Edit tour

Windows Analysis Report
Nulzuen.exe

Overview

General Information

Sample name:	Nulzuen.exe
Analysis ID:	1532995
MD5:	d938c113f658fc52b4c41faadcb47284
SHA1:	b57eecf6bb4176275570f20e94b6f0ea60516afa
SHA256:	1761faeed48354d8053f484beba69c9af1eecfc6716219875409586bc12357a0
Tags:	exeSPAM-ITAuser-JAMESWT_MHT
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

AI detected suspicious sample

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality to call native functions

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Found inlined nop instructions (likely shell or obfuscated code)

One or more processes crash

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

Nulzuen.exe (PID: 7712 cmdline: "C:\Users\user\Desktop\Nulzuen.exe" MD5: D938C113F658FC52B4C41FAADCB47284)

InstallUtil.exe (PID: 7828 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

WerFault.exe (PID: 7944 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 1156 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1359492116.0000000005950000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Nulzuen.exe PID: 7712	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Nulzuen.exe PID: 7712	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: InstallUtil.exe PID: 7828	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Nulzuen.exe.5950000.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Nulzuen.exe, ProcessId: 7712, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Zwrgmbkirk

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Nulzuen.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe

Avira: detection malicious, Label: HEUR/AGEN.1310716

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe

ReversingLabs: Detection: 57%

Multi AV Scanner detection for submitted file

Source: Nulzuen.exe

ReversingLabs: Detection: 57%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Nulzuen.exe

Joe Sandbox ML: detected

Source: Nulzuen.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Nulzuen.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\dll\System.pdb\ source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdbguNiE source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\InstallUtil.pdb8 source: InstallUtil.exe, 00000002.00000002.2577260300.0000000005B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002E3B000.00000004.00000800.00020000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1360178281.0000000005A60000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003A02000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbH6a source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: ((.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002E3B000.00000004.00000800.00020000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1360178281.0000000005A60000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003A02000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdbi source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdbdo source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdbb source: InstallUtil.exe, 00000002.00000002.2577260300.0000000005B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdbRi1 source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbG source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\InstallUtil.pdbb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vlUtil.pdblJX source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2577260300.0000000005B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: InstallUtil.pdb.NETFrameworkv4.0.30319InstallUtil.exe source: InstallUtil.exe, 00000002.00000002.2577260300.0000000005B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\InstallUtil.pdbj source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 4x nop then jmp 058A8F4Eh	0_2_058A9033
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_058C619F
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_058C61A0
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 4x nop then jmp 058C19D0h	0_2_058C1918
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 4x nop then jmp 058C19D0h	0_2_058C1910
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_058C6A08
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	0_2_0591DAF8

Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002E3B000.00000004.00000800.00020000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354

Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C47A8 NtResumeThread,	0_2_058C47A8
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C2EB0 NtProtectVirtualMemory,	0_2_058C2EB0
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C47A3 NtResumeThread,	0_2_058C47A3
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C2EA8 NtProtectVirtualMemory,	0_2_058C2EA8
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C4898 NtResumeThread,	0_2_058C4898
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C48DB NtResumeThread,	0_2_058C48DB

Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0277D5AD	0_2_0277D5AD
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_02779278	0_2_02779278
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_02779268	0_2_02779268
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0277D518	0_2_0277D518
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_02779850	0_2_02779850
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_02779846	0_2_02779846
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0583142C	0_2_0583142C
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0583BC33	0_2_0583BC33
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05834100	0_2_05834100
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05830040	0_2_05830040
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05832EE0	0_2_05832EE0
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0583A600	0_2_0583A600
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0583A610	0_2_0583A610
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05834158	0_2_05834158
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05830007	0_2_05830007
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05835361	0_2_05835361
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05835370	0_2_05835370
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058A9996	0_2_058A9996
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058A55D8	0_2_058A55D8
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AACF8	0_2_058AACF8
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AD6A0	0_2_058AD6A0
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058A92B8	0_2_058A92B8
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AA1F2	0_2_058AA1F2
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058A99F7	0_2_058A99F7
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AA12A	0_2_058AA12A
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AECA8	0_2_058AECA8
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AECB8	0_2_058AECB8
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AD690	0_2_058AD690
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AA2E0	0_2_058AA2E0
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AAA6A	0_2_058AAA6A
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058CAE68	0_2_058CAE68
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058CA038	0_2_058CA038
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C0040	0_2_058C0040
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C0007	0_2_058C0007
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C9AE8	0_2_058C9AE8
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05910006	0_2_05910006
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05910040	0_2_05910040
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05935CE0	0_2_05935CE0
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0593C9D0	0_2_0593C9D0
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05934320	0_2_05934320
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05935CD0	0_2_05935CD0
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0593C9C3	0_2_0593C9C3
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_059485A0	0_2_059485A0
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0594D468	0_2_0594D468
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05948BF4	0_2_05948BF4
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0594C270	0_2_0594C270
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0594C597	0_2_0594C597
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05948590	0_2_05948590
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05940011	0_2_05940011
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05949068	0_2_05949068
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_0594522F	0_2_0594522F
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05CBDC88	0_2_05CBDC88
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05CA0040	0_2_05CA0040
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05CBD018	0_2_05CBD018
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_05CA001C	0_2_05CA001C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A75B0	2_2_015A75B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A2F98	2_2_015A2F98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A3DB2	2_2_015A3DB2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4410	2_2_015A4410
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4420	2_2_015A4420
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4F0C	2_2_015A4F0C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A6FE7	2_2_015A6FE7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A2F87	2_2_015A2F87
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4E58	2_2_015A4E58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4E40	2_2_015A4E40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4E72	2_2_015A4E72
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4ED5	2_2_015A4ED5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4EF2	2_2_015A4EF2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4E87	2_2_015A4E87
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4EB8	2_2_015A4EB8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_015A4EA1	2_2_015A4EA1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_05A36610	2_2_05A36610

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 1156

Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002E3B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Nulzuen.exe
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs Nulzuen.exe
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002A2F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBabeoie.exe" vs Nulzuen.exe
Source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Nulzuen.exe
Source: Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs Nulzuen.exe
Source: Nulzuen.exe, 00000000.00000002.1342418283.0000000000C4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Nulzuen.exe
Source: Nulzuen.exe, 00000000.00000002.1360178281.0000000005A60000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Nulzuen.exe
Source: Nulzuen.exe, 00000000.00000002.1353281965.0000000003A02000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Nulzuen.exe
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002ADB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBabeoie.exe" vs Nulzuen.exe

Source: Nulzuen.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Nulzuen.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Zwrgmbkirk.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Nulzuen.exe, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Nulzuen.exe, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Zwrgmbkirk.exe.0.dr, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: Zwrgmbkirk.exe.0.dr, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Nulzuen.exe.3c28fa8.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Nulzuen.exe.3c28fa8.2.raw.unpack, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, rakZfSotVXyKmO1lGj.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, VsxIl24sP7Y0tFKHGw.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, VsxIl24sP7Y0tFKHGw.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, aheBHS3XyMMU7km6TQw.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, aheBHS3XyMMU7km6TQw.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)

Source: classification engine

Classification label: mal100.evad.winEXE@4/2@0/0

Source: C:\Users\user\Desktop\Nulzuen.exe

File created: C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:64:WilError_03

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\a0ec0359-5c22-4306-a80c-f33dc30e0356

Jump to behavior

Source: Nulzuen.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Nulzuen.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\Nulzuen.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Nulzuen.exe

ReversingLabs: Detection: 57%

Source: C:\Users\user\Desktop\Nulzuen.exe

File read: C:\Users\user\Desktop\Nulzuen.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Nulzuen.exe "C:\Users\user\Desktop\Nulzuen.exe"
Source: C:\Users\user\Desktop\Nulzuen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 1156
Source: C:\Users\user\Desktop\Nulzuen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Nulzuen.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Nulzuen.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: Nulzuen.exe

Static file information: File size 1374720 > 1048576

Source: Nulzuen.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x14f000

Source: Nulzuen.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Windows\dll\System.pdb\ source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdbguNiE source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\InstallUtil.pdb8 source: InstallUtil.exe, 00000002.00000002.2577260300.0000000005B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002E3B000.00000004.00000800.00020000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1360178281.0000000005A60000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003A02000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: nC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdbH6a source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: ((.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002E3B000.00000004.00000800.00020000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1360178281.0000000005A60000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003A02000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: InstallUtil.pdbllUtil.pdbpdbtil.pdb.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: protobuf-net.pdb source: Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\InstallUtil.pdbpdbtil.pdbi source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdbdo source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdbb source: InstallUtil.exe, 00000002.00000002.2577260300.0000000005B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\exe\InstallUtil.pdbRi1 source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbG source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\InstallUtil.pdbb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vlUtil.pdblJX source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2577260300.0000000005B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: InstallUtil.pdb.NETFrameworkv4.0.30319InstallUtil.exe source: InstallUtil.exe, 00000002.00000002.2577260300.0000000005B34000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\InstallUtil.pdbj source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: n8C:\Windows\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: symbols\exe\InstallUtil.pdb source: InstallUtil.exe, 00000002.00000002.2572837427.0000000000F98000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: InstallUtil.exe, 00000002.00000002.2573368036.0000000001644000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, aheBHS3XyMMU7km6TQw.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: Nulzuen.exe, -.cs	.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
Source: Zwrgmbkirk.exe.0.dr, -.cs	.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.Nulzuen.exe.5a60000.7.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.Nulzuen.exe.3c28fa8.2.raw.unpack, -.cs	.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, rakZfSotVXyKmO1lGj.cs	.Net Code: GwkX85cdpcqgYJvA6W7 System.AppDomain.Load(byte[])
Source: 0.2.Nulzuen.exe.57d0000.5.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.Nulzuen.exe.57d0000.5.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.Nulzuen.exe.57d0000.5.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.Nulzuen.exe.57d0000.5.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.Nulzuen.exe.57d0000.5.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.Nulzuen.exe.5950000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1359492116.0000000005950000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Nulzuen.exe PID: 7712, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7828, type: MEMORYSTR

Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_02770991 push ds; retn 0000h	0_2_02770992
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058ABC9C pushad ; retf	0_2_058ABC9D
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058AC8EB push ebp; ret	0_2_058AC8ED
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C3C9F pushfd ; iretd	0_2_058C3CB1
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C6F8F pushfd ; iretd	0_2_058C6F95
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_058C6000 push 5C058978h; retf	0_2_058C6005
Source: C:\Users\user\Desktop\Nulzuen.exe	Code function: 0_2_059431F7 push edx; iretd	0_2_059431F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_05A334D1 pushfd ; retf	2_2_05A334D4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 2_2_05A32ABA push edi; retf	2_2_05A32ABB

Source: Nulzuen.exe	Static PE information: section name: .text entropy: 7.993309084976368
Source: Zwrgmbkirk.exe.0.dr	Static PE information: section name: .text entropy: 7.993309084976368

Source: 0.2.Nulzuen.exe.5180000.4.raw.unpack, CS7iRKjFSCYonXdHIjy.cs	High entropy of concatenated method names: 'kGtjxWjhWr', 'iLqWXP5EyYDULZmTcsw', 'k9LbdE5QNOf7J2Qtr0Q', 'ud6r1q5ZUgtqeZklUyw', 'JsG2fg5HJ0r8DT9SNEu', 'zH3ZQk5sETgI5JCx18G', 'BacALZ5hjJImatHKBHs'
Source: 0.2.Nulzuen.exe.5180000.4.raw.unpack, njTXnQcOiYLgE6jbIg9.cs	High entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'mfwcKgN472', 'NtProtectVirtualMemory', 'pHiGSY74TBGS27pHdss', 'oeOxxM7X8JMDOEvXg1a', 'KmxLVX7RwDcYmo8gREv', 'BvLEri7NFAhrLE5NmLx'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, -Module--854d8771-8713-4a41-bf73-aa5bde6e6cb4-.cs	High entropy of concatenated method names: 'kc8d26309dde547208d3ae1a0f4a001b3', 'ReadPublisher', 'QueryPublisher', 'LoginPublisher', 'fKEEgMAnS9A1Kf9NFd4', 'drZ1igAe7dt6doU6ssL', 'I94O8OAgA9si5Hs7xrg', 'kpwlm2ABy041wyL8E95', 'Gx16rxAhr23CbxBSMrO', 'puTkshAa7hQpUQcqkxP'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, rakZfSotVXyKmO1lGj.cs	High entropy of concatenated method names: 'Q0Ie62bMK', 'Long7MXDN', 'auUnFICfb', 'CmjBSky92', 'NSxh60KON', 'FD7aURxH6', 'kJD9OCE9S', 'w2gKpMFTH', 'eyJfCrc8UtE5eZAlGf4', 'Ea9RC1cun0n53315nIy'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, VsxIl24sP7Y0tFKHGw.cs	High entropy of concatenated method names: 'GtW3K5B1hP', 'zdb3sIHwUo', 'MG3mg0ChmMJWmCAqda1', 'dxqrOsCaHiEBDy7wJB3', 'fqDZFZCgUDd5dfu6Bxf', 'NDjlYQCnLurwWAX8yXQ', 'Av43iQCPQt', 'YPLKYpCVt4VgojLooKo', 'ld2iEVCW5OjAEmEadhr', 'kKpOopCibckNw1SPJc5'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, fCVkBlRTSeQ4a0d1yy7.cs	High entropy of concatenated method names: 'mkORd8l9c6', 'kC5Rz2Sdr7', 'ukDcN508MF', 'JnocI38RRl', 'Iqwc3MKYk7', 'A3LcyTDolA', 'b1vcRgs5qB', 'wkmccCXGgx', 'DDScm8aIBO', 'jKMcOXQQ24'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, aheBHS3XyMMU7km6TQw.cs	High entropy of concatenated method names: 'fQxrB2AFK7HE36YSUtf', 'oM7ZklAG1ARkoF5h5Oe', 'RsSRVtmfKs', 'lOSdBcA5aQuxlrP2290', 'QFwLcGAZywGGZg7406a', 'IikLCwA6eXAM4aHui11', 'BqWwQ0AbCaiuJRs59wI', 'HAqZRkATCpMXXJbpThU', 'hto1wlAllhxdQbM0uFZ', 'jYOaoUA1fAGEreg2It7'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, wuu546ViriGp2YwY6T.cs	High entropy of concatenated method names: 'ITui6cr4D', 'NH603MubP', 'zybQ4JTcc', 'WRJl1Pm2l7EZTbD1BXM', 'SyAxTumDQisAUqE1Mip', 'L5cq3lm73Ui2U1paxyS', 'SlE1PGmUI75gmVTKSyZ', 'PGnOdLm44Algpq26iRt', 'no9nEhmY65DeLOwcHpn', 'y6r0LBmPDhEsV6EpEhR'
Source: 0.2.Nulzuen.exe.3f00f68.1.raw.unpack, hUn6J43lq3MZtXkUK87.cs	High entropy of concatenated method names: 'skHrM3ZEkJ', 'UitB3DAQOCWtTMPXX8X', 'eDjfYnALZIDSVmIa1uZ', 'V14kOHApdNt12WCvLQL', 'WoacLvAUIoD8jOFXxwU', 'Hc0FaZA4mg9Ag7nPjqH', 'JZK7L5AiOP6EorZObhU', 'l3f04OA0DJAj0gHmIrI', 'QguCJ6A2VUXlJMQPHDH', 'FgdRysADKGpWOo81wDx'

Source: C:\Users\user\Desktop\Nulzuen.exe

File created: C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe

Jump to dropped file

Source: C:\Users\user\Desktop\Nulzuen.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Zwrgmbkirk			Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Zwrgmbkirk			Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Nulzuen.exe PID: 7712, type: MEMORYSTR

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL@\_Q
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: EXPLORERJSBIEDLL.DLLKCUCKOOMON.DLLLWIN32_PROCESS.HANDLE='{0}'MPARENTPROCESSIDNCMDOSELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILUREPVERSIONQSERIALNUMBERSVMWARE\|VIRTUAL\|A M I\|XENTSELECT * FROM WIN32_COMPUTERSYSTEMUMANUFACTURERVMODELWMICROSOFT\|VMWARE\|VIRTUALXJOHNYANNAZXXXXXXXX

Source: C:\Users\user\Desktop\Nulzuen.exe	Memory allocated: 2770000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Memory allocated: 2900000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Memory allocated: 2790000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 1560000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 3170000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 5170000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS

Source: C:\Users\user\Desktop\Nulzuen.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem

Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware\V
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $_q 1:en-CH:Microsoft\|VMWare\|Virtual
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen@\_q
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWareLR_q
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen(__q
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $_q 1:en-CH:VMware\|VIRTUAL\|A M I\|Xen
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: explorerJSbieDll.dllKcuckoomon.dllLwin32_process.handle='{0}'MParentProcessIdNcmdOselect * from Win32_BIOS8Unexpected WMI query failurePversionQSerialNumberSVMware\|VIRTUAL\|A M I\|XenTselect * from Win32_ComputerSystemUmanufacturerVmodelWMicrosoft\|VMWare\|VirtualXjohnYannaZxxxxxxxx
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CdHxclW7 pDsOu8 og7DuuEL@\_q0Microsoft\|VMWare\|V<"
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMwareLR_qd
Source: Nulzuen.exe, 00000000.00000002.1343461498.0000000002D13000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 6WYV8 GEV4RL7OLC@\_q0VMware\|VIRTUAL\|A M<

Source: C:\Users\user\Desktop\Nulzuen.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Nulzuen.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Nulzuen.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 486000	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 488000	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1105008	Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe	Queries volume information: C:\Users\user\Desktop\Nulzuen.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nulzuen.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Nulzuen.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	1 Scheduled Task/Job	211 Process Injection	1 Masquerading	OS Credential Dumping	221 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	3 Virtualization/Sandbox Evasion	LSASS Memory	3 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	211 Process Injection	NTDS	32 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	22 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
Nulzuen.exe	58%	ReversingLabs	ByteCode-MSIL.Trojan.Mensa
Nulzuen.exe	100%	Avira	HEUR/AGEN.1310716
Nulzuen.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe	100%	Avira	HEUR/AGEN.1310716
C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe	58%	ReversingLabs	ByteCode-MSIL.Trojan.Mensa

Source	Detection	Scanner	Label
https://stackoverflow.com/q/14436606/23354	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://stackoverflow.com/q/11564914/23354;	0%	URL Reputation	safe
https://stackoverflow.com/q/2152978/23354	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0015.t-0009.t-msedge.net	13.107.246.43	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/mgravell/protobuf-net	Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://github.com/mgravell/protobuf-neti	Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://stackoverflow.com/q/14436606/23354	Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/mgravell/protobuf-netJ	Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Nulzuen.exe, 00000000.00000002.1343461498.0000000002E3B000.00000004.00000800.00020000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/11564914/23354;	Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/2152978/23354	Nulzuen.exe, 00000000.00000002.1358407661.00000000057D0000.00000004.08000000.00040000.00000000.sdmp, Nulzuen.exe, 00000000.00000002.1353281965.0000000003925000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1532995
Start date and time:	2024-10-14 09:12:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Nulzuen.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@4/2@0/0
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 96% Number of executed functions: 464 Number of non-executed functions: 29
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target InstallUtil.exe, PID 7828 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
VT rate limit hit for: Nulzuen.exe

