,00000001,00000010,00000010,00000000), ref: 0041B14D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ImageLoad
String ID:
API String ID: 306446377-0
Opcode ID: 975a7451865ccc8975c2900e34aeeb7a5f1e19b430e902bde8dd32bd03d3ac08
Instruction ID: 3a13a449b0eed32f084f76997bf90e45ad9d878f5402a8c1fc67ecc1b28f0f5e
Opcode Fuzzy Hash: 975a7451865ccc8975c2900e34aeeb7a5f1e19b430e902bde8dd32bd03d3ac08
Instruction Fuzzy Hash: 4FE0ED3238131177D620CE5A8C85F9BF7A9EF8DB10F100819B344AB1D1C2F1A4458769

Function 00472819 Relevance: 3.0, APIs: 2, Instructions: 27COMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,?,?,?), ref: 00472840
CallWindowProcA.USER32(?,?,?,?,?), ref: 00472855

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProcWindow$Call
String ID:
API String ID: 2316559721-0
Opcode ID: 0113cfc4844cf5e395ee1ce9da6bf3ef661a4234f6418a6be040c844d27feed3
Instruction ID: 7b10d13d7392a5af741981f59f4c5e4e75cef4fd03c385ba4c65e5ac35a6344a
Opcode Fuzzy Hash: 0113cfc4844cf5e395ee1ce9da6bf3ef661a4234f6418a6be040c844d27feed3
Instruction Fuzzy Hash: 99F01536100608FFCF629F95DC04DDE7BBAFF18361B048929FA4996230D772D820AB94

Function 0047294B Relevance: 3.0, APIs: 2, Instructions: 24COMMON

Download Yara Rule

APIs

GetWindowTextLengthA.USER32(?), ref: 00472958
GetWindowTextA.USER32(?,00000000,00000000), ref: 00472970

Part of subcall function 004709DA: lstrlenA.KERNEL32(?,00000104,00471146,000000FF), ref: 004709ED

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: TextWindow$Lengthlstrlen
String ID:
API String ID: 288803333-0
Opcode ID: 99ce37d6df6d7965969d32525b35225a583e02419fe30c3564ae540fabcc08e2
Instruction ID: c459951048700fd5bc9751d4b8a3a966ff28d452d60a828fde3d6c572e8eff71
Opcode Fuzzy Hash: 99ce37d6df6d7965969d32525b35225a583e02419fe30c3564ae540fabcc08e2
Instruction Fuzzy Hash: ADE065B1108302EFCB549F54DC58CABB7A5AF58310B14CA2EB55A831B1CB31A845CB19

Function 004619D5 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00461ABC

Part of subcall function 00467664: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,004628B8,00000009,00000000,00000000,00000001,00464DEF,00000001,00000074,?,?,00000000,00000001), ref: 004676A1
Part of subcall function 00467664: EnterCriticalSection.KERNEL32(?,?,?,004628B8,00000009,00000000,00000000,00000001,00464DEF,00000001,00000074,?,?,00000000,00000001), ref: 004676BC

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$AllocateEnterHeapInitialize
String ID:
API String ID: 1616793339-0
Opcode ID: 94c93083105d50d0b80b263ec132e917d8c3c0bf07e88e67be5b69b3454d8d24
Instruction ID: 9471832f22ee5a77929517743b2e9e0988aa343843a67b7d4860f1eb7f3f5a40
Opcode Fuzzy Hash: 94c93083105d50d0b80b263ec132e917d8c3c0bf07e88e67be5b69b3454d8d24
Instruction Fuzzy Hash: F421D871A01605ABDB10EFE9DC42B9E77A4EB01724F2C461BF410EB2E1E7BC9941875E

Function 004724DD Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

CreateWindowExA.USER32(00000000,00000080,00437431,?,?,?,?,?,?,?,?,?), ref: 0047257B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: e4fbbed8b9251357c4421373f16ddfc28f02b1b06fbc2b24bc9c9e76d449eb68
Instruction ID: cf36505f72538455d20995215f627b8810897c4733779a67bead8a103156b026
Opcode Fuzzy Hash: e4fbbed8b9251357c4421373f16ddfc28f02b1b06fbc2b24bc9c9e76d449eb68
Instruction Fuzzy Hash: 9E319B79A00219AFCF41DFA8C9449DEBBF1BF4C304F11846AF918E7210E7359A519FA4

Function 00416C60 Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

Part of subcall function 004770AE: __EH_prolog.LIBCMT ref: 004770B3
Part of subcall function 004770AE: BeginPaint.USER32(?,?,?,?,00405BA9), ref: 004770DC

Part of subcall function 00476C5F: GetClipBox.GDI32(?,?), ref: 00476C66

IsRectEmpty.USER32(?), ref: 00416CA0

Part of subcall function 004167C0: CreateRectRgn.GDI32(?,?,?,?), ref: 0041680E
Part of subcall function 004167C0: GetClientRect.USER32(?,?), ref: 004168A9

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$BeginClientClipCreateEmptyH_prologPaint
String ID:
API String ID: 4024812366-0
Opcode ID: 6360e87ae426ef200de025edc269fe9fd77ce2ff9691f77a95b5a598ab5c6d8b
Instruction ID: 816f4f7669293041223898de556be004ff9d7d8ad48d148728513ac1929064ce
Opcode Fuzzy Hash: 6360e87ae426ef200de025edc269fe9fd77ce2ff9691f77a95b5a598ab5c6d8b
Instruction Fuzzy Hash: B8F081710487419BC214DF14C941B9F73E8FB84B14F504A1EF0A9922D1DB789909CBA7

Function 0047202D Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4b0484832eeb49cf86c4ef27913b1cc22bc4f75b5b30f2197e0baffffd0ecbb
Instruction ID: a49b23383c90334dd4bffc924b9d3a24565c4b67617eb19709afccb7b986b70b
Opcode Fuzzy Hash: b4b0484832eeb49cf86c4ef27913b1cc22bc4f75b5b30f2197e0baffffd0ecbb
Instruction Fuzzy Hash: FFF01232400159BBCF225F919E05DDF3729AF05761F00C417FB1955161C3B99661DBB9

Function 00475DB0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

LoadStringA.USER32(?,?,?,?), ref: 00475DC7

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LoadString
String ID:
API String ID: 2948472770-0
Opcode ID: b400201dd49a88b89baf2896b95c9276d7ca4632b91b6fd6531b4cbf243f6497
Instruction ID: 794f4b16bbaf5394f2e8d37d8e735c3c23a06b6e4612adbf0807351529cbae73
Opcode Fuzzy Hash: b400201dd49a88b89baf2896b95c9276d7ca4632b91b6fd6531b4cbf243f6497
Instruction Fuzzy Hash: 43D0A7720093A29FC711DF618808D8FBFA4BF54320B048C0FF48443211C364D844CB65

Function 00474886 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

SetWindowTextA.USER32(?,0041C0DA), ref: 00474894

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: TextWindow
String ID:
API String ID: 530164218-0
Opcode ID: ad8ae85605aa9cce6fae81c8aff254f7cd2489cfdb44fe981dd2e7822d5a3b70
Instruction ID: e9816794ddc07f7ebcf306b763c40058f3462c109eaad8966b123e46641285b2
Opcode Fuzzy Hash: ad8ae85605aa9cce6fae81c8aff254f7cd2489cfdb44fe981dd2e7822d5a3b70
Instruction Fuzzy Hash: C1D05E34200200AFCB449F60C908A1A7BB1BFD0300B20C878E00A8A121C732CC12EF05

Function 00474958 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

ShowWindow.USER32(?,?,00475515,?,?,?,00000363,00000001,00000000,?,?,?,00474D7D,?), ref: 00474966

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 86f427d5cf05532b11754597426bd9e9ab5720e9fdefbca75e137336998ece69
Instruction ID: 5ce1a8f8d2441237519bc2a117b430089661fb0dc4eeba4ae6a1438e5b64f259
Opcode Fuzzy Hash: 86f427d5cf05532b11754597426bd9e9ab5720e9fdefbca75e137336998ece69
Instruction Fuzzy Hash: EAD09E70204200DFCF458F60C944A6A7BA2BFD4704F208569F14986161D736CC12EB06

Non-executed Functions

Function 00428930 Relevance: 90.7, APIs: 47, Strings: 4, Instructions: 1494windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004770AE: __EH_prolog.LIBCMT ref: 004770B3
Part of subcall function 004770AE: BeginPaint.USER32(?,?,?,?,00405BA9), ref: 004770DC

Part of subcall function 00476C5F: GetClipBox.GDI32(?,?), ref: 00476C66

DPtoLP.GDI32 ref: 00428A4B
GetClientRect.USER32(?,?), ref: 00428A59
DPtoLP.GDI32(?,?,00000002), ref: 00428A71
IntersectRect.USER32(?,?,?), ref: 00428B10
LPtoDP.GDI32(?,?,00000002), ref: 00428B51
IntersectRect.USER32(?,?,?), ref: 00428BAE
LPtoDP.GDI32(?,?,00000002), ref: 00428BEF
CreateRectRgnIndirect.GDI32(?), ref: 00428C1A
IntersectRect.USER32(?,?,?), ref: 00428C4E
LPtoDP.GDI32(?,?,00000002), ref: 00428C8F
CreateRectRgnIndirect.GDI32(?), ref: 00428CB5
CreateRectRgnIndirect.GDI32(?), ref: 00428CE4
GetCurrentObject.GDI32(?,00000006), ref: 00428D00
GetCurrentObject.GDI32(?,00000001), ref: 00428D19
GetCurrentObject.GDI32(?,00000002), ref: 00428D32

Part of subcall function 0047691E: SetBkMode.GDI32(?,?), ref: 00476937
Part of subcall function 0047691E: SetBkMode.GDI32(?,?), ref: 00476945

Part of subcall function 00473710: GetScrollPos.USER32(00000000,0040C573), ref: 0047372E

Part of subcall function 00428560: CreateFontIndirectA.GDI32(00000000), ref: 004285B2

FillRgn.GDI32(?,?,?), ref: 00428F12
IntersectRect.USER32(?,?,?), ref: 00428FF7
IsRectEmpty.USER32(?), ref: 00429002
LPtoDP.GDI32(?,?,00000002), ref: 0042901F
CreateRectRgnIndirect.GDI32(?), ref: 0042902A
CombineRgn.GDI32(?,?,?,00000004), ref: 0042905B
DPtoLP.GDI32(?,?,00000002), ref: 00429079

Part of subcall function 00476A05: SetMapMode.GDI32(?,?), ref: 00476A1E
Part of subcall function 00476A05: SetMapMode.GDI32(?,?), ref: 00476A2C

PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 004290B8
IntersectRect.USER32(?,?,?), ref: 0042914B
IsRectEmpty.USER32(?), ref: 00429191
SelectObject.GDI32(?,?), ref: 004291CC
DPtoLP.GDI32(?,?,00000001), ref: 00429258
LPtoDP.GDI32(?,?,00000001), ref: 00429377
DPtoLP.GDI32(?,?,00000001), ref: 00429395

Part of subcall function 00476D33: MoveToEx.GDI32(?,?,?,?), ref: 00476D55
Part of subcall function 00476D33: MoveToEx.GDI32(?,?,?,?), ref: 00476D69

Part of subcall function 00476D7F: MoveToEx.GDI32(?,?,?,00000000), ref: 00476D99
Part of subcall function 00476D7F: LineTo.GDI32(?,?,?), ref: 00476DAA

Part of subcall function 00476842: SelectObject.GDI32(00403985,00000000), ref: 00476864
Part of subcall function 00476842: SelectObject.GDI32(00403985,?), ref: 0047687A

Part of subcall function 0042BC20: GetCurrentObject.GDI32(?), ref: 0042BCEB
Part of subcall function 0042BC20: LPtoDP.GDI32(?,00000000,00000001), ref: 0042BD38

IntersectRect.USER32(?,00000000,?), ref: 004294E2
IsRectEmpty.USER32(00000000), ref: 004294ED
PatBlt.GDI32(?,00000000,?,?,?,00F00021), ref: 00429534
LPtoDP.GDI32(?,00000000,00000002), ref: 00429549
CreateRectRgnIndirect.GDI32(00000000), ref: 00429554
CombineRgn.GDI32(?,?,?,00000004), ref: 00429585
LPtoDP.GDI32(?,?,00000001), ref: 004295B4
DPtoLP.GDI32(?,?,00000001), ref: 004295D2
wsprintfA.USER32 ref: 00429670
SelectObject.GDI32(?,?), ref: 00429698
IntersectRect.USER32(?,?,?), ref: 00429C08
IsRectEmpty.USER32(?), ref: 00429C13
LPtoDP.GDI32(?,?,00000002), ref: 00429C30
CreateRectRgnIndirect.GDI32(?), ref: 00429C3B
CombineRgn.GDI32(?,?,?,00000004), ref: 00429C6C

Part of subcall function 0042B2E0: SetRectEmpty.USER32(?), ref: 0042B35A

Part of subcall function 0042B2E0: GetSysColor.USER32(0000000F), ref: 0042B48B
Part of subcall function 0042B2E0: IntersectRect.USER32(?,?,?), ref: 0042B4E3

GetSysColor.USER32(0000000F), ref: 00428DF6

Part of subcall function 004772AB: __EH_prolog.LIBCMT ref: 004772B0
Part of subcall function 004772AB: CreateSolidBrush.GDI32(?), ref: 004772CD

Part of subcall function 0047725B: __EH_prolog.LIBCMT ref: 00477260
Part of subcall function 0047725B: CreatePen.GDI32(?,?,?), ref: 00477283

CreateRectRgnIndirect.GDI32(?), ref: 00428B76

Part of subcall function 0042A130: CopyRect.USER32(?,00000000), ref: 0042A1A7
Part of subcall function 0042A130: IsRectEmpty.USER32(?), ref: 0042A1B2
Part of subcall function 0042A130: GetClientRect.USER32(00000000,?), ref: 0042A1F1
Part of subcall function 0042A130: DPtoLP.GDI32(?,?,00000002), ref: 0042A203
Part of subcall function 0042A130: LPtoDP.GDI32(?,?,00000002), ref: 0042A240

FillRect.USER32(?,?,?), ref: 00429F69

Strings

IH, xrefs: 00428DDD, 00428DE6
IH, xrefs: 00428F23
IH, xrefs: 00429E28
IH, xrefs: 00429F7A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Create$IndirectIntersectObject$Empty$CurrentModeSelect$CombineH_prologMove$ClientColorFill$BeginBrushClipCopyFontLinePaintScrollSolidwsprintf
String ID: IH$IH$IH$IH
API String ID: 3726329589-3060407476
Opcode ID: 7d8b6ee1b665acdb6ffd135ebbb009edb1fdf7c28191cd1e05e5be937ad95f11
Instruction ID: 7144fc3264a40e0eae182b6d6ba4c754a511a6f9c7f7f6509da7189c1cf5517c
Opcode Fuzzy Hash: 7d8b6ee1b665acdb6ffd135ebbb009edb1fdf7c28191cd1e05e5be937ad95f11
Instruction Fuzzy Hash: 37D245712083819FD324EF65D894BAFB7E9BBC8704F40891EF58A83251DB74A905CB66

Function 0040F9A0 Relevance: 55.2, APIs: 29, Strings: 2, Instructions: 979windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0040FA12
IsIconic.USER32(?), ref: 0040FA4A
SetActiveWindow.USER32(?,?,?), ref: 0040FA73
IsWindow.USER32(?), ref: 0040FA9D
IsWindow.USER32(?), ref: 0040FD6E
DestroyAcceleratorTable.USER32(?), ref: 0040FEBE
DestroyMenu.USER32(?), ref: 0040FEC9
DestroyAcceleratorTable.USER32(?), ref: 0040FEE3
DestroyMenu.USER32(?), ref: 0040FEF2
DestroyAcceleratorTable.USER32(?), ref: 0040FF52
DestroyMenu.USER32(?,000003EA,00000000,00000000,?,?,00000000,000007D9,00000000,00000000), ref: 0040FF61
SetParent.USER32(?,?), ref: 0040FFE3
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?), ref: 004100FB
IsWindow.USER32(?), ref: 0041022C
SendMessageA.USER32(?,0000806F,00000000,00000000), ref: 00410241
SendMessageA.USER32(?,00008004,00000000,00000000), ref: 0041025E
DestroyAcceleratorTable.USER32(?), ref: 004102AC
IsWindow.USER32(?), ref: 00410321
IsWindow.USER32(?), ref: 00410371
IsWindow.USER32(?), ref: 004103C1
IsWindow.USER32(?), ref: 004103FE
IsWindow.USER32(?), ref: 00410481
GetParent.USER32(?), ref: 0041048F
GetFocus.USER32 ref: 004104D0

Part of subcall function 0040F890: IsWindow.USER32(?), ref: 0040F90B
Part of subcall function 0040F890: GetFocus.USER32 ref: 0040F915
Part of subcall function 0040F890: IsChild.USER32(?,00000000), ref: 0040F927

IsWindow.USER32(?), ref: 0041052F
SendMessageA.USER32(?,00008076,00000000,00000000), ref: 00410544
IsWindow.USER32(00000000), ref: 00410557
GetFocus.USER32 ref: 00410561
SetFocus.USER32(00000000), ref: 0041056C

Strings

zA, xrefs: 0040FB2A
d, xrefs: 0040F9B3

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Destroy$AcceleratorFocusTable$MenuMessageSend$Parent$ActiveChildIconic
String ID: zA$d
API String ID: 3681805233-3373153265
Opcode ID: c904686e5ce3ae804bb0136555076df8d771c5c3815620d7b925655bbb03048a
Instruction ID: 16016842ec8f3757c638c35323c99484e7e772ef2b14088c7cb82f2313a6cb42
Opcode Fuzzy Hash: c904686e5ce3ae804bb0136555076df8d771c5c3815620d7b925655bbb03048a
Instruction Fuzzy Hash: 387290716043059FC320DF65D885B6FB7E9AF84704F00492EF949A7381DB78E985CBAA

Function 00418050 Relevance: 50.0, APIs: 23, Strings: 5, Instructions: 986windowCOMMON

Download Yara Rule

APIs

IsWindowEnabled.USER32(?), ref: 00418089
TranslateAcceleratorA.USER32(?,?,?,?), ref: 004180E3
IsChild.USER32(?,?), ref: 00418114
GetFocus.USER32 ref: 0041826F
PostMessageA.USER32(?,000000A1,00000002,00000000), ref: 004182F9
PostMessageA.USER32(?,000000A1,00000002,00000000), ref: 00418368
IsChild.USER32(?,00000000), ref: 00418411
SendMessageA.USER32(?,00000010,00000000,00000000), ref: 004183E2

Part of subcall function 0040D8A0: IsChild.USER32(?,?), ref: 0040D91D
Part of subcall function 0040D8A0: GetParent.USER32(?), ref: 0040D937

IsWindow.USER32(?), ref: 00418CE9

Strings

hlp, xrefs: 0041898D
9, xrefs: 004185DE
A, xrefs: 004185E3
Z, xrefs: 004185EC
0, xrefs: 004185D9

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ChildMessage$PostWindow$AcceleratorEnabledFocusParentSendTranslate
String ID: 0$9$A$Z$hlp
API String ID: 3372979518-114186910
Opcode ID: 6a808d6d89ce9f1223833b020f41c4043b435de45c7b55f54e18f408aeb0609e
Instruction ID: a1d9d92c5941b3e448d03e144b5e316036154cbd5bcbbccba1146d644e04a505
Opcode Fuzzy Hash: 6a808d6d89ce9f1223833b020f41c4043b435de45c7b55f54e18f408aeb0609e
Instruction Fuzzy Hash: CE7290706043419BEB24DF25C881BAFB7A5AF84704F10492FF95697381EF78DC858B6A

Function 0043BB80 Relevance: 34.1, Strings: 27, Instructions: 305COMMON

Download Yara Rule

Strings

invalid signature, xrefs: 0043BCAF
invalid ICC profile color space, xrefs: 0043BD20
length does not match profile, xrefs: 0043BBB9
TWH, xrefs: 0043BCC1
rncs, xrefs: 0043BE0D
BGR, xrefs: 0043BD15
unexpected DeviceLink ICC profile class, xrefs: 0043BDC4
Gray color space not permitted on RGB PNG, xrefs: 0043BD64
tsba, xrefs: 0043BDA9
knil, xrefs: 0043BDB0
rtrp, xrefs: 0043BE06
lcmn, xrefs: 0043BDA0
caps, xrefs: 0043BE14
RGB color space not permitted on grayscale PNG, xrefs: 0043BD40
PCS illuminant is not D50, xrefs: 0043BCD4
YARG, xrefs: 0043BD0E
ZYX, xrefs: 0043BE57
psca, xrefs: 0043BCA8
invalid embedded Abstract ICC profile, xrefs: 0043BDE1
tag count too large, xrefs: 0043BE84
unexpected ICC PCS encoding, xrefs: 0043BE5E
unrecognized ICC profile class, xrefs: 0043BE1B
unexpected NamedColor ICC profile class, xrefs: 0043BDFA
intent outside defined range, xrefs: 0043BC6F
invalid rendering intent, xrefs: 0043BC4D
rtnm, xrefs: 0043BDB7
baL, xrefs: 0043BE50

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: BGR$ ZYX$ baL$Gray color space not permitted on RGB PNG$PCS illuminant is not D50$RGB color space not permitted on grayscale PNG$TWH$YARG$caps$intent outside defined range$invalid ICC profile color space$invalid embedded Abstract ICC profile$invalid rendering intent$invalid signature$knil$lcmn$length does not match profile$psca$rncs$rtnm$rtrp$tag count too large$tsba$unexpected DeviceLink ICC profile class$unexpected ICC PCS encoding$unexpected NamedColor ICC profile class$unrecognized ICC profile class
API String ID: 0-2907126702
Opcode ID: e922a631ccbdc2bcf84680f911f78487c58c268eec3ddb7d58a0e36da7080104
Instruction ID: 3ed8196704e58b2a737bfa8078ae70e3489c339a72f3327e57a00ced52f44425
Opcode Fuzzy Hash: e922a631ccbdc2bcf84680f911f78487c58c268eec3ddb7d58a0e36da7080104
Instruction Fuzzy Hash: 66914BE360415017DB08CE2D9C92BBB7B95DFCD305F1E94AAFA84CA343E619C90587E9

Function 00419240 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 93libraryloaderwindowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 0041924C
IsZoomed.USER32(?), ref: 0041925A
LoadLibraryA.KERNEL32(User32.dll,00000003,00000009), ref: 00419284
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00419297
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 004192A5
FreeLibrary.KERNEL32(00000000), ref: 004192DB
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004192F1
IsWindow.USER32(?), ref: 0041931E
ShowWindow.USER32(?,00000005,?,?,?,?,00000004), ref: 0041932B

Strings

GetMonitorInfoA, xrefs: 0041929D
MonitorFromWindow, xrefs: 00419291
H, xrefs: 004192C8
User32.dll, xrefs: 00419279

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressLibraryProcWindow$FreeIconicInfoLoadParametersShowSystemZoomed
String ID: GetMonitorInfoA$H$MonitorFromWindow$User32.dll
API String ID: 447426925-661446951
Opcode ID: 13b0c9e9c3407857410a0254197d6f7d4a3d4424dc4890344a63115b10542cca
Instruction ID: a169aa9b11b154ce759d9fecbd74cc79d9539d324461f5d4376f3f1a264cbd54
Opcode Fuzzy Hash: 13b0c9e9c3407857410a0254197d6f7d4a3d4424dc4890344a63115b10542cca
Instruction Fuzzy Hash: 3F318171740306AFD7109F65DC59F6FB7A8AF84B00F10892DFA55A7280DB78EC098B69

Function 00411D10 Relevance: 18.3, APIs: 12, Instructions: 273threadwindownetworkCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00411D35
IsWindow.USER32(0002041C), ref: 00411D51
SendMessageA.USER32(0002041C,000083E7,00411641,00000000), ref: 00411D6A
ExitProcess.KERNEL32 ref: 00411D7F
FreeLibrary.KERNEL32(?), ref: 00411E63
FreeLibrary.KERNEL32 ref: 00411EB7
DestroyCursor.USER32(004A0237), ref: 00411F07
DestroyCursor.USER32(00010413), ref: 00411F1E
IsWindow.USER32(0002041C), ref: 00411F35
DestroyCursor.USER32(?), ref: 00411FE4
WSACleanup.WS2_32 ref: 0041202F

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CursorDestroy$FreeLibraryWindow$CleanupCurrentExitMessageProcessSendThread
String ID:
API String ID: 2560087610-0
Opcode ID: 6a405b510a4cc56a81e8b6fb6b4bc5050460bcc8493b2ea57bd7116315f75089
Instruction ID: dd5f28caa28e81d5012cc927cf9eddb98c5dd12c1f186bd02f1454c920b8e8f8
Opcode Fuzzy Hash: 6a405b510a4cc56a81e8b6fb6b4bc5050460bcc8493b2ea57bd7116315f75089
Instruction Fuzzy Hash: 57B16A702007019BC724DF75C9C5BEBB7E4BF48304F40492EEAAA97291DB74B985CB58

Function 00414D40 Relevance: 15.4, APIs: 10, Instructions: 430COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e233fdd6b31746546789654b71c4d0952ccbfdb418282fbbb6e5ba91dd88d8e
Instruction ID: bec5a7eba5e2d8cf035cd05c763af3f80e153690a0fa879c9201810c353d16b0
Opcode Fuzzy Hash: 7e233fdd6b31746546789654b71c4d0952ccbfdb418282fbbb6e5ba91dd88d8e
Instruction Fuzzy Hash: 2AC1D1767006088FD310EF29AC85AABB394FBC4314F504D2FE546C7381D73AE9568799

Function 0047435D Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(COMCTL32.DLL,00000800,00000000,00000400,00474657,?,00020000), ref: 00474366
LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 0047436F
GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00474383
#17.COMCTL32 ref: 0047439E
#17.COMCTL32 ref: 004743BA
FreeLibrary.KERNEL32(00000000), ref: 004743C6

Strings

COMCTL32.DLL, xrefs: 0047435F, 00474365, 0047436C
InitCommonControlsEx, xrefs: 0047437B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$AddressFreeHandleLoadModuleProc
String ID: COMCTL32.DLL$InitCommonControlsEx
API String ID: 1437655972-4218389149
Opcode ID: c668705883ea712fb5f8f8049899916885502d6affc82500a479301b6d63dcbd
Instruction ID: 1db2ea1ea697db35b627022a0671d21b60f3b4fb132ade0249396718d66302ef
Opcode Fuzzy Hash: c668705883ea712fb5f8f8049899916885502d6affc82500a479301b6d63dcbd
Instruction Fuzzy Hash: 35F081327106229B87516F64AC489BF72ACAFC47617168D3AFD49E3250DB68CC09876E

Function 00413200 Relevance: 12.9, APIs: 8, Instructions: 865COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID:
API String ID: 2111968516-0
Opcode ID: f5cbae079c30dcc43e57f3ee9b59d04cb30b69d5acb727399dbf269590e74bdc
Instruction ID: af68d2c62c37fb20ce0d00b9cd7756a1f2151836d65517166f97658da6480557
Opcode Fuzzy Hash: f5cbae079c30dcc43e57f3ee9b59d04cb30b69d5acb727399dbf269590e74bdc
Instruction Fuzzy Hash: 8C62F6716043019FD724DF25C880BABB7E5AFC4715F14492EF88A97381DB38EE85879A

Function 0042DCD0 Relevance: 12.1, APIs: 8, Instructions: 88clipboardmemoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000042,?), ref: 0042DD47
GlobalLock.KERNEL32(00000000), ref: 0042DD63
GlobalUnlock.KERNEL32(00000000), ref: 0042DD85
OpenClipboard.USER32(00000000), ref: 0042DD8D
GlobalFree.KERNEL32(00000000), ref: 0042DD99
EmptyClipboard.USER32 ref: 0042DDA1
SetClipboardData.USER32(0000C1D4,00000000), ref: 0042DDB3
CloseClipboard.USER32 ref: 0042DDB9

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardGlobal$AllocCloseDataEmptyFreeLockOpenUnlock
String ID:
API String ID: 453615576-0
Opcode ID: 0545ce97fcf2132e8a8bdbf9fff15b5fb1bd330a934335487659a6c547decac6
Instruction ID: 0feb6367043aebe15f73dda6e1964b0799f7e55aad293015a1aeee6a83256f2b
Opcode Fuzzy Hash: 0545ce97fcf2132e8a8bdbf9fff15b5fb1bd330a934335487659a6c547decac6
Instruction Fuzzy Hash: 7731DF71314210AFC744EB75DC89B6F77A8EF88724F404A2DB856932D0DB78D8048B55

Function 00470FD3 Relevance: 12.1, APIs: 8, Instructions: 72stringfileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00470FD8
GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 00470FF6
lstrcpynA.KERNEL32(?,?,00000104), ref: 00471005
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00471039
CharUpperA.USER32(?), ref: 0047104A
FindFirstFileA.KERNEL32(?,?), ref: 00471060
FindClose.KERNEL32(00000000), ref: 0047106C
lstrcpyA.KERNEL32(?,?), ref: 0047107C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CharCloseFileFirstFullH_prologInformationNamePathUpperVolumelstrcpylstrcpyn
String ID:
API String ID: 304730633-0
Opcode ID: 31bab1dfadcb5ed78048a907e6fe2b548de529de0404ea4771476c5c2888658a
Instruction ID: 6e8fa15f21fec66684eea1db9b7d3f3c385031e7c4e97aabda33467964a79c58
Opcode Fuzzy Hash: 31bab1dfadcb5ed78048a907e6fe2b548de529de0404ea4771476c5c2888658a
Instruction Fuzzy Hash: 2E21A131901058BBCB209F65DC08EEF7FBCEF46364F00852AF919E60A0D7748A49CBA4

Function 00408840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114filewindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047031C: InterlockedIncrement.KERNEL32(-000000F4), ref: 00470331

FindFirstFileA.KERNEL32(?,?,*.*), ref: 004088DA

Part of subcall function 0046E1F6: __EH_prolog.LIBCMT ref: 0046E1FB

Part of subcall function 004705A7: InterlockedDecrement.KERNEL32(-000000F4), ref: 004705BB

SendMessageA.USER32 ref: 00408980
FindNextFileA.KERNEL32(?,00000010), ref: 0040898C
FindClose.KERNEL32(?), ref: 0040899F
SendMessageA.USER32(?,00001102,00000002,?), ref: 004089B1

Strings

*.*, xrefs: 004088C2

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$FileInterlockedMessageSend$CloseDecrementFirstH_prologIncrementNext
String ID: *.*
API String ID: 2486832813-438819550
Opcode ID: ae40965206b509322ffdbc4e0bf394edb96e72d244bff4d6a9f47075d2316854
Instruction ID: d9329ac97ee71725862e262f1c3393b22da0c78305b6bee9c697ca1089d009ec
Opcode Fuzzy Hash: ae40965206b509322ffdbc4e0bf394edb96e72d244bff4d6a9f47075d2316854
Instruction Fuzzy Hash: DB41B0B1118345ABD720EF20CC85BAFB7E8AF84714F00892EF595932D0DB79D908CB56

Function 0042DE30 Relevance: 10.6, APIs: 7, Instructions: 89clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00000000), ref: 0042DE5D
GetClipboardData.USER32(0000C1D4), ref: 0042DE76
CloseClipboard.USER32 ref: 0042DE82
GlobalSize.KERNEL32(00000000), ref: 0042DEB8
GlobalLock.KERNEL32(00000000), ref: 0042DEC0
GlobalUnlock.KERNEL32(00000000), ref: 0042DED8
CloseClipboard.USER32 ref: 0042DEDE

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Clipboard$Global$Close$DataLockOpenSizeUnlock
String ID:
API String ID: 2237123812-0
Opcode ID: 1e51a197af8c93ab33ff026df9770a1e2ad27a5d51f23359590b0f66bd0c3077
Instruction ID: 865cd24ede16a6695da7853e1ff66cd4ec1a2b38beb99940231b2c3284123c4f
Opcode Fuzzy Hash: 1e51a197af8c93ab33ff026df9770a1e2ad27a5d51f23359590b0f66bd0c3077
Instruction Fuzzy Hash: 9A218D327012119BC714AB65ED88E7F77A9EF88355F41092EF906D3280EB78DD08876A

Function 004404B0 Relevance: 8.0, Strings: 6, Instructions: 536COMMON

Download Yara Rule

Strings

lost/gained channels, xrefs: 00440510
unknown interlace type, xrefs: 00440547
unexpected 8-bit transformation, xrefs: 00440529
unexpected bit depth, xrefs: 00440583
unexpected compose, xrefs: 004404F4
lost rgb to gray, xrefs: 004404E0

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: lost rgb to gray$lost/gained channels$unexpected 8-bit transformation$unexpected bit depth$unexpected compose$unknown interlace type
API String ID: 0-3614292578
Opcode ID: 6455829b6087d55ec48d38f39a7ca7b7c29d239e44f8b7adf21fd38269e7caae
Instruction ID: 2f84fb64e226f895e2ef820bcd5bdc82734822062b8a9e226fc34c5a9ecf9dad
Opcode Fuzzy Hash: 6455829b6087d55ec48d38f39a7ca7b7c29d239e44f8b7adf21fd38269e7caae
Instruction Fuzzy Hash: 4012E4717083458BD714CF28D89066EB7E2FBC8314F48493EF9898B381D639E955CB8A

Function 0043E2F3 Relevance: 6.5, Strings: 5, Instructions: 248COMMON

Download Yara Rule

Strings

color map overflow (BAD internal error), xrefs: 0043EDC9
bad data option (internal error), xrefs: 0043ED78
ga-alpha color-map: too few entries, xrefs: 0043E317
@XH, xrefs: 0043E416
bad background index (internal error), xrefs: 0043EE6F

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: @XH$bad background index (internal error)$bad data option (internal error)$color map overflow (BAD internal error)$ga-alpha color-map: too few entries
API String ID: 0-797510940
Opcode ID: 7276e41b30467224c7df92baf7529bb6f5ea07aefb43f7a1787701597c8b6c69
Instruction ID: 6954a27adc0cc19b86a0d874694e05647d445824df5a9d91e843f187909547e1
Opcode Fuzzy Hash: 7276e41b30467224c7df92baf7529bb6f5ea07aefb43f7a1787701597c8b6c69
Instruction Fuzzy Hash: 3D91E272A083418BD308CF29D88166EBBE5EBC9314F58593EF884DB391D278D945CB5A

Function 0043C040 Relevance: 6.4, Strings: 5, Instructions: 200COMMON

Download Yara Rule

Strings

PXH, xrefs: 0043C1ED
pWH, xrefs: 0043C05A
out-of-date sRGB profile with no signature, xrefs: 0043C236
known incorrect sRGB profile, xrefs: 0043C21E
copyright violation: edited ICC profile ignored, xrefs: 0043C1D7