Simulations

Behavior and APIs

Time	Type	Description
09:13:05	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Zwrgmbkirk C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe
09:13:25	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Zwrgmbkirk C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0015.t-0009.t-msedge.net	http://mail.w-find.com/icloud-archivos/code2022esp.php	Get hash	malicious	Unknown	Browse	13.107.246.43
	https://ankit935686.github.io/netflixClone	Get hash	malicious	HTMLPhisher	Browse	13.107.246.43
	SecuriteInfo.com.Trojan.Click3.29780.18303.23698.exe	Get hash	malicious	Unknown	Browse	13.107.246.43
	http://host.cloudsonicwave.com	Get hash	malicious	Unknown	Browse	13.107.246.43
	SecuriteInfo.com.Trojan.Inject5.10240.30655.18394.exe	Get hash	malicious	LummaC	Browse	13.107.246.43
	xlwings.xlam	Get hash	malicious	Hidden Macro 4.0	Browse	13.107.246.43
	btm4e0L3pw.lnk	Get hash	malicious	Numando	Browse	13.107.246.43
	https://clicktime.symantec.com/15tpJCqdM9QTMPCbrFFYy?h=klzqFfVRykrA0KxCmyOSMtGNk2cnn93amKCU2afEZ8c=&u=https://www.tiktok.com/link/v2?aid%3D1988%26lang%3Den%26scene%3Dbio_url%26target%3Dhttps://www.google.ht/url?q%3Dhttps://google%25E3%2580%2582com/amp/s/cli.re/kBNkWr%23a2FyZW4ubWNjcm9ob25AdXJlbmNvLmNvbQ%3D%3D%252F%26opi%3D256371986142%26usg%3DlxfGUQNysmkDx%26source%3Dgmail%26ust%3D2908128326238375%26usg%3DAO2mBxLVnqpOjng75rOWFwZ2mBxLVnqpOqR75	Get hash	malicious	HTMLPhisher	Browse	13.107.246.43
	https://pearl-contol.powerappsportals.com	Get hash	malicious	HTMLPhisher	Browse	13.107.246.43
	http://pub-945293ef7a9047adb26d2ddd47a2d837.r2.dev/cpanel.html	Get hash	malicious	HTMLPhisher	Browse	13.107.246.43

Process:	C:\Users\user\Desktop\Nulzuen.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1374720
Entropy (8bit):	7.991596137318915
Encrypted:	true
SSDEEP:	24576:WJc2NDlXmP4MMjqafNyLX+5G+kQldrUzjUbPe5F6Mq/M1LOtOnobjVB:72ND9f2aFH55kQldrGUbPef+koHVB
MD5:	D938C113F658FC52B4C41FAADCB47284
SHA1:	B57EECF6BB4176275570F20E94B6F0EA60516AFA
SHA-256:	1761FAEED48354D8053F484BEBA69C9AF1EECFC6716219875409586BC12357A0
SHA-512:	61EBF33089D9A9B8087420F44706FC75EF7AF26588FA0C7766A7AB27BB4D1A08DDE0F00BD0F7A9A3D67E11FAE9847A211E11464615D7B34B036155118E75226D
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ... ....@.. .......................`............`.................................H...J.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................x.......H........s..,1......f...@....j...........................................(\|...(~.....(.....~....-.r...p.....+.+.+......~....(....+.o....+.s....+..~......+.......+..+.r?..p~....+.t....(....+.o....+....(......(.....0..s.......+5+:+?+D+I.-(+GrM..p+C.,.,..-..+?.H+>r_..p(....,....6.2(....+.o....+.o....+.o....+..+..+.(....+..+..+.&....,...-..........ff........(....>+......s ...+..0..........8....8....8....8....{....8....&.-E8....,28....{.....8.....,.,.8....r{..po!...&..

C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Nulzuen.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	high, very likely benign file
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.991596137318915
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Nulzuen.exe
File size:	1'374'720 bytes
MD5:	d938c113f658fc52b4c41faadcb47284
SHA1:	b57eecf6bb4176275570f20e94b6f0ea60516afa
SHA256:	1761faeed48354d8053f484beba69c9af1eecfc6716219875409586bc12357a0
SHA512:	61ebf33089d9a9b8087420f44706fc75ef7af26588fa0c7766a7ab27bb4d1a08dde0f00bd0f7a9a3d67e11fae9847a211e11464615d7b34b036155118e75226d
SSDEEP:	24576:WJc2NDlXmP4MMjqafNyLX+5G+kQldrUzjUbPe5F6Mq/M1LOtOnobjVB:72ND9f2aFH55kQldrGUbPef+koHVB
TLSH:	C155232C9F0C6E37D70CA63708B7A29647A6A10CB96BD75944C5A2487F573C38307E97
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g................................. ... ....@.. .......................`............`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x550e92
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x670C940D [Mon Oct 14 03:46:21 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x150e48	0x4a	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x152000	0x58e	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x154000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x14ee98	0x14f000	b5ed6138f1da7bc42b9518d7955b98be	False	0.9889028976212687	data	7.993309084976368	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x152000	0x58e	0x600	c349365b0ff1e1c1d50d0700f74cdb63	False	0.4166666666666667	data	4.066038937447706	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x154000	0xc	0x200	0f17c539fdf6f5724ee8cb3e1645d9b1	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x15205c	0x30c	data			0.42435897435897435
RT_MANIFEST	0x1523a4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 14, 2024 09:13:22.854880095 CEST	53	51740	1.1.1.1	192.168.2.11

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 14, 2024 09:12:59.784053087 CEST	1.1.1.1	192.168.2.11	0x2df5	No error (0)	shed.dual-low.s-part-0015.t-0009.t-msedge.net	s-part-0015.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 14, 2024 09:12:59.784053087 CEST	1.1.1.1	192.168.2.11	0x2df5	No error (0)	s-part-0015.t-0009.t-msedge.net		13.107.246.43	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	03:13:01
Start date:	14/10/2024
Path:	C:\Users\user\Desktop\Nulzuen.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Nulzuen.exe"
Imagebase:	0x3e0000
File size:	1'374'720 bytes
MD5 hash:	D938C113F658FC52B4C41FAADCB47284
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1359492116.0000000005950000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1343461498.0000000002901000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:13:03
Start date:	14/10/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0xe00000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	03:13:04
Start date:	14/10/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 1156
Imagebase:	0x970000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11%
Dynamic/Decrypted Code Coverage:	96.2%
Signature Coverage:	6.1%
Total number of Nodes:	344
Total number of Limit Nodes:	23

Executed Functions

Function 0594C270 Relevance: 16.2, Strings: 12, Instructions: 1174COMMON

Download Yara Rule

Strings

$_q, xrefs: 0594C4F3
$_q, xrefs: 0594C503
$_q, xrefs: 0594C777
$_q, xrefs: 0594C6B7
$_q, xrefs: 0594C767
$_q, xrefs: 0594CB9A
$_q, xrefs: 0594C6C7
4, xrefs: 0594CC45
$_q, xrefs: 0594CBAA
$_q, xrefs: 0594CB51
$_q, xrefs: 0594CB41
,cq, xrefs: 0594CD2A

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: ,cq$4$$_q$$_q$$_q$$_q$$_q$$_q$$_q$$_q$$_q$$_q
API String ID: 0-1476417298
Opcode ID: fbd3df3906052f9e9793cb001b42a9ca18f8a529d9aa31550154fb2c98a3e4ac
Instruction ID: 02272119d2d776b5ea223d3c6ac0aaafc968a8ef7bc80bf2c39bbb854d524f91
Opcode Fuzzy Hash: fbd3df3906052f9e9793cb001b42a9ca18f8a529d9aa31550154fb2c98a3e4ac
Instruction Fuzzy Hash: 62B20734A01218DFDB14DFA8C984FADB7BABB88704F1485A9E505AB3A5DB71EC41CF50

Function 0594C597 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

$_q, xrefs: 0594C6B7
$_q, xrefs: 0594C767
$_q, xrefs: 0594CB9A
4, xrefs: 0594CC45
$_q, xrefs: 0594CB41
,cq, xrefs: 0594CD2A

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: ,cq$4$$_q$$_q$$_q$$_q
API String ID: 0-1566877467
Opcode ID: 9cbf2cf1b8997328be4696b36603362b3d7f81fd549779af7fde90177130cadb
Instruction ID: 59be76b6b640cc9b2927eac0281c088f7b336e77e2b88c031664f09efc36d685
Opcode Fuzzy Hash: 9cbf2cf1b8997328be4696b36603362b3d7f81fd549779af7fde90177130cadb
Instruction Fuzzy Hash: FB22F734A01219CFDB24DF64C984FADB7B6BF48304F1481A9E909AB3A5DB71AD85CF50

Function 0277D5AD Relevance: 5.9, Strings: 4, Instructions: 858
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

xbbq, xrefs: 0277D645
TJdq, xrefs: 0277D6BA
pcq, xrefs: 0277E0D2
Te_q, xrefs: 0277DC3B

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID: TJdq$Te_q$pcq$xbbq
API String ID: 0-787377534
Opcode ID: 515ab6c67b91162daa351d5ee8d59948d169411f23b0bda064678119897e92d5
Instruction ID: efcc2db4cf425aeb2ebc4952641326e889620d3400f374ff309e7e6bf2dca740
Opcode Fuzzy Hash: 515ab6c67b91162daa351d5ee8d59948d169411f23b0bda064678119897e92d5
Instruction Fuzzy Hash: F5929574A00228CFDB64CF69C984ADDBBB2BF89304F1581E9D509AB365D731AE85CF50

Function 058C0040 Relevance: 3.0, Strings: 2, Instructions: 543
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fdq, xrefs: 058C015F
8, xrefs: 058C014C

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID: fdq$8
API String ID: 0-2558598515
Opcode ID: ff30cd2beabd02df7780a6b1f9c36ff901ed2ec2bda049759cbea568320f24e6
Instruction ID: bb4188223fd4a590f95b5452774b4b920d08a7ff5a4f19cb88b71a7035db228c
Opcode Fuzzy Hash: ff30cd2beabd02df7780a6b1f9c36ff901ed2ec2bda049759cbea568320f24e6
Instruction Fuzzy Hash: 0042D475D00629CBDB64DF69C854ADDBBB2BF89304F1486EAD40DA7250DB30AE85CF40

Function 0594D468 Relevance: 2.9, Strings: 2, Instructions: 395
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

,cq, xrefs: 0594D56E
(cq, xrefs: 0594D81C

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq$,cq
API String ID: 0-1849304749
Opcode ID: 2761e4274d81a27f811a0c7beceef8afeaf2a39c32bdfe9afccd160fd359fb3e
Instruction ID: 4b6d1e352ac0b041d30179e11232d1d28d6b60596351a39e1180a42e5597e53d
Opcode Fuzzy Hash: 2761e4274d81a27f811a0c7beceef8afeaf2a39c32bdfe9afccd160fd359fb3e
Instruction Fuzzy Hash: 12F15A38A042458FDB15DF68C584EAEBBF2BF89314F198599E4069B3A6DB34EC41CF50

Function 058AA2E0 Relevance: 2.8, Strings: 2, Instructions: 310
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH_q, xrefs: 058AA2FD
<>M>, xrefs: 058AA771

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: <>M>$PH_q
API String ID: 0-1040404076
Opcode ID: 65ebbea22d932b827d224d6556708c48bc8d310d5509d0b03407352acbea0252
Instruction ID: 72beda56785ee633773ac93b8f8ff67d641a7c7d9d91d90d6da6ab7f986d794e
Opcode Fuzzy Hash: 65ebbea22d932b827d224d6556708c48bc8d310d5509d0b03407352acbea0252
Instruction Fuzzy Hash: 4BF1D374A45219CFEBA8DF28D898BADB7F5BB48304F1081EAD419E7651DB709E84CF04

Function 058AA12A Relevance: 2.8, Strings: 2, Instructions: 307
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH_q, xrefs: 058AA2FD
<>M>, xrefs: 058AA771

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: <>M>$PH_q
API String ID: 0-1040404076
Opcode ID: 4dc71a8be6936dd4936b2ced4da0af2e4219485e1564307460447217dda840ca
Instruction ID: f03d04c278966b2ebac6ef44827660fcbce1e1e3134e23295aa9f30f523f86ce
Opcode Fuzzy Hash: 4dc71a8be6936dd4936b2ced4da0af2e4219485e1564307460447217dda840ca
Instruction Fuzzy Hash: 3EF1C375A45219CFEBA8DF28D898BADB7F5BB48304F1081EAD419A7650DB709EC4CF04

Function 058AA1F2 Relevance: 2.8, Strings: 2, Instructions: 305
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PH_q, xrefs: 058AA2FD
<>M>, xrefs: 058AA771

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: <>M>$PH_q
API String ID: 0-1040404076
Opcode ID: 20486e947d5d703ccf723eea09531830407db949596791f34134962996d390d4
Instruction ID: 734473cd1ffe8ff3171f286ac31c1a3260301672a7aee35adfb4d7e123cc8ea6
Opcode Fuzzy Hash: 20486e947d5d703ccf723eea09531830407db949596791f34134962996d390d4
Instruction Fuzzy Hash: 42F1C375A45219CFEBA8DF28D898BADB7F5BB48304F1081EAD419A7650DB709EC4CF04

Function 058C0007 Relevance: 2.7, Strings: 2, Instructions: 168COMMON

Download Yara Rule

Strings

fdq, xrefs: 058C015F
h, xrefs: 058C0140

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID: fdq$h
API String ID: 0-4092218503
Opcode ID: 8f8018749320025e030aaee65376007cc76212759510eef5568fdc3310e9279d
Instruction ID: 1be281fa3e79face3b7f9f9afe65c17dc1d9e8fc7d4a75ddcf3ed8048fe00f66
Opcode Fuzzy Hash: 8f8018749320025e030aaee65376007cc76212759510eef5568fdc3310e9279d
Instruction Fuzzy Hash: CA71E271D04629CBEB65CF6AC8407D9BBB2BF89304F14C2EAD40CA7261EB305A85CF51

Function 05830040 Relevance: 2.3, Strings: 1, Instructions: 1081COMMON

Download Yara Rule

Strings

2, xrefs: 05830B80

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: 2
API String ID: 0-450215437
Opcode ID: 16116f1cfe1a185581342bb4dbd838340afcd61b9abb6e09d248794c8273cde5
Instruction ID: 0eece6ff6b9efb1d0cd6e6817d4fc4de491f57e4dc4020e5ba39c9096d7b437b
Opcode Fuzzy Hash: 16116f1cfe1a185581342bb4dbd838340afcd61b9abb6e09d248794c8273cde5
Instruction Fuzzy Hash: 91C2A5B4E05228CFCB65DF69C984B9DBBB6BB89304F1081E9D909A7355DB309E85CF40

Function 058A55D8 Relevance: 1.8, Strings: 1, Instructions: 599COMMON

Download Yara Rule

Strings

(cq, xrefs: 058A56A8

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq
API String ID: 0-301743287
Opcode ID: c8a950a270fba24a259e47b7e97a21a176a0562fbd3075256e7b503f0d22c175
Instruction ID: c3e9461aff320d3dd13767756db3cbb42c46a3c887322a810640db09304d5d27
Opcode Fuzzy Hash: c8a950a270fba24a259e47b7e97a21a176a0562fbd3075256e7b503f0d22c175
Instruction Fuzzy Hash: 01325775A012198FEB14DF69C498A6EFBF2FB88300F248529D95AD7381DB34AD41CB81

Function 058CA038 Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

\Vl, xrefs: 058CA518

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID: \Vl
API String ID: 0-682378881
Opcode ID: 7df909cddad0e33ad460cf43cad23d37bbffb4095d808fe586ba00c01f7f8cf0
Instruction ID: 1cb32315a7aa5ec2ad8650bca3e77c791a7023cf0cdf04d3a8eb8ab23fb20b20
Opcode Fuzzy Hash: 7df909cddad0e33ad460cf43cad23d37bbffb4095d808fe586ba00c01f7f8cf0
Instruction Fuzzy Hash: 1202C370D0122DCFDB24DFA8C985BADBBB1BB49304F1481AAD809B7250EB749E85CF55

Function 059485A0 Relevance: 1.6, Strings: 1, Instructions: 365COMMON

Download Yara Rule

Strings

Te_q, xrefs: 0594881C

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: Te_q
API String ID: 0-823545363
Opcode ID: 6dbc6eae832e80c359b393218357336b19587e4744e71293a1f4b0ebbc147ee7
Instruction ID: f7612ebb03135897baac9cbe99ad1a1da35c61c200c6cc79d7e9720697966294
Opcode Fuzzy Hash: 6dbc6eae832e80c359b393218357336b19587e4744e71293a1f4b0ebbc147ee7
Instruction Fuzzy Hash: 19F1C374E09219CFDB64CF69D884BADBBF6BB89304F1084AAD40EA7255DB709D85CF01

Function 058C2EA8 Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 058C2F65

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: f36d897bc7a882b37deeb926cf33efaf89db499709fbbb225c6b527ccacc203b
Instruction ID: 709a4d3bd04072a501594fd0821c2f6b6d5db9ccf5c70a6b38bd33c92f14c4a2
Opcode Fuzzy Hash: f36d897bc7a882b37deeb926cf33efaf89db499709fbbb225c6b527ccacc203b
Instruction Fuzzy Hash: 944198B9D0425C9FCF10CFA9D980ADEFBB1BB09310F10902AE819B7200D735A905CFA4

Function 058C2EB0 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 058C2F65

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: ba2841545e5c21424ede39c48fedc28b3895de36e139d8bbd2d7b84025e6c9ad
Instruction ID: 0c8332c427b342227f490f4c5e0b35d67e7fbac5aa5494f05fee40d74bd41fc8
Opcode Fuzzy Hash: ba2841545e5c21424ede39c48fedc28b3895de36e139d8bbd2d7b84025e6c9ad
Instruction Fuzzy Hash: C24188B8D042589FCF10CFA9D980ADEFBB1BB49310F10902AE819B7250D735A945CF64

Function 05948590 Relevance: 1.6, Strings: 1, Instructions: 355COMMON

Download Yara Rule

Strings

Te_q, xrefs: 0594881C

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: Te_q
API String ID: 0-823545363
Opcode ID: da4a9abc2c9cc27d30ded732ec350b9905c21e7e7d2fd28c4731926117b2f0c0
Instruction ID: 553c85f06da5e4b3866a2fe8324061228671c32ebce8e9f323b12f789f5f7a73
Opcode Fuzzy Hash: da4a9abc2c9cc27d30ded732ec350b9905c21e7e7d2fd28c4731926117b2f0c0
Instruction Fuzzy Hash: D0F1C274E45219CFDB64CF69D884BADBBF2BB89304F2084AAD40DA7255DB709E85CF01