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: PXH$copyright violation: edited ICC profile ignored$known incorrect sRGB profile$out-of-date sRGB profile with no signature$pWH
API String ID: 0-501956459
Opcode ID: 2885d6e4c72d9c77368dfe860ccbf7fbc11e228f3318249ff4d17084747b432e
Instruction ID: adf76325397bf14f08a07bc6fe3b7404cbb1a667786fd3649d8ed5454aab9700
Opcode Fuzzy Hash: 2885d6e4c72d9c77368dfe860ccbf7fbc11e228f3318249ff4d17084747b432e
Instruction Fuzzy Hash: 055127B2B0879107DF28CE395C9176BBBE29BD9304F09D86DE4DAD7302E524D905CB68

Function 00411700 Relevance: 6.1, APIs: 4, Instructions: 94fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32(?,?), ref: 00411752
FindClose.KERNEL32 ref: 00411761
FindFirstFileA.KERNEL32(?,?), ref: 0041176D
FindClose.KERNEL32(00000000), ref: 004117CB

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: 79739670645159af75487ed1784dbfae457e849e335b4e192f937ef06ab9917d
Instruction ID: 8092859cac20fbc10c85931c4735235ab976dea0608b7abd3249d15e996d9184
Opcode Fuzzy Hash: 79739670645159af75487ed1784dbfae457e849e335b4e192f937ef06ab9917d
Instruction Fuzzy Hash: 452106769047154BD3319B24D8447FBB394AB84724F15062AEE39873E0E73DDC86838A

Function 00473B86 Relevance: 6.0, APIs: 4, Instructions: 38keyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 004747F0: GetWindowLongA.USER32(?,000000F0), ref: 004747FC

GetKeyState.USER32(00000010), ref: 00473BAA
GetKeyState.USER32(00000011), ref: 00473BB3
GetKeyState.USER32(00000012), ref: 00473BBC
SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 00473BD2

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State$LongMessageSendWindow
String ID:
API String ID: 1063413437-0
Opcode ID: 4ece5232451a3ea93937e863f449e88065d81ac335a000e657ad38ddfa91cd63
Instruction ID: 68a39bb1e81bbf77bf7b094b42a430b0c451c3de1409890e26b984c246664b04
Opcode Fuzzy Hash: 4ece5232451a3ea93937e863f449e88065d81ac335a000e657ad38ddfa91cd63
Instruction Fuzzy Hash: 64F0A73735038E26EA203A655C42FEA51144F40FD6F40893FFB85AE1D38AB9B9466279

Function 0041C110 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 638COMMON

Download Yara Rule

Strings

(CH, xrefs: 0041C8C4
(CH, xrefs: 0041C82D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: (CH$(CH
API String ID: 0-975976858
Opcode ID: ac910f5bc056c68c57c4d7e71d7d2cd89f9c69944d8a001162eff148a840c530
Instruction ID: 3f923585d6f0aaf2ee970618861a27a92166d3ea6fe94caa6b8e8333926dd735
Opcode Fuzzy Hash: ac910f5bc056c68c57c4d7e71d7d2cd89f9c69944d8a001162eff148a840c530
Instruction Fuzzy Hash: 7232B371E40219DFCB14DFA9C8C1AEEB7B1BF48314F24426AE815A7381D778AD81CB95

Function 00448AF0 Relevance: 5.5, Strings: 4, Instructions: 485COMMON

Download Yara Rule

Strings

internal row logic error, xrefs: 00448B35
invalid user transform pixel depth, xrefs: 00448D69
internal row size calculation error, xrefs: 00448B6B
internal row width error, xrefs: 00448B7D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: internal row logic error$internal row size calculation error$internal row width error$invalid user transform pixel depth
API String ID: 0-64619857
Opcode ID: 658cc722d07b014fdf4ae46e6c94be3c05820eaa499161aa37b8371618146c7b
Instruction ID: 95e263f7d6d002016b32831993f00e7705b1efe197c267492e673bc2dcda6b00
Opcode Fuzzy Hash: 658cc722d07b014fdf4ae46e6c94be3c05820eaa499161aa37b8371618146c7b
Instruction Fuzzy Hash: 2DF14931A093954FEB24DE38D8902BFBBD2EBD5300F58456FE885C7341EA299C49C796

Function 0042C530 Relevance: 4.8, APIs: 3, Instructions: 308keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000010), ref: 0042C550
GetKeyState.USER32(00000011), ref: 0042C560
CopyRect.USER32(00000000,00000000), ref: 0042C635

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State$CopyRect
String ID:
API String ID: 4142901696-0
Opcode ID: f928b419d07ad75635bf9c96299ff6a61c06363bdf8a8b090ca11d787b95628e
Instruction ID: 905fe7df43a82056ef54ef5ca5608dec5ad873f8077993f530178995e83f71a1
Opcode Fuzzy Hash: f928b419d07ad75635bf9c96299ff6a61c06363bdf8a8b090ca11d787b95628e
Instruction Fuzzy Hash: 3AA1E1703443219BD628EA14E8C1F3FB3E6ABC4745F90891FF54697380DBA9EC45876A

Function 0046348A Relevance: 4.6, APIs: 3, Instructions: 75timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00463497
GetSystemTime.KERNEL32(?), ref: 004634A1
GetTimeZoneInformation.KERNEL32(?), ref: 004634F6

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Time$InformationLocalSystemZone
String ID:
API String ID: 2475273158-0
Opcode ID: b7a3509741349ba8f79b5c5ca56bf8558deb2bfcddeda474ecefba8c0ea3a2df
Instruction ID: 8dadb240b372f7a7bb5ee33bf56fe759ae8128fca2c980268876d775be245f0a
Opcode Fuzzy Hash: b7a3509741349ba8f79b5c5ca56bf8558deb2bfcddeda474ecefba8c0ea3a2df
Instruction Fuzzy Hash: 7A219269901116A6CF21AFA8E8046FFB2F9AB04715F400652FD11D6291F3398EC6C77E

Function 00419D70 Relevance: 4.5, APIs: 3, Instructions: 49keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000011), ref: 00419DA1
GetKeyState.USER32(00000010), ref: 00419DB6
GetKeyState.USER32(00000012), ref: 00419DCB

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State
String ID:
API String ID: 1649606143-0
Opcode ID: b81d99ef320c865326cf38852e4014cbd61fdfceb0678621f9d785a0541b92dc
Instruction ID: 08f3387216823bac658c140e3333ab4c787749bbfa9d8298b420efff75015668
Opcode Fuzzy Hash: b81d99ef320c865326cf38852e4014cbd61fdfceb0678621f9d785a0541b92dc
Instruction Fuzzy Hash: DC01F43EC0416606EF642269B839BF695410B40F50F5A407BC94D373C0898C0CC663BF

Function 0045FCDF Relevance: 4.5, APIs: 3, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bce7a897e52297c9f621f966e7c5341f813a4f7f8f414256e69a81673f5337b6
Instruction ID: 7e1efa9415714587a5b3b36a405b73548c710452ff8b65bb0ffc9671cfd7d5fd
Opcode Fuzzy Hash: bce7a897e52297c9f621f966e7c5341f813a4f7f8f414256e69a81673f5337b6
Instruction Fuzzy Hash: B8F01D3160010DABDB11AF61DC489AE7A79AB04346B048436FC17D8162DB39DA1D9B5A

Function 00474040 Relevance: 4.5, APIs: 3, Instructions: 32COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(?,0041D513,000000F0), ref: 0047405F
LoadResource.KERNEL32(?,00000000,?,?,?,004718FD,?,?,0041D513), ref: 0047406B
LockResource.KERNEL32(00000000,?,?,?,004718FD,?,?,0041D513), ref: 0047407A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Resource$FindLoadLock
String ID:
API String ID: 2752051264-0
Opcode ID: 5e1bb4a26330671ff36b2160b474ae2ac9fdefa00ae4c7f97335203271b0d298
Instruction ID: 4649c2cafdd8364f51a4bc5f1c54230f109ec5011c6cb56f323f27d1a0eb1983
Opcode Fuzzy Hash: 5e1bb4a26330671ff36b2160b474ae2ac9fdefa00ae4c7f97335203271b0d298
Instruction Fuzzy Hash: 9CE0E531201240AB87515B755C488BFA25DEFC0371B14883EF309C2111CB788C05876D

Function 004756AD Relevance: 4.5, APIs: 3, Instructions: 29keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000010), ref: 004756D4
GetKeyState.USER32(00000011), ref: 004756DD
GetKeyState.USER32(00000012), ref: 004756E6

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: State
String ID:
API String ID: 1649606143-0
Opcode ID: 038d37733041e06cb98aea97e90d10f16cfa6c3c30b4b74bd0d0208dd2ceeba2
Instruction ID: 1aa86d2d212a667b9e021e33605cac35c4273458d72b3f6644e909beaeabe877
Opcode Fuzzy Hash: 038d37733041e06cb98aea97e90d10f16cfa6c3c30b4b74bd0d0208dd2ceeba2
Instruction Fuzzy Hash: 20E09235D01AAA9DEB4092448D10FD566916F10B90FC0C467EB8CAF0D1CAF9CC829F6D

Function 00472E27 Relevance: 3.4, APIs: 2, Instructions: 422COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00472E2C
GetVersion.KERNEL32(00000007,?,?,00000000,00000000,?,0000C000,00000000,00000000,00000007), ref: 00472FDF

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologVersion
String ID:
API String ID: 1836448879-0
Opcode ID: ba9d86e3521738e2a43f7d6777a666eaf07ca281f93911c6ea6c1e5e86c98458
Instruction ID: dd991c6db3dea8db9380e70779634eb1deefdd940a0b72f0c3547616674eab3c
Opcode Fuzzy Hash: ba9d86e3521738e2a43f7d6777a666eaf07ca281f93911c6ea6c1e5e86c98458
Instruction Fuzzy Hash: 6DE19D70604209AFDF14DF69CD80AFE77A9EF04315F10C55AF80D9A292D778EA01EB69

Function 0044A2E0 Relevance: 3.3, Strings: 2, Instructions: 788COMMON

Download Yara Rule

Strings

libpng does not support gamma+background+rgb_to_gray, xrefs: 0044A76C
invalid background gamma type, xrefs: 0044AAEC

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: invalid background gamma type$libpng does not support gamma+background+rgb_to_gray
API String ID: 0-3995106164
Opcode ID: 3f74f40da64f9ad8ae97973294bf4e7079c20a8eb7f4e3e29dcad0721b7b1c03
Instruction ID: 4390450bf8928f7ca9c049dcbe4c530883b3f4e6e8ecb36d43a84494cf192fe0
Opcode Fuzzy Hash: 3f74f40da64f9ad8ae97973294bf4e7079c20a8eb7f4e3e29dcad0721b7b1c03
Instruction Fuzzy Hash: 51626C75548B814AE335DF34C8417F7FBE1AF5A304F08892ED8EA87342E639A815C75A

Function 00424C30 Relevance: 3.1, APIs: 2, Instructions: 62COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,4004667F,?), ref: 00424C62
recvfrom.WS2_32(00000000,00000000,?,00000000,00000000,00000000), ref: 00424CB0

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ioctlsocketrecvfrom
String ID:
API String ID: 217199969-0
Opcode ID: f1ff9a225c2299568fce19e342be168f98a1d1e5cfe81917873dd07d6523b537
Instruction ID: dda3642f223cee94474e07ae0845bec183ed235e7c007db67b3308d49b4cf4af
Opcode Fuzzy Hash: f1ff9a225c2299568fce19e342be168f98a1d1e5cfe81917873dd07d6523b537
Instruction Fuzzy Hash: BE218E70204201AFD314DF29C985B6BB7E4EBD4724F108B2EF59A972D0EB78D805CB5A

Function 00419BC0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(?,?), ref: 00419BD0
FindClose.KERNEL32(00000000), ref: 00419BDC

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: a0a08e33da3f5f9799004a674ea229d14103c76ed5f94988291af043ad891943
Instruction ID: 5253af3a0712360c5d1194d5a68f5dbd91003cc5ebdb79e8babec884bb4e0106
Opcode Fuzzy Hash: a0a08e33da3f5f9799004a674ea229d14103c76ed5f94988291af043ad891943
Instruction Fuzzy Hash: A3D05E755142055BD3519B74ED0CAAA3259AB44320FC40A68B92DC52E0E67EDC588711

Function 0043F0A0 Relevance: 2.9, Strings: 2, Instructions: 445COMMON

Download Yara Rule

Strings

color-map index out of range, xrefs: 0043F0EF
bad encoding (internal error), xrefs: 0043F24D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: bad encoding (internal error)$color-map index out of range
API String ID: 0-7351992
Opcode ID: 74bb6fee24c3cfc4eb21472262e0f1106e20efc057e88e64f5fb0b9fe5caeb8c
Instruction ID: 5c45753c80dfcd74dee2f37e4eba718fc8fd1c0200882b1a09311517534342c5
Opcode Fuzzy Hash: 74bb6fee24c3cfc4eb21472262e0f1106e20efc057e88e64f5fb0b9fe5caeb8c
Instruction Fuzzy Hash: 84F1F472E087028BC718DF28C88166AB3D1FBDC304F454A7EE89ADB351E639D909C785

Function 00449AF0 Relevance: 2.8, Strings: 2, Instructions: 266COMMON

Download Yara Rule

Strings

Row has too many bytes to allocate in memory, xrefs: 00449DBC
VUUU, xrefs: 00449C08

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Row has too many bytes to allocate in memory$VUUU
API String ID: 0-4092465491
Opcode ID: 7b1913f5cbc23290029fc33d417d740f7de93ebeb7ab63e66e92c796d8009119
Instruction ID: f79396c5cd44dd4a7b7b7737148efa4b372aa7eae992fdb1f3d8996df215c9e9
Opcode Fuzzy Hash: 7b1913f5cbc23290029fc33d417d740f7de93ebeb7ab63e66e92c796d8009119
Instruction Fuzzy Hash: 85911771A04E404BF7298A38DC963F7B7D2EB95305F18462ED5ABC7382D63C6C809749

Function 004230E0 Relevance: 2.8, Strings: 2, Instructions: 257COMMON

Download Yara Rule

Strings

d, xrefs: 00423324
MTrk, xrefs: 0042325C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: MTrk$d
API String ID: 0-4044675371
Opcode ID: c6ab55bbe3c0fa7d14abbc960997d61354773663321014aa48832666422261bf
Instruction ID: 32203c124460ea63bb331d5c649c014199d4e71b8dd8779d9e28e33de3781f13
Opcode Fuzzy Hash: c6ab55bbe3c0fa7d14abbc960997d61354773663321014aa48832666422261bf
Instruction Fuzzy Hash: 1D91A171B007159FD718CF69D88056AB7E2EFC8305B54893EE84ACB741EA38EE05CB59

Function 0043BEB0 Relevance: 2.6, Strings: 2, Instructions: 115COMMON

Download Yara Rule

Strings

ICC profile tag outside profile, xrefs: 0043BFC8
ICC profile tag start not a multiple of 4, xrefs: 0043BF79

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ICC profile tag outside profile$ICC profile tag start not a multiple of 4
API String ID: 0-2051163487
Opcode ID: ec044eba861dff3802c041504f9371715d8219ae46f5f0688d15e50e6bacc3b6
Instruction ID: 1793e8ee28e515483671b0f9ffda8d5a8083afa2d2772cede8cb253dd93a1741
Opcode Fuzzy Hash: ec044eba861dff3802c041504f9371715d8219ae46f5f0688d15e50e6bacc3b6
Instruction Fuzzy Hash: B031D3F360879107D71CCA2D9C606A7BBD3ABC8244F1DD96DE5DAC3301E92595058B98

Function 00436450 Relevance: 2.5, APIs: 1, Instructions: 1006COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdf305884e1fbe2d7309ad1a17281405ad5e2bb6e0745f46892ba862abfaf574
Instruction ID: a578d8d7fcd8a70b64cc45091602c40322e9c9079d0ed4997a16c2f09cb1c1e6
Opcode Fuzzy Hash: bdf305884e1fbe2d7309ad1a17281405ad5e2bb6e0745f46892ba862abfaf574
Instruction Fuzzy Hash: 68926575604B428FD329CF29C0906A7FBE2EF99304F24992EC5DB87B61D634B849CB45

Function 00415410 Relevance: 1.7, APIs: 1, Instructions: 174windowCOMMON

Download Yara Rule

APIs

IsIconic.USER32(?), ref: 00415540

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Iconic
String ID:
API String ID: 110040809-0
Opcode ID: 0c29ba9a1eeeb369251e3d7622f39cb2cf98e5261e7d94550d6f2a742373f6a4
Instruction ID: 3da9d4df02b7a11f6cf990ba991bd8bb16405f8387c46e72b9411a68af53c097
Opcode Fuzzy Hash: 0c29ba9a1eeeb369251e3d7622f39cb2cf98e5261e7d94550d6f2a742373f6a4
Instruction Fuzzy Hash: BA61AA76214701CBD314CF28D480BCAB7E5BBE9310F10886EE49ACB350C3B6E891CBA5

Function 0041A430 Relevance: 1.6, Strings: 1, Instructions: 336COMMON

Download Yara Rule

Strings

?H, xrefs: 0041A7BD

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ?H
API String ID: 0-3303569154
Opcode ID: b8d5055a505ce6f7bb1c79a0a7c47873cb143a0f9cdfae4f4f2d24ce3459a64b
Instruction ID: dd8a7143470c7027581bf87a95c5e10b852920bee0163b7ff15bc305886fd1ba
Opcode Fuzzy Hash: b8d5055a505ce6f7bb1c79a0a7c47873cb143a0f9cdfae4f4f2d24ce3459a64b
Instruction Fuzzy Hash: 09C1DA7250A7844FD725CE18C0643EBBBE2AF81750F5C881EE4C547392E33C99A98B4B

Function 0046BDFD Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0006BDB7), ref: 0046BE02

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: f5a1b581ae42325491ef685fb3d112c12e0e001f2792b58cae5af3f2e3ac6f36
Instruction ID: b384409a583d59f3af18eb0f79e823b578a6a2b9edddbc7348fda79ad5b32f57
Opcode Fuzzy Hash: f5a1b581ae42325491ef685fb3d112c12e0e001f2792b58cae5af3f2e3ac6f36
Instruction Fuzzy Hash: DCA022F0002320AF8B800F20BC0C2083AA0F288B03F00003BEC00C0220EB3000008B0E

Function 0046BE0F Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 0046BE14

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 456438124a81c27d4375969df9bf276284a8c5d7d7d50528f98f2847ff4fcdac
Instruction ID: 07ea850106b8c108bd1a314221aadac04fc29a6115e6aabdb945fb1256d83d2f
Opcode Fuzzy Hash: 456438124a81c27d4375969df9bf276284a8c5d7d7d50528f98f2847ff4fcdac
Instruction Fuzzy Hash:

Function 004385E0 Relevance: .9, Instructions: 903COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7588268db9ad160e2392b48f534035be178d540a008719f74208fe9ed0531eb1
Instruction ID: 8a6339525d6e35ca2f8d348337cae41109e6cc947562ea64c66241a2e6bfa7d5
Opcode Fuzzy Hash: 7588268db9ad160e2392b48f534035be178d540a008719f74208fe9ed0531eb1
Instruction Fuzzy Hash: BF52BA767447095BD308CE9ACC9159EF3D3ABC8304F498A3CFA55C3346EEB8E90A8655

Function 004530BE Relevance: .5, Instructions: 514COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d4f957be90ed7b8d84bd9fa4aaec565630bf78e0820b60bce992dd1cbb6d12b
Instruction ID: 6fe7b18d17f9a285ed853a1284b4ed420a9faed12a6b927eb3760f317d59e385
Opcode Fuzzy Hash: 4d4f957be90ed7b8d84bd9fa4aaec565630bf78e0820b60bce992dd1cbb6d12b
Instruction Fuzzy Hash: C51261B16043018FCB18CF18C99062BBBE6EFC9341F14896EE8858B346E775DD49CB96

Function 0045330E Relevance: .5, Instructions: 514COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a369976d2602bd3cad83ff0087c05d0d484dc2d27d841ddfc47d374621d81c4a
Instruction ID: 0ff4b1ef46bd248f5ea359df907423b2b0ffef71e9e4bc883771304087c85c35
Opcode Fuzzy Hash: a369976d2602bd3cad83ff0087c05d0d484dc2d27d841ddfc47d374621d81c4a
Instruction Fuzzy Hash: E51261B16043018FCB18CF18C99062BBBE6EFC9341F14896EE8858B346E775DD49CB96

Function 0045AF60 Relevance: .5, Instructions: 503COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 590d83342cb87c2239c67f193382b2ce297938f2ed60407259e4e7ead2541bc5
Instruction ID: 8375a89c745237a294ed6986b78df589800102945e81946675e5e6991a38494d
Opcode Fuzzy Hash: 590d83342cb87c2239c67f193382b2ce297938f2ed60407259e4e7ead2541bc5
Instruction Fuzzy Hash: E41241746087018FC708CF29D594A2ABBE1FF89305F148A6EE89AC7752D734E909CF95

Function 0046CFEE Relevance: .4, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7308b1cf4262e6a1df9da87382b3b56980c9c56610acfcd9c9beab69d21f16f8
Instruction ID: c89fe3d400940d1038e11f3a113b1492d07a34913a08d191970deddd00d473b1
Opcode Fuzzy Hash: 7308b1cf4262e6a1df9da87382b3b56980c9c56610acfcd9c9beab69d21f16f8
Instruction Fuzzy Hash: 52E1B031F442499EEB248F98C9557FE7BB1BB45304F28406BD801A6282F7BD8982D75B

Function 0044D4C0 Relevance: .4, Instructions: 386COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77f43fcb64ab58414fd751fbc914337fb718045f4a2c57219fa7436d45c83941
Instruction ID: f883e03dee96c3c1fd799cbbbeca9f3e51b29dd7ef8c67155a20f8cb639735de
Opcode Fuzzy Hash: 77f43fcb64ab58414fd751fbc914337fb718045f4a2c57219fa7436d45c83941
Instruction Fuzzy Hash: 5BC1252560E6824FEB199B6C94E92BBFFD1EB5A310F0981FEC9D5CB323C525840AC354

Function 0044DBC0 Relevance: .4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd7d6e5bdf9180fc249a7cdffd82ac3d4432134ef2b1545fd9ebd85a9bab015f
Instruction ID: 8fe584343c5b2ab7f9b0cc642b8ac80f061f98d578fa96b5db433c428c7c1964
Opcode Fuzzy Hash: bd7d6e5bdf9180fc249a7cdffd82ac3d4432134ef2b1545fd9ebd85a9bab015f
Instruction Fuzzy Hash: 7ED1CB7190DAD28BE722CE2884A03A7FFD1AFA6304F18CADED4D54F346D265984DC356

Function 0045CC50 Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4bfdb248b3fb90f8076a3fe4a1e75f7bd1b50aa5aafde52d762773f77742459
Instruction ID: d42885f33c8c6d520c61d8c5b84336d2212206447306b14936735bb7b4d1e4ca
Opcode Fuzzy Hash: d4bfdb248b3fb90f8076a3fe4a1e75f7bd1b50aa5aafde52d762773f77742459
Instruction Fuzzy Hash: 1EF1AE725082408FC319CF18D9989E27BE2FFA8714B1F42FAD8499B363D7369845CB95

Function 00445430 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40cbced8d823d30fdc57dbfb9b4f71f8def846ab3490d4076d93fd43bfb49d21
Instruction ID: 91966ff534590b6ec0d7f8500918a88e80b18566b25970e795386b6902b40428
Opcode Fuzzy Hash: 40cbced8d823d30fdc57dbfb9b4f71f8def846ab3490d4076d93fd43bfb49d21
Instruction Fuzzy Hash: 1BE1D3B5600A018FD734CF19D490A26FBF2EF89310B25C96ED49ACBB62D735E846CB54

Function 0044BFA0 Relevance: .4, Instructions: 364COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcdb0e9a48f9cc5b8454a5ea312c92bd26660b050e477f45892fe8a81102f325
Instruction ID: 46137653c256457285911400ea8deb0ebc4c399838b385c22934c3e079f78e52
Opcode Fuzzy Hash: dcdb0e9a48f9cc5b8454a5ea312c92bd26660b050e477f45892fe8a81102f325
Instruction Fuzzy Hash: 4BD1A3356097828FD725CF29C4D02AAFBE1EF9A304F4C856DE4D99B312D634D806CB95

Function 0044C4B9 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 950b6f8e4309d23e2686e4ea89e635c2c5649a63589e6d75e58727ae14922da5
Instruction ID: bda4a6d442116c03446c97900269e36635e228820bddd1b8a76930ecd11959ed
Opcode Fuzzy Hash: 950b6f8e4309d23e2686e4ea89e635c2c5649a63589e6d75e58727ae14922da5
Instruction Fuzzy Hash: 36B1AD2674B2828BF7516A3C90A03F77BA1EB96320F9C507ED5DAC7342D12E990EC704

Function 00449030 Relevance: .4, Instructions: 352COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f43671de8236d6e55ebb86847ee6d973513d6f5102e91763885912083526c8a
Instruction ID: 5482b127936f9077a70506b85e0d9ee3c6f072cb38798048c46ffb24c8917dda
Opcode Fuzzy Hash: 2f43671de8236d6e55ebb86847ee6d973513d6f5102e91763885912083526c8a
Instruction Fuzzy Hash: D6D1BE729097429FE704CE18C49436BFBE1FBD9314F544A1EE89587390D335AD0ACB86

Function 004542B0 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a30420b5f763a4df4a7602f2a682204553e38af117153ac762c48079948feed
Instruction ID: 14a2b1d582f0aa97246ef0a971431a698c73ba0437e07b831e032c26d901ab16
Opcode Fuzzy Hash: 2a30420b5f763a4df4a7602f2a682204553e38af117153ac762c48079948feed
Instruction Fuzzy Hash: 9ED12775210B418FD324CF29C980AA7B7E5FF89309B14492EE9D687B52D739F886CB44

Function 0045EDA0 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d1a0d0833fcb90f0c54364ff840c8a357cd331dda426b91b96c9ad3ac08179a
Instruction ID: 3bb2659f5eb9cc1ed4cceeb769d5748a4a38305d67c727e16368477647f9d3b3
Opcode Fuzzy Hash: 8d1a0d0833fcb90f0c54364ff840c8a357cd331dda426b91b96c9ad3ac08179a
Instruction Fuzzy Hash: 14C1C1716087518FC718CF2DD59016AFBE1FB88310F194A7EE8DA93742C734A919CB89

Function 0044D08E Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 209fc5673e656db3213c2d2fbf9a8a4af23a33bfddf6ddf1f62eb543b428bd05
Instruction ID: 1f70ca1328a060af93d3ad2fa3ad2f4f60bc193def3fa32148950b5bbb2ebac5
Opcode Fuzzy Hash: 209fc5673e656db3213c2d2fbf9a8a4af23a33bfddf6ddf1f62eb543b428bd05
Instruction Fuzzy Hash: F2C1E03560C7824BD72DDB2894A45FBBFE2AFAA300F1DD5BDC48A8B393D9209409C740

Function 0045D1D0 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a171baea72c2ef191aaded406128cda83bf47f5cd29cb51e36043729a2c9c6a
Instruction ID: e78ad1b8316cafdb83ded48b3856b2d5ab892fff79c419d4677265554396577b
Opcode Fuzzy Hash: 1a171baea72c2ef191aaded406128cda83bf47f5cd29cb51e36043729a2c9c6a
Instruction Fuzzy Hash: 14D18B756082518FC319CF28E9D88E67BE1BFA8740F0E42F9D94A8B323D7359845CB55

Function 00453E10 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e718a18d8b8632dcd00efd7daa8c411d76cb6ef7e30af4f868fc7ed979f16ed3
Instruction ID: 789497fbc2f48fba354af65a48347471fd5d246d85502ba0fe42d32964fe8cf8
Opcode Fuzzy Hash: e718a18d8b8632dcd00efd7daa8c411d76cb6ef7e30af4f868fc7ed979f16ed3
Instruction Fuzzy Hash: FAB14776214B418FC328CF29C9919A7B3E6BF89705B18892ED9CBC7B42D635F845CB44

Function 004690F6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction ID: be40ab83d69fa45d8e4944d739498b1ca8d37fe8a482b35359d8d74e5a805eb5
Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
Instruction Fuzzy Hash: E6B1AC75A0020ADFDB15CF04C5D0AA9BBA5FF58318F24C59ED81A4B382D775EE46CB90

Function 004597D0 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cab88bb81d6f1a3f294bb195b69a7ed404116198194961875d31482ad394f9ff
Instruction ID: 350b0031c3529135c0b4202ef16550911f05fb3288fe220b85aa33085ca066d3
Opcode Fuzzy Hash: cab88bb81d6f1a3f294bb195b69a7ed404116198194961875d31482ad394f9ff
Instruction Fuzzy Hash: 73A1F775A087418FC314CF29C49086AFBF2BFC9714F198A6EE99987325E770E945CB42

Function 0044D990 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4664e54bd8655df0b62760be2564d86677a0bae60cff444b8354291ceb51d8c8
Instruction ID: 03f91fc9c60d2c0a814956abdcfb20ffe9a8f8c0babdccc63202ffe4260496be
Opcode Fuzzy Hash: 4664e54bd8655df0b62760be2564d86677a0bae60cff444b8354291ceb51d8c8
Instruction Fuzzy Hash: 5071D73590C6828ADB15DF28C444266FFE2EFA6304F0DC69EC8C99F357D626E909C791

Function 0044CE14 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e09e427cc0f5c48326d696f622ddb13854d7e20a58c35d846649955e18978596
Instruction ID: 55c1fc672f2754ff25e9332ab5295ce82dcfc83cac520cde89e7ed68f826a30b
Opcode Fuzzy Hash: e09e427cc0f5c48326d696f622ddb13854d7e20a58c35d846649955e18978596
Instruction Fuzzy Hash: EE71142120E7C24BD7299B2888E52F6FFD2AFA7300F5C95EED8D64F392C51A5409C725

Function 00458D30 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c85e5f8c1b8543d5e31b2507d484f8634bc59b4117db2810bbc7b5cb86d4c726
Instruction ID: b204ed0c2b6e006406905287ddd00dec6dd38ac202271ec44fa4bffa4c495ecf
Opcode Fuzzy Hash: c85e5f8c1b8543d5e31b2507d484f8634bc59b4117db2810bbc7b5cb86d4c726
Instruction Fuzzy Hash: B981F63954A7819FC711CF29C0D04A6FBF2BF9E204B5C999DE9C51B317C231A91ACB92

Function 0044B760 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f443e03f1d05919038a1a0111bceafaf9231b47195c8f2f077a44ad63be344b
Instruction ID: 3088a66dddab429ec36e84a8b5c2a7ad40becf0135b326bd33534e0a339a15bf
Opcode Fuzzy Hash: 8f443e03f1d05919038a1a0111bceafaf9231b47195c8f2f077a44ad63be344b
Instruction Fuzzy Hash: 6F5123316087504BE305DE2E989016AFBD2DBDA215F188AAEC9D9C7712D735D80A87C5

Function 0044CC61 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d4d2dea2c165661568dc7cef3cf9871e53b13df2d48047b3dc5f70df1b2c506
Instruction ID: b04d3ea0a4a7889f9604508d9ca3db3259601326e328179af8f78dcbdfbc1087
Opcode Fuzzy Hash: 4d4d2dea2c165661568dc7cef3cf9871e53b13df2d48047b3dc5f70df1b2c506
Instruction Fuzzy Hash: A741477A70A2834BD3589E3C84902F6FFA1EF9A300F5C47BEC495C7742D629950AC750

Function 0044C976 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8c27889d51f487b201adba72a386df83b8ac4b76ef92a9fc20cd27d85f323ea
Instruction ID: 7ff827804d0042cf0ea45d8a4f58f1db29e630385d6c356f26af18d735383937
Opcode Fuzzy Hash: a8c27889d51f487b201adba72a386df83b8ac4b76ef92a9fc20cd27d85f323ea
Instruction Fuzzy Hash: 5751B12920EBD14AD71A9B3C54A96F7FFE29F6B301B4E90EDC4DA8B323C5165409C760

Function 0044E600 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7dc31957ecbe4f43c864158e3472b02142bfcd6d14652c0d4a4b14b08f2a471
Instruction ID: cb9301e7a56451b7366404389eec16ada4bb250e654e16c8bd379d1b83b9b9f6
Opcode Fuzzy Hash: c7dc31957ecbe4f43c864158e3472b02142bfcd6d14652c0d4a4b14b08f2a471
Instruction Fuzzy Hash: 074183327019414BE768DA2BD8A01EBB7D3EBD6311B28C86BC19E8B725D5356445CB84

Function 00445860 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4f27dd10139f30faea009d98bf7d04ad43b169fe1efa635cf320682f8d45aa
Instruction ID: 0c20b613dc2c90ad430272e2250e5145618bfc01d1449648feb7f5f268ec9c47
Opcode Fuzzy Hash: 0b4f27dd10139f30faea009d98bf7d04ad43b169fe1efa635cf320682f8d45aa
Instruction Fuzzy Hash: E4313C33B4598203FB1DCA2F8CA12BAEBD34FC522872DD57E99C98B357ECB984164104

Function 00445120 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 217630e9c1a426de6f01dab588538e4a74b7052f205d0c6582edb61db77bd3e2
Instruction ID: a5499ab453a75dff68d7d11699539843503a8de01603de782b648771abf1a954
Opcode Fuzzy Hash: 217630e9c1a426de6f01dab588538e4a74b7052f205d0c6582edb61db77bd3e2
Instruction Fuzzy Hash: CB3175327B949207D354CEBDAC80277B793A7CA30AB6DCA7DD584C7A0AC879D8078754

Function 004621C0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e65a41849ba1dff17564a555de7faa284a3be694d3db7f60d411abc468340149
Instruction ID: ca5236b05e86bc67444900e9c9cd42453c3515da4642decb6c35856decadf3a1
Opcode Fuzzy Hash: e65a41849ba1dff17564a555de7faa284a3be694d3db7f60d411abc468340149
Instruction Fuzzy Hash: 55117DB3240D4263D714CA69CAB46F7E395EBC632072C82FBC1425B354F6E99945850A

Function 00401811 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98894af1965d977d1c967f24f0dd53628c49e21d0e838d935c93033e9165ceb1
Instruction ID: 60328ee044517ea8ade0c089c23a9950a1897ede29da9ba4b2611335d1015c3a
Opcode Fuzzy Hash: 98894af1965d977d1c967f24f0dd53628c49e21d0e838d935c93033e9165ceb1
Instruction Fuzzy Hash: FAF0E27250440CEBDB08EF62F8459FD7B76FBD0314F01C16BE88926188CA399A79C759

Function 004358B0 Relevance: 95.0, APIs: 53, Strings: 1, Instructions: 459windowsleepCOMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 004358D2

Part of subcall function 0041B250: EnumDisplaySettingsA.USER32(00000000,000000FF,?), ref: 0041B25F

SetStretchBltMode.GDI32(00000000,00000000), ref: 004358E5
CreateCompatibleDC.GDI32(00000000), ref: 004358F2
CreateCompatibleDC.GDI32(00000000), ref: 004358F7
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00435948
SelectObject.GDI32(00000000,00000000), ref: 0043595C
SelectObject.GDI32(?,?), ref: 00435986
PatBlt.GDI32(?,00000000,00000000,?,?,00F00021), ref: 004359A8
SelectObject.GDI32(?,?), ref: 004359B8
SelectObject.GDI32(?,?), ref: 004359C4
GetTickCount.KERNEL32 ref: 00435A12
SelectObject.GDI32(?,?), ref: 00435A4A
SelectObject.GDI32(00000000,00000000), ref: 00435A66
BitBlt.GDI32(?,?,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00435A8B
SelectObject.GDI32(00000000,?), ref: 00435A97
DeleteObject.GDI32(00000000), ref: 00435A9E
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00435AE2
SelectObject.GDI32(00000000,00000000), ref: 00435AEE
BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,00000000,00CC0020), ref: 00435B13
SelectObject.GDI32(00000000,?), ref: 00435B1F
SelectObject.GDI32(00000000,?), ref: 00435B27
CreateCompatibleDC.GDI32(00000000), ref: 00435B3C
CreateCompatibleDC.GDI32(00000000), ref: 00435B45
CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00435B5B
CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00435B73
SelectObject.GDI32(00000000,?), ref: 00435B83
SelectObject.GDI32(00000000,?), ref: 00435B93
SetBkColor.GDI32(00000000,?), ref: 00435BA5
BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00435BC6
SetBkColor.GDI32(00000000,?), ref: 00435BD2
BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00330008), ref: 00435BEF
BitBlt.GDI32(?,?,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 00435C14
BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 00435C31
BitBlt.GDI32(?,?,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 00435C56
SelectObject.GDI32(00000000,?), ref: 00435C62
DeleteObject.GDI32(00000000), ref: 00435C69
SelectObject.GDI32(00000000,?), ref: 00435C75
DeleteObject.GDI32(00000000), ref: 00435C7C
DeleteDC.GDI32(00000000), ref: 00435C89
DeleteDC.GDI32(00000000), ref: 00435C8C
SelectObject.GDI32(00000000,?), ref: 00435CC5
DeleteObject.GDI32(?), ref: 00435CCC
IsWindow.USER32(?), ref: 00435CD6
StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,?,?,00CC0020), ref: 00435D3A
BitBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00CC0020), ref: 00435D64
SelectObject.GDI32(?,?), ref: 00435D74
Sleep.KERNEL32(0000000A), ref: 00435DC0
GetTickCount.KERNEL32 ref: 00435DC6
DeleteObject.GDI32(00000000), ref: 00435DF3
DeleteDC.GDI32(00000000), ref: 00435E00
DeleteDC.GDI32(?), ref: 00435E07
ReleaseDC.USER32(?,00000000), ref: 00435E0E

Part of subcall function 004353F0: GetClientRect.USER32(?,?), ref: 00435417
Part of subcall function 004353F0: __ftol.LIBCMT ref: 004354EE
Part of subcall function 004353F0: __ftol.LIBCMT ref: 00435501

Strings

<TH, xrefs: 004359CE

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Select$Delete$Create$Compatible$Bitmap$ColorCountStretchTick__ftol$ClientDisplayEnumModeRectReleaseSettingsSleepWindow
String ID: <TH
API String ID: 1975044605-1960875028
Opcode ID: b09c7971ed21c9cb450eeb61795c269d9db3358cfececf9e4a6e2966663fe54f
Instruction ID: 853fe0911e68b81bc00e8801fd34a798df6953c31764ff85165f82f0cf7ec198
Opcode Fuzzy Hash: b09c7971ed21c9cb450eeb61795c269d9db3358cfececf9e4a6e2966663fe54f
Instruction Fuzzy Hash: 9C02F6B1214700AFE364DF69DC85F6BB7E9FB88B04F10491DFA9697290C774E8048B29

Function 004341F0 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 356windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0041A980: SendMessageA.USER32(?,00000143,00000000,?), ref: 0041A9A3

GetProfileStringA.KERNEL32(windows,device,,,,,?,000001F4), ref: 00434249
GetProfileStringA.KERNEL32(devices,00000000,004B21D4,?,00001000), ref: 00434288
GetProfileStringA.KERNEL32(devices,?,,,,,?,000000C8), ref: 004342CA
SendMessageA.USER32(?,00000143,00000000), ref: 0043438B
SendMessageA.USER32(?,0000014E,?,00000000), ref: 004343C8
SendMessageA.USER32(?,0000014E,?,00000000), ref: 0043446B
wsprintfA.USER32 ref: 00434484
wsprintfA.USER32 ref: 004344AA
wsprintfA.USER32 ref: 004344D0
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00434503
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 0043452E
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00434544
SendMessageA.USER32(?,0000014E,?,00000000), ref: 0043455B
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 0043459F
wsprintfA.USER32 ref: 004345B2
wsprintfA.USER32 ref: 004345DC
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00434602
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00434643
wsprintfA.USER32 ref: 00434654

Strings

device, xrefs: 0043423F
,,,, xrefs: 0043423A, 004342BF
devices, xrefs: 00434283, 004342C5
none, xrefs: 00434308
windows, xrefs: 00434244

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$wsprintf$ProfileString
String ID: ,,,$device$devices$none$windows
API String ID: 2373861888-528626633
Opcode ID: 066c8e47b2587ccbb602d72e7e5f4e1c75d4a81292d2ba3a7e0c1a414dcf6754
Instruction ID: b16c00b9b99244e299e57b658f968b4fbf5e549e1f765d5df46ed8994f6d2bdb
Opcode Fuzzy Hash: 066c8e47b2587ccbb602d72e7e5f4e1c75d4a81292d2ba3a7e0c1a414dcf6754
Instruction Fuzzy Hash: BCC1D4716407056BD624EB70CC82FEB77A8AFC8754F00491EF55A971C1EB78FA048B69

Function 00410AB0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 293windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 00410B3F
GetWindowRect.USER32(?,?), ref: 00410B96
GetParent.USER32(?), ref: 00410BA6
GetParent.USER32(?), ref: 00410BD9
GlobalSize.KERNEL32(00000000), ref: 00410C23
GlobalLock.KERNEL32(00000000), ref: 00410C2B
IsWindow.USER32(?), ref: 00410C44
GetTopWindow.USER32(?), ref: 00410C81
GetWindow.USER32(00000000,00000002), ref: 00410C9A
SetParent.USER32(?,?), ref: 00410CC6
SendMessageA.USER32(?,0000806F,00000000,00000000), ref: 00410D11
SendMessageA.USER32(?,00008076,00000000,00000000), ref: 00410D20
GetParent.USER32(?), ref: 00410D33
SendMessageA.USER32(?,00008004,00000000,00000000), ref: 00410D4C
GetWindowLongA.USER32(?,000000F0), ref: 00410D54
SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 00410D84
SendMessageA.USER32(?,0000130C,00000000,00000000), ref: 00410D92
IsWindow.USER32(?), ref: 00410DDE
GetFocus.USER32 ref: 00410DE8
SetFocus.USER32(?,00000000), ref: 00410E00
GlobalUnlock.KERNEL32(00000000), ref: 00410E0B
GlobalFree.KERNEL32(00000000), ref: 00410E12

Strings

zA, xrefs: 00410C69

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend$GlobalParent$Focus$FreeLockLongRectSizeUnlock
String ID: zA
API String ID: 300820980-319258504
Opcode ID: ab619949a653c54024f430f52fcf23fb7b03de9564b709f8bbee3dd334ec7d23
Instruction ID: 8d7846fb179e8c02bdbd9eb9241cd7df7073fd856c15998540775b18a743c0a6
Opcode Fuzzy Hash: ab619949a653c54024f430f52fcf23fb7b03de9564b709f8bbee3dd334ec7d23
Instruction Fuzzy Hash: CCA16D71604300AFD724EFA5CC84B6FB7E8BB88704F108A1DF94597391DBB8E8458B59

Function 004438B0 Relevance: 38.0, APIs: 25, Instructions: 452windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000010), ref: 00443938

Part of subcall function 00479223: SetBkColor.GDI32(?,?), ref: 00479232
Part of subcall function 00479223: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 00479264

GetSysColor.USER32(00000014), ref: 00443970
InflateRect.USER32(?,000000FF,000000FF), ref: 004439A2
GetSysColor.USER32(00000016), ref: 004439BB
GetSysColor.USER32(0000000F), ref: 004439CB
DrawEdge.USER32(?,?,00000002,0000000F), ref: 00443A04
GetDeviceCaps.GDI32(?), ref: 00443C0E
RealizePalette.GDI32(?), ref: 00443C31
GetSysColor.USER32(00000014), ref: 00443C49
GetSysColor.USER32(0000000F), ref: 00443C5B
GetSysColor.USER32(0000000F), ref: 00443911

Part of subcall function 004791F9: SetBkColor.GDI32(?,?), ref: 00479203
Part of subcall function 004791F9: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 00479219

GetSysColor.USER32(0000000F), ref: 00443A68
InflateRect.USER32(?,000000FF,000000FF), ref: 00443AA1
GetSysColor.USER32(00000016), ref: 00443AB6
GetSysColor.USER32(0000000F), ref: 00443AC2
InflateRect.USER32(?,?,?), ref: 00443B03
GetSysColor.USER32(00000010), ref: 00443B07
Rectangle.GDI32(?,?,?,?,?), ref: 00443B4E
DrawEdge.USER32(?,?,00000002,0000000F), ref: 00443B89
DrawEdge.USER32(?,?,00000002,0000000F), ref: 00443C90
GetSysColor.USER32(00000010), ref: 00443CED
CreatePen.GDI32(00000000,00000001,00000000), ref: 00443CF4
InflateRect.USER32(?,?,?), ref: 00443D33
Rectangle.GDI32(?,?,?,?,?), ref: 00443D51
GetDeviceCaps.GDI32(?,00000026), ref: 00443D87

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$InflateRect$DrawEdge$CapsDeviceRectangleText$CreatePaletteRealize
String ID:
API String ID: 3119264602-0
Opcode ID: c870e316f74892e0d080356898e78d535897338514c3416a65c6400fdf6faba6
Instruction ID: 90f9117bf2806f6e23cc09d30197855c8363707cac8a29d440d552f9f2e676fb
Opcode Fuzzy Hash: c870e316f74892e0d080356898e78d535897338514c3416a65c6400fdf6faba6
Instruction Fuzzy Hash: 91F158B1204701AFD714DF64C884F6BB7E9FB88B04F108A2EF69687291DB74E905CB56

Function 004207B0 Relevance: 37.1, APIs: 17, Strings: 4, Instructions: 366windowCOMMON

Download Yara Rule

APIs

CreateDIBitmap.GDI32(?,?,00000004,?,?,00000000), ref: 0042083C
CreateCompatibleDC.GDI32(?), ref: 0042084E
CreateCompatibleDC.GDI32(?), ref: 00420857
SelectObject.GDI32(00000000,?), ref: 00420866
CreateCompatibleBitmap.GDI32(?,?,?), ref: 00420879
SelectObject.GDI32(?,00000000), ref: 00420889
BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 004208A9
SelectObject.GDI32(00000000,?), ref: 004208B5
DeleteDC.GDI32(00000000), ref: 004208C2
SelectObject.GDI32(?,?), ref: 004208CA
DeleteDC.GDI32(?), ref: 004208D1
DeleteObject.GDI32(?), ref: 004208D7
CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 0042090D

Strings

(, xrefs: 00420B6F
, xrefs: 004209D3
(, xrefs: 004209BC
0FH, xrefs: 00420B0E

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateObject$Select$BitmapCompatibleDelete
String ID: $($($0FH
API String ID: 1878064223-1560629863
Opcode ID: 4c9061cc49e37a475621a39582f688bb49ead8f6ca3f3219af21d114f3b51016
Instruction ID: 9164aa15abe6c9868992328146e30c74930ed1d9901110ad9722702644158086
Opcode Fuzzy Hash: 4c9061cc49e37a475621a39582f688bb49ead8f6ca3f3219af21d114f3b51016
Instruction Fuzzy Hash: CAD157B26043059FC720CF29E884A6BBBE9EFC9310F50492EF99697351D774E844CB66

Function 004163E0 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 245COMMON

Download Yara Rule

APIs

SetWindowRgn.USER32(?,00000000,00000001), ref: 00416411
GetWindowRect.USER32(?,?), ref: 0041643E
BeginPath.GDI32(?), ref: 004164C7
MulDiv.KERNEL32(7FFF0000,?,00007FFF), ref: 004164E0
MulDiv.KERNEL32(00000000,?,00007FFF), ref: 004164EF
MulDiv.KERNEL32(3FFF0000,?,00007FFF), ref: 00416517
MulDiv.KERNEL32(00000000,?,00007FFF), ref: 00416526
EndPath.GDI32(?), ref: 00416541
PathToRegion.GDI32(?), ref: 0041654C

Strings

gfff, xrefs: 0041660A
x?H, xrefs: 00416695
gfff, xrefs: 0041661A
l?H, xrefs: 00416454
x?H, xrefs: 004165F1

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Path$Window$BeginRectRegion
String ID: gfff$gfff$l?H$x?H$x?H
API String ID: 3989698161-199277023
Opcode ID: a449bf1a24bc80162c97a2adbc76d229310bc9fc1556ce6cf682b985e41695f5
Instruction ID: b116dc4e425883d5c189569669d74432f6972b3b6545ebf5f18372cc7d99d1c3
Opcode Fuzzy Hash: a449bf1a24bc80162c97a2adbc76d229310bc9fc1556ce6cf682b985e41695f5
Instruction Fuzzy Hash: 0C81D3B1604341ABC314DF25CC45AABB7E9EBD4704F44892EF58A83391DA38E949C766

Function 00437F80 Relevance: 31.7, APIs: 21, Instructions: 205COMMON

Download Yara Rule

APIs

WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000022B8), ref: 00437F95
EnterCriticalSection.KERNEL32(?), ref: 00437FB8
LeaveCriticalSection.KERNEL32(?), ref: 00437FC6
waveOutUnprepareHeader.WINMM(?,?,00000020), ref: 00437FE8
waveOutPrepareHeader.WINMM(?,?,00000020), ref: 00438031
waveOutWrite.WINMM(?,?,00000020), ref: 0043803E
EnterCriticalSection.KERNEL32(?), ref: 00438048
LeaveCriticalSection.KERNEL32(?), ref: 00438056
EnterCriticalSection.KERNEL32(?), ref: 00438085
ReleaseSemaphore.KERNEL32(?,00000014,00000000), ref: 004380A3
LeaveCriticalSection.KERNEL32(?), ref: 004380AA
waveOutPause.WINMM(?), ref: 004380B9
waveOutReset.WINMM(?), ref: 004380C3
waveOutUnprepareHeader.WINMM(?,00000000,00000020), ref: 004380E1
waveOutUnprepareHeader.WINMM(?,?,00000020), ref: 00438106
EnterCriticalSection.KERNEL32(004B21F8), ref: 0043811C
LeaveCriticalSection.KERNEL32(004B21F8), ref: 00438178
CloseHandle.KERNEL32(?), ref: 004381A6
CloseHandle.KERNEL32(?), ref: 004381AC
CloseHandle.KERNEL32(?), ref: 004381B2
DeleteCriticalSection.KERNEL32(?), ref: 004381B8

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$wave$EnterHeaderLeave$CloseHandleUnprepare$DeleteMultipleObjectsPausePrepareReleaseResetSemaphoreWaitWrite
String ID:
API String ID: 361331667-0
Opcode ID: 9f7945aa56cf8da65da810ebb134f4eb5fc82613ec67ce52e25164cb8eaff19e
Instruction ID: ba80cb1e91204ec5e26ceb988da821a9fe824eef89b5e91ff1d3102a14a1f3da
Opcode Fuzzy Hash: 9f7945aa56cf8da65da810ebb134f4eb5fc82613ec67ce52e25164cb8eaff19e
Instruction Fuzzy Hash: C1718E75600319ABDB14CF68DD88AAE77A8FF88704F05892EF905E7250CB78DD05CB99

Function 0041E3E0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 183windowmemoryCOMMON

Download Yara Rule

APIs

GetStockObject.GDI32(0000000F), ref: 0041E434
GetObjectA.GDI32(?,00000018,?), ref: 0041E447
SelectPalette.GDI32(?,00000000,00000000), ref: 0041E4A2
RealizePalette.GDI32(?), ref: 0041E4AC
GlobalAlloc.KERNEL32(00000002,00000028), ref: 0041E4B6
SelectPalette.GDI32(?,?,00000000), ref: 0041E4CC
GlobalLock.KERNEL32(00000000), ref: 0041E4D4
GetDIBits.GDI32(?,?,00000000,?,00000000,00000000,00000000), ref: 0041E503
GlobalUnlock.KERNEL32(00000000), ref: 0041E559
GlobalReAlloc.KERNEL32(00000000,?,00000002), ref: 0041E562
GlobalLock.KERNEL32(00000000), ref: 0041E56F
GetDIBits.GDI32(?,?,00000000,?,00000000,00000000,00000000), ref: 0041E592
SelectPalette.GDI32(?,?,00000000), ref: 0041E5A5
GlobalUnlock.KERNEL32(00000000), ref: 0041E5AC
GlobalFree.KERNEL32(00000000), ref: 0041E5B3

Part of subcall function 00476FB8: __EH_prolog.LIBCMT ref: 00476FBD
Part of subcall function 00476FB8: ReleaseDC.USER32(00000000,00000000), ref: 00476FDC

Strings

(, xrefs: 0041E45A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Palette$Select$AllocBitsLockObjectUnlock$FreeH_prologRealizeReleaseStock
String ID: (
API String ID: 3986717603-3887548279
Opcode ID: 2027ff1916e53e7b66c3d0253bb8d6da409e7487a16de513f67d16c408814112
Instruction ID: 7962d80b520c45c60b5f737fc1152551a260aaf19855dde01414e7728212582c
Opcode Fuzzy Hash: 2027ff1916e53e7b66c3d0253bb8d6da409e7487a16de513f67d16c408814112
Instruction Fuzzy Hash: F361AC761047109FC360DB64DC48B6FB7E9FB89B10F10492DFA8997290D778E808CB96

Function 00406CB0 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 384windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004770AE: __EH_prolog.LIBCMT ref: 004770B3
Part of subcall function 004770AE: BeginPaint.USER32(?,?,?,?,00405BA9), ref: 004770DC

Part of subcall function 00476C5F: GetClipBox.GDI32(?,?), ref: 00476C66

IsRectEmpty.USER32(?), ref: 00406CF5
GetCurrentObject.GDI32(?,00000002), ref: 00406D3A
GetCurrentObject.GDI32(?,00000001), ref: 00406D4D
GetClientRect.USER32 ref: 00406DD2
CreatePen.GDI32(-00000003,00000000,?), ref: 00406DEE
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 00406EB2

Part of subcall function 00477120: __EH_prolog.LIBCMT ref: 00477125
Part of subcall function 00477120: EndPaint.USER32(?,?,?,?,00405C23), ref: 00477142

Strings

gfff, xrefs: 00407022

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentH_prologObjectPaintRect$BeginClientClipCreateEmpty
String ID: gfff
API String ID: 3506841274-1553575800
Opcode ID: f59fcc1b3b5a87d608e24b5d9a60e3dda29f4e7a8d6cf78cd8db0bd4aa9086d3
Instruction ID: 5a906d978eff1d8a7774dbdb1cdaee03987e23695fea4585e720433ac306d0bc
Opcode Fuzzy Hash: f59fcc1b3b5a87d608e24b5d9a60e3dda29f4e7a8d6cf78cd8db0bd4aa9086d3
Instruction Fuzzy Hash: 5CE18E715083419BC314DF65C880E6FB7E9FB84710F518A2EF59697280DB38E909CBAB

Function 00433080 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 255windowCOMMON

Download Yara Rule

APIs

CopyRect.USER32(?,?), ref: 004330B6

Part of subcall function 004772AB: __EH_prolog.LIBCMT ref: 004772B0
Part of subcall function 004772AB: CreateSolidBrush.GDI32(?), ref: 004772CD

FillRect.USER32(?,?,00000000), ref: 004330F4
GetSystemMetrics.USER32(0000002E), ref: 0043311D
GetSystemMetrics.USER32(0000002D), ref: 00433123
DrawFrameControl.USER32(?,?,00000003,?), ref: 00433196
DrawEdge.USER32(?,?,0000000A,0000000F), ref: 004331A9
InflateRect.USER32(?,00FFFFFD,00000001), ref: 004331C4
GetSysColor.USER32(0000000F), ref: 004331E8
Rectangle.GDI32(?,?,?,?,?), ref: 0043323B
OffsetRect.USER32(?,00000001,00000001), ref: 004332A5
GetSysColor.USER32(00000014), ref: 004332AB
OffsetRect.USER32(?,000000FF,000000FF), ref: 004332D3
GetSysColor.USER32(00000010), ref: 004332D9
InflateRect.USER32(?,000000FF,000000FF), ref: 00433322
DrawFocusRect.USER32(?,?), ref: 00433331

Part of subcall function 0047294B: GetWindowTextLengthA.USER32(?), ref: 00472958
Part of subcall function 0047294B: GetWindowTextA.USER32(?,00000000,00000000), ref: 00472970

Strings

XMH, xrefs: 00433102
XMH, xrefs: 00433337

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ColorDraw$InflateMetricsOffsetSystemTextWindow$BrushControlCopyCreateEdgeFillFocusFrameH_prologLengthRectangleSolid
String ID: XMH$XMH
API String ID: 4239342997-641518879
Opcode ID: f57901c07c069ab2c27c7786b50b0f26fe64ca1a9bb213ac2826429e1c19272f
Instruction ID: dac057fee6bc548f537c59d47a8550929e0e2fc7eea6c0e654843ee828f4d13a
Opcode Fuzzy Hash: f57901c07c069ab2c27c7786b50b0f26fe64ca1a9bb213ac2826429e1c19272f
Instruction Fuzzy Hash: 61A16971208345AFC714DF64C889A6BBBE8BF88714F008A1DF99587391DBB4E905CB56

Function 00420BF0 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 305windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0041B250: EnumDisplaySettingsA.USER32(00000000,000000FF,?), ref: 0041B25F

SetStretchBltMode.GDI32(?,00000000), ref: 00420C04
CreateCompatibleDC.GDI32(?), ref: 00420C89
CreateCompatibleDC.GDI32(?), ref: 00420CA1
GetObjectA.GDI32(?,00000018,?), ref: 00420CE2
CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00420CF8
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00420D56
StretchBlt.GDI32(?,000000FF,?,?,?,?,00000000,00000000,?,?,00660046), ref: 00420DAF
StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,008800C6), ref: 00420DE9
StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00660046), ref: 00420E23
CreateCompatibleDC.GDI32(?), ref: 00420E9B
SelectObject.GDI32(00000000,?), ref: 00420EA8
StretchBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?), ref: 00420EEB
SelectObject.GDI32(00000000,?), ref: 00420EF7
DeleteDC.GDI32(00000000), ref: 00420EFE
DrawIconEx.USER32(?,?,?,?,?,?,00000000,00000000,00000003), ref: 00420F3D

Strings

HFH, xrefs: 00420D08, 00420D16

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Stretch$Create$CompatibleObject$Select$BitmapDeleteDisplayDrawEnumIconModeSettings
String ID: HFH
API String ID: 1298110373-1609311307
Opcode ID: 176ae0987aacb83c562b40c59d0d7be69c80362386fc7e696b82f00c99c4af1b
Instruction ID: 699639862b1c333d18ad428fe6cd0c7d869cd40692bd322a4d0f25b90ebf3225
Opcode Fuzzy Hash: 176ae0987aacb83c562b40c59d0d7be69c80362386fc7e696b82f00c99c4af1b
Instruction Fuzzy Hash: 51B14671204704AFD324DB24DC85F6BB3E9FB88714F608A1DF69987291DB38EC058B65

Function 00441A30 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 372COMMON

Download Yara Rule

APIs

Part of subcall function 004770AE: __EH_prolog.LIBCMT ref: 004770B3
Part of subcall function 004770AE: BeginPaint.USER32(?,?,?,?,00405BA9), ref: 004770DC

Part of subcall function 00440F80: GetWindowExtEx.GDI32(?,?), ref: 00440FA3

MulDiv.KERNEL32(?,00000064,?), ref: 00441AEB
GetClientRect.USER32(?,?), ref: 00441B79
DPtoLP.GDI32(?,?,00000002), ref: 00441B8E
OffsetRect.USER32 ref: 00441BDD
Rectangle.GDI32(?,?,?,?,?), ref: 00441C1B
FillRect.USER32(?,?,?), ref: 00441C73
FillRect.USER32(?,00000032,?), ref: 00441CB6
LPtoDP.GDI32(?,?,00000002), ref: 00441D5F
IsRectEmpty.USER32(?), ref: 00441D66
CreateRectRgnIndirect.GDI32(?), ref: 00441DAA

Part of subcall function 00476C6F: SelectClipRgn.GDI32(?,00000000), ref: 00476C91
Part of subcall function 00476C6F: SelectClipRgn.GDI32(?,?), ref: 00476CA7

LPtoDP.GDI32(?,?,00000001), ref: 00441DEA
DPtoLP.GDI32(?,?,00000001), ref: 00441E11

Strings

HcH, xrefs: 00441EE9
2, xrefs: 00441BD5
TcH, xrefs: 00441DBA, 00441DC5

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClipFillSelect$BeginClientCreateEmptyH_prologIndirectOffsetPaintRectangleWindow
String ID: 2$HcH$TcH
API String ID: 2521159323-2026343159
Opcode ID: 3c3e7e8638e4c1b2607d9a580919e7a8bb9de00766dfd5bdaa789644184af717
Instruction ID: 1945d6776cc6866e3979dfb22d4763b781468c93fe9c25b941152097359bd0c6
Opcode Fuzzy Hash: 3c3e7e8638e4c1b2607d9a580919e7a8bb9de00766dfd5bdaa789644184af717
Instruction Fuzzy Hash: 4DE128716087409FD324DF69C880BABB7E9BBC8704F408A2EF59A87351DB74A944CB56

Function 00473E87 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004747F0: GetWindowLongA.USER32(?,000000F0), ref: 004747FC

GetParent.USER32(?), ref: 00473EB2
SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 00473ED5
GetWindowRect.USER32(?,?), ref: 00473EEE
GetWindowLongA.USER32(00000000,000000F0), ref: 00473F01
CopyRect.USER32(?,?), ref: 00473F4E
CopyRect.USER32(?,?), ref: 00473F58
GetWindowRect.USER32(00000000,?), ref: 00473F61
CopyRect.USER32(?,?), ref: 00473F7D

Strings

(, xrefs: 00473F19
@, xrefs: 00473EF0

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$Copy$Long$MessageParentSend
String ID: ($@
API String ID: 808654186-1311469180
Opcode ID: e140f3dcfe7faf7e1eeacd7ffe592774b12e874d499bb06a94699ba2002ee158
Instruction ID: 0487028eec5fc970961f1a1ef3b4947c12abf4e73691a8fdad1c34b019d723f9
Opcode Fuzzy Hash: e140f3dcfe7faf7e1eeacd7ffe592774b12e874d499bb06a94699ba2002ee158
Instruction Fuzzy Hash: D6518272D00219ABDB10DFB8DC85EEEBBB9AF44311F14412AF905F3291D734AD099B68

Function 00434880 Relevance: 25.9, APIs: 17, Instructions: 351windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047294B: GetWindowTextLengthA.USER32(?), ref: 00472958
Part of subcall function 0047294B: GetWindowTextA.USER32(?,00000000,00000000), ref: 00472970

__ftol.LIBCMT ref: 004348F6
__ftol.LIBCMT ref: 0043494C
__ftol.LIBCMT ref: 004349A2
__ftol.LIBCMT ref: 004349F8
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00434A19
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00434A33
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00434AFB
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00434B2D
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00434B4A
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00434B6A
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00434B84
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00434B9C
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00434BBB
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00434C24
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00434C89
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00434CCB

Part of subcall function 00474716: GetDlgItem.USER32(?,?), ref: 00474724

SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00434CF7

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$__ftol$TextWindow$ItemLength
String ID:
API String ID: 2143175130-0
Opcode ID: 3a52721da475c74815223199b650c107d1b96456a2b51d7625db3cb8c3b9890a
Instruction ID: 6051fc15e72d48e32a8ffdf0a330ba51d8cad54b4f7604b899f9bf0d5ada7328
Opcode Fuzzy Hash: 3a52721da475c74815223199b650c107d1b96456a2b51d7625db3cb8c3b9890a
Instruction Fuzzy Hash: C2D1D6F1644B01ABD324EB75DC81FEB73A4AF85744F10492EF19A862D0DA78F5418F4A

Function 004167C0 Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 354COMMON

Download Yara Rule

APIs

CreateRectRgn.GDI32(?,?,?,?), ref: 0041680E
GetClientRect.USER32(?,?), ref: 004168A9
CreateRectRgn.GDI32 ref: 0041691A
CombineRgn.GDI32(?,?,l?H,00000004), ref: 0041694B
SetRect.USER32(?,00000000,?,?,?), ref: 004169A2
IntersectRect.USER32(?,?,?), ref: 004169AF
IsRectEmpty.USER32(?), ref: 004169DA
__ftol.LIBCMT ref: 00416AB8
__ftol.LIBCMT ref: 00416AC5
CreateRectRgn.GDI32(00000000,?,00000000,00000000), ref: 00416B1E
CombineRgn.GDI32(?,?,l?H,00000004), ref: 00416B4F

Part of subcall function 00420BF0: SetStretchBltMode.GDI32(?,00000000), ref: 00420C04
Part of subcall function 00420BF0: CreateCompatibleDC.GDI32(?), ref: 00420C89
Part of subcall function 00420BF0: CreateCompatibleDC.GDI32(?), ref: 00420CA1
Part of subcall function 00420BF0: GetObjectA.GDI32(?,00000018,?), ref: 00420CE2
Part of subcall function 00420BF0: CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00420CF8

FillRgn.GDI32(?,?,00000000), ref: 00416BCC

Strings

l?H, xrefs: 0041692E, 00416946
l?H, xrefs: 00416B86

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Create$CombineCompatible__ftol$BitmapClientEmptyFillIntersectModeObjectStretch
String ID: l?H$l?H
API String ID: 3212946024-43103916
Opcode ID: d06e528db3b3443d98ef4c2923798ae62790d4403c4214c161278c5847aea449
Instruction ID: 7b35913dc592f16f98fde78eca4f9648ce7f21bffb5762be4309c1503c6b9228
Opcode Fuzzy Hash: d06e528db3b3443d98ef4c2923798ae62790d4403c4214c161278c5847aea449
Instruction Fuzzy Hash: 83D18C716083409FC314DF29C884AAFBBE8BFC8354F148A1EF99993251DB74E945CB96

Function 0042D3D0 Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 320windowCOMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 0042D3EE
SetCapture.USER32(?,?,?,?,?,?,?,?,?,0047D7C8,000000FF,0042CC2D,?,?,?,?), ref: 0042D40B

Part of subcall function 00476F46: __EH_prolog.LIBCMT ref: 00476F4B
Part of subcall function 00476F46: GetDC.USER32(?), ref: 00476F74

Part of subcall function 00440F80: GetWindowExtEx.GDI32(?,?), ref: 00440FA3

Part of subcall function 00476E74: GetWindowExtEx.GDI32(?,?), ref: 00476E85
Part of subcall function 00476E74: GetViewportExtEx.GDI32(?,?), ref: 00476E92
Part of subcall function 00476E74: MulDiv.KERNEL32(?,00000000,00000000), ref: 00476EB7
Part of subcall function 00476E74: MulDiv.KERNEL32(?,00000000,00000000), ref: 00476ED2

Part of subcall function 00476A05: SetMapMode.GDI32(?,?), ref: 00476A1E
Part of subcall function 00476A05: SetMapMode.GDI32(?,?), ref: 00476A2C

Part of subcall function 0047697A: SetROP2.GDI32(?,?), ref: 00476993
Part of subcall function 0047697A: SetROP2.GDI32(?,?), ref: 004769A1

Part of subcall function 0047691E: SetBkMode.GDI32(?,?), ref: 00476937
Part of subcall function 0047691E: SetBkMode.GDI32(?,?), ref: 00476945

Part of subcall function 0047725B: __EH_prolog.LIBCMT ref: 00477260
Part of subcall function 0047725B: CreatePen.GDI32(?,?,?), ref: 00477283

Part of subcall function 00476842: SelectObject.GDI32(00403985,00000000), ref: 00476864
Part of subcall function 00476842: SelectObject.GDI32(00403985,?), ref: 0047687A

GetCapture.USER32 ref: 0042D4D1
GetMessageA.USER32(?,00000000,00000000,00000000), ref: 0042D4F0
DispatchMessageA.USER32(?), ref: 0042D531
DispatchMessageA.USER32(?), ref: 0042D54D
ScreenToClient.USER32(?,?), ref: 0042D594
GetCapture.USER32 ref: 0042D5BC
ReleaseCapture.USER32 ref: 0042D5E4
ReleaseCapture.USER32 ref: 0042D640
DPtoLP.GDI32 ref: 0042D684
InvalidateRect.USER32(?,00000000,00000000,?,00000000,?,?,?,00000000,?,?,?), ref: 0042D70D
InvalidateRect.USER32(?,00000000,00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0042D79B

Strings

IH, xrefs: 0042D605

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Capture$Mode$Message$DispatchH_prologInvalidateObjectRectReleaseSelectWindow$ClientCreateScreenViewport
String ID: IH
API String ID: 453157188-3180177778
Opcode ID: 0714d464a8b4bd359ebab4bb6d0d3debe416ec059495fb58e239dfff2a7f9d69
Instruction ID: cd699a557315675f5b95aadaa2737eb4aa42f35581893d2b1731934d84c20047
Opcode Fuzzy Hash: 0714d464a8b4bd359ebab4bb6d0d3debe416ec059495fb58e239dfff2a7f9d69
Instruction Fuzzy Hash: 7AB1D171608710ABD314EB24D885E6FB7E8BFC4708F504A0EF19683290DB78E905CB6A

Function 00426830 Relevance: 24.8, APIs: 8, Strings: 6, Instructions: 282COMMON

Download Yara Rule

APIs

GetProfileStringA.KERNEL32(windows,device,,,,,?,000001F4), ref: 004268AF
GetProfileStringA.KERNEL32(devices,00000000,004B2160,?,00001000), ref: 004268E3
GetProfileStringA.KERNEL32(devices,?,,,,,?,000000C8), ref: 0042696A

Strings

device, xrefs: 004268A5
,,,, xrefs: 004268A0, 0042695F
devices, xrefs: 004268DE, 00426965
XHH, xrefs: 00426BB2
none, xrefs: 004269A0
windows, xrefs: 004268AA

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ProfileString
String ID: ,,,$XHH$device$devices$none$windows
API String ID: 1468043044-847119887
Opcode ID: 61659fa8bdc5dee999ce998cf4509afe19c0360c448c1e3b2ea605a6ef341ad8
Instruction ID: 7a58a704dc3abfc01da31ea460ade70e663cdbf280d61cc3706c3b82b1d70836
Opcode Fuzzy Hash: 61659fa8bdc5dee999ce998cf4509afe19c0360c448c1e3b2ea605a6ef341ad8
Instruction Fuzzy Hash: 91B1C7706083419BD320DF65D881FAFB7D4AF95718F400A1EF99593291EB789908CB6B