Function 058A92B8 Relevance: 1.6, Strings: 1, Instructions: 335COMMON

Download Yara Rule

Strings

<>M>, xrefs: 058AA771

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: <>M>
API String ID: 0-838499452
Opcode ID: 2fd86d45e9461b450b1d24e4135845cac48e5995ca8093213f4366cebe9c73ec
Instruction ID: 303eb7274603962f40210ac8c3dac3789e806a269e58c7b3df829f9c567d50d9
Opcode Fuzzy Hash: 2fd86d45e9461b450b1d24e4135845cac48e5995ca8093213f4366cebe9c73ec
Instruction Fuzzy Hash: E3F1C575A05219CFEB68DF29D898BADB7F6BB48304F1081E9D40DA7651DB709E80CF04

Function 058C47A3 Relevance: 1.6, APIs: 1, Instructions: 83nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 058C4836

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: c6bf009c157c5c12dabb0520a1c8c3fb89f9642bdf7deaab902a5e80fab4e9a4
Instruction ID: 80226afc154f6f9ba5664d4c18e0c0e739445c76c174423d8097a10d426c0c57
Opcode Fuzzy Hash: c6bf009c157c5c12dabb0520a1c8c3fb89f9642bdf7deaab902a5e80fab4e9a4
Instruction Fuzzy Hash: 6C31CAB4D012589FCB10CFA9D981A9EFBF5FB49310F10942AE819B7300C735A946CF94

Function 058C47A8 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 058C4836

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 2c1530b7d237ea3b591a0fe094c9a918e5a759504ca6df6c32cc19ba64bad1f1
Instruction ID: 018d77fd72a5d71750099b97971d1b5555abed34ec60e42cd3e4486fe8f8b9c7
Opcode Fuzzy Hash: 2c1530b7d237ea3b591a0fe094c9a918e5a759504ca6df6c32cc19ba64bad1f1
Instruction Fuzzy Hash: FB31C8B4D012589FCB10CFA9D980A9EFBF5FB49310F20942AE809B7300C735A946CFA4

Function 05948BF4 Relevance: 1.6, Strings: 1, Instructions: 328COMMON

Download Yara Rule

Strings

Te_q, xrefs: 0594881C

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: Te_q
API String ID: 0-823545363
Opcode ID: eb49a68344341c0392938cc3bb1b847b19e95bf347bb1f08ae78d1b08be1c163
Instruction ID: 35788708cd31796436eae9d09b9d2e4a27320736ec401246f416eed25a76be0b
Opcode Fuzzy Hash: eb49a68344341c0392938cc3bb1b847b19e95bf347bb1f08ae78d1b08be1c163
Instruction Fuzzy Hash: 3BE1C074E05219CFDB64DF69D888FADBBF2BB49304F2084AAD409A7255DB709E85CF01

Function 058C48DB Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f70ca4730a700c53848a37d67da95344b60d90566c014458950dfbf6f2f57da
Instruction ID: 171d5c30c7d9a7c312486512ec550ab13f835207465deef017e6acef59ec83ed
Opcode Fuzzy Hash: 9f70ca4730a700c53848a37d67da95344b60d90566c014458950dfbf6f2f57da
Instruction Fuzzy Hash: A8211475D022089FCF14DFA8E896BEDBBB1EB48315F148059E815B7260CB35AC85CBA4

Function 058C4898 Relevance: 1.6, APIs: 1, Instructions: 59nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 058C4836

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 61fad745228cb34a747c9e71d56b8c31f0d4e7e6665f725686152088e7df9833
Instruction ID: e004675b562d6fe7b8f35f54b839887f019923806fd8ccd9236f61a790360e09
Opcode Fuzzy Hash: 61fad745228cb34a747c9e71d56b8c31f0d4e7e6665f725686152088e7df9833
Instruction Fuzzy Hash: 17114971D052089FCF10DBA8E855BDDBBF0FB08305F10805AE815B7260C775AC86CBA5

Function 058AD6A0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON

Download Yara Rule

Strings

PH_q, xrefs: 058AD97E

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: PH_q
API String ID: 0-2397113591
Opcode ID: e3a3f4707f8e60902f4725f9649a2571e9e2ad5c96263392df657f2b00933d1c
Instruction ID: dcc4598bbead1174ffe195d6ff54f5a090f779e9fa1ef98878b11863e11a1d3e
Opcode Fuzzy Hash: e3a3f4707f8e60902f4725f9649a2571e9e2ad5c96263392df657f2b00933d1c
Instruction Fuzzy Hash: 94C1E575E06218CFEB24CF69C844BADBBF2BB49304F1490A9D84AE7A55DB745D85CF00

Function 05CBDC88 Relevance: 1.5, Strings: 1, Instructions: 276COMMON

Download Yara Rule

Strings

Dfq, xrefs: 05CBDD8D

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID: Dfq
API String ID: 0-331155411
Opcode ID: 6d894cefc5f322da6b5c206e0a3795a7958c0a2d7f30c95d262dabf42c5126b6
Instruction ID: 113c3707540510efe14294a62e3eb7efccca70ce79ad257ace872bd97bf6f94c
Opcode Fuzzy Hash: 6d894cefc5f322da6b5c206e0a3795a7958c0a2d7f30c95d262dabf42c5126b6
Instruction Fuzzy Hash: F4D1CF78E00218CFDB14DFA9D994B9DBBF2BF88304F1084A9D409AB365DB31A981CF51

Function 058AD690 Relevance: 1.5, Strings: 1, Instructions: 272COMMON

Download Yara Rule

Strings

PH_q, xrefs: 058AD97E

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: PH_q
API String ID: 0-2397113591
Opcode ID: cb0cd22344fe790c54e8385c5288d8d930e05675a1f9486b587a771d0f6c55d8
Instruction ID: 5f0186d48fdd7b34c5e6e3ebcc44b7f3ec6312ba3fa1f520e323c644486191ed
Opcode Fuzzy Hash: cb0cd22344fe790c54e8385c5288d8d930e05675a1f9486b587a771d0f6c55d8
Instruction Fuzzy Hash: 7EC1E575E06218CFEB24CF69D844BADBBF2BB49304F1480A9D84AE7A54DB749D85CF40

Function 058AACF8 Relevance: 1.5, Strings: 1, Instructions: 267COMMON

Download Yara Rule

Strings

<>M>, xrefs: 058AA771

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: <>M>
API String ID: 0-838499452
Opcode ID: bb873cd35616378175b9c213964b6c4624acf10920cbc8f74e5cb61412519b4f
Instruction ID: f718a6e602b1bac29b5020cd9f6538c7f6247331aaf9e291bfdd02a87fe57f11
Opcode Fuzzy Hash: bb873cd35616378175b9c213964b6c4624acf10920cbc8f74e5cb61412519b4f
Instruction Fuzzy Hash: 02D1B274A05219CFDBA8DF28D898BADB7F5BB49304F1081EAD81DA7651DB709E80CF44

Function 0583BC33 Relevance: 1.5, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

Te_q, xrefs: 0583BDE3

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: Te_q
API String ID: 0-823545363
Opcode ID: 7c71fb4fff4cf0abc58085e42d76502647fcf15c1fcaf11ca360e2644eff649e
Instruction ID: 539c34a94f78c338b0431aa1c1f6128d35c87904b82794c47b4d3c14c47cb1a0
Opcode Fuzzy Hash: 7c71fb4fff4cf0abc58085e42d76502647fcf15c1fcaf11ca360e2644eff649e
Instruction Fuzzy Hash: 91A1E1B4E05218CFDB64CFA9D885BADBBF2BB48305F209469D809E7255DB709D85CF40

Function 058A9996 Relevance: 1.5, Strings: 1, Instructions: 232COMMON

Download Yara Rule

Strings

)/Cw, xrefs: 058A9B09

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: )/Cw
API String ID: 0-3663382060
Opcode ID: ea78ab28f20edc1fe40652e6ef3c4af7f3919ca3528c88cdf3928d0cedd834ae
Instruction ID: 9f0016834a35d35bce4892ff92654de06efd2598dce946a4514c0a1adab4b2c1
Opcode Fuzzy Hash: ea78ab28f20edc1fe40652e6ef3c4af7f3919ca3528c88cdf3928d0cedd834ae
Instruction Fuzzy Hash: 9AC1D374A09269CFEB64DF28D994BA9B7F5BB48308F1041EAD809E7295DB745EC0CF40

Function 058AAA6A Relevance: 1.5, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

<>M>, xrefs: 058AA771

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: <>M>
API String ID: 0-838499452
Opcode ID: 971eecc5527b6fe5cd312af699c6f7bd7322a3c145dc40b19788506d5ebdf57d
Instruction ID: 783dfb08bab091f4fe8af25921215d2e8fc407fc69f970f36bdecd85a5d919af
Opcode Fuzzy Hash: 971eecc5527b6fe5cd312af699c6f7bd7322a3c145dc40b19788506d5ebdf57d
Instruction Fuzzy Hash: E1B1C475945219CFEBA8DF28D898BADB7F5BB48304F1081EAD819A7651DB709EC0CF04

Function 058A99F7 Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

)/Cw, xrefs: 058A9B09

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: )/Cw
API String ID: 0-3663382060
Opcode ID: 6ef33edfa5a629a9b72014994aafc39afb9e15d3cebc15670d2f40eb6e3dd6e2
Instruction ID: 3589665e56d75f2650d1e6899d4dbbddd2475c457d6c2b610289f30e9c2ec23f
Opcode Fuzzy Hash: 6ef33edfa5a629a9b72014994aafc39afb9e15d3cebc15670d2f40eb6e3dd6e2
Instruction Fuzzy Hash: D9B1C374A45259CFEB64DF28D994BA9B7F1BB48308F1041EAD819E7291DB749EC0CF40

Function 0583142C Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1dfb1323884c4dcef95a928df43d860a74ddfba395a6e0a6c44cca864d786bc
Instruction ID: 37b300621d9e59c022c0fa249b7e42d9191fa4f85f04c73368d8846d211ea7ce
Opcode Fuzzy Hash: b1dfb1323884c4dcef95a928df43d860a74ddfba395a6e0a6c44cca864d786bc
Instruction Fuzzy Hash: E232C678A44229CFCB65DF28C984A99B7B6FF48314F1085E9E90DA7355DB30AE85CF40

Function 058CAE68 Relevance: .4, Instructions: 387COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b86c67e40907e81324a28bd55b5d3cd174e0ebe38672366b8663c824a3e919e4
Instruction ID: f99c2df27f14d78287f6766d2ae87603fdb8d03ba00fbc24efa1fd80a50f12f2
Opcode Fuzzy Hash: b86c67e40907e81324a28bd55b5d3cd174e0ebe38672366b8663c824a3e919e4
Instruction Fuzzy Hash: EBF1E2B0D00629CFDB24CFA9C985B9DBBF1BF49305F1081AAD809A7250EB749E85CF55

Function 0593C9D0 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6661a3f3f3664c9a28900a49292c4b12cd6d83532253749326704ad7c32ad05e
Instruction ID: 4230c94544b64c800b7d661a494635efeb1f9163c9187b5ace1cae41e25855a5
Opcode Fuzzy Hash: 6661a3f3f3664c9a28900a49292c4b12cd6d83532253749326704ad7c32ad05e
Instruction Fuzzy Hash: 29B11074A09218CFDB14DFA8D58ABADBBF6BF49308F109469D01ABB291DB345D84CF00

Function 0593C9C3 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c11b7a4b5111f54bc18fc73945307e78d8531bd9c9ec3ca7cba3e58251a297aa
Instruction ID: c187ba525671d1915e895a2a7ee96967e3756ead9bea10d4c5e39b3f8a280df5
Opcode Fuzzy Hash: c11b7a4b5111f54bc18fc73945307e78d8531bd9c9ec3ca7cba3e58251a297aa
Instruction Fuzzy Hash: A5B10074E19218CFDB14DFA4D58ABADBBF2BF49308F109469D01AAB295DB749D84CF00

Function 05935CD0 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 675767b347481a97216a504c847ad74027d59a844e74a2c82d01cd2f97ed7f2e
Instruction ID: fed29632c20cc0c36488c850ea82dafe7ea273b46c5e4aec5cdfa49fc5195d04
Opcode Fuzzy Hash: 675767b347481a97216a504c847ad74027d59a844e74a2c82d01cd2f97ed7f2e
Instruction Fuzzy Hash: C8A10374D05208CFDB14DFA9D489BDEBBF2BF89304F25846AD41AAB265DB709985CF00

Function 05935CE0 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 864b6a0a38e8f4066a1ae4ddeb0d32426ab7dce5be04871b5db2bb91bbdc4427
Instruction ID: dd10aae628d64ef63e281ab2576696e191223f8ee870504368477330c1dec6a5
Opcode Fuzzy Hash: 864b6a0a38e8f4066a1ae4ddeb0d32426ab7dce5be04871b5db2bb91bbdc4427
Instruction Fuzzy Hash: 94A12474D05208CFDB14DFA9D489BEDBBF2BF89304F218469D41AAB261DB709984CF00

Function 05934320 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a195b4da5e12e80635b99ff94c39a61b682b1f2e1ee32f2294671ebd4435a866
Instruction ID: cbf1ba3c8302030651818d1b6bb60eb02a5ad6b42918840d16bb5c6b72e52d0e
Opcode Fuzzy Hash: a195b4da5e12e80635b99ff94c39a61b682b1f2e1ee32f2294671ebd4435a866
Instruction Fuzzy Hash: 25A1E274A05229CFDB24DF14C999BA9BBF2FB8A304F1190E9E50DA7251D7709E81CF01

Function 05830007 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98637242a9ff8aee4d8ef3cbd87f349d4e17ede4bf338932bcdac3775efcf06b
Instruction ID: 24604b2ace4078112cf5c44ae94f2af87b4e5cfdf67299fbe3bcacc5e085aadb
Opcode Fuzzy Hash: 98637242a9ff8aee4d8ef3cbd87f349d4e17ede4bf338932bcdac3775efcf06b
Instruction Fuzzy Hash: C7510AB1E046588BDB19CF6BD94579AFBF3AFC9304F08C0BAC908AA255DB340985CF54

Function 05834100 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91e6cb89998f85f668f97b102ec4e9c0293c89f3a5b4045816cac46bf06924e0
Instruction ID: 48f98c6534229380a6d8c7c1adbfc8a7aecd47f07fec84d2552d2935b4aa9543
Opcode Fuzzy Hash: 91e6cb89998f85f668f97b102ec4e9c0293c89f3a5b4045816cac46bf06924e0
Instruction Fuzzy Hash: 93417F71E096489BDB19CFA6DC456DDBFF2AFC9304F04C0AADC08AA265DB314946CF41

Function 058A9033 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af94d4ce123f19da2cbec3fdd8747e8534a68b3df3dcae45d191394593d70395
Instruction ID: ce4b3dfb4161e61ff4ba3fa46fc372035eabc3924beaa812793c0907cd413d57
Opcode Fuzzy Hash: af94d4ce123f19da2cbec3fdd8747e8534a68b3df3dcae45d191394593d70395
Instruction Fuzzy Hash: D831C375D09219CFEB14DF99D4847EDBBF2BB49308F24802AD809AB296D374AD85CF14

Function 0583D3E8 Relevance: 7.9, Strings: 6, Instructions: 404
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'_q, xrefs: 0583D4BA
4'_q, xrefs: 0583D46C
4'_q, xrefs: 0583D49C
pcq, xrefs: 0583D53F
4'_q, xrefs: 0583D532
(cq, xrefs: 0583D5B2

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq$4'_q$4'_q$4'_q$4'_q$pcq
API String ID: 0-2377345391
Opcode ID: 8f381fd36a6c9b0df3b1f39031fd79bff217c28ff5c6ffb3b78ae31d475bafaf
Instruction ID: 52c2819f00ac525cdf36cb0b5cbb6177ddab6fa17f22df239f1d304b52ccc6f3
Opcode Fuzzy Hash: 8f381fd36a6c9b0df3b1f39031fd79bff217c28ff5c6ffb3b78ae31d475bafaf
Instruction Fuzzy Hash: DED17E36A40115DFCB05DFA4C944E9ABBB2FF88314F0544A8EA09AB276CB31ED55DF90

Function 0277EE00 Relevance: 6.6, Strings: 5, Instructions: 341
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(cq, xrefs: 0277EF14
(cq, xrefs: 0277F022
(cq, xrefs: 0277F149
(cq, xrefs: 0277F04E
(cq, xrefs: 0277EF6B

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq$(cq$(cq$(cq$(cq
API String ID: 0-2384011908
Opcode ID: 8a1d61a06c7915544bf18050c364bbfecfbeb94e2419625ba5117e09ef0ec0d2
Instruction ID: f296b8e84521a1da723644e5c6c2e75fce682dd25b6686f1c2b11fcb2b06d0fa
Opcode Fuzzy Hash: 8a1d61a06c7915544bf18050c364bbfecfbeb94e2419625ba5117e09ef0ec0d2
Instruction Fuzzy Hash: 1FB102353002558FCB159F28D850AAE7BE2EFC5364F2881AAE806CB3A1CF35DD06C791

Function 0583C138 Relevance: 4.2, Strings: 3, Instructions: 478
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hcq, xrefs: 0583C63C
Hcq, xrefs: 0583C68C
Hcq, xrefs: 0583C60D

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: Hcq$Hcq$Hcq
API String ID: 0-687564024
Opcode ID: 5113d863690e4411cc73454b52656341fcbe8b9f217bbb8eceeea52d65ceea00
Instruction ID: db7003494b430f8c8375910b5259ef79f18ac615a876a26121ea3e89bed46d27
Opcode Fuzzy Hash: 5113d863690e4411cc73454b52656341fcbe8b9f217bbb8eceeea52d65ceea00
Instruction Fuzzy Hash: 7E124A35A002059FCB24DFA4C495AAEBBF2FF88304F14856DE906EB395DB31AD45CB90

Function 0583DDE0 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'_q, xrefs: 0583DFFA
4'_q, xrefs: 0583E159
4'_q, xrefs: 0583E0D9

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q$4'_q
API String ID: 0-1671372780
Opcode ID: 138e2a824c5b17e01d1a0e5452e4d17c6dbb2cede992a6ad938b3a1092c6e142
Instruction ID: a3019a3345aa39511ab638323bc9f6ae1c1db9a664e6f6cce2dc6cfd18d857ad
Opcode Fuzzy Hash: 138e2a824c5b17e01d1a0e5452e4d17c6dbb2cede992a6ad938b3a1092c6e142
Instruction Fuzzy Hash: 9BF1FC34B10218DFCB04DFA8D999A9DBBB2FF89300F518554E906AB365DB70EC46CB81

Function 058A17B0 Relevance: 4.1, Strings: 3, Instructions: 360
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hcq, xrefs: 058A1931
(cq, xrefs: 058A1905
(cq, xrefs: 058A18D9