Function 0046ECE3 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 119registryclipboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047A078: TlsGetValue.KERNEL32(004B3F3C,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C,?,00000000,?,0046E0C1,00000000,00000000,00000000,00000000), ref: 0047A0B7

RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 0046ED3B
RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 0046ED47
RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 0046ED53
RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 0046ED5F
RegisterClipboardFormatA.USER32(commdlg_help), ref: 0046ED6B
RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 0046ED77

Part of subcall function 004746AD: SetWindowLongA.USER32(?,000000FC,00000000), ref: 004746DC

SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 0046EE6A

Strings

commdlg_SetRGBColor, xrefs: 0046ED6D
commdlg_LBSelChangedNotify, xrefs: 0046ED36
,?K, xrefs: 0046ECF9
commdlg_ColorOK, xrefs: 0046ED55
commdlg_help, xrefs: 0046ED61
commdlg_FileNameOK, xrefs: 0046ED49
commdlg_ShareViolation, xrefs: 0046ED3D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClipboardFormatRegister$LongMessageSendValueWindow
String ID: ,?K$commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
API String ID: 3913284445-1975221209
Opcode ID: b3ab7e7ee37a78c5e67713357a0cb8c28e93a40d322ec4685ba6f0f698d78aaf
Instruction ID: 1a6cd234ce7c8c5342bbb1f0dd82a5f22e7d1d6ab167165f2b5e9a0d3dc409ae
Opcode Fuzzy Hash: b3ab7e7ee37a78c5e67713357a0cb8c28e93a40d322ec4685ba6f0f698d78aaf
Instruction Fuzzy Hash: 2D41D034600204ABDF25AF26DC48BAE3BE1EB84344F10492BF905572A1E7799C91DB9E

Function 0045FBB1 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(USER32,?,?,?,0045FCEA), ref: 0045FBD3
GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 0045FBEB
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0045FBFC
GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 0045FC0D
GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 0045FC1E
GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 0045FC2F
GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0045FC40

Strings

MonitorFromPoint, xrefs: 0045FC18
MonitorFromWindow, xrefs: 0045FBF6
GetMonitorInfoA, xrefs: 0045FC3A
EnumDisplayMonitors, xrefs: 0045FC29
USER32, xrefs: 0045FBCE
GetSystemMetrics, xrefs: 0045FBE5
MonitorFromRect, xrefs: 0045FC07

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
API String ID: 667068680-2376520503
Opcode ID: 2c970b12608a57fe3b3844ed25bda85afea0ab8c3ee71347e33846ec0e6b6619
Instruction ID: 1e30d17f97cb9af94efe9516f651d20d04f7615b1dd92794ae14a0c446ea8b5a
Opcode Fuzzy Hash: 2c970b12608a57fe3b3844ed25bda85afea0ab8c3ee71347e33846ec0e6b6619
Instruction Fuzzy Hash: A211B470D44616AB83019F2AACC453EBEF4B24C7033644E3FD905D2291D7785A498B5E

Function 00435580 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 185windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 004355AE
FillRect.USER32(?,?,00000000), ref: 0043560E
FillRect.USER32(?,?,00000000), ref: 0043567E

Part of subcall function 004772AB: __EH_prolog.LIBCMT ref: 004772B0
Part of subcall function 004772AB: CreateSolidBrush.GDI32(?), ref: 004772CD

FillRect.USER32(?,?,00000000), ref: 004356F5
CreateCompatibleDC.GDI32(?), ref: 0043571D
SelectObject.GDI32(00000000,?), ref: 00435733
SetStretchBltMode.GDI32(?,00000000), ref: 00435765
StretchBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00435798
BitBlt.GDI32(?,00000000,?,?,?,00000000,00000000,00000000,00CC0020), ref: 004357C3
SelectObject.GDI32(00000000,?), ref: 004357CF
DeleteDC.GDI32(00000000), ref: 004357DC

Strings

<TH, xrefs: 0043561C
<TH, xrefs: 00435703

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Fill$CreateObjectSelectStretch$BrushClientCompatibleDeleteH_prologModeSolid
String ID: <TH$<TH
API String ID: 1645634290-2848078942
Opcode ID: 48987ec8aa3b595860f6a42d4276fd73ef4d50868130e4dac0fd613702a93b6b
Instruction ID: c6ade6169fa9bfe9a2c47d75640342268a942100452ad076bd9b55dc824462af
Opcode Fuzzy Hash: 48987ec8aa3b595860f6a42d4276fd73ef4d50868130e4dac0fd613702a93b6b
Instruction Fuzzy Hash: 97612B752047019FD764DF65C981FABB3E8BF88704F40891EF99A87281DB38E805CB25

Function 00437BA0 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 331threadCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00437D0B
CreateSemaphoreA.KERNEL32(00000000,00000014,00000014,00000000), ref: 00437D20
InitializeCriticalSection.KERNEL32(?), ref: 00437D4B
CreateThread.KERNEL32(00000000,00000000,00437F80,?,00000004,?), ref: 00437D80
EnterCriticalSection.KERNEL32(004B21F8), ref: 00437D92
LeaveCriticalSection.KERNEL32(004B21F8,-000000FC,00000000,00000000), ref: 00437F45
ResumeThread.KERNEL32(?), ref: 00437F53
ReleaseSemaphore.KERNEL32(?,00000014,00000000), ref: 00437F65

Strings

RIFF, xrefs: 00437BB4, 00437BC8
fmt , xrefs: 00437C24
data, xrefs: 00437C45
WAVE, xrefs: 00437BE1, 00437BF8

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateCriticalSection$SemaphoreThread$EnterEventInitializeLeaveReleaseResume
String ID: RIFF$WAVE$data$fmt
API String ID: 1802393137-4212202414
Opcode ID: 25596c230285131627915173ae6faef40b9212c985ae374a44f53a168141fece
Instruction ID: 97e0b8bd63b768236e605ebb1db396a17f3b929cd6bb8488d9d1777731b74962
Opcode Fuzzy Hash: 25596c230285131627915173ae6faef40b9212c985ae374a44f53a168141fece
Instruction Fuzzy Hash: F9B1F4B16043009BDB24DF64DD85B2B7795FB88318F144A2EF985A7381E7B8ED01CB99

Function 00403C90 Relevance: 19.9, APIs: 13, Instructions: 372COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6669ae6c1e5dcdb49ee5a6e4028b1b25ad3fb4a2b52a97d4214101558144542
Instruction ID: e890c3a7b6792d157708c3705914584803bffe0a38c7006240068e1a10be66c7
Opcode Fuzzy Hash: c6669ae6c1e5dcdb49ee5a6e4028b1b25ad3fb4a2b52a97d4214101558144542
Instruction Fuzzy Hash: 1CD18FB56047409FD720CF28C884A6BB7E9EB84318F10493EE656EB7D0C638ED82DB15

Function 00411900 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 310libraryregistryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,004B1758,00000000), ref: 004119E4
LoadLibraryA.KERNEL32(?,?,00000000,?,?,?,00497C6C,?,?,?,?,?,?,00000000,004B1758,00000000), ref: 00411A21
GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 00411A57
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,004B1758,00000000), ref: 00411A62
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,004B1758,00000000), ref: 00411A70
LoadTypeLib.OLEAUT32(00000000,00000000), ref: 00411B7D
RegisterTypeLib.OLEAUT32(00000000,00000000), ref: 00411BB2
CLSIDFromString.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,004B1758,00000000), ref: 00411C77
UnRegisterTypeLib.OLEAUT32(?,00000000,00000000,00000000,00000001), ref: 00411C93

Strings

DllUnregisterServer, xrefs: 00411A50, 00411A55
DllRegisterServer, xrefs: 00411A49

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$LoadType$FreeRegister$AddressFromProcString
String ID: DllRegisterServer$DllUnregisterServer
API String ID: 2476498075-2931954178
Opcode ID: 63fb9ddadcb19ba04d60d254eaad6279a81077386d6d8ade0c3eeaa579f62db4
Instruction ID: 272333a49205299c767085c52f7082d7df7666a0bca8613d8eb49513e6ffab23
Opcode Fuzzy Hash: 63fb9ddadcb19ba04d60d254eaad6279a81077386d6d8ade0c3eeaa579f62db4
Instruction Fuzzy Hash: 53B1C3B1901209EBDB10DFA4C845FEF7778EF44314F10851EF915AB291EB38AA45CBA9

Function 0041D4F0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 288COMMON

Download Yara Rule

APIs

CreateSolidBrush.GDI32(00FFFFFF), ref: 0041D64F
GetWindowRect.USER32(?), ref: 0041D679
GetStockObject.GDI32(00000005), ref: 0041D6A7
LoadCursorA.USER32(00000000,00007F00), ref: 0041D6B5
GetWindowRect.USER32(?,?), ref: 0041D723
GetWindowRect.USER32(?,?), ref: 0041D734
GetWindowRect.USER32(?,?), ref: 0041D749
GetSystemMetrics.USER32(00000001), ref: 0041D75F
GetWindowRect.USER32(?,?), ref: 0041D7EA
OffsetRect.USER32(?,00000000,?), ref: 0041D804

Strings

,CH, xrefs: 0041D610

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$BrushCreateCursorLoadMetricsObjectOffsetSolidStockSystem
String ID: ,CH
API String ID: 3805611468-1833284594
Opcode ID: be6bee6dc31a77596f9e95c3b87efd0d6baf8529f6dcb5fe63507f80b21fb75a
Instruction ID: 9d943dcaea90d3449ccde1704e4ebe328d7c21242116f6182285ca9aac36a7f7
Opcode Fuzzy Hash: be6bee6dc31a77596f9e95c3b87efd0d6baf8529f6dcb5fe63507f80b21fb75a
Instruction Fuzzy Hash: 30A19FB0604701AFD714DF75C885BBFB7E6ABC4708F10891EF25A87280DB78E8058B59

Function 00410F90 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 287libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(00000000,004A15C0), ref: 00410FF7
LoadLibraryA.KERNEL32(?,?,004B1928), ref: 004110E9
LoadLibraryA.KERNEL32(?,?), ref: 0041112F
LoadLibraryA.KERNEL32(?,?,004B1830,00000001), ref: 00411177
LoadLibraryA.KERNEL32(00000001), ref: 0041118D
GetProcAddress.KERNEL32(00000000,?), ref: 0041119F
FreeLibrary.KERNEL32(00000000), ref: 00411232

Strings

8zI, xrefs: 004111C1

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Library$Load$AddressProc$Free
String ID: 8zI
API String ID: 3120990465-266929522
Opcode ID: e4c480875916c0ace3a6226d78fba89ab01d9bd3e2d0d9c1b9c58ada3eff18c8
Instruction ID: 292469a124dbc02c5300c925e38ff60b64fba6fbc44e35398876d08fe2b9d8ca
Opcode Fuzzy Hash: e4c480875916c0ace3a6226d78fba89ab01d9bd3e2d0d9c1b9c58ada3eff18c8
Instruction Fuzzy Hash: 16A103B5601301ABD320DF65C881FABF3A8BF88314F044A2EF95597351DB38E945CB99

Function 00434680 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 130windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0043469B

Part of subcall function 0047499A: EnableWindow.USER32(?,00000000), ref: 004749A8

Part of subcall function 00474716: GetDlgItem.USER32(?,?), ref: 00474724

SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004346D5
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004346EC
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0043473D
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00434777
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004347A4
SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004347DA

Strings

XI, xrefs: 004347A9
LI, xrefs: 004347B0
dI, xrefs: 00434783
pI, xrefs: 0043477C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$EnableItemWindow
String ID: LI$XI$dI$pI
API String ID: 607626308-2681609796
Opcode ID: df28699aef0a32f7502b7cf7d0a29d0fde01119ac27fc1f571f874ce9eac1df7
Instruction ID: 79a8455aba906c4f1f86cb426192a054b6be0ad5775a76c2835413bf368b7e51
Opcode Fuzzy Hash: df28699aef0a32f7502b7cf7d0a29d0fde01119ac27fc1f571f874ce9eac1df7
Instruction Fuzzy Hash: 2D3155B538074067D634A6758C92FFB21599BC6B04F10952EF35E9F1C1DFA8B841875C

Function 00409240 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 130stringprocessCOMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,?), ref: 004092D8
lstrcatA.KERNEL32(?,\shell\open\command,80000000,.htm,?,?,?,?), ref: 00409317
lstrlenA.KERNEL32(?), ref: 0040936C
lstrcatA.KERNEL32(00000000,00497C80), ref: 004093B5
lstrcatA.KERNEL32(00000000,?), ref: 004093BD
WinExec.KERNEL32(?,?), ref: 004093C5

Part of subcall function 004705A7: InterlockedDecrement.KERNEL32(-000000F4), ref: 004705BB

Strings

mailto:, xrefs: 004092A6
"%1", xrefs: 0040933B
.htm, xrefs: 004092F0
open, xrefs: 004092D1
\shell\open\command, xrefs: 00409311

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: lstrcat$DecrementExecExecuteInterlockedShelllstrlen
String ID: "%1"$.htm$\shell\open\command$mailto:$open
API String ID: 51986957-2182632014
Opcode ID: 0220a9ca93d5c8eb7936107e803c8da07fbbae7ab3263d1dcdf5b533fc60a921
Instruction ID: 1cd6906017a86a97d5700713607bd7536b704271ce8a5fded02d35e888596afb
Opcode Fuzzy Hash: 0220a9ca93d5c8eb7936107e803c8da07fbbae7ab3263d1dcdf5b533fc60a921
Instruction Fuzzy Hash: 30411A71144302ABD724DF25DC84F9FB7E4AB88750F10492EF995A32C1E778AD05CB5A

Function 0041FDB0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 405COMMON

Download Yara Rule

APIs

InflateRect.USER32(?,?,?), ref: 0041FE56

Part of subcall function 0041FB80: SetRect.USER32(?,00000000,00000032,00000032,?), ref: 0041FC69
Part of subcall function 0041FB80: OffsetRect.USER32(?,?,?), ref: 0041FC76
Part of subcall function 0041FB80: IntersectRect.USER32(?,?,?), ref: 0041FC92
Part of subcall function 0041FB80: IsRectEmpty.USER32(?), ref: 0041FC9D

InflateRect.USER32(?,?,?), ref: 0041FEC9
CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 004200CD
GetClipRgn.GDI32(?,00000000), ref: 004200DC
CreatePolygonRgn.GDI32 ref: 0042015A
SelectClipRgn.GDI32(?,?), ref: 0042023D
CreatePolygonRgn.GDI32(?,00000005,00000002), ref: 00420260
SelectClipRgn.GDI32(?,?), ref: 004202E1
DeleteObject.GDI32(?), ref: 004202F7

Strings

gfff, xrefs: 0041FFBD

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClipCreate$InflatePolygonSelect$DeleteEmptyIntersectObjectOffset
String ID: gfff
API String ID: 1105800552-1553575800
Opcode ID: 9cdec7b4e2c64b84349ffc43d2c77e382b915c28cbbb0a64bbea20655e41733d
Instruction ID: cab940964a3220c9f4ccdfc3357c3d3833ec90aecc6716de62d3621f83430d76
Opcode Fuzzy Hash: 9cdec7b4e2c64b84349ffc43d2c77e382b915c28cbbb0a64bbea20655e41733d
Instruction Fuzzy Hash: C1F128706083419FD354CF29C880BABBBE5BBC9704F508A2EF98987391D774E849CB56

Function 004174F0 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 387windowCOMMON

Download Yara Rule

APIs

IsChild.USER32(?,?), ref: 00417528
GetParent.USER32(?), ref: 004175B9
IsWindow.USER32(?), ref: 004176EB
IsWindowVisible.USER32(?), ref: 004176FD

Part of subcall function 0047497F: IsWindowEnabled.USER32(?), ref: 00474989

GetParent.USER32(?), ref: 0041774E
IsChild.USER32(?,?), ref: 0041776E
GetParent.USER32(?), ref: 00417917
SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00417934
IsWindow.USER32(?), ref: 0041798F

Part of subcall function 0040D8A0: IsChild.USER32(?,?), ref: 0040D91D
Part of subcall function 0040D8A0: GetParent.USER32(?), ref: 0040D937

Strings

zA, xrefs: 0041760E

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ParentWindow$Child$EnabledMessageSendVisible
String ID: zA
API String ID: 2452671399-319258504
Opcode ID: 2114084a7e6ab10e7ad2c93cc43f5fb7dbb31d7af60439b8c25365ddbd8e8665
Instruction ID: 2154cf5cb7a97272aeb086cb947efa084c44b7646dd4265aa60e6ef300cedd65
Opcode Fuzzy Hash: 2114084a7e6ab10e7ad2c93cc43f5fb7dbb31d7af60439b8c25365ddbd8e8665
Instruction Fuzzy Hash: 66E1B4716083419FC720EF65C885BABB7B4BF85704F000A2EF99597381DB78E945CB9A

Function 0042A130 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

CopyRect.USER32(?,00000000), ref: 0042A1A7
IsRectEmpty.USER32(?), ref: 0042A1B2
GetClientRect.USER32(00000000,?), ref: 0042A1F1
DPtoLP.GDI32(?,?,00000002), ref: 0042A203
LPtoDP.GDI32(?,?,00000002), ref: 0042A240
CreateRectRgnIndirect.GDI32(?), ref: 0042A258
OffsetRect.USER32(?,?,?), ref: 0042A27D
LPtoDP.GDI32(?,?,00000002), ref: 0042A28F

Part of subcall function 0047725B: __EH_prolog.LIBCMT ref: 00477260
Part of subcall function 0047725B: CreatePen.GDI32(?,?,?), ref: 00477283

Part of subcall function 00476842: SelectObject.GDI32(00403985,00000000), ref: 00476864
Part of subcall function 00476842: SelectObject.GDI32(00403985,?), ref: 0047687A

Part of subcall function 00476806: GetStockObject.GDI32(?), ref: 0047680F
Part of subcall function 00476806: SelectObject.GDI32(00403985,00000000), ref: 00476829
Part of subcall function 00476806: SelectObject.GDI32(00403985,00000000), ref: 00476834

Part of subcall function 0047697A: SetROP2.GDI32(?,?), ref: 00476993
Part of subcall function 0047697A: SetROP2.GDI32(?,?), ref: 004769A1

Rectangle.GDI32(?,?,?,?,?), ref: 0042A303

Part of subcall function 00476C6F: SelectClipRgn.GDI32(?,00000000), ref: 00476C91
Part of subcall function 00476C6F: SelectClipRgn.GDI32(?,?), ref: 00476CA7

Part of subcall function 00477245: DeleteObject.GDI32(00000000), ref: 00477254

Part of subcall function 00476FB8: __EH_prolog.LIBCMT ref: 00476FBD
Part of subcall function 00476FB8: ReleaseDC.USER32(00000000,00000000), ref: 00476FDC

Strings

IH, xrefs: 0042A31D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ObjectSelect$Rect$ClipCreateH_prolog$ClientCopyDeleteEmptyIndirectOffsetRectangleReleaseStock
String ID: IH
API String ID: 2841338838-3180177778
Opcode ID: 142553d98b7656ecc13af4921b40a9fd377ef2ae5159dd3635afcf8747507cbc
Instruction ID: b0a34e55a0e78945db951b97a1e1cc0539c984331dd7533f3d4300f55458830a
Opcode Fuzzy Hash: 142553d98b7656ecc13af4921b40a9fd377ef2ae5159dd3635afcf8747507cbc
Instruction Fuzzy Hash: DB615B712087009FC314DF65D885EABB7E9EFC8708F408A1DF99693291DB78E908CB56

Function 0041ABE0 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 181windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004770AE: __EH_prolog.LIBCMT ref: 004770B3
Part of subcall function 004770AE: BeginPaint.USER32(?,?,?,?,00405BA9), ref: 004770DC

Part of subcall function 00476C5F: GetClipBox.GDI32(?,?), ref: 00476C66

IsRectEmpty.USER32(?), ref: 0041AC2D
GetSysColor.USER32(0000000F), ref: 0041AC3E

Part of subcall function 004772AB: __EH_prolog.LIBCMT ref: 004772B0
Part of subcall function 004772AB: CreateSolidBrush.GDI32(?), ref: 004772CD

Part of subcall function 00476842: SelectObject.GDI32(00403985,00000000), ref: 00476864
Part of subcall function 00476842: SelectObject.GDI32(00403985,?), ref: 0047687A

PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 0041AC88
GetClientRect.USER32(?,?), ref: 0041ACA1
LoadBitmapA.USER32(?,?), ref: 0041ACD8
GetObjectA.GDI32(?,00000018,?), ref: 0041AD27
CreateCompatibleDC.GDI32(?), ref: 0041AD4D
BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0041ADDF

Strings

?H, xrefs: 0041ACEC
?H, xrefs: 0041AE08

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$CreateH_prologRectSelect$BeginBitmapBrushClientClipColorCompatibleEmptyLoadPaintSolid
String ID: ?H$?H
API String ID: 1390316934-2892147715
Opcode ID: 4bf68567af614bd05e9f14c5e6802494b8d6a775b737a0c10a40fc259d005b18
Instruction ID: cb5b977293b82fba73b642ddf81524ff3dd68bd5bb13c12cf7a96f20ae379c12
Opcode Fuzzy Hash: 4bf68567af614bd05e9f14c5e6802494b8d6a775b737a0c10a40fc259d005b18
Instruction Fuzzy Hash: 00615A712183819FD324DF65C845F9FBBE9FBC4704F048A1DB59993281DB789908CB66

Function 00471377 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 172COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0047137C
GetSystemMetrics.USER32(0000002A), ref: 0047142D
GlobalLock.KERNEL32(?), ref: 004714B7
CreateDialogIndirectParamA.USER32(?,?,?,Function_000711BF,00000000), ref: 004714E9

Strings

MS Sans Serif, xrefs: 0047144E
MS Shell Dlg, xrefs: 0047143B
Helv, xrefs: 00471461

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
String ID: Helv$MS Sans Serif$MS Shell Dlg
API String ID: 2364537584-2894235370
Opcode ID: b6351baa0f73699c58349184bd38bd31d4a7d4530fd86e0fe1f479e1c9337a59
Instruction ID: cfa02847e200b6949a3590bbb47a59b5c6c6b1a9db8846d263ffdf533c7f7f1d
Opcode Fuzzy Hash: b6351baa0f73699c58349184bd38bd31d4a7d4530fd86e0fe1f479e1c9337a59
Instruction Fuzzy Hash: 4A618471900209EFCF14EFA8C8859EEBBB5BF04304F10852FF50AA62A1D7788E45CB59

Function 0041E720 Relevance: 16.8, APIs: 11, Instructions: 265windowCOMMON

Download Yara Rule

APIs

GetObjectA.GDI32(?,00000018,?), ref: 0041E75D
MulDiv.KERNEL32(?,?,00000064), ref: 0041E792
MulDiv.KERNEL32(?,?,00000064), ref: 0041E7BD
GetDeviceCaps.GDI32 ref: 0041E7F7
GetSystemPaletteEntries.GDI32(?,00000000,000000FF,00000004), ref: 0041E831
CreatePalette.GDI32(00000000), ref: 0041E83C
CreateCompatibleBitmap.GDI32(?,?,?), ref: 0041E89C
CreateCompatibleDC.GDI32(?), ref: 0041E8CF
CreateCompatibleDC.GDI32(?), ref: 0041E908
StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 0041E96B
GlobalFree.KERNEL32(00000000), ref: 0041EA33

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Create$Compatible$Palette$BitmapCapsDeviceEntriesFreeGlobalObjectStretchSystem
String ID:
API String ID: 3563226738-0
Opcode ID: d8b5135cc7f793aa660a3ef0399434660b72d5a04029d718e5d821ed7e712927
Instruction ID: 10e104ed6c5485b2bde02c455211d1b5ac695f26615c55610e0c576b0c46fe71
Opcode Fuzzy Hash: d8b5135cc7f793aa660a3ef0399434660b72d5a04029d718e5d821ed7e712927
Instruction Fuzzy Hash: A191D3751083449FC310EF66C885BAFB7E8AF95704F504A1EFA9583281DB78ED08CB5A

Function 00443390 Relevance: 16.8, APIs: 11, Instructions: 258COMMON

Download Yara Rule

APIs

GetTextExtentPoint32A.GDI32(?,?,?,00000090), ref: 0044340F
GetTextExtentPoint32A.GDI32(?,?,?,00000090), ref: 00443434
GetWindowRect.USER32(?,?), ref: 004434BE
SetRect.USER32(00000080,?,?,?,?), ref: 004434F3
SetRect.USER32(00000070,?,?,?,?), ref: 00443538
SetRect.USER32(00000060,?,?,?,?), ref: 004435AB
GetSystemMetrics.USER32(00000001), ref: 004435D6
GetSystemMetrics.USER32(00000000), ref: 004435DC
OffsetRect.USER32(00000080,00000000,00000000), ref: 004435F4
OffsetRect.USER32(00000080,00000000,00000000), ref: 00443602
OffsetRect.USER32(00000080,00000000,00000000), ref: 00443614

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$ExtentMetricsPoint32SystemText$Window
String ID:
API String ID: 1551820068-0
Opcode ID: 10a3f87a1a0b13feba1d3d8b2a04fbdac6cb092d6247d9018fcb56bc663a36ec
Instruction ID: 2b1e59e15001f53078b9adeebbf047b71cea7ef503d056d7e84395d53b21724a
Opcode Fuzzy Hash: 10a3f87a1a0b13feba1d3d8b2a04fbdac6cb092d6247d9018fcb56bc663a36ec
Instruction Fuzzy Hash: 1D913771200B019FD318CF29C985A6AF7E6FF88B04F048A2DA95AC7754EB74FD098B54

Function 0040BD30 Relevance: 16.7, APIs: 11, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetCurrentObject.GDI32(?,00000001), ref: 0040BD69
GetCurrentObject.GDI32(?,00000002), ref: 0040BDB3
GetCurrentObject.GDI32(?,00000006), ref: 0040BDFD
GetTextColor.GDI32(?), ref: 0040BE3C
GetBkMode.GDI32(?), ref: 0040BE66
GetBkColor.GDI32(?), ref: 0040BE85
GetBkMode.GDI32(?), ref: 0040BEA8
GetBkColor.GDI32(?), ref: 0040BEC7
GetROP2.GDI32(?), ref: 0040BEEF
GetStretchBltMode.GDI32(?), ref: 0040BF10
GetPolyFillMode.GDI32(?), ref: 0040BF3C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Mode$ColorCurrentObject$FillPolyStretchText
String ID:
API String ID: 544274770-0
Opcode ID: ebe9beefad3f2bfffc0a772219a4d4fc17d41aeaf418afc1f274317b058c6d18
Instruction ID: 49f0b54e706b0c2baf450f4bff8fb4f90a6157630ea4d93609a7ba80a744b7a4
Opcode Fuzzy Hash: ebe9beefad3f2bfffc0a772219a4d4fc17d41aeaf418afc1f274317b058c6d18
Instruction Fuzzy Hash: A3512271210A019BC764DB74D888BEBB3A5EF84701F144A2DE65F972A0DB39B845CB9C

Function 004329B0 Relevance: 16.6, APIs: 11, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004770AE: __EH_prolog.LIBCMT ref: 004770B3
Part of subcall function 004770AE: BeginPaint.USER32(?,?,?,?,00405BA9), ref: 004770DC

GetClientRect.USER32(?,?), ref: 004329ED
CreateCompatibleBitmap.GDI32 ref: 00432A22
CreateCompatibleDC.GDI32(?), ref: 00432A52

Part of subcall function 004767EF: SelectObject.GDI32(?,?), ref: 004767F7

PatBlt.GDI32(?,00000000,00000000,?,?,00000042), ref: 00432A8A
GetObjectA.GDI32(00000000,00000018,?), ref: 00432AA5
CreateCompatibleDC.GDI32(?), ref: 00432AB0
SelectObject.GDI32(00000000,00000000), ref: 00432AC0
BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00432AE3
SelectObject.GDI32(00000000,?), ref: 00432AEF
DeleteDC.GDI32(00000000), ref: 00432AF2
BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00432B1B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$CompatibleCreateSelect$BeginBitmapClientDeleteH_prologPaintRect
String ID:
API String ID: 1593221388-0
Opcode ID: bb5a69dd6e2e3ab3a61349dca525b45620f22129a8448d82440b45c00f6e4be3
Instruction ID: 79a204edc29b98b9e4ec52af14ac59d79986b44e2bf2cc919541962d9e910fda
Opcode Fuzzy Hash: bb5a69dd6e2e3ab3a61349dca525b45620f22129a8448d82440b45c00f6e4be3
Instruction Fuzzy Hash: EF514A71218341AFD350DF64DC85F6BBBE8EBC9704F40492DB68987281D7B8E808CB66

Function 00406090 Relevance: 15.4, APIs: 10, Instructions: 430COMMON

Download Yara Rule

APIs

Part of subcall function 004770AE: __EH_prolog.LIBCMT ref: 004770B3
Part of subcall function 004770AE: BeginPaint.USER32(?,?,?,?,00405BA9), ref: 004770DC

Part of subcall function 00476C5F: GetClipBox.GDI32(?,?), ref: 00476C66

IsRectEmpty.USER32(?), ref: 004060D7
GetClientRect.USER32(?,?), ref: 004060EF
InflateRect.USER32(?,?,?), ref: 004061AD
IntersectRect.USER32(?,?,?), ref: 00406217
CreateRectRgn.GDI32(?,?,?,?), ref: 00406231
FillRgn.GDI32(?,?,?), ref: 004063F0
GetCurrentObject.GDI32(?,00000006), ref: 0040646F

Part of subcall function 00476806: GetStockObject.GDI32(?), ref: 0047680F
Part of subcall function 00476806: SelectObject.GDI32(00403985,00000000), ref: 00476829
Part of subcall function 00476806: SelectObject.GDI32(00403985,00000000), ref: 00476834

OffsetRect.USER32(?,00000001,00000001), ref: 0040654D
OffsetRect.USER32(?,00000002,00000002), ref: 004065E1
OffsetRect.USER32(?,00000001,00000001), ref: 00406594

Part of subcall function 004769D6: SetTextColor.GDI32(?,?), ref: 004769F0
Part of subcall function 004769D6: SetTextColor.GDI32(?,?), ref: 004769FE

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Object$Offset$ColorSelectText$BeginClientClipCreateCurrentEmptyFillH_prologInflateIntersectPaintStock
String ID:
API String ID: 4264835570-0
Opcode ID: 0c000a5ad8dc774a6b2733f4b08af90f90c19ba0b1c6db3a01b4af4f8eb26f4c
Instruction ID: f2a151051de9cf4255a44d9c80eb44233a0fc21e37943477de4c644cf2876927
Opcode Fuzzy Hash: 0c000a5ad8dc774a6b2733f4b08af90f90c19ba0b1c6db3a01b4af4f8eb26f4c
Instruction Fuzzy Hash: F8027A711087809FD324DF65C884AABB7E9BFC8304F004D2EF59A97291DB78E949CB56

Function 0040B310 Relevance: 15.3, APIs: 10, Instructions: 316windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0040B34F
CreateCompatibleBitmap.GDI32 ref: 0040B3AB
CreateCompatibleDC.GDI32(?), ref: 0040B3DB
CreateRectRgn.GDI32(00000000,00000000,00000001,?), ref: 0040B470
SetRect.USER32(?,00000000,00000000,00000001,?), ref: 0040B499

Part of subcall function 00406740: __ftol.LIBCMT ref: 00406865
Part of subcall function 00406740: __ftol.LIBCMT ref: 00406872

FillRgn.GDI32(?,?,?), ref: 0040B516
PatBlt.GDI32(?,00000000,00000000,00000001,?,00F00021), ref: 0040B589

Part of subcall function 00402ED0: GetSysColor.USER32(0000000F), ref: 00402EDD

Part of subcall function 004772AB: __EH_prolog.LIBCMT ref: 004772B0
Part of subcall function 004772AB: CreateSolidBrush.GDI32(?), ref: 004772CD

GetObjectA.GDI32(?,00000018,?), ref: 0040B605
CreateCompatibleDC.GDI32(?), ref: 0040B643
BitBlt.GDI32(?,00000000,00000000,00000001,?,?,00000000,00000000,00CC0020), ref: 0040B6A2

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Create$CompatibleRect$__ftol$BitmapBrushClientColorFillH_prologObjectSolid
String ID:
API String ID: 2289681609-0
Opcode ID: 1f58541e35616de0b992c2630637c5a11918eb333bddb91317fc48210a3b29ac
Instruction ID: 92fba4c5161485cacc49aba472f1c234428f5b32cf48e70d2bc407006bcafbdf
Opcode Fuzzy Hash: 1f58541e35616de0b992c2630637c5a11918eb333bddb91317fc48210a3b29ac
Instruction Fuzzy Hash: EAC19E711083419FD314DB65C885BABB7E9EB94708F048D2EF589D3291DB78E908CB5A

Function 0040AF00 Relevance: 15.2, APIs: 10, Instructions: 198windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004770AE: __EH_prolog.LIBCMT ref: 004770B3
Part of subcall function 004770AE: BeginPaint.USER32(?,?,?,?,00405BA9), ref: 004770DC

Part of subcall function 00476C5F: GetClipBox.GDI32(?,?), ref: 00476C66

GetClientRect.USER32(?,?), ref: 0040AF4E
IntersectRect.USER32(?,?,?), ref: 0040AF66
IsRectEmpty.USER32(?), ref: 0040AF96
GetObjectA.GDI32(?,00000018,?), ref: 0040AFCD
CreateCompatibleDC.GDI32(?), ref: 0040AFF3
IntersectRect.USER32(?,?,?), ref: 0040B048
IsRectEmpty.USER32(?), ref: 0040B053
BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 0040B091
DPtoLP.GDI32(?,?,00000002), ref: 0040B116
IsWindow.USER32(?), ref: 0040B178

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$EmptyIntersect$BeginClientClipCompatibleCreateH_prologObjectPaintWindow
String ID:
API String ID: 29348440-0
Opcode ID: b8ae2ad6f3e42c4abae0a13a33ab4ddcb640ba39e3e3cca729aeb523880cdbb2
Instruction ID: ac006753c7ad013737137edd216ad75a50713dd6dcdf276eea2ebb59a984c2da
Opcode Fuzzy Hash: b8ae2ad6f3e42c4abae0a13a33ab4ddcb640ba39e3e3cca729aeb523880cdbb2
Instruction Fuzzy Hash: AA8109B55087459FC324DF25C884AABB7E9FFC8704F008E2EF5AA93251D734A909CB56

Function 0041BDC0 Relevance: 15.2, APIs: 10, Instructions: 179COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 0041BDDD
GetWindowRect.USER32(?,?), ref: 0041BDEC
IntersectRect.USER32(?,?,?), ref: 0041BE45
EqualRect.USER32(?,?), ref: 0041BE75
GetWindowRect.USER32(?,?), ref: 0041BE93
OffsetRect.USER32(?,?,?), ref: 0041BF0A
OffsetRect.USER32(?,?,00000000), ref: 0041BF24
OffsetRect.USER32(?,?,00000000), ref: 0041BF3C
OffsetRect.USER32(?,00000000,?), ref: 0041BF56
OffsetRect.USER32(?,00000000,?), ref: 0041BF6E

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$Window$EqualIntersect
String ID:
API String ID: 2638238157-0
Opcode ID: 5713e763b1c3f0283254f92b469b661b750d9db78af61cb6d825a9aaa3ec4cb3
Instruction ID: e9c400bedcc0982e1255ff04ca38588ddd441648b2d128e30d2a7a7da9c22064
Opcode Fuzzy Hash: 5713e763b1c3f0283254f92b469b661b750d9db78af61cb6d825a9aaa3ec4cb3
Instruction Fuzzy Hash: F051F9756183069FC708CF28C9849ABBBE9EBC8744F004A2EF985D3354D774ED498B92

Function 00433430 Relevance: 15.1, APIs: 10, Instructions: 86COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000002E), ref: 00433441
GetSystemMetrics.USER32(0000002D), ref: 00433447
GetSystemMetrics.USER32(0000000A), ref: 0043344D
GetSystemMetrics.USER32(0000000A), ref: 00433458
GetSystemMetrics.USER32(00000009), ref: 00433466
GetSystemMetrics.USER32(00000009), ref: 00433472
GetWindowRect.USER32(?,?), ref: 00433497
GetParent.USER32(?), ref: 0043349D
GetWindowRect.USER32(?,00000000), ref: 004334C2
SetRect.USER32(?,?,00000000,?,?), ref: 004334F4

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MetricsSystem$Rect$Window$Parent
String ID:
API String ID: 3457858938-0
Opcode ID: 1fc3c62feb7589a18e06e32fcaba456aeff1e5add8e665e100bfc1d2a79dfcb2
Instruction ID: 9b21a4c3ec3dd5183a517d8800a57c39551721b69be6ce9c1974b9106ea5e618
Opcode Fuzzy Hash: 1fc3c62feb7589a18e06e32fcaba456aeff1e5add8e665e100bfc1d2a79dfcb2
Instruction Fuzzy Hash: 49218DB1A143096BDB04DF68DC8596F77A9EBC8700F00492EB945D3284DB78ED098BA6

Function 0046503C Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 004650A9
GetStdHandle.KERNEL32(000000F4,0048AA2C,00000000,00000000,00000000,?), ref: 0046517F
WriteFile.KERNEL32(00000000), ref: 00465186

Strings

)J, xrefs: 0046504A
..., xrefs: 004650FB
<program name unknown>, xrefs: 004650B9
Microsoft Visual C++ Runtime Library, xrefs: 00465155
Runtime Error!Program: , xrefs: 0046510F

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$HandleModuleNameWrite
String ID: )J$...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 3784150691-1692631261
Opcode ID: f7a8913126b92cac94628db3fb962fb47becd38017a9eb71593789dd9016b66c
Instruction ID: d4570640650dc9f5bf7ddb13e209ad73638fa1c0360c3224e5fbc1be3498d4db
Opcode Fuzzy Hash: f7a8913126b92cac94628db3fb962fb47becd38017a9eb71593789dd9016b66c
Instruction Fuzzy Hash: E931C3B2A002086FEF24EA64CD46FEF37ACAF46704F10056BF545D6151F6B8EA448B5B

Function 00476454 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000011), ref: 00476470
GetStockObject.GDI32(0000000D), ref: 00476478
GetObjectA.GDI32(00000000,0000003C,?), ref: 00476485
GetDC.USER32(00000000), ref: 00476494
GetDeviceCaps.GDI32(00000000,0000005A), ref: 004764AB
MulDiv.KERNEL32(?,00000048,00000000), ref: 004764B7
ReleaseDC.USER32(00000000,00000000), ref: 004764C2

Strings

System, xrefs: 00476469, 004764D8

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$Stock$CapsDeviceRelease
String ID: System
API String ID: 46613423-3470857405
Opcode ID: a9abf50719c08abffbb5c2a0b3437b7d2749e6344ab07561ee342da325e2c7ae
Instruction ID: 6682722464df7b08475c80e8dc8e02028e46e7572b59987396e9db1d22503532
Opcode Fuzzy Hash: a9abf50719c08abffbb5c2a0b3437b7d2749e6344ab07561ee342da325e2c7ae
Instruction Fuzzy Hash: 1C118631A40318AFEB509BA1DD45FEE3BB9EF05754F00842AFA09E62C0D7749D058769

Function 0046C4E1 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,00465160,?,Microsoft Visual C++ Runtime Library,00012010,?,0048AA2C,?,0048AA7C,?,?,?,Runtime Error!Program: ), ref: 0046C4F3
GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0046C50B
GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0046C51C
GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0046C529

Strings

user32.dll, xrefs: 0046C4EE
MessageBoxA, xrefs: 0046C505
GetActiveWindow, xrefs: 0046C516
GetLastActivePopup, xrefs: 0046C51E

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
API String ID: 2238633743-4044615076
Opcode ID: d7a6aa2c7410a939721d32f88c6b37d4515602432f1bd9052238e6ea15634503
Instruction ID: afe5f92af65d0d0818c07da273e97dca8d9daf095653506b411aecee6db93ecb
Opcode Fuzzy Hash: d7a6aa2c7410a939721d32f88c6b37d4515602432f1bd9052238e6ea15634503
Instruction Fuzzy Hash: B9018835740731BF8721EFB99CC497B3AD8DAC5780310493BE641C2222EB78E9059B5D

Function 00406740 Relevance: 13.8, APIs: 9, Instructions: 272COMMON

Download Yara Rule

APIs

Part of subcall function 004207B0: CreateDIBitmap.GDI32(?,?,00000004,?,?,00000000), ref: 0042083C
Part of subcall function 004207B0: CreateCompatibleDC.GDI32(?), ref: 0042084E
Part of subcall function 004207B0: CreateCompatibleDC.GDI32(?), ref: 00420857
Part of subcall function 004207B0: SelectObject.GDI32(00000000,?), ref: 00420866
Part of subcall function 004207B0: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00420879
Part of subcall function 004207B0: SelectObject.GDI32(?,00000000), ref: 00420889
Part of subcall function 004207B0: BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 004208A9
Part of subcall function 004207B0: SelectObject.GDI32(00000000,?), ref: 004208B5
Part of subcall function 004207B0: DeleteDC.GDI32(00000000), ref: 004208C2
Part of subcall function 004207B0: SelectObject.GDI32(?,?), ref: 004208CA
Part of subcall function 004207B0: DeleteDC.GDI32(?), ref: 004208D1

__ftol.LIBCMT ref: 00406865
__ftol.LIBCMT ref: 00406872
CreateRectRgn.GDI32(00000000,?,00000000,?), ref: 004068E4
CombineRgn.GDI32(?,?,004838F0,00000004), ref: 0040690A
SetRect.USER32(?,00000000,?,?,?), ref: 00406956
IntersectRect.USER32(?,?,?), ref: 0040696E
IsRectEmpty.USER32(?), ref: 00406999
CreateRectRgn.GDI32(00000000,?,?,00000000), ref: 00406A3E
CombineRgn.GDI32(?,?,004838F0,00000004), ref: 00406A64

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Create$Rect$ObjectSelect$Compatible$BitmapCombineDelete__ftol$EmptyIntersect
String ID:
API String ID: 909876544-0
Opcode ID: 46454e226dd9533ba38606e7a72cf033ad24b17b82ecfe5a94b55f7930a0f06d
Instruction ID: e211df33221085cb184f8b73a2e349995ce7547dff75defd567102ff42d45566
Opcode Fuzzy Hash: 46454e226dd9533ba38606e7a72cf033ad24b17b82ecfe5a94b55f7930a0f06d
Instruction Fuzzy Hash: 04A19EB16083419FC320DF68C884A5FBBE5FBC4744F508A2DF59993291EB74E848CB96

Function 0046CD21 Relevance: 13.7, APIs: 9, Instructions: 221COMMON

Download Yara Rule

APIs

CompareStringW.KERNEL32(00000000,00000000,0048ACBC,00000001,0048ACBC,00000001,00000000,006F11BC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00460803), ref: 0046CD5F
CompareStringA.KERNEL32(00000000,00000000,0048ACB8,00000001,0048ACB8,00000001), ref: 0046CD7C
CompareStringA.KERNEL32(00451906,00000000,00000000,00000000,00460803,00000000,00000000,006F11BC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00460803), ref: 0046CDDA
GetCPInfo.KERNEL32(00000000,00000000,00000000,006F11BC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,00460803,00000000), ref: 0046CE2B
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000), ref: 0046CEAA
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 0046CF0B
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,?,00000000,00000000), ref: 0046CF1E
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0046CF6A
CompareStringW.KERNEL32(00451906,00000000,00000000,00000000,?,00000000,?,00000000), ref: 0046CF82

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharCompareMultiStringWide$Info
String ID:
API String ID: 1651298574-0
Opcode ID: 027c9cb99b19c7deaeeee51f91c900399f0fc54195bbc2af0bd5afe69b7c6f59
Instruction ID: 6512278f98647ddcd06165c418795f5f10eb812de6e9124aacee94d6a1b242a0
Opcode Fuzzy Hash: 027c9cb99b19c7deaeeee51f91c900399f0fc54195bbc2af0bd5afe69b7c6f59
Instruction Fuzzy Hash: 8771A271A00249AFCF219F54CC859BF7FB6FB05354F14452BF991A2260E33A8C51DBAA

Function 00468564 Relevance: 13.7, APIs: 9, Instructions: 177COMMON

Download Yara Rule

APIs

LCMapStringW.KERNEL32(00000000,00000100,0048ACBC,00000001,00000000,00000000,76F8E860,004B4688,?,?,?,00461D7D,?,?,?,00000000), ref: 004685A6
LCMapStringA.KERNEL32(00000000,00000100,0048ACB8,00000001,00000000,00000000,?,?,00461D7D,?,?,?,00000000,00000001), ref: 004685C2
LCMapStringA.KERNEL32(?,?,?,00461D7D,?,?,76F8E860,004B4688,?,?,?,00461D7D,?,?,?,00000000), ref: 0046860B
MultiByteToWideChar.KERNEL32(?,004B4689,?,00461D7D,00000000,00000000,76F8E860,004B4688,?,?,?,00461D7D,?,?,?,00000000), ref: 00468643
MultiByteToWideChar.KERNEL32(00000000,00000001,?,00461D7D,?,00000000,?,?,00461D7D,?), ref: 0046869B
LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,00461D7D,?), ref: 004686B1
LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00461D7D,?), ref: 004686E4
LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00461D7D,?), ref: 0046874C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: String$ByteCharMultiWide
String ID:
API String ID: 352835431-0
Opcode ID: af6c8c6861ef426a4bc14e29f6e4fa9c51a6184317f28029e8d273a7942d7889
Instruction ID: c1221af98f75d413aef5af1f2e483a80afc17e6337684ee8884a44882e16048c
Opcode Fuzzy Hash: af6c8c6861ef426a4bc14e29f6e4fa9c51a6184317f28029e8d273a7942d7889
Instruction Fuzzy Hash: 41517E31900249BFCF228F54CC45ADF7BB5FB48750F24422EF915A1261EB3A8D61DB6A

Function 0041BB50 Relevance: 13.6, APIs: 9, Instructions: 118COMMON

Download Yara Rule

APIs

GetCapture.USER32 ref: 0041BB56
ClientToScreen.USER32(?,?), ref: 0041BB93
OffsetRect.USER32(?,?,?), ref: 0041BBBC
GetParent.USER32(?), ref: 0041BBC2

Part of subcall function 00476DB4: ScreenToClient.USER32(?,?), ref: 00476DC8
Part of subcall function 00476DB4: ScreenToClient.USER32(?,?), ref: 00476DD1

GetClientRect.USER32(?,?), ref: 0041BBE5
OffsetRect.USER32(?,?,00000000), ref: 0041BC03
OffsetRect.USER32(?,?,00000000), ref: 0041BC1B
OffsetRect.USER32(?,00000000,?), ref: 0041BC39
OffsetRect.USER32(?,00000000,?), ref: 0041BC59

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$Client$Screen$CaptureParent
String ID:
API String ID: 838496554-0
Opcode ID: cd62c78cf6dc149562cc4b2e68b7517e18ec0d45e791749e83a4145b0c4327ca
Instruction ID: 943433e04ab590da0a2c493917737fde24330a589692ae5fcb68bbac9551d935
Opcode Fuzzy Hash: cd62c78cf6dc149562cc4b2e68b7517e18ec0d45e791749e83a4145b0c4327ca
Instruction Fuzzy Hash: D041D575204301AFD708DF69D984D6FB7E9EBC8700F008A1DF986C3255DB74ED088A66

Function 0047165B Relevance: 13.6, APIs: 9, Instructions: 113COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00471660
FindResourceA.KERNEL32(?,00000000,00000005), ref: 00471698
LoadResource.KERNEL32(?,00000000,?,?,?,00000000), ref: 004716A0

Part of subcall function 0047249B: UnhookWindowsHookEx.USER32(?), ref: 004724C0

LockResource.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 004716AD
IsWindowEnabled.USER32(?), ref: 004716E0
EnableWindow.USER32(?,00000000), ref: 004716EE
EnableWindow.USER32(?,00000001), ref: 0047177C
GetActiveWindow.USER32 ref: 00471787
SetActiveWindow.USER32(?,?,?,00000000,?,?,?,00000000), ref: 00471795

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Resource$ActiveEnable$EnabledFindH_prologHookLoadLockUnhookWindows
String ID:
API String ID: 401145483-0
Opcode ID: a1729588f7d08483d917b5320867740001954bf0ec27dd1bbb80629eab1221ee
Instruction ID: 042d070253d67486ebe34e1a17f633dbb7d11c37e9f07ce4c16387109b04f622
Opcode Fuzzy Hash: a1729588f7d08483d917b5320867740001954bf0ec27dd1bbb80629eab1221ee
Instruction Fuzzy Hash: BE41C530A00604DFCB25AF69CD49AEFB7B5EF44715F10851FF509622A1CB798D41CB69

Function 00419340 Relevance: 13.6, APIs: 9, Instructions: 85windowCOMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,?,00000001,?,?,?,?), ref: 0041935A
GetTopWindow.USER32(?), ref: 00419360
IsWindowVisible.USER32(00000000), ref: 00419371
GetWindowLongA.USER32(00000000,000000EC), ref: 00419382
GetClientRect.USER32(00000000,?), ref: 004193D5
IntersectRect.USER32(?,?,?), ref: 004193EA
IsRectEmpty.USER32(?), ref: 004193F5
InvalidateRect.USER32(00000000,00000000,00000000,?,?,?,?), ref: 00419406
GetWindow.USER32(00000000,00000002), ref: 0041940B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$Invalidate$ClientEmptyIntersectLongVisible
String ID:
API String ID: 938479747-0
Opcode ID: 77eafb3fdcef57ec52fe0c6b98985130a6b5bb6820e3f473d0cd2661879ed936
Instruction ID: 372f74625ba37a9c9bab90f68d5cec8a6be69dd271098e6d7260813cea2ac355
Opcode Fuzzy Hash: 77eafb3fdcef57ec52fe0c6b98985130a6b5bb6820e3f473d0cd2661879ed936
Instruction Fuzzy Hash: 3B216B71204716ABD310DF55C894DAFB7ACFF88704F044A2EF94593241DB38ED4A8BAA

Function 0046E8BB Relevance: 13.6, APIs: 9, Instructions: 80windowstringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,?,?,0000000C,?,?,0041D979,?,-00000001,00000000,?,?,?,0049CBD8), ref: 0046E8C5
GetFocus.USER32 ref: 0046E8E0

Part of subcall function 0047249B: UnhookWindowsHookEx.USER32(?), ref: 004724C0

IsWindowEnabled.USER32(?), ref: 0046E909
EnableWindow.USER32(?,00000000), ref: 0046E91B
GetOpenFileNameA.COMDLG32(?,?), ref: 0046E946
GetSaveFileNameA.COMDLG32(?,?), ref: 0046E94D
EnableWindow.USER32(?,00000001), ref: 0046E964
IsWindow.USER32(?), ref: 0046E96A
SetFocus.USER32(?), ref: 0046E978

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$EnableFileFocusName$EnabledHookOpenSaveUnhookWindowslstrlen
String ID:
API String ID: 3606897497-0
Opcode ID: 9e010be50f600b3e7c02bce892139cc7005d2e1c0f941e0519e7490b8b0a7ed8
Instruction ID: 935ae49f3540fdc81fc72e48a4a9e5f3d7e42b10cc14f838fd451876b61016fe
Opcode Fuzzy Hash: 9e010be50f600b3e7c02bce892139cc7005d2e1c0f941e0519e7490b8b0a7ed8
Instruction Fuzzy Hash: 62219575210700ABD760AF73DC4AB5F77E9AF40314F00482FF54581261EBB9D809CB5A

Function 00433B90 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00433BBC

Part of subcall function 0047031C: InterlockedIncrement.KERNEL32(-000000F4), ref: 00470331

OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 00433BED
DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00433C35
DocumentPropertiesA.WINSPOOL.DRV(?,?,?,00000000,00000000,0000000E), ref: 00433CCB
ClosePrinter.WINSPOOL.DRV(?,?,?,?,00000000,00000000,0000000E), ref: 00433D00

Part of subcall function 004705A7: InterlockedDecrement.KERNEL32(-000000F4), ref: 004705BB

Strings

,SH, xrefs: 00433D0E

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DocumentInterlockedProperties$CloseDecrementIncrementMessageOpenPrinterPrinter.Send
String ID: ,SH
API String ID: 1978028495-663200163
Opcode ID: fc6c3ed0c16b40a023b8b40bf94c86fd7a1283041c478dc858552b94d01f5a8a
Instruction ID: 582ad251c7764e85f439a603e7aa3a776ddd07379ca73e100c2c99a31e4e6754
Opcode Fuzzy Hash: fc6c3ed0c16b40a023b8b40bf94c86fd7a1283041c478dc858552b94d01f5a8a
Instruction Fuzzy Hash: 364138B5104345ABC720DF25CC85EEF7BA9EFC8724F00491DF84987281D7389949C76A

Function 0041DF70 Relevance: 12.4, APIs: 8, Instructions: 368windowCOMMON

Download Yara Rule

APIs

CreatePopupMenu.USER32 ref: 0041E0EE
AppendMenuA.USER32(?,?,00000000,?), ref: 0041E251
AppendMenuA.USER32(?,00000000,00000000,?), ref: 0041E289
ModifyMenuA.USER32(?,00000000,00000000,00000000,00000000), ref: 0041E2A7
AppendMenuA.USER32(?,?,00000000,?), ref: 0041E305
ModifyMenuA.USER32(?,?,?,?,?), ref: 0041E32A
AppendMenuA.USER32(?,?,?,?), ref: 0041E372
ModifyMenuA.USER32(?,?,?,?,?), ref: 0041E397

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Append$Modify$CreatePopup
String ID:
API String ID: 3846898120-0
Opcode ID: 196b36acac9d07339ca61bbc84f7970ad74365544ebaa6b32872ad9756670695
Instruction ID: 8b3e834448c35032a25e82a951e330096b3ccfe0877f3880fad844ccd4a253c4
Opcode Fuzzy Hash: 196b36acac9d07339ca61bbc84f7970ad74365544ebaa6b32872ad9756670695
Instruction Fuzzy Hash: 51D1BB75A043109BC714DF1AC884AABBBE8FF89714F14492DF98993391D778ED40CB9A

Function 00424E60 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93networkCOMMON

Download Yara Rule

APIs

accept.WS2_32 ref: 00424EA4

Strings

%s:%d, xrefs: 00424F1E
P, xrefs: 00424E9C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: accept
String ID: %s:%d$P
API String ID: 3005279540-612342447
Opcode ID: 5ebe115ef1d740c4d945f2ab4da3d9522b613f3104f956d1521670d9118dbac6
Instruction ID: e329dc237b03b6856b97d7cf978a957f5db61b949cee719011f37732d0af98ab
Opcode Fuzzy Hash: 5ebe115ef1d740c4d945f2ab4da3d9522b613f3104f956d1521670d9118dbac6
Instruction Fuzzy Hash: FA3170712146015FE350EB28EC88DBFB3A8FFD0324F004E2EF5A5922D0EA74991E8B55

Function 0045E2E0 Relevance: 12.3, APIs: 8, Instructions: 306COMMON

Download Yara Rule

APIs

__ftol.LIBCMT ref: 0045E638
__ftol.LIBCMT ref: 0045E655
__ftol.LIBCMT ref: 0045E671
__ftol.LIBCMT ref: 0045E68B
__ftol.LIBCMT ref: 0045E6A9
__ftol.LIBCMT ref: 0045E6C7
__ftol.LIBCMT ref: 0045E6E3
__ftol.LIBCMT ref: 0045E6FD

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: __ftol
String ID:
API String ID: 495808979-0
Opcode ID: f440ddf5a27838e8a1487d592e2116f6d3757909467b45ecb861b5440ead8cc6
Instruction ID: fa7664318a5b0f9919e517d9dde48b868770c1e2a3dd9c1f7683fb16961d97dc
Opcode Fuzzy Hash: f440ddf5a27838e8a1487d592e2116f6d3757909467b45ecb861b5440ead8cc6
Instruction Fuzzy Hash: B9D121B2908342DFD3419F22D08925ABBF0FFD5744FA6099DE0D56626AE3318578CF86

Function 00440DB0 Relevance: 12.2, APIs: 8, Instructions: 162COMMON

Download Yara Rule

APIs

GetDeviceCaps.GDI32(?,00000058), ref: 00440DC8
GetDeviceCaps.GDI32(?,0000005A), ref: 00440DD1
GetDeviceCaps.GDI32(?,0000006E), ref: 00440DE2
GetDeviceCaps.GDI32(?,0000006F), ref: 00440DFF
GetDeviceCaps.GDI32(?,00000070), ref: 00440E14
GetDeviceCaps.GDI32(?,00000071), ref: 00440E29
GetDeviceCaps.GDI32(?,00000008), ref: 00440E3E
GetDeviceCaps.GDI32(?,0000000A), ref: 00440E53

Part of subcall function 00440B90: __ftol.LIBCMT ref: 00440B95

Part of subcall function 00440BC0: __ftol.LIBCMT ref: 00440BC5

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CapsDevice$__ftol
String ID:
API String ID: 1555043975-0
Opcode ID: 69d653265afc350477c86d243b7477cf9a759339269f41fbc4d661772900c80b
Instruction ID: 9e4237ed55f70d7407a7a7f7a1a2231b01390aae19ef146bdabae06e75704890
Opcode Fuzzy Hash: 69d653265afc350477c86d243b7477cf9a759339269f41fbc4d661772900c80b
Instruction Fuzzy Hash: 73515870508B40AFD300EF6AC855A6FBBE4FFC9308F01495DF69497290DB71E9248B9A

Function 00464A75 Relevance: 12.1, APIs: 8, Instructions: 132COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00460177), ref: 00464A90
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00460177), ref: 00464AA4
GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00460177), ref: 00464AD0
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00460177), ref: 00464B08
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00460177), ref: 00464B2A
FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00460177), ref: 00464B43
GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00460177), ref: 00464B56
FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00464B94

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: EnvironmentStrings$ByteCharFreeMultiWide
String ID:
API String ID: 1823725401-0
Opcode ID: 6316342929e48f1607d9c6e95f20c036c5ca437668efaab21fc99226fd10ec7d
Instruction ID: 3de039615d992a68f5aa7e410102af1db95faf3e5ddba9ae037fc3aee73319ec
Opcode Fuzzy Hash: 6316342929e48f1607d9c6e95f20c036c5ca437668efaab21fc99226fd10ec7d
Instruction Fuzzy Hash: 2931F0B25042256F9F203FA59C8893FB68CEAC6B58715093BF551C3211F668EC45876F

Function 004328D0 Relevance: 12.1, APIs: 8, Instructions: 77COMMON

Download Yara Rule

APIs

ReleaseCapture.USER32 ref: 004329A1

Part of subcall function 0047497F: IsWindowEnabled.USER32(?), ref: 00474989

GetClientRect.USER32(?,?), ref: 004328F7
PtInRect.USER32(?,?,?), ref: 0043290C
ClientToScreen.USER32(?,?), ref: 0043291D
WindowFromPoint.USER32(?,?), ref: 0043292D
ReleaseCapture.USER32 ref: 00432947
GetCapture.USER32 ref: 00432961
SetCapture.USER32(?), ref: 0043296C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Capture$ClientRectReleaseWindow$EnabledFromPointScreen
String ID:
API String ID: 3076215760-0
Opcode ID: 5d94feb7c374b5719c45c5ced239cc8a61918244b60f1993eea3a3094326d7a4
Instruction ID: ba5008125633cc5a34e7318d7d14e338d56835531278aa45f0e3564003d8c321
Opcode Fuzzy Hash: 5d94feb7c374b5719c45c5ced239cc8a61918244b60f1993eea3a3094326d7a4
Instruction Fuzzy Hash: 0421C875300700AFD310EB18D955F6F77A8BFC8714F044D1EF98592251EBB9E9098BA9

Function 00474D8B Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32(?), ref: 00474DAB
lstrcmpA.KERNEL32(?,?), ref: 00474DB7
OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 00474DC9
DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00474DEC
GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00474DF4
GlobalLock.KERNEL32(00000000), ref: 00474E01
DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 00474E0E
ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 00474E2C

Part of subcall function 00477C0D: GlobalFlags.KERNEL32(?), ref: 00477C17
Part of subcall function 00477C0D: GlobalUnlock.KERNEL32(?), ref: 00477C2E
Part of subcall function 00477C0D: GlobalFree.KERNEL32(?), ref: 00477C39

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
String ID:
API String ID: 168474834-0
Opcode ID: b8c3e56e25220d7a49b6fc9c785d1815388553d9cc6320cf43896cef570bbec5
Instruction ID: 70923cb55313f618478cfe019c7edc099b14dcb0f5ba1adb7e740e66347a8b8f
Opcode Fuzzy Hash: b8c3e56e25220d7a49b6fc9c785d1815388553d9cc6320cf43896cef570bbec5
Instruction Fuzzy Hash: F0118C75100204BADB226BB6DC4AEBFBAADEF85704F00886EFA08C1112D7799D449768

Function 00409120 Relevance: 12.1, APIs: 8, Instructions: 55COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0040913C
PtInRect.USER32(?,?,?), ref: 00409151
ReleaseCapture.USER32 ref: 00409161
InvalidateRect.USER32(?,00000000,00000000), ref: 0040916F
GetCapture.USER32 ref: 0040917F
SetCapture.USER32(?), ref: 0040918A
InvalidateRect.USER32(?,00000000,00000000), ref: 004091AB
SetCapture.USER32(?), ref: 004091B5

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CaptureRect$Invalidate$ClientRelease
String ID:
API String ID: 3559558096-0
Opcode ID: 60bb3a63318809463f115e8f70c895c01a946932ea05b8747a4f06ba0f9bf306
Instruction ID: 574044fcf2d47c65d8a9e060a01c9a6aeb5c064016fac0227fb11f5d4bb019e2
Opcode Fuzzy Hash: 60bb3a63318809463f115e8f70c895c01a946932ea05b8747a4f06ba0f9bf306
Instruction Fuzzy Hash: 40114F75610710AFD3A0AF68DC48F9B77A8BF44700F008E2EF986D7250D734E8098B68

Function 0040D290 Relevance: 10.8, APIs: 7, Instructions: 268windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0040D2CD
GetParent.USER32(?), ref: 0040D2DF
SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 0040D307
GetWindowRect.USER32(?,?), ref: 0040D391
InvalidateRect.USER32(?,?,00000001,?), ref: 0040D3B4
GetWindowRect.USER32(?,?), ref: 0040D57C
InvalidateRect.USER32(?,?,00000001,?), ref: 0040D59D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Window$Invalidate$MessageParentSend
String ID:
API String ID: 236041146-0
Opcode ID: 9a6b2d3da8ee8c797842d68d0ea7b08f52c85c8c9c4e3d619243fae73bfe6935
Instruction ID: 192d421bf89e9a2ec36b7213ee8a43520f862b0c9b2cb9e02c19bcf08410777e
Opcode Fuzzy Hash: 9a6b2d3da8ee8c797842d68d0ea7b08f52c85c8c9c4e3d619243fae73bfe6935
Instruction Fuzzy Hash: F391B471A003059BC724EF659C55B6B73E4AF84718F040A2EFD45A73C1E77CE9098B99

Function 00442320 Relevance: 10.8, APIs: 7, Instructions: 260windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0044234D
GetParent.USER32(?), ref: 00442359
GetClientRect.USER32(?,?), ref: 0044236A

Part of subcall function 00476DF0: ClientToScreen.USER32(004050A8,?), ref: 00476E04
Part of subcall function 00476DF0: ClientToScreen.USER32(004050A8,?), ref: 00476E0D

GetParent.USER32(?), ref: 0044237C

Part of subcall function 00476DB4: ScreenToClient.USER32(?,?), ref: 00476DC8
Part of subcall function 00476DB4: ScreenToClient.USER32(?,?), ref: 00476DD1

Part of subcall function 00476F46: __EH_prolog.LIBCMT ref: 00476F4B
Part of subcall function 00476F46: GetDC.USER32(?), ref: 00476F74

SendMessageA.USER32 ref: 004423AF

Part of subcall function 00476842: SelectObject.GDI32(00403985,00000000), ref: 00476864
Part of subcall function 00476842: SelectObject.GDI32(00403985,?), ref: 0047687A

GetTextExtentPoint32A.GDI32(?,0049F150,00000001,?), ref: 004423DC
EqualRect.USER32(?,?), ref: 0044259A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Client$Screen$Rect$ObjectParentSelect$EqualExtentH_prologMessagePoint32SendText
String ID:
API String ID: 98060165-0
Opcode ID: 0ca4ccc192fda7a181c59d0e472f908d491a269725f69e6b189f93f3b0225cd0
Instruction ID: 797ff173450f8c381d9ceae3e657946190f2c663f76a35cf32fbf7ee71be7417
Opcode Fuzzy Hash: 0ca4ccc192fda7a181c59d0e472f908d491a269725f69e6b189f93f3b0225cd0
Instruction Fuzzy Hash: D1918E712087019FD718CF29C981A6BB7E6EBC8704F544A2EF986C3351D7B8D9058B5A

Function 00418F00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 196windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00418FDC
SendMessageA.USER32(?,00008003,00000000,00000000), ref: 00418FF3
GetWindowRect.USER32(?,00000000), ref: 00419045
GetClientRect.USER32(?,00000000), ref: 0041909D
GetWindowRect.USER32(?,00000000), ref: 004190C1

Strings

zA, xrefs: 00418F39

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: RectWindow$ClientMessageSend
String ID: zA
API String ID: 1071774122-319258504
Opcode ID: 191d9de86d5bb11d9218dd4c19981de87cb0e033a66afc575644c506c0234d74
Instruction ID: 7e4b37da14e3872177df3fad4ba3b3c712834d2eeac803f9079020bea1822695
Opcode Fuzzy Hash: 191d9de86d5bb11d9218dd4c19981de87cb0e033a66afc575644c506c0234d74
Instruction Fuzzy Hash: 0061BE716043419FC714DF25C894AAFBBE8EB88704F004A1EF985A7380DA78ED45CB9A

Function 0041FB80 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

SetRect.USER32(?,00000000,00000032,00000032,?), ref: 0041FC69
OffsetRect.USER32(?,?,?), ref: 0041FC76
IntersectRect.USER32(?,?,?), ref: 0041FC92
IsRectEmpty.USER32(?), ref: 0041FC9D
OffsetRect.USER32(?,?,?), ref: 0041FCDA

Strings

2, xrefs: 0041FC26

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Offset$EmptyIntersect
String ID: 2
API String ID: 765610062-450215437
Opcode ID: ff220d31afcaf527ce44fb4f29f99233d6e6698cdabfef3b62d2298d2fbf3760
Instruction ID: 675fb700567b381f90f1d07f8ad88ae4d033946fe7e1a7c473d6eac90172fb52
Opcode Fuzzy Hash: ff220d31afcaf527ce44fb4f29f99233d6e6698cdabfef3b62d2298d2fbf3760
Instruction Fuzzy Hash: BB61F6752083419FC714CF29D8849ABB7E5BBC8344F148A2EF98987321D734E94ACF56

Function 00478C98 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000019F,00000000,00000000), ref: 00478CBC
GetParent.USER32(?), ref: 00478CC3

Part of subcall function 004747F0: GetWindowLongA.USER32(?,000000F0), ref: 004747FC

SendMessageA.USER32(?,00000187,00000000,00000000), ref: 00478D16
SendMessageA.USER32(0000AC84,00000111,?,?), ref: 00478D67
SendMessageA.USER32(?,00000185,00000000,00000000), ref: 00478DF2

Strings

, xrefs: 00478C99

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$LongParentWindow
String ID:
API String ID: 779260966-3916222277
Opcode ID: b64b716450d5cd5ff0ba4da5a8e2d3f29164986fa66378162ddfc093ee5a04eb
Instruction ID: 5abb2035ce3c6f2592db522f76765f8d270fff51f5e427be84dbd9c1a433a18d
Opcode Fuzzy Hash: b64b716450d5cd5ff0ba4da5a8e2d3f29164986fa66378162ddfc093ee5a04eb
Instruction Fuzzy Hash: C131F7703407586FCA347A768C49DBF769DEF95788B11892EF55AD22C2DE28DC02823D

Function 00474192 Relevance: 10.6, APIs: 7, Instructions: 122windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 004741C6
PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 004741EF
UpdateWindow.USER32(?), ref: 0047420B
SendMessageA.USER32(?,00000121,00000000,?), ref: 00474231
SendMessageA.USER32(?,0000036A,00000000,00000001), ref: 00474250
UpdateWindow.USER32(?), ref: 00474293
PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 004742C6

Part of subcall function 004747F0: GetWindowLongA.USER32(?,000000F0), ref: 004747FC

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$Window$PeekSendUpdate$LongParent
String ID:
API String ID: 2853195852-0
Opcode ID: a59e8d81adbe003f79eb20d52388609fa439ad3a227f898036fa04ada96cb424
Instruction ID: 49c90da39a59d2b5e8f978e748f671b97070bf705a1f23340941058c7d2e2012
Opcode Fuzzy Hash: a59e8d81adbe003f79eb20d52388609fa439ad3a227f898036fa04ada96cb424
Instruction Fuzzy Hash: 1A41E4302047419BC720EF229848E6BBBE8FFC1B40F10895EF48996252C779C955CB5A

Function 004789E9 Relevance: 10.6, APIs: 7, Instructions: 94windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047A10D: __EH_prolog.LIBCMT ref: 0047A112

Part of subcall function 004747F0: GetWindowLongA.USER32(?,000000F0), ref: 004747FC