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq$(cq$Hcq
API String ID: 0-151801531
Opcode ID: 9e511e7a5a2fd8e4c33a4394d208278e2a55a4a6e367a47feaed70bc78b6b31e
Instruction ID: 92281d60f3447034bf249a0b0ad3ce6b0aa06362f28268b673775ccb3835199c
Opcode Fuzzy Hash: 9e511e7a5a2fd8e4c33a4394d208278e2a55a4a6e367a47feaed70bc78b6b31e
Instruction Fuzzy Hash: D4E15235B00208DFDB04DF68D4959ADBBB2FF89310F508569E802AB364DB30ED46CB91

Function 05939810 Relevance: 3.8, Strings: 3, Instructions: 36
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

*, xrefs: 05939717
=, xrefs: 059396EE
5, xrefs: 0593981E

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID: *$5$=
API String ID: 0-3911414301
Opcode ID: d0590242d44d1dc95825203b1d4cf66701abb35870400f0b59f8d1c2fd26122a
Instruction ID: 45a706600197adca9cf78c4b2c0aca0bbca77406a269e14db235ba4b092bac2a
Opcode Fuzzy Hash: d0590242d44d1dc95825203b1d4cf66701abb35870400f0b59f8d1c2fd26122a
Instruction Fuzzy Hash: 1811AEB4906259CFDB64CF18D985BE8B7F6AB45304F5084EAD00AA7240DB72AE85CF01

Function 057C0D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON

Download Yara Rule

Strings

4'_q, xrefs: 057C1559
4'_q, xrefs: 057C1549

Memory Dump Source

Source File: 00000000.00000002.1358342003.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57c0000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q
API String ID: 0-531570531
Opcode ID: 7e8796579e94aefed52b925114a980eea87cab765902167cf1f1a4c904c5f6dc
Instruction ID: 796ffadfcb7db124441c4e02cc8055fc1a5daa2695b258dcac5aab4e72fbc040
Opcode Fuzzy Hash: 7e8796579e94aefed52b925114a980eea87cab765902167cf1f1a4c904c5f6dc
Instruction Fuzzy Hash: C142C274E04219CFDF14DB98D458AAEBBB2FB49301F5080ADE812A7755CB34AD82DF91

Function 058CD507 Relevance: 3.1, APIs: 2, Instructions: 66
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL(00000000), ref: 058CD576
GetSystemMetrics.USER32(00000001), ref: 058CD5B0

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: CallbackDispatcherMetricsSystemUser
String ID:
API String ID: 365337688-0
Opcode ID: da2c1e889405e484537a4b4b09df61b018e30f39a2630f22e0e20cfa32ea114c
Instruction ID: 66e7a0b82447b7ff3114d4fa386d21e675b83027f95bd9f7bc0e7257cec3dba2
Opcode Fuzzy Hash: da2c1e889405e484537a4b4b09df61b018e30f39a2630f22e0e20cfa32ea114c
Instruction Fuzzy Hash: 99318FB18043858FDB11CFA9C44979EBFF0EB4A304F15849ED959AB391C3796948CFA1

Function 057C1598 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'_q, xrefs: 057C1878
4'_q, xrefs: 057C1888

Memory Dump Source

Source File: 00000000.00000002.1358342003.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57c0000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q
API String ID: 0-531570531
Opcode ID: 29fd1e0f9f531483fbc9f36e7444c7f8785e11636a000adbc8164511e436d2e5
Instruction ID: 1184dd6338cb30140407469722b05b55b78f1a7993695270c612eee958990848
Opcode Fuzzy Hash: 29fd1e0f9f531483fbc9f36e7444c7f8785e11636a000adbc8164511e436d2e5
Instruction Fuzzy Hash: 44A1DF74E04209CFCB18DFA9D458AADBBB2FF89311F5080ADE802A7695CB345986DF51

Function 0594DB88 Relevance: 2.7, Strings: 2, Instructions: 176COMMON

Download Yara Rule

Strings

(cq, xrefs: 0594DC9E
Hcq, xrefs: 0594DD2D

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq$Hcq
API String ID: 0-4250889185
Opcode ID: 41cf40893722e167168ca4d27f1cc2975ef6ad8fd0b7bf6bfd9056523de62743
Instruction ID: 3ec45e52fa1f963bad46a62b641563e8c9314df67c23dd3c5a611d1aff3bb889
Opcode Fuzzy Hash: 41cf40893722e167168ca4d27f1cc2975ef6ad8fd0b7bf6bfd9056523de62743
Instruction Fuzzy Hash: 3E519C387002148FCB19AF38C454A6E7BA6BFCA355B1444ADD906CB3A1DF35ED06CB91

Function 058A3B28 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

(cq, xrefs: 058A3B76
Hcq, xrefs: 058A3C4C

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq$Hcq
API String ID: 0-4250889185
Opcode ID: 7591c1b43b4d762c2e37e1432873d60bb7bfdb14d717d32ca6f3f719b2e9b3e0
Instruction ID: e2fb6a906678a98dd2856eeb1ff45054b1d2cf7c5a2cc9a577e74f6ef7dc8264
Opcode Fuzzy Hash: 7591c1b43b4d762c2e37e1432873d60bb7bfdb14d717d32ca6f3f719b2e9b3e0
Instruction Fuzzy Hash: 0A41E1357042508FE7099B28C954A2E7BF2FF85714B2585AAE906CB3A1DF35DC06CB91

Function 0594A6D3 Relevance: 2.6, Strings: 2, Instructions: 140COMMON

Download Yara Rule

Strings

Hcq, xrefs: 0594A834
(cq, xrefs: 0594A808

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq$Hcq
API String ID: 0-4250889185
Opcode ID: 530d1b53696583349cf9b5789f0015e7918a2c0e69d05ca5987c3e4f6b514490
Instruction ID: 15ad7975ce4650f662a66ea941631127df495371e21aaf88672bd44703c13bee
Opcode Fuzzy Hash: 530d1b53696583349cf9b5789f0015e7918a2c0e69d05ca5987c3e4f6b514490
Instruction Fuzzy Hash: A251ED316087418FD324DF39C484B5B7BE3AF85324F188A29E4968B7A5DB78ED49CB50

Function 0583D3D8 Relevance: 2.6, Strings: 2, Instructions: 114COMMON

Download Yara Rule

Strings

4'_q, xrefs: 0583D46C
pcq, xrefs: 0583D53F

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q$pcq
API String ID: 0-3904210035
Opcode ID: 1fd317c4cd02771eef2cf866fea48c9f93ce30646375d23ab572b2c84900941f
Instruction ID: 3f4e4c8c5b7d49b5bca8afc85711eaaa9104ec416bbcc1014374db04162c6e27
Opcode Fuzzy Hash: 1fd317c4cd02771eef2cf866fea48c9f93ce30646375d23ab572b2c84900941f
Instruction Fuzzy Hash: AA41B230A402059FCB04DF68C9417AEBBF7FFC8304F548928D4499B269DB71AD0A8BA1

Function 058361C4 Relevance: 2.5, Strings: 2, Instructions: 32COMMON

Download Yara Rule

Strings

E, xrefs: 0583621A
i, xrefs: 05836246

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: E$i
API String ID: 0-1284943459
Opcode ID: ece2526d7a5b17b13fbdb5a89ed52c057acc1318f4a106c82e805da747c084f0
Instruction ID: 61e72561b65482037dd12fc45158567a662974fb986e9833f53b92bd6daae6c7
Opcode Fuzzy Hash: ece2526d7a5b17b13fbdb5a89ed52c057acc1318f4a106c82e805da747c084f0
Instruction Fuzzy Hash: 220193B4A01228CFDB60DFA4C888B9EBBB5BF09311F5400DAD549A7360DB345E84CF52

Function 0593969E Relevance: 2.5, Strings: 2, Instructions: 31COMMON

Download Yara Rule

Strings

*, xrefs: 05939717
=, xrefs: 059396EE

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID: *$=
API String ID: 0-1662760851
Opcode ID: 041708d3de7517c902f5beb22e6b932df2d7b5fa929e217af7b54c63e58b6599
Instruction ID: 87097e706a758844578e6cabc1618f1bfdddcd619fb5efb73f231fbe6ead0ef8
Opcode Fuzzy Hash: 041708d3de7517c902f5beb22e6b932df2d7b5fa929e217af7b54c63e58b6599
Instruction Fuzzy Hash: 9001A2B4905259CFCBA4DF18D984BD8B7F5AB49304F5084EAD409A7241DB72AE81CF01

Function 058AC38F Relevance: 2.5, Strings: 2, Instructions: 29COMMON

Download Yara Rule

Strings

*%, xrefs: 058AC38F
', xrefs: 058AC41A

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: '$*%
API String ID: 0-3542165805
Opcode ID: 07b1e86e59b3a2bb5d91579df4470676a07a08f517140894472d86c65d2a5012
Instruction ID: 90d770c4c6b529b311d476465ab29292cc8a62cfc5493c79e598cac74e61bf4e
Opcode Fuzzy Hash: 07b1e86e59b3a2bb5d91579df4470676a07a08f517140894472d86c65d2a5012
Instruction Fuzzy Hash: 4F01FF74605149CFC754DF24D995A99B7F1FB48708F1081AAD806AB355DB30AD44CF40

Function 05836202 Relevance: 2.5, Strings: 2, Instructions: 18COMMON

Download Yara Rule

Strings

E, xrefs: 0583621A
i, xrefs: 05836246

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: E$i
API String ID: 0-1284943459
Opcode ID: 31171957f5cb1871120c79bf1a44e0a4d6acec33154bb0cea3f12905f3843c8a
Instruction ID: d2d5c6cdab23dd188504631f7b2ceab94476cb0546fef947b113f7cf4a19beb1
Opcode Fuzzy Hash: 31171957f5cb1871120c79bf1a44e0a4d6acec33154bb0cea3f12905f3843c8a
Instruction Fuzzy Hash: 70F0A5B0A0521CDFDB50DFA4C889B9DBBB4AB09316F5414D6C909F2200DB344E808F66

Function 0583ECC0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,cq, xrefs: 0583F03B

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: ,cq
API String ID: 0-2322431649
Opcode ID: 9c1f8bc25da0b306b4be78adcc0a4aa58f9385b0b17ba976f9217e80188a7bdf
Instruction ID: ef51039460f8590463b53cbaa7c2677452e3ebbbed3bbe47cb0f7181a8632e14
Opcode Fuzzy Hash: 9c1f8bc25da0b306b4be78adcc0a4aa58f9385b0b17ba976f9217e80188a7bdf
Instruction Fuzzy Hash: C5520B75A002289FDB64DF68C985BEDBBF2BB88300F1541D9E909E7351DA309E84CF61

Function 0594F52F Relevance: 1.8, Strings: 1, Instructions: 538COMMON

Download Yara Rule

Strings

(__q, xrefs: 0594F7D0

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: (__q
API String ID: 0-956510577
Opcode ID: 15288a33956aab4afe3c57fac92854b23ecad27cdd28a03a135b718546a29f2c
Instruction ID: 72669261670708ec4ab948ca24f8a74da658db2a95f95221c0853cbd1d36bbb2
Opcode Fuzzy Hash: 15288a33956aab4afe3c57fac92854b23ecad27cdd28a03a135b718546a29f2c
Instruction Fuzzy Hash: 0B229C35B002059FDB04DF68D494EADBBF6BF88314F158469E906AB3A5CB75ED80CB90

Function 058C3707 Relevance: 1.8, APIs: 1, Instructions: 275processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 058C3977

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: b5535ca3e185cf6655ed96fc2d94f3f54734350f8745151d61fb0bfc5544cf1a
Instruction ID: 36a2a12ae8231fffdc7266d2aafa5409739751a32159e49c43e6ffc42fce98df
Opcode Fuzzy Hash: b5535ca3e185cf6655ed96fc2d94f3f54734350f8745151d61fb0bfc5544cf1a
Instruction Fuzzy Hash: 07A125B0E04218CFDB10DFA8C885BEDBBB1BB09300F1495A9E859F7240DB749986CF95

Function 058C3710 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 058C3977

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 1c2f0756cb2605ae8ae13322fb25bc863b4f901bbd2ed5f5848a42d0412d6a91
Instruction ID: ee8c5871c32af31ee1263a829ea3e35ff1b86dcee97a52f83ad9f6a1f3cf685c
Opcode Fuzzy Hash: 1c2f0756cb2605ae8ae13322fb25bc863b4f901bbd2ed5f5848a42d0412d6a91
Instruction Fuzzy Hash: F4A1F4B0E04218DFDB10CFA9C845BEDBBB1BB09304F1495A9E859F7280DB749986CF95

Function 058C62FF Relevance: 1.7, APIs: 1, Instructions: 179fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 058C6483

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: afd5bf2dd8afd89182dbbdfd153e220da269ad2401b1a4b4bdb763c27024a991
Instruction ID: 1a02a72c01195981221cb1187bb508ca7799b4f6fc02b4dda903d17e9e3d8cd1
Opcode Fuzzy Hash: afd5bf2dd8afd89182dbbdfd153e220da269ad2401b1a4b4bdb763c27024a991
Instruction Fuzzy Hash: E9612570D043188FDB14DFAAD8457ADBFB1BB45304F248169E856E7284EB789985CF81

Function 058C67DC Relevance: 1.7, APIs: 1, Instructions: 169registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.KERNELBASE(?,?,?,?,?,?), ref: 058C6948

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 163ecda320ca1c7b26d9d566c94d3aee42ce722e6b4f3b7970a8a76e1ad7b51c
Instruction ID: a6b6a4f7e148c90beea7d014c5f48d20b27190259015e2efedcc1e9246f901bd
Opcode Fuzzy Hash: 163ecda320ca1c7b26d9d566c94d3aee42ce722e6b4f3b7970a8a76e1ad7b51c
Instruction Fuzzy Hash: 93610EB0D042188FCF20CFAAC985BADBBB1FF49310F14816AE859BB241EB349945CF54

Function 058C6308 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,?), ref: 058C6483

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 39ff56bda93c27f22bb1db07035a3b5fb7d2c2979d0d8d37783d7765b286d8e2
Instruction ID: 93ee6c5a61b356e1acdcbe0e32e7dc410a41ca9d08253fb0170e27d836f1211e
Opcode Fuzzy Hash: 39ff56bda93c27f22bb1db07035a3b5fb7d2c2979d0d8d37783d7765b286d8e2
Instruction Fuzzy Hash: 616112B0D003189FDB14CFAAC9457ADBFB1BB49304F248169E85AE7280E7789985CF81

Function 058C67E8 Relevance: 1.7, APIs: 1, Instructions: 157registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.KERNELBASE(?,?,?,?,?,?), ref: 058C6948

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: c3bfa8cd620c6ce41d2cc2a8e9ad8baaa79b02c432ec80541c092269567071ef
Instruction ID: 5b71fee4325eb360c78e82a9a6df726707fc0365213fbf328c309c8ae02ddc56
Opcode Fuzzy Hash: c3bfa8cd620c6ce41d2cc2a8e9ad8baaa79b02c432ec80541c092269567071ef
Instruction Fuzzy Hash: DA51DEB0D042189FDF24CFAAC985B9EBBB1FF49304F14916AE858BB245EB349945CF44

Function 05CBEE80 Relevance: 1.6, Strings: 1, Instructions: 394COMMON

Download Yara Rule

Strings

$_q, xrefs: 05CBEFA7

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID: $_q
API String ID: 0-238743419
Opcode ID: 1fb4c5ad8061dc2383b5bd463bd467e5dad01c68c30289be4ef21a9e8137f515
Instruction ID: ad893e5a7f35c982ad7b8858fd5e2c084b7f605d8575b85a57a589980ab765f8
Opcode Fuzzy Hash: 1fb4c5ad8061dc2383b5bd463bd467e5dad01c68c30289be4ef21a9e8137f515
Instruction Fuzzy Hash: 5FE1C1707042428FEB149F6AC8556BEBAE3EF89300F14496DE982CB391DB74DE81DB51

Function 058C65A7 Relevance: 1.6, APIs: 1, Instructions: 140registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,?,?,?,?), ref: 058C66D8

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: d273987a81edafd6e32ca23807faf3ef95f6f0b963b60a5bcd6f38dd4993183b
Instruction ID: d5f9925c5cb3ba6daac3159f411527d0cfb0c915b8ceabbc254157d6967366e6
Opcode Fuzzy Hash: d273987a81edafd6e32ca23807faf3ef95f6f0b963b60a5bcd6f38dd4993183b
Instruction Fuzzy Hash: 0A51F0B4D043089FCF14CFAAD985A9EBFB1BF09300F20952AE819B7250E7749945CF45

Function 058C65B0 Relevance: 1.6, APIs: 1, Instructions: 140registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,?,?,?,?), ref: 058C66D8

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 1e6024c9a52905c2762effd0248aba912a9d1123fb9f1289aa085cb6b7e41ea2
Instruction ID: e17d5e51b4bbb59095a37458fc0bd974cd8dcce33c56fdddfdb7408341249b29
Opcode Fuzzy Hash: 1e6024c9a52905c2762effd0248aba912a9d1123fb9f1289aa085cb6b7e41ea2
Instruction Fuzzy Hash: 8251EFB4D043089FCF14CFAAD985A9EBFB1BF09300F20952AE819B7250EB749945CF95

Function 058C458B Relevance: 1.6, APIs: 1, Instructions: 117injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058C4663

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 59edd36729660ef0d1b9716793e48d386ff682771c64532cc51239b12cdce6a5
Instruction ID: b1c16e1e733c591e874ff9eade339228dcec558508639764376782967d404871
Opcode Fuzzy Hash: 59edd36729660ef0d1b9716793e48d386ff682771c64532cc51239b12cdce6a5
Instruction Fuzzy Hash: 2D41CAB5D012589FCF00CFA9D984ADEFBF1BB49310F20902AE819B7210D739AA45CF64

Function 058C4590 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 058C4663

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 7e07e2a6db1e32afcbe3d526f022680c92a5b5aa0c81720c8b0c8f9d7a4accf4
Instruction ID: 626c00915955b8838ba58158208b586128796f4d2e7765e32c204f6e06abdc08
Opcode Fuzzy Hash: 7e07e2a6db1e32afcbe3d526f022680c92a5b5aa0c81720c8b0c8f9d7a4accf4
Instruction Fuzzy Hash: D241AAB5D012589FCF10CFA9D984ADEFBF1BB49310F20902AE819B7250D739AA45CF64

Function 02770EFC Relevance: 1.6, Strings: 1, Instructions: 366COMMON

Download Yara Rule

Strings

`Q_q, xrefs: 027713DC

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID: `Q_q
API String ID: 0-1832742057
Opcode ID: 5a31f0596ea813e90ee15b3d3cb9c4b39bcc7199ad667c899d1468c4e25f605a
Instruction ID: 2e9d3446c0d6a8f9a8180fe679756829af397f9cf57d15d8e7cee10eff6f581d
Opcode Fuzzy Hash: 5a31f0596ea813e90ee15b3d3cb9c4b39bcc7199ad667c899d1468c4e25f605a
Instruction Fuzzy Hash: 28E16131B002169FDB04DFA8C894B6EBBF2BF85704F558565E509EB2A5DB70EC46CB80