SendMessageA.USER32(?,000001A1,00000000,00000000), ref: 00478A32
SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00478A41
SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 00478A5A
SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 00478A82
SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 00478A91
SendMessageA.USER32(?,00000198,?,?), ref: 00478AA7
PtInRect.USER32(?,000000FF,?), ref: 00478AB3

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$H_prologLongRectWindow
String ID:
API String ID: 2846605207-0
Opcode ID: 9076d369e27c7b7d112c78e3127756527a84aeb534dcbb56a48f6774c2a7f9d7
Instruction ID: d7dc8a307e86ba2488a7255fec44c4f60e7fa797e140ce94bf8460ad89d9d582
Opcode Fuzzy Hash: 9076d369e27c7b7d112c78e3127756527a84aeb534dcbb56a48f6774c2a7f9d7
Instruction Fuzzy Hash: 4B313670A4020DFFDB00DF94CC80DEEB7B9EF44348B10846AE505A72A0DB74AE529B14

Function 00474B71 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85stringtimeCOMMON

Download Yara Rule

APIs

lstrcpynA.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,00474B5B,?), ref: 00474B9B
GetFileTime.KERNEL32(00000000,[KG,?,?,?,?,?,?,?,?,?,00474B5B,?), ref: 00474BBC
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00474B5B,?), ref: 00474BCB
GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,00474B5B,?), ref: 00474BEC

Strings

[KG, xrefs: 00474B79, 00474BFE, 00474C0F, 00474C21, 00474B86
[KG, xrefs: 00474BB7, 00474BF9, 00474BBA, 00474BFD

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$AttributesSizeTimelstrcpyn
String ID: [KG$[KG
API String ID: 1499663573-2273224448
Opcode ID: bc6a8cda26b44599715035ff83e9df0e5d37f1dc503bd3a0ea978973051cfad1
Instruction ID: 895907b8e186eee9cba3d3766ccbfdd95f37909d7440cb79d1adfd7de74664c1
Opcode Fuzzy Hash: bc6a8cda26b44599715035ff83e9df0e5d37f1dc503bd3a0ea978973051cfad1
Instruction Fuzzy Hash: BD318072500205AFC725DF65C885FEBBBF8AB54310F10892EF55AC7580EB74E948CB94

Function 0047ADF2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 0047AE20
RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0047AE43
RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0047AE62
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0047AE72
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0047AE7C

Strings

software, xrefs: 0047AE0A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreate$Open
String ID: software
API String ID: 1740278721-2010147023
Opcode ID: 0e01c972d0baf44c77a28d439038258e3af23ce25179bc15f02749c22a2b0617
Instruction ID: 5cc86254b9c9f8ee37f16c54538543e63b6e2582ec0d5a61dc3e3af9c9b458af
Opcode Fuzzy Hash: 0e01c972d0baf44c77a28d439038258e3af23ce25179bc15f02749c22a2b0617
Instruction Fuzzy Hash: C011E372900118FBCB21DB9ADD84DEFFFBCEFC5704F1440AAA614A2121D2749A14DB64

Function 0045FD4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61stringCOMMON

Download Yara Rule

APIs

SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0045FD88
GetSystemMetrics.USER32(00000000), ref: 0045FDA0
GetSystemMetrics.USER32(00000001), ref: 0045FDA7
lstrcpyA.KERNEL32(?,DISPLAY), ref: 0045FDCB

Strings

B, xrefs: 0045FD69
DISPLAY, xrefs: 0045FDC5

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: System$Metrics$InfoParameterslstrcpy
String ID: B$DISPLAY
API String ID: 1409579217-3316187204
Opcode ID: 889d1bfe36112dae9fcc1941008618b339cb9226e61e220e120da69ac285132c
Instruction ID: 68212757fa47600b018820d75458642003639e98089aa074d86b210c8928203d
Opcode Fuzzy Hash: 889d1bfe36112dae9fcc1941008618b339cb9226e61e220e120da69ac285132c
Instruction Fuzzy Hash: 2611E071600324ABCB519F64CC84A9BBBB8EF09762B004477FC06DA146D3B5D90CCBAA

Function 004764E5 Relevance: 10.5, APIs: 7, Instructions: 29COMMON

Download Yara Rule

APIs

GetSysColor.USER32(0000000F), ref: 004764F1
GetSysColor.USER32(00000010), ref: 004764F8
GetSysColor.USER32(00000014), ref: 004764FF
GetSysColor.USER32(00000012), ref: 00476506
GetSysColor.USER32(00000006), ref: 0047650D
GetSysColorBrush.USER32(0000000F), ref: 0047651A
GetSysColorBrush.USER32(00000006), ref: 00476521

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$Brush
String ID:
API String ID: 2798902688-0
Opcode ID: 4fb87b1a6b9f4b289e8287743add2d708a7f6e52fdaf928fef6ba28ae6943e83
Instruction ID: e0bc6d0f801dc8089674b7ccb20d763acb0af397b4e28884264b69dd0b065231
Opcode Fuzzy Hash: 4fb87b1a6b9f4b289e8287743add2d708a7f6e52fdaf928fef6ba28ae6943e83
Instruction Fuzzy Hash: D1F0F8719407489BD760AB729D09B4BBAE0FFC4B10F02092ED2858BA90E6B5A4019F54

Function 00417A80 Relevance: 9.2, APIs: 6, Instructions: 176windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00417AD1
IsWindow.USER32(?), ref: 00417AE6
IsChild.USER32(?,?), ref: 00417AF7
SetFocus.USER32(?), ref: 00417B08
IsWindow.USER32(?), ref: 00417C00
IsWindowVisible.USER32(?), ref: 00417C0E

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ChildFocusVisible
String ID:
API String ID: 372613587-0
Opcode ID: f7b4f43d57ed36a69813de46a5bc38e457e3bc9a1281444dd6deade579944517
Instruction ID: 4cbcde2bbfad18d5b14e0ca0dc71cd21850f10f0e644a6f60c0398574ebb1a5e
Opcode Fuzzy Hash: f7b4f43d57ed36a69813de46a5bc38e457e3bc9a1281444dd6deade579944517
Instruction Fuzzy Hash: E05180716043059FC720EF65C884DABB3F8BF85348F014A2EF94597282DB78E945CBA9

Function 0042A3F0 Relevance: 9.1, APIs: 6, Instructions: 124COMMON

Download Yara Rule

APIs

CopyRect.USER32(?,00000000), ref: 0042A432
IsRectEmpty.USER32(?), ref: 0042A463
OffsetRect.USER32(?,00000000,?), ref: 0042A4B3
LPtoDP.GDI32(?,?,00000002), ref: 0042A4E8
GetClientRect.USER32(?,?), ref: 0042A4F7
IntersectRect.USER32(?,?,?), ref: 0042A50C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClientCopyEmptyIntersectOffset
String ID:
API String ID: 1743551499-0
Opcode ID: 1700063080b4c71ea80672babec51ed8f3b1b25b99c9ca0454190f0358c89b38
Instruction ID: b527e63593bfa762974905ada1f276a87e1a4cb2442b8e1eb253bafc6065b5f5
Opcode Fuzzy Hash: 1700063080b4c71ea80672babec51ed8f3b1b25b99c9ca0454190f0358c89b38
Instruction Fuzzy Hash: E3413AB66147019FC318DF58D88096BB7E9FBC8700F008A2EF956C7251DB34D809CBA2

Function 0046BC6E Relevance: 9.1, APIs: 6, Instructions: 117COMMON

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(00000001,0048ACBC,00000001,?,76F8E860,004B4688,?,?,00461D7D,?,?,?,00000000,00000001), ref: 0046BCAD
GetStringTypeA.KERNEL32(00000000,00000001,0048ACB8,00000001,?,?,00461D7D,?,?,?,00000000,00000001), ref: 0046BCC7
GetStringTypeA.KERNEL32(?,?,?,?,00461D7D,76F8E860,004B4688,?,?,00461D7D,?,?,?,00000000,00000001), ref: 0046BCFB
MultiByteToWideChar.KERNEL32(?,004B4689,?,?,00000000,00000000,76F8E860,004B4688,?,?,00461D7D,?,?,?,00000000,00000001), ref: 0046BD33
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00461D7D,?), ref: 0046BD89
GetStringTypeW.KERNEL32(?,?,00000000,00461D7D,?,?,?,?,?,?,00461D7D,?), ref: 0046BD9B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: StringType$ByteCharMultiWide
String ID:
API String ID: 3852931651-0
Opcode ID: 5a40d2f2b308d6eec89c2677412f635ba9968c8e415ca96d560b844446226c35
Instruction ID: 53674cc7b131566254c0de7c3c4b33e9121a049da6589adfbe7bfe2bafa139f1
Opcode Fuzzy Hash: 5a40d2f2b308d6eec89c2677412f635ba9968c8e415ca96d560b844446226c35
Instruction Fuzzy Hash: 6241BF72500219AFCF209F54DC85EAF3B79FB08760F10082AFA11D6250E3398991DBDA

Function 0041FA40 Relevance: 9.1, APIs: 6, Instructions: 100COMMON

Download Yara Rule

APIs

Part of subcall function 0041F9B0: CreateDIBitmap.GDI32(?,?,00000004,?,?,00000000), ref: 0041FA2B

CreateCompatibleDC.GDI32(?), ref: 0041FA9A
DeleteObject.GDI32(00000000), ref: 0041FAAF

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Create$BitmapCompatibleDeleteObject
String ID:
API String ID: 3709961035-0
Opcode ID: 3b884b903dfc2373a89fcbf5aa89c9525bd9940700d72ac9889e25f24491194a
Instruction ID: 9bd5e8eee1ac86bdf8235d3adcf2e90afec6f40af7702f3358ef864ee27f753d
Opcode Fuzzy Hash: 3b884b903dfc2373a89fcbf5aa89c9525bd9940700d72ac9889e25f24491194a
Instruction Fuzzy Hash: 9B31A1762147009FC310DF69D880F9BB7E8FB88724F008A2EF55983281DB38E805CB65

Function 0041BFB0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0041C03D
wsprintfA.USER32 ref: 0041C059

Strings

%d / %d], xrefs: 0041C037
?? / %d], xrefs: 0041C053
- [, xrefs: 0041BFD8
- , xrefs: 0041C084

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID: - $ - [$%d / %d]$?? / %d]
API String ID: 2111968516-3107364983
Opcode ID: 935904c473583a30815bbb58b6b401e1870efd8d64dfc17265dc5880eb2036e4
Instruction ID: 04c7c7f93fd9bebaeff12e9c2ab835fd53e48f8a8df1c674dc12d20f922d3184
Opcode Fuzzy Hash: 935904c473583a30815bbb58b6b401e1870efd8d64dfc17265dc5880eb2036e4
Instruction Fuzzy Hash: E2318FB4204340EFD724DB65CC91FABBBE4AF85718F00891EF49A83291DB79E845CB56

Function 00479E80 Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

TlsGetValue.KERNEL32(004B3F3C,004B3F2C,00000000,?,004B3F3C,?,0047A0E8,004B3F2C,00000000,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C), ref: 00479E8B
EnterCriticalSection.KERNEL32(004B3F58,00000010,?,004B3F3C,?,0047A0E8,004B3F2C,00000000,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C), ref: 00479EDA
LeaveCriticalSection.KERNEL32(004B3F58,00000000,?,004B3F3C,?,0047A0E8,004B3F2C,00000000,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C), ref: 00479EED
LocalAlloc.KERNEL32(00000000,00000004,?,004B3F3C,?,0047A0E8,004B3F2C,00000000,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C), ref: 00479F03
LocalReAlloc.KERNEL32(?,00000004,00000002,?,004B3F3C,?,0047A0E8,004B3F2C,00000000,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C), ref: 00479F15
TlsSetValue.KERNEL32(004B3F3C,00000000), ref: 00479F51

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocCriticalLocalSectionValue$EnterLeave
String ID:
API String ID: 4117633390-0
Opcode ID: 8a826df58aa4cbb8e24e8c603069b79b0d217a8d8a61e16cf66be5e885125061
Instruction ID: 105eb292fb128a8a3fbbbe575a6c5199354d502a09f84f5d82c78ddb75de13cc
Opcode Fuzzy Hash: 8a826df58aa4cbb8e24e8c603069b79b0d217a8d8a61e16cf66be5e885125061
Instruction Fuzzy Hash: 14318971100605AFD724DF19D889EAAB7E8FB44364F00C92EF85AC7690EB74ED09CB65

Function 00472CBB Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00472CC0
SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00472D0D
SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00472D2F
GetCapture.USER32 ref: 00472D41
SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 00472D50
WinHelpA.USER32(?,?,?,?), ref: 00472D64

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CaptureH_prologHelp
String ID:
API String ID: 432264411-0
Opcode ID: d05bb20899e92a092d8e4a5c75323677a0b50b11d02dc19459e87ed40e82be5b
Instruction ID: fced4cc78112a55e9c56af8e07e899fc145b6fb85ec30893cfa8eca84e3e083b
Opcode Fuzzy Hash: d05bb20899e92a092d8e4a5c75323677a0b50b11d02dc19459e87ed40e82be5b
Instruction Fuzzy Hash: 9121B531200244BFEB20AF65CC89FAE77B9EF04754F10853DB145972E2CBB58C009B64

Function 00478191 Relevance: 9.1, APIs: 6, Instructions: 67COMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 004781C4
GetLastActivePopup.USER32(?), ref: 004781D3
IsWindowEnabled.USER32(?), ref: 004781E8
EnableWindow.USER32(?,00000000), ref: 004781FB
GetWindowLongA.USER32(?,000000F0), ref: 0047820D
GetParent.USER32(?), ref: 0047821B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
String ID:
API String ID: 670545878-0
Opcode ID: db65302b3004a8577f3d76189b2a3fe8a212e37c38224aa1801ea23c0debc110
Instruction ID: 56dedeeda898ba4d05b233bce419787e4d42e2660825268853b26e2c7f488e76
Opcode Fuzzy Hash: db65302b3004a8577f3d76189b2a3fe8a212e37c38224aa1801ea23c0debc110
Instruction Fuzzy Hash: 0711363278172157C6305A695D4CBABB29C9F55F52F06896FED08E3302DF28CC0242ED

Function 00408BE0 Relevance: 9.1, APIs: 6, Instructions: 54windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A,00000002,?), ref: 00408BFB
SendMessageA.USER32(?,00001101,00000000,00000000), ref: 00408C0D
SendMessageA.USER32(?,0000110A,00000002,?), ref: 00408C1B
SendMessageA.USER32(?,0000110A,00000001,?), ref: 00408C2D
SendMessageA.USER32(?,00001101,00000000,00000000), ref: 00408C3F
SendMessageA.USER32(?,0000110A,00000001,?), ref: 00408C4D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 3294cd849924e579aeabf50614709bfa4d1daf769d4d8076adb65a65ff9ea620
Instruction ID: ee12030e1fdc74d32b34ad4bbdff0e45a533f8e46dc68d3cdb8326118efeb05d
Opcode Fuzzy Hash: 3294cd849924e579aeabf50614709bfa4d1daf769d4d8076adb65a65ff9ea620
Instruction Fuzzy Hash: 360167B27407053EF534D6659CC1FA7A2BD9F98B91F008919B741AB2C0C5F5EC414630

Function 0042D0C0 Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 0042D0E2
ScreenToClient.USER32(00000001,?), ref: 0042D0F1

Part of subcall function 0042D170: DPtoLP.GDI32(?,?,00000001), ref: 0042D287

LoadCursorA.USER32(00000000,00007F85), ref: 0042D121
SetCursor.USER32(00000000), ref: 0042D128
LoadCursorA.USER32(00000000,00007F84), ref: 0042D147
SetCursor.USER32(00000000), ref: 0042D14E

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Cursor$Load$ClientScreen
String ID:
API String ID: 789353160-0
Opcode ID: be16ab4f34633365f597024f9f07a4b2c36083712395efcbd4560fc1a6897469
Instruction ID: 1659a6b85df3aba5db0f5de8facc2908b5e6bdc01d769d22435e6346bfe3a669
Opcode Fuzzy Hash: be16ab4f34633365f597024f9f07a4b2c36083712395efcbd4560fc1a6897469
Instruction Fuzzy Hash: 4011E531614211ABC750EB64EC49FAFB3A8BB90B05F00892EF54592280EA74D81CC7B7

Function 00477B96 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 00477B99

Part of subcall function 00477A3B: GetWindowLongA.USER32(00000000,000000F0), ref: 00477A4C

GetParent.USER32(00000000), ref: 00477BC0

Part of subcall function 00477A3B: GetClassNameA.USER32(00000000,?,0000000A), ref: 00477A67
Part of subcall function 00477A3B: lstrcmpiA.KERNEL32(?,combobox), ref: 00477A76

GetWindowLongA.USER32(?,000000F0), ref: 00477BDB
GetParent.USER32(?), ref: 00477BE9
GetDesktopWindow.USER32 ref: 00477BED
SendMessageA.USER32(00000000,0000014F,00000000,00000000), ref: 00477C01

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$LongParent$ClassDesktopFocusMessageNameSendlstrcmpi
String ID:
API String ID: 2818563221-0
Opcode ID: 4414e0cbc93bf7d01c9b6e61608d42f57d5861d5d6fe337a44018a836f157b53
Instruction ID: 02af328e7e234b616dd104ac567268febddf19e53e70755f0f5c342592b6625a
Opcode Fuzzy Hash: 4414e0cbc93bf7d01c9b6e61608d42f57d5861d5d6fe337a44018a836f157b53
Instruction Fuzzy Hash: E7F0A4322056212BD62327259C49FFF65585F85F54F95892AF958A72C0DB28DC0182EC

Function 00477AB0 Relevance: 9.0, APIs: 6, Instructions: 46COMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00477ABF
GetWindow.USER32(?,00000005), ref: 00477AD0
GetDlgCtrlID.USER32(00000000), ref: 00477AD9
GetWindowLongA.USER32(00000000,000000F0), ref: 00477AE8
GetWindowRect.USER32(00000000,?), ref: 00477AFA
PtInRect.USER32(?,?,?), ref: 00477B0A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Rect$ClientCtrlLongScreen
String ID:
API String ID: 1315500227-0
Opcode ID: 067301f86dbbc2e82ba4b7532da5afe4d3fddd7721ac66d802690fc2520a46df
Instruction ID: 212eedd3c7396d0eed8ecd35d43c7d89855e20b3d3237280d1233fea0ddffa81
Opcode Fuzzy Hash: 067301f86dbbc2e82ba4b7532da5afe4d3fddd7721ac66d802690fc2520a46df
Instruction Fuzzy Hash: C2012632205119BBDB119F54CC08EEF376CEF44744F80883AFA05D2164E334E906CBA8

Function 00421050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 181COMMON

Download Yara Rule

Strings

HFH, xrefs: 00421178, 00421182

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: HFH
API String ID: 0-1609311307
Opcode ID: 5a1a6fa5f1aadaf298c655272afcea14451e69eeadaaa42e2cd8f3545fc0513f
Instruction ID: b400dd133ef4a6dad5b073b73216bc432f0c72cb6771ce57a2611753e8fa9eda
Opcode Fuzzy Hash: 5a1a6fa5f1aadaf298c655272afcea14451e69eeadaaa42e2cd8f3545fc0513f
Instruction Fuzzy Hash: BA516DB25087419FC310EF69D881A6BF7E8BB99714F808E2EF59983351D778D808CB56

Function 0042E240 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 157COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0042E27F
CreateFontIndirectA.GDI32(00000028), ref: 0042E2E8
GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 0042E32F

Strings

IH, xrefs: 0042E2FF, 0042E303
(, xrefs: 0042E2D4

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateExtentFontIndirectPoint32Textwsprintf
String ID: ($IH
API String ID: 3175173087-2259464650
Opcode ID: 63115dca4d7e47cb4c5c095f67ed22c85f09f1f64eb0ddd9b275e796a3d90c7d
Instruction ID: 24bc17532ef8ec9944a9ff09d9875319ba6d114b7f64e733b5da18876ba9c34c
Opcode Fuzzy Hash: 63115dca4d7e47cb4c5c095f67ed22c85f09f1f64eb0ddd9b275e796a3d90c7d
Instruction Fuzzy Hash: CB5191712043458FC324DF28C885B6FB7E5FB88304F144A1EE99A83381DBB59949CB96

Function 00434F50 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 150windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00434FB9
SendMessageA.USER32(?,00000111,?,?), ref: 00435079

Strings

!K, xrefs: 00435024
!K, xrefs: 004350A9
!K, xrefs: 00435063

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendWindow
String ID: !K$!K$!K
API String ID: 701072176-1481224170
Opcode ID: 5d94f7e3bda7329ab10e062979895c9c1c6ab3c57f5c54f25dc3d3bc431c75b1
Instruction ID: 41f8c20e23a8086384bd50b81beee5c74517db54f5ff384c4364b8e5e88fea41
Opcode Fuzzy Hash: 5d94f7e3bda7329ab10e062979895c9c1c6ab3c57f5c54f25dc3d3bc431c75b1
Instruction Fuzzy Hash: 2041E5327002015BD7149A2EAC80BABB3A5EBC9325F54453FFE05C7341DA6EDD4987AA

Function 004641AB Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 00467664: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,004628B8,00000009,00000000,00000000,00000001,00464DEF,00000001,00000074,?,?,00000000,00000001), ref: 004676A1
Part of subcall function 00467664: EnterCriticalSection.KERNEL32(?,?,?,004628B8,00000009,00000000,00000000,00000001,00464DEF,00000001,00000074,?,?,00000000,00000001), ref: 004676BC

GetCPInfo.KERNEL32(00000000,?,?,00000000,00000000,?,?,00460181), ref: 004641FC

Part of subcall function 004676C5: LeaveCriticalSection.KERNEL32(?,00461AA2,00000009,00461A8E,00000000,?,00000000,00000000,00000000), ref: 004676D2

Strings

x'J, xrefs: 004641E3
h(J, xrefs: 004641F0
HK, xrefs: 00464269
HK, xrefs: 00464219

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterInfoInitializeLeave
String ID: h(J$x'J$HK$HK
API String ID: 1866836854-169879540
Opcode ID: cc950c2c2c0d391431ef4901ea04cdee92f2806f2e6de7bbe37cb1f77e40c62f
Instruction ID: dcd6c29df2667c8010bd9bc856458208d9c48f3a0be18b0dcb0234ea26135d7d
Opcode Fuzzy Hash: cc950c2c2c0d391431ef4901ea04cdee92f2806f2e6de7bbe37cb1f77e40c62f
Instruction Fuzzy Hash: 7F4178756442A09FDF01DB78D8853AA7B90D7C6318F3405ABE9408B392E77C4985974E

Function 00464E5E Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32 ref: 00464E7D
GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00464EB2
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00464F12

Strings

__MSVCRT_HEAP_SELECT, xrefs: 00464EAD
__GLOBAL_HEAP_SELECTED, xrefs: 00464EEC

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: EnvironmentFileModuleNameVariableVersion
String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
API String ID: 1385375860-4131005785
Opcode ID: f66637f1e6cd67efdf84a34e1a56a20c5dc76b1503cde9a7f24c7637068bc704
Instruction ID: d163562326dc8df1574fc0bc0d9d6a2a476f88671d95b491725657a9bc8a4bd6
Opcode Fuzzy Hash: f66637f1e6cd67efdf84a34e1a56a20c5dc76b1503cde9a7f24c7637068bc704
Instruction Fuzzy Hash: BC314A719012486DEF398674AC457DF77689B42308F1404DBE084D6292F77E8ECAC71B

Function 004726A9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000000,00000405,00000000,?), ref: 00472762
GetWindowLongA.USER32(?,000000FC), ref: 00472773
GetWindowLongA.USER32(?,000000FC), ref: 00472783
SetWindowLongA.USER32(?,000000FC,?), ref: 0047279F

Strings

(, xrefs: 0047274D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID: (
API String ID: 2178440468-3887548279
Opcode ID: ddcaa33b6e3ab45a81482a8f6ab58b2ca746af842ff4af9f6a097b6b9af7e691
Instruction ID: 870a92d7555a2e98521037eb49c0c8cfc10dfa459a17db5f650ea70de58e2692
Opcode Fuzzy Hash: ddcaa33b6e3ab45a81482a8f6ab58b2ca746af842ff4af9f6a097b6b9af7e691
Instruction Fuzzy Hash: A031A3316007009FDB24AF79CA84A9EB7F5BF48714F14852FE54A97691DBB8E804CF98

Function 0047A943 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 0047A974

Part of subcall function 0047AA60: lstrlenA.KERNEL32(00000104,00000000,?,0047A9A4), ref: 0047AA97

lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0047AA15
lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0047AA42

Strings

.INI, xrefs: 0047AA3C
.HLP, xrefs: 0047AA0F

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileModuleNamelstrcatlstrcpylstrlen
String ID: .HLP$.INI
API String ID: 2421895198-3011182340
Opcode ID: 44f7853ba8f87f0fd6b30a03e826dbe83e9e813b5b219b29fe6b43ad535434ce
Instruction ID: 11035ba7f4f1b636537e31725d0d943e8921de47c3a821d6d6d49a081eceb38f
Opcode Fuzzy Hash: 44f7853ba8f87f0fd6b30a03e826dbe83e9e813b5b219b29fe6b43ad535434ce
Instruction Fuzzy Hash: A43176B14047149FDB61DF71D885BCAB7FCAB04304F10896BE29AD2151EBB8A994CB19

Function 0041E620 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32(?), ref: 0041E660
GlobalSize.KERNEL32(?), ref: 0041E683
GlobalSize.KERNEL32(?), ref: 0041E6B3
GlobalUnlock.KERNEL32(?), ref: 0041E6C3

Strings

BM, xrefs: 0041E67D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Size$LockUnlock
String ID: BM
API String ID: 2233901773-2348483157
Opcode ID: a2bdbad72276f8c7c9bb1d82aa2a9d2db9fc343699e6df52ff2df49df3522b75
Instruction ID: 8b0171832658c01f2ed997ad04e71bad6d015f10e8b5c09c138ef0cc304527fe
Opcode Fuzzy Hash: a2bdbad72276f8c7c9bb1d82aa2a9d2db9fc343699e6df52ff2df49df3522b75
Instruction Fuzzy Hash: 29217476900254ABC710EFA9D845BDEBBB8FF08724F50426EE819E3391D7785904C7A9

Function 00472BC1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00472BF7
wsprintfA.USER32 ref: 00472C13
GetClassInfoA.USER32(?,-00000058,?), ref: 00472C22

Strings

Afx:%x:%x:%x:%x:%x, xrefs: 00472C0D
Afx:%x:%x, xrefs: 00472BF1

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf$ClassInfo
String ID: Afx:%x:%x$Afx:%x:%x:%x:%x:%x
API String ID: 845911565-79760390
Opcode ID: f1f972ffc20ed87e129c9249997e3208fe87150a8da8dbd959614306014ecec3
Instruction ID: 61605a1641216ae710680d518380a34e437814541a04996701cc9ac3c3db548a
Opcode Fuzzy Hash: f1f972ffc20ed87e129c9249997e3208fe87150a8da8dbd959614306014ecec3
Instruction Fuzzy Hash: 10215471901209AF8F11EF99DD859DF7BB8FF58754F04842BF908E2201D3788A51CBAA

Function 00416310 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60windowCOMMON

Download Yara Rule

APIs

Shell_NotifyIconA.SHELL32(00000001,?,?,00000058), ref: 00416389
DestroyCursor.USER32(?), ref: 00416396
Shell_NotifyIconA.SHELL32(?,?,00000000,00000058), ref: 004163C9

Strings

d, xrefs: 00416339
X, xrefs: 00416327

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: IconNotifyShell_$CursorDestroy
String ID: X$d
API String ID: 3039372612-651813629
Opcode ID: 97d327bf2f90cc0fd05bec4c9308e10255fc7c4c20f7d72350419934eb3201ec
Instruction ID: a0f24da054576769f25d1933eb290b0478d386ad954e4f11332a4bcdf3c0ae23
Opcode Fuzzy Hash: 97d327bf2f90cc0fd05bec4c9308e10255fc7c4c20f7d72350419934eb3201ec
Instruction Fuzzy Hash: AA2138756087009FE350DF19D804B9BBBE5AFC4704F00891EB9D892390E7B5D9588B96

Function 004711FF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000F0), ref: 00471240
GetDlgItem.USER32(?,00000002), ref: 0047125F
IsWindowEnabled.USER32(00000000), ref: 0047126A
SendMessageA.USER32(?,00000111,00000002,00000000), ref: 00471280

Strings

Edit, xrefs: 0047124A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$EnabledItemLongMessageSend
String ID: Edit
API String ID: 3499652902-554135844
Opcode ID: 6d94b9200d0e5ce96675c0550337c5408d9728829abd751e13a40f8ba76e81a7
Instruction ID: 771f3166c4a54100536b30dbcdb42cc0f250ce6daa5d44d996a4235e966416c8
Opcode Fuzzy Hash: 6d94b9200d0e5ce96675c0550337c5408d9728829abd751e13a40f8ba76e81a7
Instruction Fuzzy Hash: 6301A1303002016AEB701A29AD09BEFA768AF40B10F14C97FF509F12F2CB78D941861D

Function 0042AC80 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

CopyRect.USER32(?,00000000), ref: 0042AD09
GetClientRect.USER32(00000000,?), ref: 0042AD42
DPtoLP.GDI32 ref: 0042AD98
GetClientRect.USER32(00000000,?), ref: 0042AE6C
DPtoLP.GDI32 ref: 0042AEC2

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$Client$Copy
String ID:
API String ID: 472922470-0
Opcode ID: 52d18969ab9b167eeaf3f996be9108b8590870e6f9fae427f0cce861b2be5f52
Instruction ID: 24356538a32d1bffe610fec290a373057c11eec5453a874971a3577ad1d0ac45
Opcode Fuzzy Hash: 52d18969ab9b167eeaf3f996be9108b8590870e6f9fae427f0cce861b2be5f52
Instruction Fuzzy Hash: 0A81B2713087519FC314DF69D990B6FB3E6BBC4708F81491EF98A87241EB7898098B67

Function 0040AD00 Relevance: 7.7, APIs: 5, Instructions: 159windowCOMMON

Download Yara Rule

APIs

IsRectEmpty.USER32(?), ref: 0040AD22
CreateRectRgn.GDI32 ref: 0040ADA4
GetClientRect.USER32(?,?), ref: 0040ADCD
FillRgn.GDI32(?,?,?), ref: 0040AE46
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 0040AEBC

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Rect$ClientCreateEmptyFill
String ID:
API String ID: 97219908-0
Opcode ID: be06dd5df107a2e1b030549033b9ee26fcfa5b58c45e6b629e53e91d41f9a83f
Instruction ID: b7dfa1abaacacf2befaa73b0ec7a3d5c21a119239cf881155f3debff7ce6d6e6
Opcode Fuzzy Hash: be06dd5df107a2e1b030549033b9ee26fcfa5b58c45e6b629e53e91d41f9a83f
Instruction Fuzzy Hash: 46515F71204301AFD714EF25C884E6BB7E9FF88704F04892DB95993281D778E818CBA6

Function 00464BA7 Relevance: 7.6, APIs: 5, Instructions: 150COMMON

Download Yara Rule

APIs

GetStartupInfoA.KERNEL32(?), ref: 00464C05
GetFileType.KERNEL32(?,?,00000000), ref: 00464CB0
GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 00464D13
GetFileType.KERNEL32(00000000,?,00000000), ref: 00464D21
SetHandleCount.KERNEL32 ref: 00464D58

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileHandleType$CountInfoStartup
String ID:
API String ID: 1710529072-0
Opcode ID: 3a10720030d8d9de3dba527763dad310078ec1f5759c75bcc36433c5060965bc
Instruction ID: 7000d220bd4194e5d7c23cb7dfa49712504fae711836bdb6365aea71625c1372
Opcode Fuzzy Hash: 3a10720030d8d9de3dba527763dad310078ec1f5759c75bcc36433c5060965bc
Instruction Fuzzy Hash: 63510A319052418FDB108F68D8847667BE0FB92728F26476ED5A28B3E2E738D905C75A

Function 00417010 Relevance: 7.6, APIs: 5, Instructions: 104windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 004170E0
WinHelpA.USER32(?,00000000,00000002,00000000), ref: 004170FB
GetMenu.USER32(?), ref: 0041710B
SetMenu.USER32(?,00000000), ref: 00417118
DestroyMenu.USER32(00000000), ref: 00417123

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$DestroyHelpWindow
String ID:
API String ID: 427501538-0
Opcode ID: ac5d43ab76acbcba35fec628286a12836135d8a674f73f54122e246c9a33ce91
Instruction ID: 6879cca9c15887df42aa72cf66d23f59111e29c2b9477a1694bbe87eabdf5d64
Opcode Fuzzy Hash: ac5d43ab76acbcba35fec628286a12836135d8a674f73f54122e246c9a33ce91
Instruction Fuzzy Hash: D831C675604205ABC314EF66CD45AAFBBBCFF49348F01091EF90993340DB39B8858BA9

Function 00423410 Relevance: 7.6, APIs: 5, Instructions: 103synchronizationCOMMON

Download Yara Rule

APIs

midiStreamStop.WINMM(?,00000000,?,00000000,00422F7A,00000000,004B1758,00419516,004B1758,?,00413FEF,004B1758,00411FA6,00000001,00000000,000000FF), ref: 00423445
midiOutReset.WINMM(?,?,00413FEF,004B1758,00411FA6,00000001,00000000,000000FF), ref: 00423463
WaitForSingleObject.KERNEL32(?,000007D0,?,00413FEF,004B1758,00411FA6,00000001,00000000,000000FF), ref: 00423486
midiStreamClose.WINMM(?,?,00413FEF,004B1758,00411FA6,00000001,00000000,000000FF), ref: 004234C3
midiStreamClose.WINMM(?,?,00413FEF,004B1758,00411FA6,00000001,00000000,000000FF), ref: 004234F7

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: midi$Stream$Close$ObjectResetSingleStopWait
String ID:
API String ID: 3142198506-0
Opcode ID: 6c8dc901572a79377fd5c14e08dad8512a537c5c3dfcc4011f61de8af720613c
Instruction ID: 2de0a36952594c0b496d5905706dcbabe17fad82384b6fe13581ec7be44debff
Opcode Fuzzy Hash: 6c8dc901572a79377fd5c14e08dad8512a537c5c3dfcc4011f61de8af720613c
Instruction Fuzzy Hash: C3317C723006209BC721EF69E48851BB7F5FF94306B604A7FE286C6600C77CE9858B98

Function 00413100 Relevance: 7.6, APIs: 5, Instructions: 92windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 00413170
GetMenu.USER32(?), ref: 0041317F
DestroyAcceleratorTable.USER32(?), ref: 004131CC
SetMenu.USER32(?,00000000), ref: 004131E1
DestroyMenu.USER32(?,?,?,0040F3E4,?), ref: 004131F1