Function 058C442B Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 058C44DA

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 1102207ba2fee06daa61399a0f8626cc814d66b4dc207018c13e7951f6bd85e9
Instruction ID: cb0f5d3819796190ceb02c58ff5a6ddd10bfd7225df7c08acedfafa82b920dc4
Opcode Fuzzy Hash: 1102207ba2fee06daa61399a0f8626cc814d66b4dc207018c13e7951f6bd85e9
Instruction Fuzzy Hash: F43197B9D042589FCF10CFA9D980ADEFBB1BB49310F10902AE819B7210D735A946CF68

Function 058C4430 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 058C44DA

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5fe711f8bb4da77ff22a1af167a863e28d62c866307ad5be8f4c803e25a6a35d
Instruction ID: 7129930d4b9e74c17cbe40496ae27c079efd85577c83ac8fa7a4c80f84927d7c
Opcode Fuzzy Hash: 5fe711f8bb4da77ff22a1af167a863e28d62c866307ad5be8f4c803e25a6a35d
Instruction Fuzzy Hash: F031A8B8D042589FCF10CFA9D980ADEFBB1BB49310F10902AE819B7210D735A946CF64

Function 058C4A7B Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 058C4B24

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 1de79b0f3eb0b4b0ae9efd69f714bc5e9230174bd1d060874a7464b6673108c3
Instruction ID: 6e822f68025898c260e24fc6b60f0a3466991a4dfc4727e75e0c7b458ca4f24f
Opcode Fuzzy Hash: 1de79b0f3eb0b4b0ae9efd69f714bc5e9230174bd1d060874a7464b6673108c3
Instruction Fuzzy Hash: 3631CAB5D042589FCF10DFEAD984AEEFBB1BB09310F14902AE815B7210D735A945CFA4

Function 058C4A80 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 058C4B24

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 950b027b6acb0875b41568fe5c7341d7ff0a458e459adf6fb2620cc151f24545
Instruction ID: 60f01f4a2fa3cd15de93133323bd25752cff4e04c410ea2145fb0525d6bf1171
Opcode Fuzzy Hash: 950b027b6acb0875b41568fe5c7341d7ff0a458e459adf6fb2620cc151f24545
Instruction Fuzzy Hash: 2031AAB5D042589FCF10CFAAD984AEEFBB1BB49310F14942AE815B7210D735A945CF64

Function 0591DCB0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 0591DD54

Memory Dump Source

Source File: 00000000.00000002.1359263820.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5910000_Nulzuen.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 20582c3dea539fb5b604e0413f1a06f47f2854fffd7729419d20b7bf17008925
Instruction ID: 00a185efab892507ab9545aad33738f44b141b91f45652d86fbd8ea97cfa3702
Opcode Fuzzy Hash: 20582c3dea539fb5b604e0413f1a06f47f2854fffd7729419d20b7bf17008925
Instruction Fuzzy Hash: 0F31A9B8D002589FCF10CFA9D980ADEFBF5BB49310F10942AE819B7210D735A945CF98

Function 058C3ECB Relevance: 1.6, APIs: 1, Instructions: 95threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 058C3F7F

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 3a1a37eb01eb883b946d44cace3a3487296976147c516178fdffeb81504a677a
Instruction ID: c7157c0f82df6a6930f916f6d8110a110294dcf1869dcf0a6bff545a4c9ed7cf
Opcode Fuzzy Hash: 3a1a37eb01eb883b946d44cace3a3487296976147c516178fdffeb81504a677a
Instruction Fuzzy Hash: B841DCB4D002589FCB10CFA9D984AEEFFF0BB49314F14842AE819B7240D738A949CF94

Function 058C3ED0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 058C3F7F

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 17a0288dbcf5ac43fc794243b4f646868eaaeed00a44b49eed7ca0eeb223b0de
Instruction ID: d62574e2f6226081b7c1813899e80671687bd2b3b8794d69f7325f923a783160
Opcode Fuzzy Hash: 17a0288dbcf5ac43fc794243b4f646868eaaeed00a44b49eed7ca0eeb223b0de
Instruction Fuzzy Hash: 3C31BCB4D002589FCB14CFA9D984AEEFFF1BB49314F14842AE819B7240D778A949CF94

Function 058C4540 Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 058C44DA

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 684df0e0c8dd3017c65d53ac2c527e3ba2a238b14db63d165c1b9d5e3c8c43d7
Instruction ID: 0edf0d6740fb4a8be0e4f3b4a8e9eb89aed453da79a3b57b34967e7e28bf7287
Opcode Fuzzy Hash: 684df0e0c8dd3017c65d53ac2c527e3ba2a238b14db63d165c1b9d5e3c8c43d7
Instruction Fuzzy Hash: 95116D71D06208DFCF10DBA8E45579CBBB0EB44315F108099E859F7261DB71AC85CF61

Function 058C4B90 Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 058C4B24

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2b031645973afd8d0f27f8c24a0828eb656a0cd2d55d28d87963e7bd50f30a46
Instruction ID: 33648280a1d20197deeab1d9a45e0b95807c5e13917a3df594d7e4ad73b78008
Opcode Fuzzy Hash: 2b031645973afd8d0f27f8c24a0828eb656a0cd2d55d28d87963e7bd50f30a46
Instruction Fuzzy Hash: 3C118C71D05208DFDF10EBE9E455BECBBB0EB14316F148469E815B3260CA359C85CB64

Function 0583ECB0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON

Download Yara Rule

Strings

,cq, xrefs: 0583F03B

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: ,cq
API String ID: 0-2322431649
Opcode ID: 1dba58e8199be5089d21d43cb1b371f0d925e52815054fa19c46b46b50c71dfa
Instruction ID: e7db690c556e33cc5a1d0f28b5eb34831af7524408a846b6cd3b18bc3b1b1b52
Opcode Fuzzy Hash: 1dba58e8199be5089d21d43cb1b371f0d925e52815054fa19c46b46b50c71dfa
Instruction Fuzzy Hash: 27C17174A001189FDB14CB68C955BEDBBF6BF88700F1580D9E909EB365DA309D85CFA1

Function 0583DDD3 Relevance: 1.5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

4'_q, xrefs: 0583DFFA

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q
API String ID: 0-2033115326
Opcode ID: ba853d51e1a51699988faa8304f0b54fcd107f9f9f447ad2dfa2c331fbce1358
Instruction ID: 84b6e8457dd9df855569e3b2e23aad160f3298cf996a1acb9395b51a4a751f4a
Opcode Fuzzy Hash: ba853d51e1a51699988faa8304f0b54fcd107f9f9f447ad2dfa2c331fbce1358
Instruction Fuzzy Hash: 9EA1EE34B11218CFCB04DFA8D999A9DBBB2FF89300F558555E806AB365DB70EC46CB81

Function 058A3CD8 Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

(cq, xrefs: 058A3EF9

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq
API String ID: 0-301743287
Opcode ID: df9384a180da1ae1a11501d13beae68acef399a48072c4180a243f81e98de4e6
Instruction ID: 750e5c840440293d42adaaacd25daca3252c8c52d384b38b4393c62dc9ed556b
Opcode Fuzzy Hash: df9384a180da1ae1a11501d13beae68acef399a48072c4180a243f81e98de4e6
Instruction Fuzzy Hash: 32717C35B00614CFDB04EF68C498AADB7B2BF88700F508569E9069B7A4DF75AD46CBC1

Function 058AE368 Relevance: 1.4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

4|dq, xrefs: 058ADF6B

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4|dq
API String ID: 0-628477655
Opcode ID: 00d33203f5276a8a899d81575c53084e11ee284b9c752f0ac9b3ce1eeca2c5f3
Instruction ID: 45c1aec467ed7a58e919d9b579b6d2b4377756d673a30dff2943585e2fb84f2f
Opcode Fuzzy Hash: 00d33203f5276a8a899d81575c53084e11ee284b9c752f0ac9b3ce1eeca2c5f3
Instruction Fuzzy Hash: 42719074A05228CFEB64DF29D884BA9B7F2BB4A304F5080A9D949E7651DB709E84CF41

Function 05949CD0 Relevance: 1.4, Strings: 1, Instructions: 153COMMON

Download Yara Rule

Strings

pcq, xrefs: 05949D80

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: pcq
API String ID: 0-4045518381
Opcode ID: 5b2d598866448e3933b50e32a97e523c919a91999f86b4086e093202b5bd3f0f
Instruction ID: 1a8937c51068d108c96bee55684a3ce6a09f7274ed775e348a5591558fcd2817
Opcode Fuzzy Hash: 5b2d598866448e3933b50e32a97e523c919a91999f86b4086e093202b5bd3f0f
Instruction Fuzzy Hash: 7B513A76600104AFCB499FA8C944D6ABFF7FF8D31471584D8E2099B276DA36DC21EB50

Function 0594BB60 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

,cq, xrefs: 0594BBC3

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: ,cq
API String ID: 0-2322431649
Opcode ID: 89bb1dd8faac2322217356c24848dabd3100187cdc5d5efdea1297a35dc5df0c
Instruction ID: 3ed974b3f688559dd045d194a3f803c2b2c7d16170f8e517dcf6d50ecfdb9820
Opcode Fuzzy Hash: 89bb1dd8faac2322217356c24848dabd3100187cdc5d5efdea1297a35dc5df0c
Instruction Fuzzy Hash: 33518D357001158FCB04EF69D894AAEBBF6FF89311B1580AAE906DB365DB31ED01CB91

Function 0594AC88 Relevance: 1.4, Strings: 1, Instructions: 149COMMON

Download Yara Rule

Strings

(cq, xrefs: 0594ACFC

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq
API String ID: 0-301743287
Opcode ID: 08fe0b51f5bfbfc29b48e00be46b012944cc33959f8fca8e71091c4a4cfa896e
Instruction ID: 780e254725b8a6d8d45c18c40b87d8be565db4d9a0ca733f50ca1a9e90ece91a
Opcode Fuzzy Hash: 08fe0b51f5bfbfc29b48e00be46b012944cc33959f8fca8e71091c4a4cfa896e
Instruction Fuzzy Hash: EB51E431B046168FCB10DF68C884AAAFBB6FF85321F15869AD9259B281D730FC55CBD0

Function 058A1EC8 Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

(cq, xrefs: 058A1FF4

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq
API String ID: 0-301743287
Opcode ID: 03c667a192cc00ecd3b2180e7ac0ab2a15e34c6003c2925d19e05c0611ba62c8
Instruction ID: b28c3ab07680d2b8cb8280f1b461ee99ba36273e906f07e16fea8dfb32e831a2
Opcode Fuzzy Hash: 03c667a192cc00ecd3b2180e7ac0ab2a15e34c6003c2925d19e05c0611ba62c8
Instruction Fuzzy Hash: 88517D36704214AFCB069F68D844E597FB6FF89320B1580A6E605CB272CB31DC11DB90

Function 058AE4A8 Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

4|dq, xrefs: 058ADF6B

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4|dq
API String ID: 0-628477655
Opcode ID: 04763e219d8afcc924f0eb976024bcde982bb8ef308242d7cb9ed411681ea412
Instruction ID: 96249b431768e0c3e36adc31f08490ff61a05b94ce6512d9855f07de18e4d48a
Opcode Fuzzy Hash: 04763e219d8afcc924f0eb976024bcde982bb8ef308242d7cb9ed411681ea412
Instruction Fuzzy Hash: 46619274A05228CFEB64DF28D884BE9BBF2BB4A304F5080E9D549E7651DB705E84CF01

Function 058A0E78 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'_q, xrefs: 058A0EB2

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q
API String ID: 0-2033115326
Opcode ID: 834f66a4140191c82472bdb739e78071ba4b6c4ad36f8b933bd3609c77619eba
Instruction ID: e5a554eba548374d69ee5c285e393d33a512f992bc3bc67516498b24713e5a6d
Opcode Fuzzy Hash: 834f66a4140191c82472bdb739e78071ba4b6c4ad36f8b933bd3609c77619eba
Instruction Fuzzy Hash: 62415334B107148FCB04AB68C459A6EB7BBAFC9700F104529E906EB394DF749D46CBD1

Function 05832288 Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

TJdq, xrefs: 0583232D

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: TJdq
API String ID: 0-1052090614
Opcode ID: 4329511e28663819039cf0cb7e26ad33c9f1ac917d047e688bbc0884c1ec930d
Instruction ID: a300edc2f65857ccf0bee4945074d8efe4562be2496bcb9f9eae11397ba4972b
Opcode Fuzzy Hash: 4329511e28663819039cf0cb7e26ad33c9f1ac917d047e688bbc0884c1ec930d
Instruction Fuzzy Hash: 8151C778D04208DFDB04DFA9D884AADBBB1FF49304F1084AAE816A7361DB749941DF50

Function 05832298 Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

TJdq, xrefs: 0583232D

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: TJdq
API String ID: 0-1052090614
Opcode ID: bab401418486056bbff3368b1aaf8364f4a55e9ce43863b84de75f696c01beaa
Instruction ID: 48cf10fdd127d5f6f4c881077b391d9b9f4c45227a5b6ef9396a343cb92e8c1e
Opcode Fuzzy Hash: bab401418486056bbff3368b1aaf8364f4a55e9ce43863b84de75f696c01beaa
Instruction Fuzzy Hash: 1451B478D04208DFDB04DFA9D889AADBBF2FF49304F10856AE816A7360DB749981DF50

Function 058A0470 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

4'_q, xrefs: 058A0527

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q
API String ID: 0-2033115326
Opcode ID: 2e251e1de0f03cdc1d954d34458c76b47570befbde05f14e277c84dec8e813d1
Instruction ID: e5490cf690045d1f9e8ef618f71425f9e183ad937fe02a29523001a938d4d3cb
Opcode Fuzzy Hash: 2e251e1de0f03cdc1d954d34458c76b47570befbde05f14e277c84dec8e813d1
Instruction Fuzzy Hash: AD417C357402109FD308DB68C999B2A77E6AFC8B04F104568EA0ACF3A5DE71EC42CB91

Function 058A0480 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'_q, xrefs: 058A0527

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q
API String ID: 0-2033115326
Opcode ID: b45f985947e42a6f14abdf16fcab74467a2775913b5445b2464bb1b5a4db2eaf
Instruction ID: b369a347f378068da863c3de4b496278047b28032f2d06d6025f18ce693dc617
Opcode Fuzzy Hash: b45f985947e42a6f14abdf16fcab74467a2775913b5445b2464bb1b5a4db2eaf
Instruction Fuzzy Hash: E3315C353406149FD308DB69C999F2B77E6AFC8B04F104568EA0ACB3A5DE71EC42CB91

Function 0591F278 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(?,?,?,?), ref: 0591F317

Memory Dump Source

Source File: 00000000.00000002.1359263820.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5910000_Nulzuen.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c23066b5d238cd993c03efee2b148670de10bfa2604f639eeeb6621173c8259e
Instruction ID: e33ba26b48e36359b4f152363f80e88baaaa2e2f4c87b35ffe98faa16caa0305
Opcode Fuzzy Hash: c23066b5d238cd993c03efee2b148670de10bfa2604f639eeeb6621173c8259e
Instruction Fuzzy Hash: DE31B8B4D042589FCF14CFA9D980ADEFBB1FB49310F10942AE819B7210D735A946CFA8

Function 0594A578 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

(cq, xrefs: 0594A5C8

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq
API String ID: 0-301743287
Opcode ID: 53dfe155d5a48010fce03d3faa3481da2dedbf389d89fc4f1512a66d38870970
Instruction ID: 30264a30d6b8dff6aa082f800602cdf1e9fa40b19a0dadcfc622add59da42050
Opcode Fuzzy Hash: 53dfe155d5a48010fce03d3faa3481da2dedbf389d89fc4f1512a66d38870970
Instruction Fuzzy Hash: 5521023A7002519FDB059F68D854AAEBBA7EFC9360B14803AFE09CB354DE31DC058B90

Function 0583D258 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

4'_q, xrefs: 0583D2A1

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q
API String ID: 0-2033115326
Opcode ID: 7bd4c821c8687b942979a43e56c3318c2b3954ff3ff8b4d571683ca6ddde1f87
Instruction ID: 48abdc51e1591b0ed53c91a09ac814f722c567aa13aa45dc9507bf01a8d6c2f3
Opcode Fuzzy Hash: 7bd4c821c8687b942979a43e56c3318c2b3954ff3ff8b4d571683ca6ddde1f87
Instruction Fuzzy Hash: 8F318E36A001049FCF059FA4D999A59BFB2FF89310B4541A9EE069B3B5DA71EC06CB90

Function 058A0E69 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

4'_q, xrefs: 058A0EB2

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q
API String ID: 0-2033115326
Opcode ID: 0ff511e02cf673c1e708ccbcdd09fcb8e73a4f3264c7364185580ebbf8747ff0
Instruction ID: 04a17cf476595a7136c5873cca50afb602dc858d821d5dbd6be772176828a4ab
Opcode Fuzzy Hash: 0ff511e02cf673c1e708ccbcdd09fcb8e73a4f3264c7364185580ebbf8747ff0
Instruction Fuzzy Hash: 4D218231B102549BDB04AB69885967EBBABAFC9700F104429E906EB394DF749C06CBD1

Function 058A5F70 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

(cq, xrefs: 058A5F93

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: (cq
API String ID: 0-301743287
Opcode ID: 76e9d8013f030fc84756e4e7fb578af9deed4e262e967d59fdd8fb8f4e7d81be
Instruction ID: 754f67b849f4a1edc7c279a83fe8e014b9e8c18cfd6fa8a14ed5b0469b63346d
Opcode Fuzzy Hash: 76e9d8013f030fc84756e4e7fb578af9deed4e262e967d59fdd8fb8f4e7d81be
Instruction Fuzzy Hash: B921C1327046118FD7249A2AE040A6AF7E6FBC4724B18867AD90EC7744DB32EC82C780

Function 057C0D7C Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

4'_q, xrefs: 057C1549

Memory Dump Source

Source File: 00000000.00000002.1358342003.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57c0000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q
API String ID: 0-2033115326
Opcode ID: 1c7f338dd9a63473597839ac1cee94d97e43dc663bc797c53e8b864955068433
Instruction ID: 78ea4dfb74043c02995f9562f9348e9d8e47b4c1784f7bfc23feab3b87cde3e3
Opcode Fuzzy Hash: 1c7f338dd9a63473597839ac1cee94d97e43dc663bc797c53e8b864955068433
Instruction Fuzzy Hash: DC312874D04219CFDB18CFA9D4586EEBFB2FB45301F1080AED012A7291CB34A986DF91

Function 02770BAA Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

Te_q, xrefs: 02770C00

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID: Te_q
API String ID: 0-823545363
Opcode ID: 7f963046afe60e0db0fac4c5afcbd0af0096a62e8a358743fc7f5b02a7eadf89
Instruction ID: 62aff4adfd361cdda3f98f393b18d56def928d27ae8c1bf9791614a5e5a6c241
Opcode Fuzzy Hash: 7f963046afe60e0db0fac4c5afcbd0af0096a62e8a358743fc7f5b02a7eadf89
Instruction Fuzzy Hash: B1218B70A45215CFCB45DFA8C858AEDBBF2BF89720F244069E402AF3A1DBB59C45CB41

Function 0594E88C Relevance: 1.3, Strings: 1, Instructions: 78COMMON

Download Yara Rule

Strings

p<_q, xrefs: 0594E8DA

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: p<_q
API String ID: 0-2099995461
Opcode ID: cfcfd0aa38de2323da634fb1dafae8c39929ddccbd921ec8dffd807255c9ee25
Instruction ID: 676e9c971e829df8c522108879ac77ed5fc41ebbef9da0ddd376bd1bdeeeaef5
Opcode Fuzzy Hash: cfcfd0aa38de2323da634fb1dafae8c39929ddccbd921ec8dffd807255c9ee25
Instruction Fuzzy Hash: 90214F757082849FDB12CF2AC854EAA7FE9BF8A210B094096FC55CB3A1DA75DC51CF21

Function 0594BB50 Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

,cq, xrefs: 0594BBC3

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: ,cq
API String ID: 0-2322431649
Opcode ID: 10633bf61124d10687506484e2b3f802d1114234a6c0ad8f0d113d18430c9b97
Instruction ID: 952f78a1f818a79600766d41c47766581abc0266c9fc5896e89fac7f0eb20e0d
Opcode Fuzzy Hash: 10633bf61124d10687506484e2b3f802d1114234a6c0ad8f0d113d18430c9b97
Instruction Fuzzy Hash: F4118B35B002059FCB00DF69C994A6FBBB6AF85301F10806AEA019B3A5DB30ED01CB91

Function 0594417B Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

C, xrefs: 059441BB

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: e4eb1352a78fc35f6a4727c668a5836f0c2ced476a93316185a173a5cd81740a
Instruction ID: d061261232ac79778386ae57550a59e2938f043a16ac3db30ae9740c15df1dd4
Opcode Fuzzy Hash: e4eb1352a78fc35f6a4727c668a5836f0c2ced476a93316185a173a5cd81740a
Instruction Fuzzy Hash: 4B21E378944228DFCB60DF24C984BAABBB2FF49305F5045E9D20AA7290CB319E95CF05

Function 0593977A Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

1, xrefs: 05939784

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID: 1
API String ID: 0-2212294583
Opcode ID: 2f2953eb15eea47f5253fc90f68dc8cfaeaf24b8220319636575f945cbb5fb5f
Instruction ID: 7dca502cd5e1c82eefbed47254c22c45f0e7d75db24aad840b4375f8e266fbb6
Opcode Fuzzy Hash: 2f2953eb15eea47f5253fc90f68dc8cfaeaf24b8220319636575f945cbb5fb5f
Instruction Fuzzy Hash: 87217FB4905658CFDB65CF59C989BDCB7B1BB48305F1084EAE509AA390D7755E84CF00

Function 058ACF23 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

, xrefs: 058ACFA8

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 28f70bbf309b82d77c6e91c3771e308f7dc10745348252fe179c0a82d452abe0
Instruction ID: 5891c78a0902026f65de93e6affa24c27f7883451e3606116ee7aaed0ea36781
Opcode Fuzzy Hash: 28f70bbf309b82d77c6e91c3771e308f7dc10745348252fe179c0a82d452abe0
Instruction Fuzzy Hash: 98119374A05219CFDB54EB68E496BA9B7F1FB48304F5081A6E81AEB254DB34AD80CF50

Function 058ABB20 Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

", xrefs: 058ABB9F

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: c7ca4ecea4ccfcaf0c592c56c5c1d09cc385b6a6057a9d255ce6868923dee700
Instruction ID: 4dbd80d8e2305cc60b65ccae558ecc94b070c5141fadf8b85be31a76936c8fc5
Opcode Fuzzy Hash: c7ca4ecea4ccfcaf0c592c56c5c1d09cc385b6a6057a9d255ce6868923dee700
Instruction Fuzzy Hash: D311F774A05149CFDB54EF28E496BAD77F1FB48304F40C5A6E40AEB254DB74AD818F00

Function 058AC2DA Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

), xrefs: 058AC383

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: 143483b9de81ef3669d3c14423cdfd1d6dbf5d4d1203cc7785d3f893f95fb0ee
Instruction ID: c7c11b4b5b7cc6095f0513a59a4467966813ef7c3554f6b634dd9abb84ecd58e
Opcode Fuzzy Hash: 143483b9de81ef3669d3c14423cdfd1d6dbf5d4d1203cc7785d3f893f95fb0ee
Instruction Fuzzy Hash: 0B11FA74A06118CFEB54EF28E496AAE77F2EB49304F1081A5E849EB344DB749D818F41

Function 02770DF0 Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

8cq, xrefs: 02770E46

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID: 8cq
API String ID: 0-304758316
Opcode ID: bb629613a806b031b81a4de280758963b996e90924ef9ea0d84c9f4129ff28fb
Instruction ID: 6b2221a9fd57dcd0fb9144a0a8cdd636b0a31f2b6337daaf6a3b29bcd5ca5f24
Opcode Fuzzy Hash: bb629613a806b031b81a4de280758963b996e90924ef9ea0d84c9f4129ff28fb
Instruction Fuzzy Hash: 56F06234A14108DFCF00FBB8E4449ADBBF5EB49348B0085A6E54AAB368DB709D54CF92

Function 02770DEF Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

8cq, xrefs: 02770E46

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID: 8cq
API String ID: 0-304758316
Opcode ID: 30a6673ef1c43943ba001ed38daac64df7b58e5b966f2c1f921e37d152decfdf
Instruction ID: 60a2404ccdda9edbb705544e36206ed3ebe0e554ac6373d74574caf7951a182d
Opcode Fuzzy Hash: 30a6673ef1c43943ba001ed38daac64df7b58e5b966f2c1f921e37d152decfdf
Instruction Fuzzy Hash: 10F06834D54108DFCF10FBB8E4449ADBBF1EB49344B0085AAE44AAB764DB705D55CF42

Function 0593A237 Relevance: 1.3, Strings: 1, Instructions: 36COMMON

Download Yara Rule

Strings

A, xrefs: 0593A385

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID: A
API String ID: 0-3554254475
Opcode ID: 533de637dd0c7cb8a02d2074354e49e1339414f39611f0110078d08475376eb9
Instruction ID: 531e046ebf075941afa5f87cfd21b2cdd6edfd83e66089bf36c8ca8767983348
Opcode Fuzzy Hash: 533de637dd0c7cb8a02d2074354e49e1339414f39611f0110078d08475376eb9
Instruction Fuzzy Hash: 06119074904268CFCB60CF61CD84BEDBBB1BB49304F0084DAD409A7250D7365E85DF40

Function 05941A32 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

6, xrefs: 05941A3F

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: 6
API String ID: 0-498629140
Opcode ID: a1723f3fc4b98c47f85988a5091af6b90046b819c2a3c0ab46d2f4bcb5be8e0b
Instruction ID: 0b76704006fd4842ad21745e1101da5564feab0e5af815150dd9ea7f5db63eb2
Opcode Fuzzy Hash: a1723f3fc4b98c47f85988a5091af6b90046b819c2a3c0ab46d2f4bcb5be8e0b
Instruction Fuzzy Hash: A111AE74909269DFEB209F24CD48B99BBB1BB09305F048AE9D60DA7290C7740EC9CF05

Function 05947031 Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

Te_q, xrefs: 05947060

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: Te_q
API String ID: 0-823545363
Opcode ID: 85909ef8d5941b1294fb5eb16bb637acbd7eb6b45b116c2f6946309ed9c9377d
Instruction ID: 6d55d072e373884e1a245af0cfcffb45acd82c2eed6df497fc46a3ba46eaf630
Opcode Fuzzy Hash: 85909ef8d5941b1294fb5eb16bb637acbd7eb6b45b116c2f6946309ed9c9377d
Instruction Fuzzy Hash: CF01C4B8A05218CFCB60DF68D894BD9BBF2BB49314F108195E488A7344CB705ED0DF41

Function 058AC975 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

&, xrefs: 058AC9FA

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: &
API String ID: 0-1010288
Opcode ID: 2af2d76de32a488e7b3a74c8e4136a186900f17a4b0a9007342538e23136872f
Instruction ID: c334f237d794d11c11b2b8f4fdace865a97443a21dee38f31571603bf96a6080
Opcode Fuzzy Hash: 2af2d76de32a488e7b3a74c8e4136a186900f17a4b0a9007342538e23136872f
Instruction Fuzzy Hash: 9F01F674605119CFCB58EB28D9A6BAA77F1FB48308F0082E9D45AAB259DB30AD44DF40

Function 05939534 Relevance: 1.3, Strings: 1, Instructions: 20COMMON

Download Yara Rule

Strings

4, xrefs: 05939580

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 2bc93880afb80283eb88897a66209f3ad64887f722be3a97909a339bcd152295
Instruction ID: bef475a93713b3d1834b134788c2ea838ddde1685b796875b821144968979166
Opcode Fuzzy Hash: 2bc93880afb80283eb88897a66209f3ad64887f722be3a97909a339bcd152295
Instruction Fuzzy Hash: 6BF0F23180565ADBCF129F54C840ACEBB31FF98344F208646E95927250DB71ABD6CF80

Function 05835A7C Relevance: 1.3, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

U, xrefs: 05835ABC

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: dd61cdfa7321516d25b9d1e982b4221f6870d7c751afb4005a4635962ef3b4e5
Instruction ID: 1fb00d1165647cf2efc6d1f65f6f0a9e8a60eb08c57adb5eab0f1c138d65d298
Opcode Fuzzy Hash: dd61cdfa7321516d25b9d1e982b4221f6870d7c751afb4005a4635962ef3b4e5
Instruction Fuzzy Hash: 9FE092B4949228DFDFA0CF20D888BEDBBB1AB08319F60A199C909B2254D7701E849F45

Function 05CA7946 Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

@, xrefs: 05CA796D

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 3fa929ba7c34f7b5ad8c1f551cb30c95ccced73a77dd3a74c9548eae65ea8c12
Instruction ID: fcead69bcb416fa1573d57a06008cec6349e5cfa6657c05e46c17896685141ef
Opcode Fuzzy Hash: 3fa929ba7c34f7b5ad8c1f551cb30c95ccced73a77dd3a74c9548eae65ea8c12
Instruction Fuzzy Hash: E4D022B07880288FC724EB04C088FE63A72E789308F104458570DA768ACE784E809F10

Function 058A10B8 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4b8881c7d8fa81bdaeae956ae7b69392138a399e2bcbdbee9512801b8ef66ad
Instruction ID: 1cfd63359bc962e2b43ae6c58aa569807b6915e9b9474195c540ba977ce3a213
Opcode Fuzzy Hash: e4b8881c7d8fa81bdaeae956ae7b69392138a399e2bcbdbee9512801b8ef66ad
Instruction Fuzzy Hash: E212FB35B002188FDB14EF68C998A9DB7B2BF89300F5085A8D94AAB355DF30ED85CF41

Function 0594B3F8 Relevance: .4, Instructions: 372COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28a0ef629cb9b5e2a750136d01b64311feae113eb913422ae282e61c90e870c9
Instruction ID: 5656adc511dcf819f2d104f42372d56c309c7f4b96afd659f0b59b12ef82010b
Opcode Fuzzy Hash: 28a0ef629cb9b5e2a750136d01b64311feae113eb913422ae282e61c90e870c9
Instruction Fuzzy Hash: 5EE17835B04205DFCB14DF68D898EAEBBB6BF88320F14846AE9069B291DB35DD45CF50

Function 05937F68 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d0335fd0c16d5ad8435c7d63c155bcd049d9b317f36e48fd8c2561afd8a9833
Instruction ID: b410c0f21392ad962ebed8c664c4845ef0d73a41697f46df99bc638b267f89b5
Opcode Fuzzy Hash: 0d0335fd0c16d5ad8435c7d63c155bcd049d9b317f36e48fd8c2561afd8a9833
Instruction Fuzzy Hash: 97C10474E06208CFDB14DFA9D985BADBBB2FB89304F1085A9E419A7355DB305E85CF00

Function 05937F78 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe13bada0f7c08d1163d6994a4287b18c40fa2ec0de245066e9771e93ddee4ad
Instruction ID: 4ca09299ba081da7c8d0e69e83ffd359da0744c583ead61cba1258a2dca4af74
Opcode Fuzzy Hash: fe13bada0f7c08d1163d6994a4287b18c40fa2ec0de245066e9771e93ddee4ad
Instruction Fuzzy Hash: 17C10374E06218CFDB14DFA9D985BADBBB2FB89304F1085A9E419A7355DB305E85CF00

Function 0593821B Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3224181e74b26a92bcb43f8e98d26405a2f15bcfc84af4813f52a9d3ddadfc01
Instruction ID: 29b9d5c2033ea38a4807fa187d1eb26392d65f98afb6d14ceec02a6948126e6e
Opcode Fuzzy Hash: 3224181e74b26a92bcb43f8e98d26405a2f15bcfc84af4813f52a9d3ddadfc01
Instruction Fuzzy Hash: 9DB1E274E06218CFDB50DFA8D985BADBBB2FB49304F1095A9E419AB355DB309E85CF00

Function 058A10A8 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 240eef7412144e246522fdaeddc8b9582ad1092536f71199b468111e000ec210
Instruction ID: 446ec4d1ebef3a0a1cdc183ec4b454bbdb6cc0a91306ac6b83d7a0739ac60dae
Opcode Fuzzy Hash: 240eef7412144e246522fdaeddc8b9582ad1092536f71199b468111e000ec210
Instruction Fuzzy Hash: 2EA1D835A002148FDB14DF68C998B99B7B2BF89300F5485A8D94AEB365DF70ED85CB41

Function 058A2060 Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45e9e3fcd5cec5679238a20141e61c8ec93fc0577e1aea8f3da1d72fbcf40a19
Instruction ID: 8727a2ed770fefa3e7b4397dfd6f470d37464784a07295d2a6a32f9b4daa5ede
Opcode Fuzzy Hash: 45e9e3fcd5cec5679238a20141e61c8ec93fc0577e1aea8f3da1d72fbcf40a19
Instruction Fuzzy Hash: 58816B35B10214DFDB14DF68D898A6DBBB6BF89710F1440A9E906DB3A1DB74EC42CB90

Function 0277F2D0 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d84584e81ecef37bb7a0fe6c510194bf6d647e1cff1d007c4b8f0ca735f20cb2
Instruction ID: 3dc5432ef304cdf7544121472e9643996de1677359508ccf64cfa8adf6aced47
Opcode Fuzzy Hash: d84584e81ecef37bb7a0fe6c510194bf6d647e1cff1d007c4b8f0ca735f20cb2
Instruction Fuzzy Hash: 3F811575A00618CFCB24DF68C58499EBBF5FF88314B1585AAE816DB760DB30ED42CB91

Function 058AAA7D Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9914162368fa566ffe60234bece94ffd3ab94a3fd756e653d0eee4f8321a5c50
Instruction ID: d8dda5bd16f1e25e1187efb6dd44dcb03a229e0a4409b9f1065472fa27f913a2
Opcode Fuzzy Hash: 9914162368fa566ffe60234bece94ffd3ab94a3fd756e653d0eee4f8321a5c50
Instruction Fuzzy Hash: 1991E475A0A218CFEB29CF14C884BE9B7F2BB0A309F1491E5D84AE7655D7749E81CF01

Function 02772BBC Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 174e6effd49c40a50cbe9c95e6de0f9741b2f0770256ffea4971bf8560a6e430
Instruction ID: 951984d55d5c378eb8446a5e231d30b5b5adcbca8e7e185009aa5ec344a9320f
Opcode Fuzzy Hash: 174e6effd49c40a50cbe9c95e6de0f9741b2f0770256ffea4971bf8560a6e430
Instruction Fuzzy Hash: 1271C231A092958FDF15CB6DC8906ACFBF2FF49300B1985AAD866EB253C634ED45CB50

Function 0583AE20 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 543b4a4df99bcc90af6f3594921eb2a89b5f3349b8e98a450d9e89b45f412929
Instruction ID: 751de291c125387289bdafd706193725c99fff3d1261d114ccc068058f086fac
Opcode Fuzzy Hash: 543b4a4df99bcc90af6f3594921eb2a89b5f3349b8e98a450d9e89b45f412929
Instruction Fuzzy Hash: B99117B4E05228CFEB24DF69D885BADBBF2BB49309F1081A9D849E7251DB705D84CF41

Function 05936658 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7a0ffd6342ffb685b56d61e9a32090546be30a77b6d9674264e3c6b2e0ae551
Instruction ID: dbc5fe188c0c8528ecde1eab0370e1e874489c4b9794ba070e5cd5e7756de90f
Opcode Fuzzy Hash: c7a0ffd6342ffb685b56d61e9a32090546be30a77b6d9674264e3c6b2e0ae551
Instruction Fuzzy Hash: 597126B4D05208EFDB04DFA9D889BADBBF6FF88304F64912AD419A7264DB345945CF40

Function 05936668 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7407a74e229def6955f956220269bb188941802bb984a5b5dc5f4ca50760d0b
Instruction ID: 9e9872ade34b3a8a200c5b69e090bcd006155cd96fe36c77049b8b0146b2aaf0
Opcode Fuzzy Hash: f7407a74e229def6955f956220269bb188941802bb984a5b5dc5f4ca50760d0b
Instruction Fuzzy Hash: C77116B4D09208EFDB14DFA9D889BADBBF6FF89304F649029D41AA7260DB345945CF40

Function 0583AE10 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffce68cf19dd445b87e3095e245b4cfd4690b28fbd329270938805f2f4d7b4a8
Instruction ID: 493cf709f78a46dc768f6863b0aea5bc7efc9da28ef323c200babf8148c7a161
Opcode Fuzzy Hash: ffce68cf19dd445b87e3095e245b4cfd4690b28fbd329270938805f2f4d7b4a8
Instruction Fuzzy Hash: A38127B4E05228CFEB24DF69D885BADBBF2BB49309F1081A9D849E7251CB705D84CF41

Function 0583790C Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16b62c330c61da14fcc5a1e6be1ba2cf2644a961bccc45e0f8681bf9a1045735
Instruction ID: 50dfb39d67fd31f3cc91e5979388db819b8bbf57a9fde59285d62efc13aa1cac
Opcode Fuzzy Hash: 16b62c330c61da14fcc5a1e6be1ba2cf2644a961bccc45e0f8681bf9a1045735
Instruction Fuzzy Hash: 3A71F6B4E09248DFDB10DFA8C5866ADBBB2FB48304F208169D816EB255D7389F45CF91