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Menu$Destroy$AcceleratorTableWindow
String ID:
API String ID: 1240299919-0
Opcode ID: 9848b54be2e7e55b1b4011a9008ebd42ba29c1176c635b871880dc4b513aaf61
Instruction ID: 522a9d099cca6d2581780da5ec9edd74e2d0d8e909174354553f4c8e85a0b62e
Opcode Fuzzy Hash: 9848b54be2e7e55b1b4011a9008ebd42ba29c1176c635b871880dc4b513aaf61
Instruction Fuzzy Hash: 58317772A00205AFC610EF65DC49D6B77ACEF84758B01492DFD0597281DA38F909C7A5

Function 00418D90 Relevance: 7.6, APIs: 5, Instructions: 90COMMON

Download Yara Rule

APIs

IsChild.USER32(?,?), ref: 00418DAC

Part of subcall function 0040D8A0: IsChild.USER32(?,?), ref: 0040D91D
Part of subcall function 0040D8A0: GetParent.USER32(?), ref: 0040D937

GetCursorPos.USER32(?), ref: 00418DC4
GetClientRect.USER32(?,?), ref: 00418DD3
PtInRect.USER32(?,?,?), ref: 00418DF4
SetCursor.USER32(?,?,00000000,?,?,?,?,00418A20), ref: 00418E72

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ChildCursorRect$ClientParent
String ID:
API String ID: 1110532797-0
Opcode ID: 49012007b07c6436d279a880a0d110cc2f790ba7f242952ed85222b2c824f845
Instruction ID: 73f291148dfdaf8d385eb5a354ac77947492ad58b0983f234587d27f267eb232
Opcode Fuzzy Hash: 49012007b07c6436d279a880a0d110cc2f790ba7f242952ed85222b2c824f845
Instruction Fuzzy Hash: B72193316403019BD720EF65CC49F9F73E8AF85714F044A2EF945E3281EA78E949C7A9

Function 0046E996 Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0046E99B
GetParent.USER32(?), ref: 0046E9D8
SendMessageA.USER32(?,00000464,00000104,00000000), ref: 0046EA00
GetParent.USER32(?), ref: 0046EA29
SendMessageA.USER32(?,00000465,00000104,00000000), ref: 0046EA46

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageParentSend$H_prolog
String ID:
API String ID: 1056721960-0
Opcode ID: c2f0a72ffe4fefecac5de8425d0fec985b3e67c908ed9c016b614739ff7493a1
Instruction ID: d6bc23d46988c92c0318928b5914ffe7611ba736e455df04588021c92192d6a6
Opcode Fuzzy Hash: c2f0a72ffe4fefecac5de8425d0fec985b3e67c908ed9c016b614739ff7493a1
Instruction Fuzzy Hash: 60317470901619EBDB04EFA6CC55EEEB774FF41358F10852EE425672E1EB389906CB18

Function 00408B60 Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0046F099: SendMessageA.USER32(?,0000110C,00000000,00000040), ref: 0046F0BA

SendMessageA.USER32(?,0000110A,00000004,?), ref: 00408B85
SendMessageA.USER32(?,0000110A,00000004,00000000), ref: 00408BA5
SendMessageA.USER32(?,00001101,00000000,00000000), ref: 00408BB7
SendMessageA.USER32(?,0000110A,00000004,00000000), ref: 00408BC5
SendMessageA.USER32(?,00001101,00000000,00000000), ref: 00408BD7

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 5380c9734eac1e5bf4fa347ad69a32338ba8ddd140c5d8971c64ef023c2ce676
Instruction ID: 7d8c4bb8b1346e4876ccda38f044b59c92f9781eb167ceee2e80eff8f6600820
Opcode Fuzzy Hash: 5380c9734eac1e5bf4fa347ad69a32338ba8ddd140c5d8971c64ef023c2ce676
Instruction Fuzzy Hash: FC0144F27407053AF53496665CC1F67A2AC9FD4B65F00492EB742A72C0DAF8EC064634

Function 00472B20 Relevance: 7.6, APIs: 5, Instructions: 52stringregistryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00472B25
GetClassInfoA.USER32(?,?,?), ref: 00472B40
RegisterClassA.USER32(?), ref: 00472B4B
lstrcatA.KERNEL32(00000034,?,00000001), ref: 00472B82
lstrcatA.KERNEL32(00000034,?), ref: 00472B90

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Classlstrcat$H_prologInfoRegister
String ID:
API String ID: 106226465-0
Opcode ID: 73bd361941da3a881ac7f27e8e31686ac6cd59d8b77ce12431297b3581089c50
Instruction ID: 07b4c70d589c90a0af9a687261029d8c255c442ac60ca2e1a232ee1b92d6b404
Opcode Fuzzy Hash: 73bd361941da3a881ac7f27e8e31686ac6cd59d8b77ce12431297b3581089c50
Instruction Fuzzy Hash: D411E131501255BEDB10AFB68D41ADE7BB8EF05714F00856FF80AA7252C7B8AA04CB69

Function 00464DCA Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000103,7FFFFFFF,00462452,00463F6B,00000000,?,?,00000000,00000001), ref: 00464DCC
TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 00464DDA
SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 00464E26

Part of subcall function 00462802: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00464DEF,00000001,00000074,?,?,00000000,00000001), ref: 004628F8

TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 00464DFE
GetCurrentThreadId.KERNEL32 ref: 00464E0F

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLastValue$AllocCurrentHeapThread
String ID:
API String ID: 2020098873-0
Opcode ID: 5c7e88757d53a0c04dc88e64f0d6e0c74535db92d8b304413e7d51b67374055a
Instruction ID: 11c015c2f6fd7238d572d34b1ff99ff30a56c610c1a52c9a5aa63efe25fdc4bf
Opcode Fuzzy Hash: 5c7e88757d53a0c04dc88e64f0d6e0c74535db92d8b304413e7d51b67374055a
Instruction Fuzzy Hash: 93F02B326012115BCB712B35FD0D95F3A54FF85B71B00093EF941962D0EB798800876A

Function 00479CBA Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

TlsFree.KERNEL32(00000000,?,?,0047A1C7,00000000,00000001), ref: 00479CC6
GlobalHandle.KERNEL32(00762A20), ref: 00479CEE
GlobalUnlock.KERNEL32(00000000), ref: 00479CF7
GlobalFree.KERNEL32(00000000), ref: 00479CFE
DeleteCriticalSection.KERNEL32(004B3F20,?,?,0047A1C7,00000000,00000001), ref: 00479D08

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$Free$CriticalDeleteHandleSectionUnlock
String ID:
API String ID: 2159622880-0
Opcode ID: d1d953fbdffb89ccb443f2eb8b815e8ae5a089934b24a6ff40f89d23b9a42fc1
Instruction ID: ba406b273ff2f911c979bea0a8a908f3972148199facd32204dc4973dc6a4a18
Opcode Fuzzy Hash: d1d953fbdffb89ccb443f2eb8b815e8ae5a089934b24a6ff40f89d23b9a42fc1
Instruction Fuzzy Hash: 8FF054712106005BCB615B39AD4CA6F76EDAF85720719495EF805D3351DB74DC068768

Function 0042BC20 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277COMMON

Download Yara Rule

APIs

GetCurrentObject.GDI32(?), ref: 0042BCEB
LPtoDP.GDI32(?,00000000,00000001), ref: 0042BD38
DPtoLP.GDI32(?,00000000,00000001), ref: 0042BD5B

Strings

IH, xrefs: 0042BF18

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentObject
String ID: IH
API String ID: 844725943-3180177778
Opcode ID: 2c08fff912d6d9e7788c5272ff2d53cc0b4bb48f4c35e746f662abbf4bd964ed
Instruction ID: 9b9077c907df2b54e7e272e1b46347e142be71973688523ed45e1520c8b44597
Opcode Fuzzy Hash: 2c08fff912d6d9e7788c5272ff2d53cc0b4bb48f4c35e746f662abbf4bd964ed
Instruction Fuzzy Hash: 69A1BD713087149BC728DA15D890AAFB7E9EFC8704F44891EF98A83350CB78DD45CB9A

Function 0046BF0B Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00467664: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,004628B8,00000009,00000000,00000000,00000001,00464DEF,00000001,00000074,?,?,00000000,00000001), ref: 004676A1
Part of subcall function 00467664: EnterCriticalSection.KERNEL32(?,?,?,004628B8,00000009,00000000,00000000,00000001,00464DEF,00000001,00000074,?,?,00000000,00000001), ref: 004676BC

Part of subcall function 004676C5: LeaveCriticalSection.KERNEL32(?,00461AA2,00000009,00461A8E,00000000,?,00000000,00000000,00000000), ref: 004676D2

GetTimeZoneInformation.KERNEL32(0000000C,?,?,?,0000000B,0000000B,?,0046BEFC,0046BE5F,?,?,?,?,00463558,?,?), ref: 0046BF59
WideCharToMultiByte.KERNEL32(00000220,004B4534,000000FF,0000003F,00000000,?,?,0046BEFC,0046BE5F,?,?,?,?,00463558,?,?), ref: 0046BFEF
WideCharToMultiByte.KERNEL32(00000220,004B4588,000000FF,0000003F,00000000,?,?,0046BEFC,0046BE5F,?,?,?,?,00463558,?,?), ref: 0046C028

Strings

LRJ, xrefs: 0046BFFA, 0046C005, 0046C0AF

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$ByteCharMultiWide$EnterInformationInitializeLeaveTimeZone
String ID: LRJ
API String ID: 3442286286-2554673902
Opcode ID: 93231c414ae9e1189963833bfd47dca4b3bd09455d54c92f70c4f5f389eafb7d
Instruction ID: e00e8bc7ae5a855e9e4a7cb04a7120095bae055d4424703c89d2f2514e385aff
Opcode Fuzzy Hash: 93231c414ae9e1189963833bfd47dca4b3bd09455d54c92f70c4f5f389eafb7d
Instruction Fuzzy Hash: 6E61C172504641AFD7259F69AD81BAA3FA4EB47314F24027FE090862A2F77849818F5F

Function 0040E310 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172COMMON

Download Yara Rule

APIs

Part of subcall function 00411D10: GetCurrentThreadId.KERNEL32 ref: 00411D35
Part of subcall function 00411D10: IsWindow.USER32(0002041C), ref: 00411D51
Part of subcall function 00411D10: SendMessageA.USER32(0002041C,000083E7,00411641,00000000), ref: 00411D6A
Part of subcall function 00411D10: ExitProcess.KERNEL32 ref: 00411D7F

DeleteCriticalSection.KERNEL32(004B21F8,?,?,?,?,?,?,?,?,0041947D), ref: 0040E34A

Part of subcall function 0047260F: __EH_prolog.LIBCMT ref: 00472614

Strings

#, xrefs: 0040E5C3
!, xrefs: 0040E338
$<H, xrefs: 0040E382

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalCurrentDeleteExitH_prologMessageProcessSectionSendThreadWindow
String ID: !$#$$<H
API String ID: 2888814780-4112161194
Opcode ID: ee84cef287822a964546c57646d891099d49b62b67f8e6fbc3e2d04045cdbef6
Instruction ID: cfa0b9dfa96d196b3183fc2fc76b0eb2855fc64d6aa975e1ccc88c5ceb830b0e
Opcode Fuzzy Hash: ee84cef287822a964546c57646d891099d49b62b67f8e6fbc3e2d04045cdbef6
Instruction Fuzzy Hash: 08914D701087819AD326EF75C48479ABFD4AFA5308F144C5EE8D6173D2DBBC6248CBA6

Function 0047633A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

GlobalLock.KERNEL32 ref: 00476356
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 004763A9
GlobalUnlock.KERNEL32(?), ref: 00476440

Strings

@, xrefs: 00476393

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$ByteCharLockMultiUnlockWide
String ID: @
API String ID: 231414890-2766056989
Opcode ID: b56213d7347031733fcefcd8a94bf61a6fee5429193e26ab0a6698898937a728
Instruction ID: 18e4ff848e2277fcc191764b1cc0fdcbf42c5f6f9bb2d4737491168fcb52709d
Opcode Fuzzy Hash: b56213d7347031733fcefcd8a94bf61a6fee5429193e26ab0a6698898937a728
Instruction Fuzzy Hash: 5041D631800615EBCB14DF94C8859EEBBB9FF00354F15C16EEC19AB294D3389A46CF99

Function 004105D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00410619
GetTickCount.KERNEL32 ref: 0041065E

Strings

xVJ, xrefs: 004106CF
xVJ, xrefs: 004105E1

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CountTick
String ID: xVJ$xVJ
API String ID: 536389180-2233842157
Opcode ID: c2020033e7c60212c0bf4dedeca53f815b88573f517d7f26354892f60de30651
Instruction ID: d99a4bdc84284cdb3caf63eda6893a7e4b5574e149e4821add619da50b8c1734
Opcode Fuzzy Hash: c2020033e7c60212c0bf4dedeca53f815b88573f517d7f26354892f60de30651
Instruction Fuzzy Hash: 0031F6B26053044BD720DF29AD406ABB798EBE1328F14463FF40587391DBF9A8D5879D

Function 0047A5CB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetMenuCheckMarkDimensions.USER32 ref: 0047A5D7
CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 0047A686
LoadBitmapA.USER32(00000000,00007FE3), ref: 0047A69E

Strings

, xrefs: 0047A5E6

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu
String ID:
API String ID: 2596413745-3916222277
Opcode ID: 0801a2753e17370adac7bde0898bf93cef199382bac0fa1b1085de3e48e57eb1
Instruction ID: a2c1e7168f40da38a2397bf591b2d16acc17b4e53ed798cdca1f957b729e5d66
Opcode Fuzzy Hash: 0801a2753e17370adac7bde0898bf93cef199382bac0fa1b1085de3e48e57eb1
Instruction Fuzzy Hash: A9213A72E00215AFDB10CB78DC89BAE7B74EB80300F15456AE549EB282D6749A448B54

Function 00433D60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0046E721: __EH_prolog.LIBCMT ref: 0046E726
Part of subcall function 0046E721: lstrcpynA.KERNEL32(?,?,00000104), ref: 0046E813

Part of subcall function 0046E8BB: lstrlenA.KERNEL32(?,?,?,0000000C,?,?,0041D979,?,-00000001,00000000,?,?,?,0049CBD8), ref: 0046E8C5
Part of subcall function 0046E8BB: GetFocus.USER32 ref: 0046E8E0
Part of subcall function 0046E8BB: IsWindowEnabled.USER32(?), ref: 0046E909
Part of subcall function 0046E8BB: EnableWindow.USER32(?,00000000), ref: 0046E91B
Part of subcall function 0046E8BB: GetOpenFileNameA.COMDLG32(?,?), ref: 0046E946
Part of subcall function 0046E8BB: EnableWindow.USER32(?,00000001), ref: 0046E964
Part of subcall function 0046E8BB: IsWindow.USER32(?), ref: 0046E96A
Part of subcall function 0046E8BB: SetFocus.USER32(?), ref: 0046E978

Part of subcall function 0046E996: __EH_prolog.LIBCMT ref: 0046E99B
Part of subcall function 0046E996: GetParent.USER32(?), ref: 0046E9D8
Part of subcall function 0046E996: SendMessageA.USER32(?,00000464,00000104,00000000), ref: 0046EA00
Part of subcall function 0046E996: GetParent.USER32(?), ref: 0046EA29
Part of subcall function 0046E996: SendMessageA.USER32(?,00000465,00000104,00000000), ref: 0046EA46

Part of subcall function 00474886: SetWindowTextA.USER32(?,0041C0DA), ref: 00474894

Part of subcall function 004705A7: InterlockedDecrement.KERNEL32(-000000F4), ref: 004705BB

SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 00433E0D
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00433E1C

Part of subcall function 004749C1: SetFocus.USER32(?,00478B6F), ref: 004749CB

Strings

out.prn, xrefs: 00433D89
prn, xrefs: 00433D8E

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend$Focus$EnableH_prologParent$DecrementEnabledFileInterlockedNameOpenTextlstrcpynlstrlen
String ID: out.prn$prn
API String ID: 4074345921-3109735852
Opcode ID: 60e3d2ebd2c8e7bf3ea7110ad6329afabd56ea7568b3b907851df04e7acb554e
Instruction ID: 30631d79f63d4be315731cca3dabe3fe0e32a8c1789fd793bc1602fea3bab67b
Opcode Fuzzy Hash: 60e3d2ebd2c8e7bf3ea7110ad6329afabd56ea7568b3b907851df04e7acb554e
Instruction Fuzzy Hash: 29219275248380ABD234EB15CC46B9BBBE4AB84714F104B1EB49A572D2CBB85444CB57

Function 00414C30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

GetClassInfoA.USER32(?,WTWindow,00000000), ref: 00414C58
LoadCursorA.USER32(00000000,00007F00), ref: 00414C69
GetStockObject.GDI32(00000005), ref: 00414C73

Strings

WTWindow, xrefs: 00414C4C, 00414C56

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassCursorInfoLoadObjectStock
String ID: WTWindow
API String ID: 1762135420-3503404378
Opcode ID: 087f90241b5dc7a20e158175799191f1d4253724592584aa4fe9ea9f24e3aaac
Instruction ID: b2c3349568afd0dbf90d6a28d4c3f73e040da5e72771251d8ca369ef03940a44
Opcode Fuzzy Hash: 087f90241b5dc7a20e158175799191f1d4253724592584aa4fe9ea9f24e3aaac
Instruction Fuzzy Hash: A211AC71909341AFC300DF66988455FBBE8FB88754F41482EF98893211E73899488B9A

Function 00477A3B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(00000000,000000F0), ref: 00477A4C
GetClassNameA.USER32(00000000,?,0000000A), ref: 00477A67
lstrcmpiA.KERNEL32(?,combobox), ref: 00477A76

Strings

combobox, xrefs: 00477A70

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClassLongNameWindowlstrcmpi
String ID: combobox
API String ID: 2054663530-2240613097
Opcode ID: a07fff2de7add7b1c9261415c378c76d0e539d8c7faa2182cabe2db77f86095b
Instruction ID: 86268058aada3d1ace4482129db99be32bafcb854ac995c06165e6a0c05c8e72
Opcode Fuzzy Hash: a07fff2de7add7b1c9261415c378c76d0e539d8c7faa2182cabe2db77f86095b
Instruction Fuzzy Hash: 98E06532668108BFDF41AF60CC49A9D3BA8EB10741F208926B516D50A0D678E6598B59

Function 0047AD13 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(004B40B0,?,?,?,0046E0F0,00000000,00000001), ref: 0047AD39
DeleteCriticalSection.KERNEL32(004B40C8,?,?,?,0046E0F0,00000000,00000001), ref: 0047AD4B

Strings

h@K, xrefs: 0047AD3B
`BK, xrefs: 0047AD55

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalDeleteSection
String ID: `BK$h@K
API String ID: 166494926-59384904
Opcode ID: a6c5c78a707c3143112c3506ea813f56bfba0f49c5a1211c40b200c0755868e6
Instruction ID: 1743409ebb8c4c2e3323c5b8c04b8e6d23342c9601e5edd139d25eb7b50c12dd
Opcode Fuzzy Hash: a6c5c78a707c3143112c3506ea813f56bfba0f49c5a1211c40b200c0755868e6
Instruction Fuzzy Hash: 17E092325042149BCBB81B08EC843C97265D7C03A2F1982BBE94451163837D0C54E7AE

Function 004651DF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(KERNEL32,0046023C), ref: 004651E4
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 004651F4

Strings

KERNEL32, xrefs: 004651DF
IsProcessorFeaturePresent, xrefs: 004651EE

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: c05617972a04ef367471d83178e276c840bc070f25aca56c163331ad217a6de7
Instruction ID: b947a4884e6f73f8cbfacbe7e3fa4395fab47da61edd73bdb3cc14f2f6453063
Opcode Fuzzy Hash: c05617972a04ef367471d83178e276c840bc070f25aca56c163331ad217a6de7
Instruction Fuzzy Hash: 93C01230B9270167FA902BB2AC19F1E25482B58F03F18086BA811D01C0EAACC1109B2F

Function 004636C6 Relevance: 6.5, APIs: 5, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794d258df2044fbb053178da2a9b2fdc925791f29294f0e79c6d5f8a951b5be2
Instruction ID: 4e504ab39d59437e233e9fe98d3b7623e63aa8742b6b74e4a984193a220f2c6f
Opcode Fuzzy Hash: 794d258df2044fbb053178da2a9b2fdc925791f29294f0e79c6d5f8a951b5be2
Instruction Fuzzy Hash: 999105B1D00654ABCF11AF69CC40ADE7BB8EF44765F24022BF414A6291F7798E40CB6E

Function 004693EC Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(00000000,00002020,004A2FD0,?,?,?,004698B8,00000000,00000010,00000000,00000009,00000009,?,00461A81,00000010,00000000), ref: 0046940D
VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,004698B8,00000000,00000010,00000000,00000009,00000009,?,00461A81,00000010,00000000), ref: 00469431
VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,004698B8,00000000,00000010,00000000,00000009,00000009,?,00461A81,00000010,00000000), ref: 0046944B
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,004698B8,00000000,00000010,00000000,00000009,00000009,?,00461A81,00000010,00000000,?), ref: 0046950C
HeapFree.KERNEL32(00000000,00000000,?,?,004698B8,00000000,00000010,00000000,00000009,00000009,?,00461A81,00000010,00000000,?,00000000), ref: 00469523

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual$FreeHeap
String ID:
API String ID: 714016831-0
Opcode ID: e8aa23a04912d0fddc548e6d4b43d3097c6f5d7fea992a2e286f82d6fa2411b6
Instruction ID: 06b7dd2041e41c834bfaa8de8c4e8ce758a6251316708016bb6df734ccca8032
Opcode Fuzzy Hash: e8aa23a04912d0fddc548e6d4b43d3097c6f5d7fea992a2e286f82d6fa2411b6
Instruction Fuzzy Hash: 31312471600701AFD7218F28ED44B267BA8E745758F10453EF55697390EBF8AC41EB4E

Function 00423D70 Relevance: 6.2, APIs: 4, Instructions: 246COMMON

Download Yara Rule

APIs

midiStreamOpen.WINMM(?,?,00000001,004243A0,?,00030000,?,?,?,00000000), ref: 00423D9B
midiStreamProperty.WINMM ref: 00423E82
midiOutPrepareHeader.WINMM(?,?,00000040,00000001,?,?,?,?,00000000), ref: 00423FD0

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: midi$Stream$HeaderOpenPrepareProperty
String ID:
API String ID: 2061886437-0
Opcode ID: f733012794e91635585f8038cfb04d320df5adcaba872f4c2558489aeb59b974
Instruction ID: 531c96531b89c03bb8009b208d5267e23dfa898db2120bd1857b34cc341d1983
Opcode Fuzzy Hash: f733012794e91635585f8038cfb04d320df5adcaba872f4c2558489aeb59b974
Instruction Fuzzy Hash: 12A158713006158FD724DF28E894BAAB7F6FB84304F514A2EE686C7650EB39F919CB44

Function 0046AC68 Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(000001D0,000001D0,00000000,000001D0,00000000,00000000,00000000,00000000), ref: 0046ACE2
GetLastError.KERNEL32 ref: 0046ACEC
ReadFile.KERNEL32(?,?,00000001,000001D0,00000000), ref: 0046ADB2
GetLastError.KERNEL32 ref: 0046ADBC

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorFileLastRead
String ID:
API String ID: 1948546556-0
Opcode ID: 12780b1cfdfd8a02b74da9b04a0e860fa650dd8b086130470662658055020751
Instruction ID: dbab09f1e0f1b135e3ca11760032d7ec3fbcb872cf6b52b2fb2dbd97c5a27b78
Opcode Fuzzy Hash: 12780b1cfdfd8a02b74da9b04a0e860fa650dd8b086130470662658055020751
Instruction Fuzzy Hash: FA51F3306047859FCF218F98C8847AA7BB1BF12305F14449BE465AB351E3799966CF1B

Function 00409410 Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004770AE: __EH_prolog.LIBCMT ref: 004770B3
Part of subcall function 004770AE: BeginPaint.USER32(?,?,?,?,00405BA9), ref: 004770DC

Part of subcall function 00476C5F: GetClipBox.GDI32(?,?), ref: 00476C66

IsRectEmpty.USER32(?), ref: 00409456
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 004094DD
GetCurrentObject.GDI32(?,00000006), ref: 0040956A
GetClientRect.USER32(?,?), ref: 004095DC

Part of subcall function 00477120: __EH_prolog.LIBCMT ref: 00477125
Part of subcall function 00477120: EndPaint.USER32(?,?,?,?,00405C23), ref: 00477142

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: H_prologPaintRect$BeginClientClipCurrentEmptyObject
String ID:
API String ID: 3717962522-0
Opcode ID: a3c416dec4827ffc71d032108aa877cddfd5c86a1d3600148ece5554f6d5b332
Instruction ID: 0202c51980066ecdd55aecf8c4809cfe39cc2baf0dd0c463222b0e1676f90856
Opcode Fuzzy Hash: a3c416dec4827ffc71d032108aa877cddfd5c86a1d3600148ece5554f6d5b332
Instruction Fuzzy Hash: 3E617E71508340AFC324EF65C855FABB7E8FB94714F40891EF59A83282DB38E909CB56

Function 00421E60 Relevance: 6.2, APIs: 4, Instructions: 169windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00421E72
PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 00421ECA
__ftol.LIBCMT ref: 00421FB5
__ftol.LIBCMT ref: 00421FC2

Part of subcall function 00476842: SelectObject.GDI32(00403985,00000000), ref: 00476864
Part of subcall function 00476842: SelectObject.GDI32(00403985,?), ref: 0047687A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ObjectSelect__ftol$ClientRect
String ID:
API String ID: 2514210182-0
Opcode ID: 2153ddedf8af304e89cd4ac9324bf69ecd94aefaaabeeeb4c8f509d7c800e150
Instruction ID: 6d4e789ac395a0c04a3a7eb68a2dbb64a3dc55b29783127173220dbefd6ade4f
Opcode Fuzzy Hash: 2153ddedf8af304e89cd4ac9324bf69ecd94aefaaabeeeb4c8f509d7c800e150
Instruction Fuzzy Hash: 3451CDB17083029FC314CE29D98096BBBE5FBD8300F558A2EF89993261D774ED458B96

Function 00435E40 Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 00435E7E
GetDC.USER32(?), ref: 00435FE2
ReleaseDC.USER32(?,?), ref: 00436006
DeleteObject.GDI32(?), ref: 00436038

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DeleteObject$Release
String ID:
API String ID: 2600533906-0
Opcode ID: e5252421744c83c2430a743f2442f09370ff914965bd720f5d4b69491c69e3ab
Instruction ID: e06892dbe0d6f93123442a51bf3831dc1d52ce735efd8b94a746ab1d9de71aab
Opcode Fuzzy Hash: e5252421744c83c2430a743f2442f09370ff914965bd720f5d4b69491c69e3ab
Instruction Fuzzy Hash: 2A515DB1A006049FDF54DF28C880B9A7BE5BB58300F0885BAED4DCF306DB759949CB69

Function 0040DE60 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 0047A1F3: __EH_prolog.LIBCMT ref: 0047A1F8
Part of subcall function 0047A1F3: GetCurrentThread.KERNEL32 ref: 0047A246
Part of subcall function 0047A1F3: GetCurrentThreadId.KERNEL32 ref: 0047A24F

Part of subcall function 00422DE0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,00419438), ref: 00422E55

InitializeCriticalSection.KERNEL32(004B21F8), ref: 0040E172

Strings

(<H, xrefs: 0040DEDF
zA, xrefs: 0040DEF6, 0040DF09, 0040DF1C, 0040DF2F, 0040DF42, 0040DF55, 0040DF68, 0040DFA2, 0040DFB5, 0040DFC8, 0040DFDB, 0040E0BF
$<H, xrefs: 0040E02D

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentThread$CreateCriticalEventH_prologInitializeSection
String ID: zA$$<H$(<H
API String ID: 1775145326-2325087807
Opcode ID: cdf7d0df99ad558857189de592d39d1b81fb42ed07e134e218f7cc70ef50211c
Instruction ID: da4a05e2a45a7a91781da3e20daaa20e110793f40177db133a60e0f0994a359b
Opcode Fuzzy Hash: cdf7d0df99ad558857189de592d39d1b81fb42ed07e134e218f7cc70ef50211c
Instruction Fuzzy Hash: E781C9B4900B018BC365DF36C5857DAFBE8BF95344F404C2FD9AB57292DBB822488B55

Function 0040F4E0 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0040F554
GetParent.USER32(?), ref: 0040F5A4
IsWindow.USER32(?), ref: 0040F5C4
SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 0040F63F

Part of subcall function 00474958: ShowWindow.USER32(?,?,00475515,?,?,?,00000363,00000001,00000000,?,?,?,00474D7D,?), ref: 00474966

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ParentShow
String ID:
API String ID: 2052805569-0
Opcode ID: 385deb710d20085155a6ed8a32af39c4331575cbc601dcb73d5cf32691e4c739
Instruction ID: 0a491a77de04f354d2a6f4523cae60de77c30c99b55a334c0e2e09e7c891a95a
Opcode Fuzzy Hash: 385deb710d20085155a6ed8a32af39c4331575cbc601dcb73d5cf32691e4c739
Instruction Fuzzy Hash: 6C41B271604301ABD320EF619C81BAB73A8AF84754F04493EFD04AB7C1D779E90A87A9

Function 004049A0 Relevance: 6.1, APIs: 4, Instructions: 144windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0047497F: IsWindowEnabled.USER32(?), ref: 00474989

IsWindowVisible.USER32(?), ref: 004049DA

Part of subcall function 0047294B: GetWindowTextLengthA.USER32(?), ref: 00472958
Part of subcall function 0047294B: GetWindowTextA.USER32(?,00000000,00000000), ref: 00472970

Part of subcall function 0046F1A2: SendMessageA.USER32(?,00000466,00000000,00000000), ref: 0046F1AE

wsprintfA.USER32 ref: 00404A74
SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 00404AA0
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00404AAF

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend$Text$EnabledLengthVisiblewsprintf
String ID:
API String ID: 1914814478-0
Opcode ID: 882a26693d362989fdd54d8a7a1ddf89af00426346e52520260358cf95497114
Instruction ID: 60cc15e875bf1d1780af82b3b09c66cb2950f8b654ca9964fad990771b479a47
Opcode Fuzzy Hash: 882a26693d362989fdd54d8a7a1ddf89af00426346e52520260358cf95497114
Instruction Fuzzy Hash: A85169B56047019FC324DF14C981B9BB7B5BBC8710F10892EE59997780DB78E801CB96

Function 0046AA78 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 0046AB3F

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: b1f9caab5159cd0bc7484b74feae9a919d1dc22bb5b8ba55e3194a26b65788ef
Instruction ID: 6e08e9ae8a9a6e258dd79ad17aa331586319172b06abbfae98d7d309c54471a3
Opcode Fuzzy Hash: b1f9caab5159cd0bc7484b74feae9a919d1dc22bb5b8ba55e3194a26b65788ef
Instruction Fuzzy Hash: D8519031900648EFCB11CF68C984A9D7BB1FF41740F14859BE515AB261E774EA50CF5B

Function 0042DB10 Relevance: 6.1, APIs: 4, Instructions: 108windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 0042DB84
SendMessageA.USER32(?,000000B1,?,000000FF), ref: 0042DBDD
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0042DBEC
SendMessageA.USER32(?,000000C2,00000000,?), ref: 0042DC1A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Window
String ID:
API String ID: 2326795674-0
Opcode ID: 1953b7f2948f401faa94ebaafbfb14d4cd82d7a8df47a72dbb9502deb5f1e15a
Instruction ID: 8291e829002288923fa45ee403f278aedfae72ab95f59125a2ee89a8dd422944
Opcode Fuzzy Hash: 1953b7f2948f401faa94ebaafbfb14d4cd82d7a8df47a72dbb9502deb5f1e15a
Instruction Fuzzy Hash: 1841C172A487519FD324DB1AD880B5BBBE4EB95720F448B2EF5A5873D0C3789404CB9A

Function 00442060 Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON

Download Yara Rule

APIs

CreateSolidBrush.GDI32(?), ref: 004420EA
SendMessageA.USER32(?,00000030,00000000,00000000), ref: 0044212E
SendMessageA.USER32(?,000000B1,?,000000FF), ref: 00442164
SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00442173

Part of subcall function 00474886: SetWindowTextA.USER32(?,0041C0DA), ref: 00474894

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$BrushCreateSolidTextWindow
String ID:
API String ID: 3501373727-0
Opcode ID: ad1280ce768b753113c5ca37051a5c06f0c82cd39e62bad59a29fdb830677555
Instruction ID: d09d7ebe03380ac34724c39eb1a86679469e3641bd971d5927abd4352e588d9d
Opcode Fuzzy Hash: ad1280ce768b753113c5ca37051a5c06f0c82cd39e62bad59a29fdb830677555
Instruction Fuzzy Hash: 48314DB0604700AFD314DF19C841B2AF7E5FB88B14F508A1EF59997791CBB8E804CB59

Function 00439090 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00439138

Strings

4I, xrefs: 00439110
I8, xrefs: 00439108, 00439120, 0043912D
0%x, xrefs: 00439121

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID: 0%x$4I$I8
API String ID: 2111968516-1967673027
Opcode ID: e7019a156b9f0a9efdd95ff1ddb42459004309c77a62c8abb179a21f0007bffb
Instruction ID: 58459cd82c1f68d73c62e555b4b947829e4959f759893896cedd9fab11f3a260
Opcode Fuzzy Hash: e7019a156b9f0a9efdd95ff1ddb42459004309c77a62c8abb179a21f0007bffb
Instruction Fuzzy Hash: 022147722143046AEB18C624C856B7F7BE9EBC8360F54192FF592972C1CAED9D05C39A

Function 00478019 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00478191: GetParent.USER32(?), ref: 004781C4
Part of subcall function 00478191: GetLastActivePopup.USER32(?), ref: 004781D3
Part of subcall function 00478191: IsWindowEnabled.USER32(?), ref: 004781E8
Part of subcall function 00478191: EnableWindow.USER32(?,00000000), ref: 004781FB

SendMessageA.USER32(?,00000376,00000000,00000000), ref: 0047804F
GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 004780BD
MessageBoxA.USER32(00000000,?,?,00000000), ref: 004780CB
EnableWindow.USER32(00000000,00000001), ref: 004780E7

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$EnableMessage$ActiveEnabledFileLastModuleNameParentPopupSend
String ID:
API String ID: 1958756768-0
Opcode ID: 7c1eea87c18a70297d9e97efeda8f1fd2ffc35b6f1eb4a8a47805b9e1bb0debb
Instruction ID: d296e9866272442bf910b77466fb63bb9bb590d98cdf2d3d419151f0d07817ac
Opcode Fuzzy Hash: 7c1eea87c18a70297d9e97efeda8f1fd2ffc35b6f1eb4a8a47805b9e1bb0debb
Instruction Fuzzy Hash: 7821B671A40148AFDB209FA4CC89FEEB7B5EB44700F55853EE618E3240CB759D888B65

Function 0040B200 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON

Download Yara Rule

APIs

GetMessagePos.USER32 ref: 0040B298
ScreenToClient.USER32(?,?), ref: 0040B2BA
ChildWindowFromPointEx.USER32(?,?,?,00000005), ref: 0040B2D0
GetFocus.USER32 ref: 0040B2DB