Function 02772478 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88e6d37549682e97fa4b21673c148dfedd6ce300356c367dc2a9233dc7f316fd
Instruction ID: 98f3dbeaf5bb20470457d0e47bc6c51d598b24e7a527c1afd1f5e4084ddae6aa
Opcode Fuzzy Hash: 88e6d37549682e97fa4b21673c148dfedd6ce300356c367dc2a9233dc7f316fd
Instruction Fuzzy Hash: 71615E30604B018FCB25DF69C49472AB7E2BF98314F148A6DC8AAC7B66D774EC46CB50

Function 0583B571 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 003ad81b2c55cfd069a0a786374500a7cb0258b63ffee3314f2acfe414a38895
Instruction ID: c197a1eb97da4720c6e7a9b8d3048df0c33d6c470e3c15156a1fd178fa815336
Opcode Fuzzy Hash: 003ad81b2c55cfd069a0a786374500a7cb0258b63ffee3314f2acfe414a38895
Instruction Fuzzy Hash: 9C71C4B4E05209CFCB04CFA9D5896ADBBF2FF48316F20812AD819A7251DB705E85CF91

Function 059368AC Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f22df63159c973168438141244d8db4dc967f43346dc60b3ee0c0d1630e6961
Instruction ID: 0dd3907d0c5a5f44c3888ec83f6b3501fdcaae8f7b0d8d1f910125a69ff0da48
Opcode Fuzzy Hash: 6f22df63159c973168438141244d8db4dc967f43346dc60b3ee0c0d1630e6961
Instruction Fuzzy Hash: A5613A74D09208DFDB14DFA9D485BADBBF2FF89304F649029D419AB254DB345945CF40

Function 0583B126 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7265d3b74e1c2efe115a13bc1ff4816e27ff2db6c04c0597d24798be1c61490e
Instruction ID: c44ff581fe00bce0d3ee9c5a5f22318607f51872b8c5b238ef3ebffe33b1fd7e
Opcode Fuzzy Hash: 7265d3b74e1c2efe115a13bc1ff4816e27ff2db6c04c0597d24798be1c61490e
Instruction Fuzzy Hash: 7E8104B4E05218CFEB24DF68D885BACBBF2BB05309F5085A9D849E7251CB749D84CF41

Function 0583AF4A Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dfedb0328f3eb9e5c87b971f177040132dcf4bdeb50e3c33f8d341b14de116d
Instruction ID: 09928c2fe6e54c0c6ebc2531c5bc960b64dfbf66927a7c664bc872c7e47a44d1
Opcode Fuzzy Hash: 6dfedb0328f3eb9e5c87b971f177040132dcf4bdeb50e3c33f8d341b14de116d
Instruction Fuzzy Hash: 2B7126B4905319CFDB64DF69C886BADBBF2BB05309F1081A9D809EB251DB759D84CF80

Function 058A2050 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e29184b655bae2d5258b4dd2122b334b74e1b9917957394040bfdc0caa08cd16
Instruction ID: 7c65c717918dd79ba83f6a1b01c55de2248744b5050ff3571354132cdb6fa800
Opcode Fuzzy Hash: e29184b655bae2d5258b4dd2122b334b74e1b9917957394040bfdc0caa08cd16
Instruction Fuzzy Hash: 5A612935B106149FDB14DF68C898A6DBBB6FF89710F1441A9E906EB361DB30EC41CB91

Function 0594FD0F Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 304e34ded30357f37d242babb43d5ef6050f09e2d69fa0db9e0bbbb5d717c96c
Instruction ID: 69211f5b66c7e8450cc7aa286b1f569f793fbd33c891c53d9a96c704637afed2
Opcode Fuzzy Hash: 304e34ded30357f37d242babb43d5ef6050f09e2d69fa0db9e0bbbb5d717c96c
Instruction Fuzzy Hash: 4151BD347405068FDB04DF29C984AAA7BF6BF89711F2580A5E506CB3B9DB70ED41CBA1

Function 0583B0AC Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 578d02315efd944b5baa0ad472a1c41907b87ced9a7641f450cde4e849d68b1f
Instruction ID: 06ed82c17bed2eeb585c6d867485836edd96396f296cac52d214f5196dfe80a3
Opcode Fuzzy Hash: 578d02315efd944b5baa0ad472a1c41907b87ced9a7641f450cde4e849d68b1f
Instruction Fuzzy Hash: 2C7116B4E05218CFEB24DF69D885BACBBF2BB49309F5081A9D849E7251DB709D84CF40

Function 0583AEA2 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec3023e37914963f1499b337ab26755a9b3aae2b85d04f2a04f6aa2fe60ce231
Instruction ID: 8ea4ef57bef13ea98c470c4cd51fec8fa1e687dc2101210bce7d522b169d3842
Opcode Fuzzy Hash: ec3023e37914963f1499b337ab26755a9b3aae2b85d04f2a04f6aa2fe60ce231
Instruction Fuzzy Hash: A371F4B4E05218CFEB24DF69D885BACBBF2BB05309F5081A9D849E7251CB749E84CF41

Function 0583B3DF Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e647668a0b7c93e16a02c070720874be214f5bc8d2d2df1180640d5368e6e1c0
Instruction ID: 89fe4ee01797d794bd25c5454037909a519d2865429ba0f66fdbbc1a1cd573e0
Opcode Fuzzy Hash: e647668a0b7c93e16a02c070720874be214f5bc8d2d2df1180640d5368e6e1c0
Instruction Fuzzy Hash: 5E7106B4E05218CFEB24DF69D885BACBBF2BB45309F5081A9D849E7251CB749D84CF41

Function 0583B369 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 415163570f58f879cd580d76ddabe16806a1f7695729323f30c1378651f82043
Instruction ID: b06ade9424aea605517cf8db3f8e7a2387d314f73b510c72d8b1040cbe353373
Opcode Fuzzy Hash: 415163570f58f879cd580d76ddabe16806a1f7695729323f30c1378651f82043
Instruction Fuzzy Hash: F77116B4E05218CFEB24DF69D885BADBBF2BB05309F5081A9D849E7251CB709E84CF41

Function 0583AF1E Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36ab55f95b1e6158ede1b0080e4e9c31336662d4b25ca142e42b931d6ea86a9d
Instruction ID: 7f10e587e053b195f7ed8e5eed6b3174baa2d85074c7ff34e789f186b2f59b55
Opcode Fuzzy Hash: 36ab55f95b1e6158ede1b0080e4e9c31336662d4b25ca142e42b931d6ea86a9d
Instruction Fuzzy Hash: AB6106B4E05228CFEB24DF68D885BADBBB2BB45309F508199D849E7251CB709E84CF41

Function 0583D9B0 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d24be9adfa4fb4f3c821d57ef1544018fe85c9f8428681141177ab2b7338164
Instruction ID: 513a1a45aa2790f61ee0eae7ed389862a6a8e61d9b3c10cf1d84d0fe53729641
Opcode Fuzzy Hash: 1d24be9adfa4fb4f3c821d57ef1544018fe85c9f8428681141177ab2b7338164
Instruction Fuzzy Hash: 87515F34B106099FCB04EF64E499AAE7BB6FF89711F108119F902DB364DF74A906CB81

Function 0583B061 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b56845f58551449355f0a3ee1655536eb0ae1c157ff6e80e961b19d182ca83e5
Instruction ID: 8e913d57c0ee77ec167e4c5e21a7248521edab71c985675fbe3e1d856362b199
Opcode Fuzzy Hash: b56845f58551449355f0a3ee1655536eb0ae1c157ff6e80e961b19d182ca83e5
Instruction Fuzzy Hash: D26107B4D0522CCFEB24DF68D885BADBBB2BB45309F504199D849E7251CB709E84CF41

Function 058A1D40 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f66bd4b6e2e3d76029c596a3f3e5709666e6bca4c15f929eae581b2cf3878786
Instruction ID: ed977214274f93d3e721b2a53ef293c42f12abd3a7fe5e3c919521ab3c6e8622
Opcode Fuzzy Hash: f66bd4b6e2e3d76029c596a3f3e5709666e6bca4c15f929eae581b2cf3878786
Instruction Fuzzy Hash: DB418B317006019FE7299B24C598B3A7BA3BF85304F14856CE9468B7A5DFB2EC42DB81

Function 058A4F68 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4367d238196d04c263c8e37a0c1120fbfb66c2a7d5995b2f872b9c7843a6990a
Instruction ID: eed38d09512dae2352683078f2ff4d168674f040a0a7d2c440b4081ece40b916
Opcode Fuzzy Hash: 4367d238196d04c263c8e37a0c1120fbfb66c2a7d5995b2f872b9c7843a6990a
Instruction Fuzzy Hash: 5341AD31B00A248FDF60DB68D5446AEB7F2FF84214F00896ED95ACBB50DA74ED41CB81

Function 05933876 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a9364697dd2412a931c1fb7c1681075ccadd1a62b2b88849c34675cb0e77370
Instruction ID: c6419287b3099c447c427e7109e2c4860b95ad0389a8abeeae31f051e5fc8944
Opcode Fuzzy Hash: 6a9364697dd2412a931c1fb7c1681075ccadd1a62b2b88849c34675cb0e77370
Instruction Fuzzy Hash: D351D474A05229CFDB64DF28D899B99B7B2FB49304F5081EAD50EA7355DB30AE81CF01

Function 0583B970 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11dc8c348bb18bc5bfedcb17c822c78132b9d9ac7422c6045d6d5faf0dab6ffd
Instruction ID: ab735d5b539f398eaacde2c611e820ed66b7841aa8e84cdb7171f660df73c254
Opcode Fuzzy Hash: 11dc8c348bb18bc5bfedcb17c822c78132b9d9ac7422c6045d6d5faf0dab6ffd
Instruction Fuzzy Hash: 0851B2B4E01208DFDB58DFA9D594AADBBF2FF88305F208029D819AB351DB719941CF50

Function 058A5398 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 546a7f07ef563207823aa39aa76006e8f2eb5e53e2ed95a4ff269fcad07c6985
Instruction ID: c28d970ace31853066105b905d6aec2347649f3ffc50cfec1122033a1214780c
Opcode Fuzzy Hash: 546a7f07ef563207823aa39aa76006e8f2eb5e53e2ed95a4ff269fcad07c6985
Instruction Fuzzy Hash: D5415C76A00B049FDB21CF69C948A6EBBF2BF88301F148959D986D7A51D730F944CF51

Function 0583B08E Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cca46f147e3832812d7e28f79b78474cd8e2af2b40cbc53fc3273bb5242e2781
Instruction ID: 4203a44f5ea8da82644f932020ef559723879e6f042d888d416e6aad5c6d9b9e
Opcode Fuzzy Hash: cca46f147e3832812d7e28f79b78474cd8e2af2b40cbc53fc3273bb5242e2781
Instruction Fuzzy Hash: 0C514AB4909229CFDB10DF68C896BACBBF2BB0530AF1045EAD859E7251DB749D84CF40

Function 058A54E0 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3b259c98152ed52ada20aeea8ed8fcb337de44abecbb72ea862c2dbdb002e9d
Instruction ID: 497e2d58a9d02687fb42d13d4ca92c059d894bcb13383245a1620ad2f61237f5
Opcode Fuzzy Hash: a3b259c98152ed52ada20aeea8ed8fcb337de44abecbb72ea862c2dbdb002e9d
Instruction Fuzzy Hash: C641F131B04608EFDF25DF68D805BAEBBB6FF85710F148129E906DB290DB70A945CB80

Function 059376D0 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6981f52c0af353709ead922b896395c25a38905ce8ca4c077a1984b23aad2745
Instruction ID: 1c36606b217fc02ee4bd93a09eac6b15d0b36ec171b92fa0ef4f88a68cade842
Opcode Fuzzy Hash: 6981f52c0af353709ead922b896395c25a38905ce8ca4c077a1984b23aad2745
Instruction Fuzzy Hash: 3B4133B0E09248CFDB04CFD9D4897EDBBFAEB89304F149469D41AAB255CB309A84CF50

Function 058AAF4F Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0272c9ab5e1ad396ffb927d1e03736ef22ff22ed95f6711811f67b3c89645894
Instruction ID: 3dc7de8f5f8d155f13b5b8ee201ecad5579e353c02a34c4680dee261314d382b
Opcode Fuzzy Hash: 0272c9ab5e1ad396ffb927d1e03736ef22ff22ed95f6711811f67b3c89645894
Instruction Fuzzy Hash: 4041F2B5909228CFEB25CF14C844BE8BBF2BB1930AF0491E5D85AA7242C7749EC1CF05

Function 05934637 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd2fdf661cb8ce97c50b11489ead7a2709e60c15ceb27a60e9c50f3e1371c2ee
Instruction ID: 4facea0e552c551973d256a254a312a6b62feb2b0b1c7af5490fcf7085f3fda6
Opcode Fuzzy Hash: dd2fdf661cb8ce97c50b11489ead7a2709e60c15ceb27a60e9c50f3e1371c2ee
Instruction Fuzzy Hash: C2518E78A45219CFDB64DF18C889BA9BBB2FB49304F1581EAD80DA7351D7719E81CF40

Function 058A234F Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac706893e5c38ca2d180cd65f075c401256c9f0de7e9d462c7d5596811edd704
Instruction ID: 741dbd383ad41d9d6d6f76cd75e78afc8a633520e32fcb57362d192314e86fc8
Opcode Fuzzy Hash: ac706893e5c38ca2d180cd65f075c401256c9f0de7e9d462c7d5596811edd704
Instruction Fuzzy Hash: C3413D36A012199FDB14DFA4D859AEEB7B1FF49310F10806AD902FB360DB759D45CBA0

Function 05CBF8B0 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d0c17f4c225b693e116c60953f5a30c6923e5ce631b1ce663d94dc9d9788f4
Instruction ID: 7608dadecbaf87a2f0a286f6e447c6afc956f7eb7c6ef584ffdb5c593718dc94
Opcode Fuzzy Hash: 44d0c17f4c225b693e116c60953f5a30c6923e5ce631b1ce663d94dc9d9788f4
Instruction Fuzzy Hash: 0431F736A10104EFDB05DF58D888EA9BBB2FF49320F1640A8E9099B372D771ED55CB80

Function 0594B8A8 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e3da9a90683541416cdf811908f6ab0b8d2e669e1809cf63fa4936804574135
Instruction ID: e2a2cbe31c4ae87466d6b6eb5adb7eda7abd4358bceb52ffbec3045a7ed9c868
Opcode Fuzzy Hash: 5e3da9a90683541416cdf811908f6ab0b8d2e669e1809cf63fa4936804574135
Instruction Fuzzy Hash: 2A416931A042158FCF54DFA5D844AAEBBB6FF88758F00842AD456E73A0E734ED45CB91

Function 059469C0 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848de69b17847a3fd6350ee5191ccd901baeca20c2b76b965768631ee4aeead3
Instruction ID: 32817d11fb4a1a73604e85591dfa1daedec3fcd9c353223a963c9a72007fedbd
Opcode Fuzzy Hash: 848de69b17847a3fd6350ee5191ccd901baeca20c2b76b965768631ee4aeead3
Instruction Fuzzy Hash: 1431F3B4D056098BDB04CFA9D944BEEBBF6BB8A301F20C42AD419B7254D7745954CF60

Function 05949A03 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 464dd19a949b0244914493e0ca2033813ecab5e2d1267857e5f2b5108f44ca1e
Instruction ID: 3c0fec7bea86d30ff984af119ffbbb7105f7af8e28aa071d0975e88f2479e4bd
Opcode Fuzzy Hash: 464dd19a949b0244914493e0ca2033813ecab5e2d1267857e5f2b5108f44ca1e
Instruction Fuzzy Hash: F531F634B402059FDB10EB78D8457AF7BF6EBC6314F408879E00ADB289DBB15E098B90

Function 0594C261 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e7060d8cca463f3f00720db5bed64495c2d22d3542af29c604ffa8c4beaddf6
Instruction ID: 4e3d926100633429027c1529d8a612d37330e5bf1fac0ff73f5e04a35c4d7200
Opcode Fuzzy Hash: 8e7060d8cca463f3f00720db5bed64495c2d22d3542af29c604ffa8c4beaddf6
Instruction Fuzzy Hash: E441D334A122288FEB24DB24C995FADB7B6FB58210F1041D5EA09AB3D1C631ED81CF50

Function 059469D0 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03e02855c012331ecacf739ae4f2d0934737fb2422a0e1f16374cefb1a6b4f5a
Instruction ID: 3599a67038b8fc6e24d824348c7a7f48516df97664afe42266716a46f85d3f40
Opcode Fuzzy Hash: 03e02855c012331ecacf739ae4f2d0934737fb2422a0e1f16374cefb1a6b4f5a
Instruction Fuzzy Hash: 2031F2B4E05609CBCB04CFAAD944BEEBBF6BB8A300F20C42AD419B7250D7745954CF60

Function 058AD158 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e460fd4540c8ea9ce5ee087a74c927a989c6a8bf51cbc9aaa4576ec6cd56972
Instruction ID: b4f0b00e020f5b42e6e30680c09ba1d35f172a44ff04ffd5f8aeac6109dbfbc8
Opcode Fuzzy Hash: 5e460fd4540c8ea9ce5ee087a74c927a989c6a8bf51cbc9aaa4576ec6cd56972
Instruction Fuzzy Hash: FC31B375E152199FDB04DFA8D585AEEBBF2BB88310F10806AE815E7364DB70A941CF50

Function 0583E750 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b13cdc136553b8e7f711091fb47430360e083aec7229b8e3d0b550e9832b376
Instruction ID: f5764f5c674bb76b0be3827b436a59b9e48046379e79cdf963234dccf011d31e
Opcode Fuzzy Hash: 0b13cdc136553b8e7f711091fb47430360e083aec7229b8e3d0b550e9832b376
Instruction Fuzzy Hash: C521D3353066049FC725DBA9E985A26BFEDFBC1311B09847AEA0EC7251DB31EC45C790

Function 05947F81 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7007eb6f5d784c3d72b3b4ba48937b1b51fdb3468ce7a73e9dc441e35c4a90b9
Instruction ID: 5de8391b109527395670f9186568a3b4a2fc6c6b90df6421ddcf8b4b0c454c61
Opcode Fuzzy Hash: 7007eb6f5d784c3d72b3b4ba48937b1b51fdb3468ce7a73e9dc441e35c4a90b9
Instruction Fuzzy Hash: DD314474E08208CFCB04DFA9D484BAEBBB2FB88304F20C465D825A7254D7345A86CF91

Function 05947F90 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e561aaf5004446ba5433e67e82f3ee6df888b06a41f3640b5d9b54a5b0d771c3
Instruction ID: 2d9aef3a2f0e89d17c43af86c3f31269b9b8aeb3715648cc10e07de8505055b8
Opcode Fuzzy Hash: e561aaf5004446ba5433e67e82f3ee6df888b06a41f3640b5d9b54a5b0d771c3
Instruction Fuzzy Hash: D1310474E18209CFCB04DFA9D484AEEBBF6FB88304F20C465D825A7254D7749A868F91