Part of subcall function 004749C1: SetFocus.USER32(?,00478B6F), ref: 004749CB

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Focus$ChildClientFromMessagePointScreenWindow
String ID:
API String ID: 3117237277-0
Opcode ID: 449e68cfa37bc267a66eff0f78ab47558aeca5a289faf6cd67cc8caba599ca69
Instruction ID: ee328bdc25e47406a2481fcf1b704ba8cde3a608577fefe5304dce6731f06837
Opcode Fuzzy Hash: 449e68cfa37bc267a66eff0f78ab47558aeca5a289faf6cd67cc8caba599ca69
Instruction Fuzzy Hash: F821C331300202ABD214EB65DC46F6FB3A9EF80704F00853EFD45972D1DB38E9468BA9

Function 004600E1 Relevance: 6.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

GetVersion.KERNEL32 ref: 00460107

Part of subcall function 00464FA6: HeapCreate.KERNELBASE(00000000,00001000,00000000,0046013F,00000001), ref: 00464FB7
Part of subcall function 00464FA6: HeapDestroy.KERNEL32 ref: 00464FF6

GetCommandLineA.KERNEL32 ref: 00460167
GetStartupInfoA.KERNEL32(?), ref: 00460192
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004601B5

Part of subcall function 0046020E: ExitProcess.KERNEL32 ref: 0046022B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
String ID:
API String ID: 2057626494-0
Opcode ID: d16d344d58aaa94bef030320af7e2fa0ce167b3be35c47a0c16493a58cbf5aab
Instruction ID: 618b69a70a5e95208b2d98744a589763f036c77f2640254935d7c2a49d78e4f9
Opcode Fuzzy Hash: d16d344d58aaa94bef030320af7e2fa0ce167b3be35c47a0c16493a58cbf5aab
Instruction Fuzzy Hash: 842194B1940704AFDB08BFA5DC45A6E7BA8EF85714F10062FF9059B291FB788940875A

Function 00442900 Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000002D), ref: 00442929
SystemParametersInfoA.USER32 ref: 00442983
CreateFontIndirectA.GDI32(?), ref: 00442991
CreatePalette.GDI32(00000300), ref: 004429E9

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateSystem$FontIndirectInfoMetricsPaletteParameters
String ID:
API String ID: 934993634-0
Opcode ID: 98ef6ab55d7027477768e09018e3966ef2e6f3befe458d852e9d437576f4e108
Instruction ID: 5bdbbdee50b29d95feb4efa3329655b751d3a1052ce8a5dac7e373946f2e637c
Opcode Fuzzy Hash: 98ef6ab55d7027477768e09018e3966ef2e6f3befe458d852e9d437576f4e108
Instruction Fuzzy Hash: AE318EB01047408FD320CF29C888A9BFBF5FF85304F90896EE19A8B751DBB5A408CB11

Function 0040BB10 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

StartPage.GDI32(?), ref: 0040BB55
EndPage.GDI32(?), ref: 0040BB7B

Part of subcall function 00419C00: wsprintfA.USER32 ref: 00419C0F

Part of subcall function 00474886: SetWindowTextA.USER32(?,0041C0DA), ref: 00474894

UpdateWindow.USER32(?), ref: 0040BBCA
EndPage.GDI32(?), ref: 0040BBE2

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Page$Window$StartTextUpdatewsprintf
String ID:
API String ID: 104827578-0
Opcode ID: 609e66435351e4a79371521726b3bcd5fa6d68c1fddbea3caaf7cd9b349dd7e9
Instruction ID: 87ba11e2e626db3d9814eb7ee0c28daca2fe660ed602c7142ccffde93ad5c055
Opcode Fuzzy Hash: 609e66435351e4a79371521726b3bcd5fa6d68c1fddbea3caaf7cd9b349dd7e9
Instruction Fuzzy Hash: 0C214F71611B019BC2249B3ADC88A9BB7E8EFC4704F108C2EE49ED7250E738B4458B99

Function 00405A90 Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetParent.USER32(000000D0), ref: 00405ABC
GetParent.USER32(?), ref: 00405AD1
SetParent.USER32(?,?), ref: 00405AEF
GetWindowRect.USER32(?,?), ref: 00405B04

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Parent$RectWindow
String ID:
API String ID: 2276825053-0
Opcode ID: 93055356e07a212889aefcfdcb86a1fe6cc8a713495eed9e5e831d58e1733525
Instruction ID: a95a4a9bf1e6ddd97af65195edee9d08e62baa9e4538d6a33e81138c428cdcba
Opcode Fuzzy Hash: 93055356e07a212889aefcfdcb86a1fe6cc8a713495eed9e5e831d58e1733525
Instruction Fuzzy Hash: D3118EB16007055FD724EF68C884A6BB7ADEB84300F048A2EF94597341DA78EC098BA4

Function 0046CEDC Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 0046CF0B
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,?,00000000,00000000), ref: 0046CF1E
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0046CF6A
CompareStringW.KERNEL32(00451906,00000000,00000000,00000000,?,00000000,?,00000000), ref: 0046CF82

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharMultiWide$CompareString
String ID:
API String ID: 376665442-0
Opcode ID: 672e03faa4bc7afbf34f45af902120bd2390cc24a7a0d28ca6d20ed628fee78e
Instruction ID: 8cc302987747451bac02fbaeddbaac56c10c20de528c92855af068a8ce65a908
Opcode Fuzzy Hash: 672e03faa4bc7afbf34f45af902120bd2390cc24a7a0d28ca6d20ed628fee78e
Instruction Fuzzy Hash: A5212F3290120AEBCF258F94CC859EE7FB6FF48360F14416AFA51621A0D3369D61DF95

Function 00403010 Relevance: 6.1, APIs: 4, Instructions: 63windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000030,?,00000001), ref: 0040306D
SendMessageA.USER32(?,00000030,?,00000001), ref: 00403086
GetStockObject.GDI32(00000011), ref: 00403091
SendMessageA.USER32(?,00000030,00000000,00000001), ref: 004030A4

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$ObjectStock
String ID:
API String ID: 1309931672-0
Opcode ID: 3138aeaca05cfcafa8a7e521e455dfbcd567fae8d841dbdd283de1be525f06ae
Instruction ID: 0b101a0be3881fc00d1f89509d7409463d0613047af7ae507cc0b546f228ad37
Opcode Fuzzy Hash: 3138aeaca05cfcafa8a7e521e455dfbcd567fae8d841dbdd283de1be525f06ae
Instruction Fuzzy Hash: 3C119032311710AFCA94DF15E844F9B77A9AF88B11F00882EFA449B2C1C775ED41C7A5

Function 0040DA60 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32(?), ref: 0040DA6D

Part of subcall function 0040D8A0: IsChild.USER32(?,?), ref: 0040D91D
Part of subcall function 0040D8A0: GetParent.USER32(?), ref: 0040D937

SendMessageA.USER32(00000000,000000F0,00000000,00000000), ref: 0040DAC6
SendMessageA.USER32(00000000,000000F1,00000000,00000000), ref: 0040DAD6
GetWindow.USER32(00000000,00000002), ref: 0040DADB

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendWindow$ChildParent
String ID:
API String ID: 1043810220-0
Opcode ID: e08c29bec9c75a3ce72ba9fc16d5f0921e03a715b079be66c8c0cb959efd221f
Instruction ID: e95aa869f2cce8409c1a1dece69f51a29aba9380d775d9efaa4438bc8b4401f6
Opcode Fuzzy Hash: e08c29bec9c75a3ce72ba9fc16d5f0921e03a715b079be66c8c0cb959efd221f
Instruction Fuzzy Hash: 0801D431B8171277E63192A99C92F6B725C9F41B50F140236BB01FB2D0DEB8EC04876C

Function 00432E30 Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00432E4B
SendMessageA.USER32(?,000083EB,?,00000000), ref: 00432E75
SendMessageA.USER32(?,000083EC,?,00000000), ref: 00432E89
SendMessageA.USER32(?,000083E9,?,00000000), ref: 00432EAC

Part of subcall function 004748AD: GetDlgCtrlID.USER32(?), ref: 004748B7

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CtrlParent
String ID:
API String ID: 1383977212-0
Opcode ID: 7561dd1b31211a22ad635ddfce7ceec6a06649dfdae1ed2b6020e0b0e68f0083
Instruction ID: 02d2983806700a27e02060066f45ce789321ddf111054b6dbb900072638f1e09
Opcode Fuzzy Hash: 7561dd1b31211a22ad635ddfce7ceec6a06649dfdae1ed2b6020e0b0e68f0083
Instruction Fuzzy Hash: DB0171753006043BD2206AA98C82E6FB2ADAFC8B15B04851EB505C7280CFA9ED0147A9

Function 00470C32 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 00470C66
GetCurrentProcess.KERNEL32(?,00000000), ref: 00470C6C
DuplicateHandle.KERNEL32(00000000), ref: 00470C6F
GetLastError.KERNEL32(00000000), ref: 00470C89

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CurrentProcess$DuplicateErrorHandleLast
String ID:
API String ID: 3907606552-0
Opcode ID: f416c217c9909dadc122f242dee4a7d4b86e9cff53188b229ed8cdb32ee3e42e
Instruction ID: 8ffd26d7bb7b35724daf35dc1d3c3fd5969fcef0f56065f0658c463515f89473
Opcode Fuzzy Hash: f416c217c9909dadc122f242dee4a7d4b86e9cff53188b229ed8cdb32ee3e42e
Instruction Fuzzy Hash: 6301D871700200FFDB119BA5CC89F9E7798DF84324F14852AF609DB281DAB4EC008764

Function 0046F515 Relevance: 6.0, APIs: 4, Instructions: 50COMMON

Download Yara Rule

APIs

WindowFromPoint.USER32(?,?), ref: 0046F52D
GetParent.USER32(00000000), ref: 0046F53A
ScreenToClient.USER32(00000000,?), ref: 0046F55B
IsWindowEnabled.USER32(00000000), ref: 0046F574

Part of subcall function 00477A3B: GetWindowLongA.USER32(00000000,000000F0), ref: 00477A4C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$ClientEnabledFromLongParentPointScreen
String ID:
API String ID: 2204725058-0
Opcode ID: 8a86ee3b11d9cd4711f70336df4d07239716611c7067d32376e3e68919f976a3
Instruction ID: 247c7b7439a1b094ff73e442d3d24700e66f6357a141968abe0d1498abe7fbc3
Opcode Fuzzy Hash: 8a86ee3b11d9cd4711f70336df4d07239716611c7067d32376e3e68919f976a3
Instruction Fuzzy Hash: 3B01DF36601610BB87129F58AC04DAFBBB9AF89740B04413EFA06D3311FB34DE058BA9

Function 004030B0 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,00000030,?,00000001), ref: 004030E1
SendMessageA.USER32(?,00000030,?,00000001), ref: 004030F9
GetStockObject.GDI32(00000011), ref: 00403103
SendMessageA.USER32(?,00000030,00000000,00000001), ref: 00403123

Part of subcall function 00402EF0: CreateFontIndirectA.GDI32 ref: 00402F39

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CreateFontIndirectObjectStock
String ID:
API String ID: 1613733799-0
Opcode ID: 6ccb44f6850b70b7d1f6aaee8af729372108a89ce34f5d9374a68af40a51c811
Instruction ID: 2660688efd0f123c5503fe9dd28f98544c85504c6cc894fdf15b1331fad1b4a5
Opcode Fuzzy Hash: 6ccb44f6850b70b7d1f6aaee8af729372108a89ce34f5d9374a68af40a51c811
Instruction Fuzzy Hash: 97018C36210310BFCA909B50EC45F9B37A9AF88721F018869BA449B291C7B5E982CB94

Function 004735EA Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 004735F5
GetTopWindow.USER32(00000000), ref: 00473608
GetTopWindow.USER32(?), ref: 00473638
GetWindow.USER32(00000000,00000002), ref: 00473653

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Item
String ID:
API String ID: 369458955-0
Opcode ID: 70cd99b6f242c3c32befb63a58639bc9f8ffff35dfc40dd3d8c88050b2e1ebce
Instruction ID: 2f899347754a41181163a1c4a77a2f0c3ab603d6a986ab450eb6217a7793d60a
Opcode Fuzzy Hash: 70cd99b6f242c3c32befb63a58639bc9f8ffff35dfc40dd3d8c88050b2e1ebce
Instruction Fuzzy Hash: B8012C32501519B78B326F668C04EDF7B59AF21796F00C427FE18A5360D739CA11BAAD

Function 00473663 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32(?), ref: 00473671
SendMessageA.USER32(00000000,?,?,?), ref: 004736A7
GetTopWindow.USER32(00000000), ref: 004736B4
GetWindow.USER32(00000000,00000002), ref: 004736D2

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$MessageSend
String ID:
API String ID: 1496643700-0
Opcode ID: 45436cd70031c2eb1db8c456809cbcf3c031011974066999bb273cd2898c8b76
Instruction ID: 6e45eae692a6c6d6a02aa16825b2db2c967215ed7294ddbd498170246e9940bd
Opcode Fuzzy Hash: 45436cd70031c2eb1db8c456809cbcf3c031011974066999bb273cd2898c8b76
Instruction Fuzzy Hash: 9801E93200121ABBCF225F95DC05EDF3B69AF45752F048416FA1855270C73ACA76EBAD

Function 0047514C Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON

Download Yara Rule

APIs

EnableMenuItem.USER32(?,?,?), ref: 00475174
GetFocus.USER32 ref: 00475187
GetParent.USER32(?), ref: 00475195
GetNextDlgTabItem.USER32(?,?,00000000), ref: 004751B1

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Item$EnableFocusMenuNextParent
String ID:
API String ID: 988757621-0
Opcode ID: ce5366319af52ef8f922c0385b37ad5377833f6379a72f3734d88d259adc0f64
Instruction ID: d0b56b6a67111a26d013d95eea00bd80c52b87b405290486af3ff8bbeee11d59
Opcode Fuzzy Hash: ce5366319af52ef8f922c0385b37ad5377833f6379a72f3734d88d259adc0f64
Instruction Fuzzy Hash: A7118871614B00AFDB389F24DC59B6B77B5EF40316F10CA2EF54A8A5A0C7B8E845CB58

Function 004783BD Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 004783E9
RegCloseKey.ADVAPI32(00000000,?,?), ref: 004783F2
wsprintfA.USER32 ref: 0047840E
WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 00478427

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClosePrivateProfileStringValueWritewsprintf
String ID:
API String ID: 1902064621-0
Opcode ID: f03f6f7dea6aa6303b68fb3ee79483fbf1949539f0abc9b3c14d232d25e6c265
Instruction ID: 309015faaa86727d33ee3e8bda04c469ef85cd8597d30637126ca2fefe90a392
Opcode Fuzzy Hash: f03f6f7dea6aa6303b68fb3ee79483fbf1949539f0abc9b3c14d232d25e6c265
Instruction Fuzzy Hash: C501A272440219BBCB116F64DC0DFEE37A8FF08714F04882AFA15960A0EBB4C924CB88

Function 00434810 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 43COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00434853
wsprintfA.USER32 ref: 00434869

Strings

gfff, xrefs: 0043481B
%d.%d, xrefs: 00434863

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID: %d.%d$gfff
API String ID: 2111968516-3773932281
Opcode ID: 994abde158e7b5c3cffac74f0d4b0ceb134dd79de7e238c031874412e7e23962
Instruction ID: 6a105de585cab420195f334170f15fff776f9be9904ea964717e2fa73158591c
Opcode Fuzzy Hash: 994abde158e7b5c3cffac74f0d4b0ceb134dd79de7e238c031874412e7e23962
Instruction Fuzzy Hash: 35F05971B0030017CB8CA62FBC09E1B2E9AEBDDB10F05883FF949C7390D5389C11826A

Function 00473D52 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

GetObjectA.GDI32(00000000,0000000C,?), ref: 00473D90
SetBkColor.GDI32(00000000,00000000), ref: 00473D9C
GetSysColor.USER32(00000008), ref: 00473DAC
SetTextColor.GDI32(00000000,?), ref: 00473DB6

Part of subcall function 00477A3B: GetWindowLongA.USER32(00000000,000000F0), ref: 00477A4C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$LongObjectTextWindow
String ID:
API String ID: 2871169696-0
Opcode ID: f85d4bdfe0327c8800e2e059496b65910c17468f14460774d0ff73261e44302a
Instruction ID: 8604f80b8bbc7f1ccbfa3ba272ea71dd9e8d56730b74cd6dbf915ef5731f3699
Opcode Fuzzy Hash: f85d4bdfe0327c8800e2e059496b65910c17468f14460774d0ff73261e44302a
Instruction Fuzzy Hash: 85012431120108AFDB315F64DC49AEE3B65AB00752F10C926FA0AC42E0C779CE98EB99

Function 00476E74 Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

GetWindowExtEx.GDI32(?,?), ref: 00476E85
GetViewportExtEx.GDI32(?,?), ref: 00476E92
MulDiv.KERNEL32(?,00000000,00000000), ref: 00476EB7
MulDiv.KERNEL32(?,00000000,00000000), ref: 00476ED2

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ViewportWindow
String ID:
API String ID: 1589084482-0
Opcode ID: 7895522cc93a201dca51d9094abe7d570af6d97430446b5015fcc8c2b8850e20
Instruction ID: b55a7f8e0b5461a6ca5d332dc15ecd9b16ec10a80eb2fd9f5cdebd6f0a69e823
Opcode Fuzzy Hash: 7895522cc93a201dca51d9094abe7d570af6d97430446b5015fcc8c2b8850e20
Instruction Fuzzy Hash: B9F01DB2400108FFEB116F55DC068BEBBBDEF41314710442EF85192170EBB1AE559F54

Function 00476EDD Relevance: 6.0, APIs: 4, Instructions: 42COMMON

Download Yara Rule

APIs

GetWindowExtEx.GDI32(?,?), ref: 00476EEE
GetViewportExtEx.GDI32(?,?), ref: 00476EFB
MulDiv.KERNEL32(?,00000000,00000000), ref: 00476F20
MulDiv.KERNEL32(?,00000000,00000000), ref: 00476F3B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ViewportWindow
String ID:
API String ID: 1589084482-0
Opcode ID: 4e6d5c9417e60b4aeef032847fce1b623cd73e2383b6ab50a538e92cc4b002ff
Instruction ID: 344a3192cd5b57fe3f2c8890f7c05e648a060643ca332ebb5af103774282cb28
Opcode Fuzzy Hash: 4e6d5c9417e60b4aeef032847fce1b623cd73e2383b6ab50a538e92cc4b002ff
Instruction Fuzzy Hash: 67F01DB2400108FFEB116F55DC068BEBBBDEF41314710442EF85192170EBB1AE559F54

Function 004327B0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?), ref: 004327BF
PtInRect.USER32(?,?,?), ref: 004327D4

Part of subcall function 0047497F: IsWindowEnabled.USER32(?), ref: 00474989

Part of subcall function 00432BF0: UpdateWindow.USER32(00000002), ref: 00432C0D

GetCapture.USER32 ref: 004327FC
SetCapture.USER32(00000002), ref: 00432807

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CaptureRectWindow$ClientEnabledUpdate
String ID:
API String ID: 2789096292-0
Opcode ID: 6c030f8ba5cc45826991ea4b0df6cce4ebe9cb3be7ac4304102feaa4ed375949
Instruction ID: 7206af2da8af94d20128c63672d3fc1e3eda32e37715cf9d4da6eeb361e06378
Opcode Fuzzy Hash: 6c030f8ba5cc45826991ea4b0df6cce4ebe9cb3be7ac4304102feaa4ed375949
Instruction Fuzzy Hash: 2BF0A4716002105BC364AB64D944A6F73A8BF48700F048A1DF941D3291DBB8E90587A9

Function 004091D0 Relevance: 6.0, APIs: 4, Instructions: 35registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,00000000,00000000), ref: 004091EA
RegQueryValueA.ADVAPI32 ref: 0040920E
lstrcpyA.KERNEL32(?,00000000), ref: 00409221
RegCloseKey.ADVAPI32(?), ref: 0040922C

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpenQueryValuelstrcpy
String ID:
API String ID: 534897748-0
Opcode ID: f95151d58bd8afbb7aa25b4782004ec7879f54ad1103cd245e5191031c58221d
Instruction ID: 175366ff812570cbb72580105ccda0f08f79cc622bc002f626413fbff0592aa9
Opcode Fuzzy Hash: f95151d58bd8afbb7aa25b4782004ec7879f54ad1103cd245e5191031c58221d
Instruction Fuzzy Hash: 01F04F79114301BFD320DB50DC88FAFBBA8EF85754F00C91DB98882250E670DC49CBA2

Function 00477B25 Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?), ref: 00477B32
GetWindowTextA.USER32(?,?,00000100), ref: 00477B4E
lstrcmpA.KERNEL32(?,?), ref: 00477B62
SetWindowTextA.USER32(?,?), ref: 00477B72

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: TextWindow$lstrcmplstrlen
String ID:
API String ID: 330964273-0
Opcode ID: ee6dede09b0a4e5e30a935e47f03d0b38a843509f5a2cbe63993693126a5ff73
Instruction ID: b448fb78dccbd64202ac634344da6f4448aa3bf8690e75d1bdc03a05b54daf88
Opcode Fuzzy Hash: ee6dede09b0a4e5e30a935e47f03d0b38a843509f5a2cbe63993693126a5ff73
Instruction Fuzzy Hash: 45F05E31400118ABCF626F24DC48EDE7F68EB04354F008425F949D1220D774A9949B98

Function 004127B0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 291COMMON

Download Yara Rule

Strings

<, xrefs: 00412B3A

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 72667c5983ceb2656b38768877a3ed45d0b7ad6f8703ec862a16f661ed434c67
Instruction ID: 7e308018c2e0edadf973e0771540ea1e774be96e2ca1249089faad01af83a5ec
Opcode Fuzzy Hash: 72667c5983ceb2656b38768877a3ed45d0b7ad6f8703ec862a16f661ed434c67
Instruction Fuzzy Hash: 24B184716087418BC724CF24C980AABB7E5FFC4310F14892EF59AD7290DB78E959CB96

Function 004602B2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00460342

Strings

pow, xrefs: 0046031A, 00460337

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: a68feb4ccbbb1a3318b1bf12fefaff4d480948fb056c493014781e0e29a6e165
Instruction ID: 88a0d7af5c1d35d436cfdd0412c43a163f556b67fcbd6d7b7cfadf4ca03aaae3
Opcode Fuzzy Hash: a68feb4ccbbb1a3318b1bf12fefaff4d480948fb056c493014781e0e29a6e165
Instruction Fuzzy Hash: FB513B60A1860287DB25BB18C94137F2B94DB40B15F248D6FE885823A9FA3CDCD5DB4F

Function 0042DF30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

CopyRect.USER32(?,00000000), ref: 0042E090
IsRectEmpty.USER32(?), ref: 0042E09B

Part of subcall function 0042B170: CreateFontIndirectA.GDI32(?), ref: 0042B29C

Part of subcall function 00442060: CreateSolidBrush.GDI32(?), ref: 004420EA
Part of subcall function 00442060: SendMessageA.USER32(?,00000030,00000000,00000000), ref: 0044212E
Part of subcall function 00442060: SendMessageA.USER32(?,000000B1,?,000000FF), ref: 00442164
Part of subcall function 00442060: SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00442173

Strings

IH, xrefs: 0042E14E

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CreateRect$BrushCopyEmptyFontIndirectSolid
String ID: IH
API String ID: 4199050670-3180177778
Opcode ID: c07a112e3a55753fd2e51bd911b303d49c5e7273fe292b2e398c4e5390ce31c6
Instruction ID: 67f8c397c2525c3cf8ae83a8802e1bdd77c7f75c6139b9e57d740903cf5b3ecf
Opcode Fuzzy Hash: c07a112e3a55753fd2e51bd911b303d49c5e7273fe292b2e398c4e5390ce31c6
Instruction Fuzzy Hash: 5F6193703087519FD314EB26D841B6FB7E9BFD4708F40492EF58683281EBB9E905876A

Function 00424F80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

, xrefs: 00424FB9

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: ee8edf117c3b39af5cda53e9c9025547a6c4ac5943226e7a862d83d236f9d026
Instruction ID: 1063cdf7163ae5ef031f0a6834ce0b3896f95c6cfed91d1dd7d239c231d7509c
Opcode Fuzzy Hash: ee8edf117c3b39af5cda53e9c9025547a6c4ac5943226e7a862d83d236f9d026
Instruction Fuzzy Hash: FD51C0716047519FD318DF29D881B6BB7A4FF84318F400A2EFA8693281D738E845CB9A

Function 004643FE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,00000000), ref: 00464412

Strings

, xrefs: 00464437
, xrefs: 0046445B

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Info
String ID: $
API String ID: 1807457897-3032137957
Opcode ID: 148c069927bf4f8c11a6eee04bc11942d2065291f7b478ca1e1079fae4fead48
Instruction ID: d5ced7230d88c47e4a84cf7d0b4cfc724c9716584ed2efe7b22c7f884db0b49c
Opcode Fuzzy Hash: 148c069927bf4f8c11a6eee04bc11942d2065291f7b478ca1e1079fae4fead48
Instruction Fuzzy Hash: 18416B310042A86BEF129714DD4ABFB7F98EB82704F1405E6D246C7193E7294A48CBAB

Function 00424D13 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

, xrefs: 00424D55

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8ab79b81be0c6336b296e06ddb50ae5dfacd3f4a72128c8c5e162c3744e63958
Instruction ID: 7e12e1305495c8ef65c69b2c1642934c0abd496c2bac474fb60530b839f58d32
Opcode Fuzzy Hash: 8ab79b81be0c6336b296e06ddb50ae5dfacd3f4a72128c8c5e162c3744e63958
Instruction Fuzzy Hash: 253189712083409FD318DF24C855B6BB7F4FBD4724F404A2EF996A32D0DB78A8058B5A

Function 00472BB1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 0047ADD1: LeaveCriticalSection.KERNEL32(?,0047A145,00000010,00000010,?,00000000,?,?,?,00479B15,00479B78,004793FE,00479B1B,004752F0,0047658C), ref: 0047ADE9

Part of subcall function 004632CC: RaiseException.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,004601C1,00000000), ref: 004632FA

wsprintfA.USER32 ref: 00472BF7
wsprintfA.USER32 ref: 00472C13
GetClassInfoA.USER32(?,-00000058,?), ref: 00472C22

Strings

Afx:%x:%x, xrefs: 00472BF1

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf$ClassCriticalExceptionInfoLeaveRaiseSection
String ID: Afx:%x:%x
API String ID: 2529146597-2071556601
Opcode ID: eb56ee95398a889f8dccafd6a55ca85980ed330aaa04728602588d78fc383419
Instruction ID: 886c007a8228d31a205d08dd7efa7d83d6e65eacd75bb0d41dd94077a6e15940
Opcode Fuzzy Hash: eb56ee95398a889f8dccafd6a55ca85980ed330aaa04728602588d78fc383419
Instruction Fuzzy Hash: 7E113370D002099F8B11EFA9CD859DF7BB8EF58754F00842FF908E2201D7788A458BAA

Function 00471EB3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16windowtimeCOMMON

Download Yara Rule

APIs

Part of subcall function 0047A078: TlsGetValue.KERNEL32(004B3F3C,?,00000000,00479AFF,004793FE,00479B1B,004752F0,0047658C,?,00000000,?,0046E0C1,00000000,00000000,00000000,00000000), ref: 0047A0B7

GetMessageTime.USER32 ref: 00471EC5
GetMessagePos.USER32 ref: 00471ECE

Strings

,?K, xrefs: 00471EB9

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$TimeValue
String ID: ,?K
API String ID: 3832333830-2009519282
Opcode ID: aea8a6d38524a66277be3642914e29fbeaf62099a55b54843e8baac35037d839
Instruction ID: 45a058e4916f2be00ac4d6b72916d59a2b7a8e64145f100e0414a99fd739ac31
Opcode Fuzzy Hash: aea8a6d38524a66277be3642914e29fbeaf62099a55b54843e8baac35037d839
Instruction Fuzzy Hash: F4D01770811B609BC770EF36A4880EF7AF4EB447523404D2FE98AC7A50DB39E4448F58

Function 0041A270 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0041A301
wsprintfA.USER32 ref: 0041A31B
wsprintfA.USER32 ref: 0041A336

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: wsprintf
String ID:
API String ID: 2111968516-0
Opcode ID: e9cc8a3993b6590160cd0d009d32a05296fecdd30afa94cee6c5a88bf6a70efe
Instruction ID: 02b17c7a3b8d11a627bd68f9295b3d7da9fb77f7e377f0258d9b4c07203a93bc
Opcode Fuzzy Hash: e9cc8a3993b6590160cd0d009d32a05296fecdd30afa94cee6c5a88bf6a70efe
Instruction Fuzzy Hash: A031C3B15043045BC304EBA4DC45A6BB7D8EFC9758F000A2EFD5293281DB78DA1CC6AB

Function 00479F86 Relevance: 5.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 00479FE3
LeaveCriticalSection.KERNEL32(?,?), ref: 00479FF3
LocalFree.KERNEL32(?), ref: 00479FFC
TlsSetValue.KERNEL32(?,00000000), ref: 0047A012

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$EnterFreeLeaveLocalValue
String ID:
API String ID: 2949335588-0
Opcode ID: 4685048dcd2c8675aae7834f94abd3c9b718fb448267a1d15aadc73595516e2c
Instruction ID: 32e08befb6322889c7541fa1019da67b2af138dbc48c2e3e3a70611ee25bea65
Opcode Fuzzy Hash: 4685048dcd2c8675aae7834f94abd3c9b718fb448267a1d15aadc73595516e2c
Instruction Fuzzy Hash: 65219731200200EFDB218F48C888BAB77A4FF85715F14886EF50ACB2A1C7B5EC40CB5A

Function 00468F4A Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,00468D12,00000000,00000000,00000000,00461A23,00000000,00000000,?,00000000,00000000,00000000), ref: 00468F72
HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00468D12,00000000,00000000,00000000,00461A23,00000000,00000000,?,00000000,00000000,00000000), ref: 00468FA6
VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 00468FC0
HeapFree.KERNEL32(00000000,?), ref: 00468FD7

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AllocHeap$FreeVirtual
String ID:
API String ID: 3499195154-0
Opcode ID: bdadae66dd8815e47dc60db88cf35d92f772e87c51369b66a95689195001e4cb
Instruction ID: ecb8dc801d747cdca14dc579b11ecb50153b46519599be69c53b8ad03da82435
Opcode Fuzzy Hash: bdadae66dd8815e47dc60db88cf35d92f772e87c51369b66a95689195001e4cb
Instruction Fuzzy Hash: BB118C70200600AFCB218F59EC48E26BBB6FB867207114B2EF152C31F1E7759856CF08

Function 0047AD61 Relevance: 5.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(004B40B0,?,00000000,?,?,0047A12E,00000010,?,00000000,?,?,?,00479B15,00479B78,004793FE,00479B1B), ref: 0047AD9C
InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,0047A12E,00000010,?,00000000,?,?,?,00479B15,00479B78,004793FE,00479B1B), ref: 0047ADAE
LeaveCriticalSection.KERNEL32(004B40B0,?,00000000,?,?,0047A12E,00000010,?,00000000,?,?,?,00479B15,00479B78,004793FE,00479B1B), ref: 0047ADB7
EnterCriticalSection.KERNEL32(00000000,00000000,?,?,0047A12E,00000010,?,00000000,?,?,?,00479B15,00479B78,004793FE,00479B1B,004752F0), ref: 0047ADC9

Part of subcall function 0047ACCE: GetVersion.KERNEL32(?,0047AD71,?,0047A12E,00000010,?,00000000,?,?,?,00479B15,00479B78,004793FE,00479B1B,004752F0,0047658C), ref: 0047ACE1

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalSection$Enter$InitializeLeaveVersion
String ID:
API String ID: 1193629340-0
Opcode ID: 8308705238f1667b3d57d9eab2a225a84cff821333c4ded87a6982197c9a217b
Instruction ID: 3321f5c173f83184f7bf4f56b11fcde9894909e4130430112cb78eb4f75235d9
Opcode Fuzzy Hash: 8308705238f1667b3d57d9eab2a225a84cff821333c4ded87a6982197c9a217b
Instruction Fuzzy Hash: 56F0A43200520ADFCB60EF54FC8499AB36DFBD0316B01463BE64553422D735A41DCB9D

Function 0046763B Relevance: 5.0, APIs: 4, Instructions: 12COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(?,00464D69,?,00460151), ref: 00467648
InitializeCriticalSection.KERNEL32(?,00464D69,?,00460151), ref: 00467650
InitializeCriticalSection.KERNEL32(?,00464D69,?,00460151), ref: 00467658
InitializeCriticalSection.KERNEL32(?,00464D69,?,00460151), ref: 00467660

Memory Dump Source

Source File: 00000000.00000002.2663237720.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2663219547.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663288502.0000000000480000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663310197.0000000000494000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663325512.0000000000496000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663340931.0000000000498000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663357597.00000000004A1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004A5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663373042.00000000004B1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2663406730.00000000004B6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CriticalInitializeSection
String ID:
API String ID: 32694325-0
Opcode ID: 720cec731bda54e6ad9abc2fe0f292524fa7107009ae9a0641f2ad03981702e2
Instruction ID: 9a6413c92d18c21cd53483d188c76a3b8502d9882b69dd98301a622a0b512e15
Opcode Fuzzy Hash: 720cec731bda54e6ad9abc2fe0f292524fa7107009ae9a0641f2ad03981702e2
Instruction Fuzzy Hash: 75C002318150389ADE562B69FF098893F65EB062613010173A904510318BA21C50FFD8

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Network Port Distribution

UDP Packets

DNS Queries

DNS Answers

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exePID: 7388, Parent PID: 3504

General

Chronological Activities

Disassembly

Windows Analysis Report
SecuriteInfo.com.Win32.Application.PSE.10ODIJ9.16935.29885.exe

Function 004372B0 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 370
commemorythreadCOMMON

Function 0047AB8E Relevance: 6.1, APIs: 4, Instructions: 63
COMMON

Function 00472259 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 170
stringCOMMON

Function 00417CF0 Relevance: 19.7, APIs: 13, Instructions: 187
windowCOMMON

Function 0047207E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99
COMMON

Function 00479D11 Relevance: 15.1, APIs: 10, Instructions: 99
memoryCOMMONLIBRARYCODE

Function 004037E0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 267
windowCOMMON

Function 00414880 Relevance: 13.8, APIs: 9, Instructions: 289
COMMON

Function 00403B10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134
windowCOMMON

Function 00476529 Relevance: 9.0, APIs: 6, Instructions: 35
COMMON

Function 004074E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 207
windowCOMMON

Function 00404F70 Relevance: 7.6, APIs: 5, Instructions: 86
COMMON

Function 00414760 Relevance: 6.1, APIs: 4, Instructions: 94
windowCOMMON

Function 00475300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27
threadCOMMON

Function 0047244F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25
threadCOMMON