Function 05947720 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f0b40b6c37874e8b2aed88a4ba405afff71204d6a1b934f2d29bb1acd502acb
Instruction ID: 68217ebe1c72166bd7cb4a873ec1c4ec484472b53b7d9a2dfeace864f065ae64
Opcode Fuzzy Hash: 3f0b40b6c37874e8b2aed88a4ba405afff71204d6a1b934f2d29bb1acd502acb
Instruction Fuzzy Hash: 3531E374E4521CCFDB24CF98D984FAABBB2FB8A304F1484A5D409A7251C774AD86CF00

Function 058AD4D9 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00284577fcaecdb7403f035913272d61c0f08dee9bf62221f3d6f69c565d0d53
Instruction ID: f9ca61696d9ebc2a8523e69bf3edcf3006e81fcbfdec96c4aa642bd4682967e2
Opcode Fuzzy Hash: 00284577fcaecdb7403f035913272d61c0f08dee9bf62221f3d6f69c565d0d53
Instruction Fuzzy Hash: 0F311AB5E05219DFEB04DFA9D844AEEBBF6FB48308F10802AD815E7644D7745941CF90

Function 02771658 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48626239909ac29c46eba4007cf6dc75e3d67751da83fe16f92b4b6a93103e6d
Instruction ID: c429adf1d9ab085d72f5be9b5ea252e7d004cd4509216d6ebe42d8626a6a95bc
Opcode Fuzzy Hash: 48626239909ac29c46eba4007cf6dc75e3d67751da83fe16f92b4b6a93103e6d
Instruction Fuzzy Hash: 1E21CF36608106DFCF04EBA4E884BED77B1EB80315F84426AD10EFB264DF309944CB92

Function 02773E18 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eacfdab48a1a54960116ec6781d837791792ae83aef63bd4f79d798877576e29
Instruction ID: 44dc6c455e38cf9deca977316d86ef2c86aaf5e0532509e0e8351990ee9b784b
Opcode Fuzzy Hash: eacfdab48a1a54960116ec6781d837791792ae83aef63bd4f79d798877576e29
Instruction Fuzzy Hash: 37219D71A08510DFCF04DB79C844979BBF0EF88714B0181EAE41BEB262D7B1AD41EB92

Function 05946738 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74b4893d2482c6fd3e0b3ae5268e3f59a4b91bd86379c35c4f843cf4d0564456
Instruction ID: 56856c4b07fdd58fcdb0fc404b80c379cde974e8eb56087ad3ac2cdf292f459f
Opcode Fuzzy Hash: 74b4893d2482c6fd3e0b3ae5268e3f59a4b91bd86379c35c4f843cf4d0564456
Instruction Fuzzy Hash: 7E312D79E00208AFCB08DFA5D8546EEBBF6FF88314F10846AE415A73A4DB315955CF90

Function 058AD4E8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e468b1ac63a1750305aa23bcb7dc94c54ca4157262c72cf9e47a3625131a7c9e
Instruction ID: dcdc49dedae57c3461d807079ab3db691968be42c7e30bbd3575c04003397c37
Opcode Fuzzy Hash: e468b1ac63a1750305aa23bcb7dc94c54ca4157262c72cf9e47a3625131a7c9e
Instruction Fuzzy Hash: 3D310BB6E05219DFEB04DFA9D444AEEBBF6FB88308F10902AD815E7644D7745941CF90

Function 058A3140 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 443c29d29da0f3edc3e90142667498efc956f9f33317c31f0f2784098e358f37
Instruction ID: 22aee07bc26a17f749ae6bf61297590d829e2b1df55b3ad61444ddf7e8f22d85
Opcode Fuzzy Hash: 443c29d29da0f3edc3e90142667498efc956f9f33317c31f0f2784098e358f37
Instruction Fuzzy Hash: 46216274B10A098FCB01EF68D5558AEB7B5FF89700B50456AD906E7360EF70AE06CBD2

Function 0277906D Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba66c4458c1be4b695cf8ffbb833f639098abe279951bcfea5324ce853b09061
Instruction ID: 5a2cab41de850afba1d1c044c4402471e98cfae5022f9fbb7707defc754bbaa2
Opcode Fuzzy Hash: ba66c4458c1be4b695cf8ffbb833f639098abe279951bcfea5324ce853b09061
Instruction Fuzzy Hash: 0A217F74D0A208DFDF50EFA8D48C7AEBBF2FB46314F2084A5D515A7254DB744A98CB01

Function 02779151 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 965e5fe50f15c1863f00a3fedad08627e6168fd96bd93da04cd9039ef30c8ee2
Instruction ID: 6dfc59e6cbade18ab4814376392ce953d9d0957f716d8b5d57357cb65d2b1096
Opcode Fuzzy Hash: 965e5fe50f15c1863f00a3fedad08627e6168fd96bd93da04cd9039ef30c8ee2
Instruction Fuzzy Hash: 04317EB4D0A248DFDB00DFA8D4887ADBFF2EB4A314F1084EAC555E7291D7749A99CB01

Function 0277D368 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb411a2e237d62b42976381981cc6d9bb9950c3ebbd5364fccb444949584b85c
Instruction ID: 6eaedd8f6e1bcf17eead15918a7611a024531374d7f54d71b1b1cc96883aed87
Opcode Fuzzy Hash: eb411a2e237d62b42976381981cc6d9bb9950c3ebbd5364fccb444949584b85c
Instruction Fuzzy Hash: E82115B4E04209CFDF14EFA9C8443EEBAF2BF89304F20942AD515B7284DB745945CBA0

Function 0594D930 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7469df9fc00dc5008da27e469eed5cae2817dc9d819f504b1bffba18f15cc703
Instruction ID: 8160136bf6db4a9956b27360b6fb9e65d1946a6310e671029be890f8cd8cdda4
Opcode Fuzzy Hash: 7469df9fc00dc5008da27e469eed5cae2817dc9d819f504b1bffba18f15cc703
Instruction Fuzzy Hash: E321577AE01209DFDB14DBB8C904BAEBBF9AB44240F148466D95ADB290E734CE45CF91

Function 00C2D01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1342383908.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c2d000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fe14ca7712d37e98310908099d22c1aec1397c8f97bd7d512a439c92ecc03b0
Instruction ID: 4108a5c91e109675bb92ff5190094e9fa3cc982087578238e3b9d87b4a33c9c3
Opcode Fuzzy Hash: 0fe14ca7712d37e98310908099d22c1aec1397c8f97bd7d512a439c92ecc03b0
Instruction Fuzzy Hash: F0212675504244DFCB15DF18E9C4B26BF65FBA8314F24C5A9E90A0B666C336D80BCBB2

Function 058AF227 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7533573944ab12882b528ec160d3fb07b8a8c323850da64ac110470dde28ad9
Instruction ID: e82623e204278bf8437da6b666c065db4964e46ce8a53c78517ff0589540f9dd
Opcode Fuzzy Hash: c7533573944ab12882b528ec160d3fb07b8a8c323850da64ac110470dde28ad9
Instruction Fuzzy Hash: CE31AF75D05258CFEB20CF99D888BADBBF1BB05304F1484A6D809EB254D7749E85CF15

Function 0594B897 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6ea7c991d4ba47b8317b6d246615c2fb4a5b9670f42d368e8e503c38281411e
Instruction ID: e2fedda9ac7fe0d155bf4657e639f7ea0b089bb1de14eefb25ac308cbb55fdde
Opcode Fuzzy Hash: a6ea7c991d4ba47b8317b6d246615c2fb4a5b9670f42d368e8e503c38281411e
Instruction Fuzzy Hash: 21215E34A006168FCF14DF65D898E6EBBF6FF88658F008529D956A7351EB30E846CF90

Function 0593ABB1 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fe65adc9c6084eb986d176c80d38d58817b7386906db0bc9195a0d3968698a7
Instruction ID: 29e9e34fed81fa76a0a18c01fe1d359470480e04a105a94d7ec120abda0511bf
Opcode Fuzzy Hash: 6fe65adc9c6084eb986d176c80d38d58817b7386906db0bc9195a0d3968698a7
Instruction Fuzzy Hash: 7131D27091622ACEDB24CF14CD51BE9B7F6BB49304F0181EAD548A7290E371AE85CF00

Function 0594A478 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed87ecb64bccc29767c8620d11362e8c2ba17b16a4216012e8f903f1efa6e9f
Instruction ID: bd93bb1ef55534fafb70bfb13ad96d6eda55a48af65865d2234d22b51aae4ba2
Opcode Fuzzy Hash: 2ed87ecb64bccc29767c8620d11362e8c2ba17b16a4216012e8f903f1efa6e9f
Instruction Fuzzy Hash: C8213935A14109DFCB15CFA8C458AEEBFB6EF8C320F149169E811A7294CF719945CF90

Function 05833F93 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29527def958cfc30d5ce8bff22fa7167349f099d7bc9b7f229f22560cbb8f597
Instruction ID: e390b92d3c5f7a202260effc7d5af9acaf126fa0917ca899c4cdb89856bff755
Opcode Fuzzy Hash: 29527def958cfc30d5ce8bff22fa7167349f099d7bc9b7f229f22560cbb8f597
Instruction Fuzzy Hash: 98214574E0520D8BDB04DFAAD4497EEBBB6FB88314F14882AD815A3244DBB41A44CBA1

Function 059377AA Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a72a073bbac22f21ad8dc8339b237e10cee15aae178a2cd3e8e5cd7cc8bd74b
Instruction ID: cc4f928694139eb3a04cb3c7a9977d789cbb7859f87070cc9716f48de162ed91
Opcode Fuzzy Hash: 2a72a073bbac22f21ad8dc8339b237e10cee15aae178a2cd3e8e5cd7cc8bd74b
Instruction Fuzzy Hash: 2931E475A05228CFEB64EF28D980B9DBBB2FB89304F1081E9D50AA7754DB301E81DF51

Function 058A3133 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e1c11efc848a2f5fdfa6ea35d6c883c36ded49f1d898462837aa82ee7830e9d
Instruction ID: e43cb94db5214463b1b2ee89f46ddbcc05c303302196a4ca63125119f478ca82
Opcode Fuzzy Hash: 1e1c11efc848a2f5fdfa6ea35d6c883c36ded49f1d898462837aa82ee7830e9d
Instruction Fuzzy Hash: E9218075B006098FCB01EF68D4459AEB7B5FF89300F00456AE906E7360EB70AE06CBD2

Function 027717D5 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 086bef818aae88c0092999794c39b9889765adabf570a65e0c9cabcac740a123
Instruction ID: dfe3047c9ae30c7e040180a8d2aba810caaf8006dece6800969607d002f77c22
Opcode Fuzzy Hash: 086bef818aae88c0092999794c39b9889765adabf570a65e0c9cabcac740a123
Instruction Fuzzy Hash: A6211534B005089FCB45DBA8D4996DDBBF2FF89720B1580A9E816EB761DB349D46CB10

Function 05833FA0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d39046f4d6e0462127ddfbb4ff47ae7fbcb0a9dba7bc7e6c1b439cc5c2a99e1d
Instruction ID: c27d5424999494c944c5f5f9f13544cc96da78e409b69c672b2dc6bf4bca2791
Opcode Fuzzy Hash: d39046f4d6e0462127ddfbb4ff47ae7fbcb0a9dba7bc7e6c1b439cc5c2a99e1d
Instruction Fuzzy Hash: DE216574E0520DCBDB04EFAAC4496EEBBB6FB88315F108829D815B3254DBB41E44CFA1

Function 0583C058 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b0fc714c3474e44d74f038360fba4b2bc50b8d38a43107ca0bfd179bb6f215c
Instruction ID: 77beaac982bed3afbba46ccbe65e8803481570e3c9e1cf0c1c26b39ffdc472e7
Opcode Fuzzy Hash: 3b0fc714c3474e44d74f038360fba4b2bc50b8d38a43107ca0bfd179bb6f215c
Instruction Fuzzy Hash: 2021F7B4D0420ADFCB14EFA9C4866AEBBF6BF48304F1485A9D815E7254D7349D82CF91

Function 05832A91 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d1febe0e0c19327c8a0128cdc6836f3a541a97f3ad6d0e461135a1b6e041779
Instruction ID: 1550bc43224e3968abca26281f9b1305208876fff95f14893d33844e8b4010e4
Opcode Fuzzy Hash: 1d1febe0e0c19327c8a0128cdc6836f3a541a97f3ad6d0e461135a1b6e041779
Instruction Fuzzy Hash: C531A378D15228CFEB10EF69D885B9DBBB1BF09304F1081A9D81AEB341E7305985CF90

Function 05939240 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3318e936470cd6e181bf497ac51d970c3a1867ac432e6287d9f06377e6772aa
Instruction ID: e4fe9c0169afbd376df23487d66db5e9232643119c08d25b86441cec78beb8fc
Opcode Fuzzy Hash: f3318e936470cd6e181bf497ac51d970c3a1867ac432e6287d9f06377e6772aa
Instruction Fuzzy Hash: 11215B71E08618DFDB19CF5ACC017ADBBB6EB89300F14C0AAD809A7260CBB18985DF11

Function 05937D88 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61094efa055e0bc6d93dab2f660d75833032d22fd83e73aa81b3fa63784678ed
Instruction ID: 1e66169b93e5b7205d324be63bca3f330a28ab569ede2cacde51161412dfbf3f
Opcode Fuzzy Hash: 61094efa055e0bc6d93dab2f660d75833032d22fd83e73aa81b3fa63784678ed
Instruction Fuzzy Hash: A52132B490820ADFCB00CFA9D88A7EEBBF1FF49300F108469D015AB2A0C7749A459F51

Function 02771D70 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e86de28080b7d24ffcfccc9b921ea5c9ad1cd4f087a69a46d071dd552de009d2
Instruction ID: 9fbd0ff9af90ded3c664ed95db95fee108383a1f637d0da5364ede4abd0ec31d
Opcode Fuzzy Hash: e86de28080b7d24ffcfccc9b921ea5c9ad1cd4f087a69a46d071dd552de009d2
Instruction Fuzzy Hash: 22118E36718205DF8F1CCA9BD844A7AB7F6EB94261BD4843BE04EE7A10D730A805CF91

Function 00C2D005 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1342383908.0000000000C2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c2d000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee629719a739b759acd4e86a94b59a94e5f06792b8cb5e3a8a537b41a2fdbaf4
Instruction ID: 641350ac98a5b3dfbab4efa1f73283aa7a703ef5e720a044fdc7b3d4c7b0602b
Opcode Fuzzy Hash: ee629719a739b759acd4e86a94b59a94e5f06792b8cb5e3a8a537b41a2fdbaf4
Instruction Fuzzy Hash: 8F21C2750093C08FCB03CF24D994716BF71EB96314F2981EAD8458B6A3C33AD90ACB62

Function 02779160 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f46298396ef5365616475bbb7923badff692f9885ca152f089030e8da71927fe
Instruction ID: f694635b9226d64f53c398b60cf0ddf7d3a1c74f8969bdab99daae2d1b890d07
Opcode Fuzzy Hash: f46298396ef5365616475bbb7923badff692f9885ca152f089030e8da71927fe
Instruction Fuzzy Hash: F1214DB4D06208DFEF00EFA8D4887ADBBF1FB4A315F2085A5D515A7250DB749A94CF01

Function 02771B20 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65663f4c65096f1007dd87598ad709e171c399bd0cb3625410a7b1ffed3c7012
Instruction ID: 747712c679bbdfc34ef99c0b8b271be00224dfe1b13d056c16cdde1b1934c49b
Opcode Fuzzy Hash: 65663f4c65096f1007dd87598ad709e171c399bd0cb3625410a7b1ffed3c7012
Instruction Fuzzy Hash: 7C114F34B08204DBCF049B6DC965ABDBAF6AB89710F94406AE80FB7270FA719D04C795

Function 0593B134 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5650043a7d4a0b5ccbd4ab0605e07bf8fbb6596007965f6b82c8596e48432975
Instruction ID: 44739a5f72ee362dd77c6d0ce0c5dffc8f5408eb70a334c2be2922d0c61d6f4d
Opcode Fuzzy Hash: 5650043a7d4a0b5ccbd4ab0605e07bf8fbb6596007965f6b82c8596e48432975
Instruction Fuzzy Hash: AE31D070916228CFEB24CF19C995BD9B7F6BB49304F0182E6D589A7290E774AEC5CF40

Function 058AEF9C Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccaf2c4ce22053dd96021aa19b9b075188c008fcda8d44cdd4a56cc48294776f
Instruction ID: 121b0571ab09984f2e1de901b3c55351268a971b1965c5169df8954865c5272d
Opcode Fuzzy Hash: ccaf2c4ce22053dd96021aa19b9b075188c008fcda8d44cdd4a56cc48294776f
Instruction Fuzzy Hash: 8021DD35E01298CFEB10CF99D884BADBBF2BB09304F1084A6E809EB244D7749E85CF14

Function 05938EEA Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9819febe36be07b11ab897a999b08053e37e83771c66afdb9ac218d0edb8273
Instruction ID: ffa304f83368e2bbd29fb044dddbb53987fca0fcb7ed07bb8b63a850c909690e
Opcode Fuzzy Hash: c9819febe36be07b11ab897a999b08053e37e83771c66afdb9ac218d0edb8273
Instruction Fuzzy Hash: BD2129B9906218DFDF00DFA4D485BEDBBF6FB09344F204116E446AB294C7789A86CF54

Function 05937D98 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e48d11b94d76ca99fd8bf5f6b694b1bc1c885484b884a1b219db4ed130618360
Instruction ID: 19d6d3118dd72ecbb3e7a6ff31420556dd16a086c614fc40a7eb5399c5a3767c
Opcode Fuzzy Hash: e48d11b94d76ca99fd8bf5f6b694b1bc1c885484b884a1b219db4ed130618360
Instruction Fuzzy Hash: DB2110B490820ACFCB04CFA9D8497EEBBF5FF8A300F1094A9D025A72A1C7749A45CF50

Function 058A1C80 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77ee694253b0a90b206a8e988a71911266786bf538d6ace14a388d985be8924e
Instruction ID: aefff04295c6a7ba7ef5541a0fcdae2eed01cfcd40a2f462e73d1f14e3e69cd7
Opcode Fuzzy Hash: 77ee694253b0a90b206a8e988a71911266786bf538d6ace14a388d985be8924e
Instruction Fuzzy Hash: 41218E357106048FCB14EF28D985AAEBBB6AF89311F144569D902D7361DB30ED05CB91

Function 027709C0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4daaeabc70c1107a87fa662c77b6dea9a0e40a4f2f01af831880fd2f78c89219
Instruction ID: 5890d3be44733f5bc6cbe052f9b82921ebf4b6bd872f50481895d2d5df9e7aa2
Opcode Fuzzy Hash: 4daaeabc70c1107a87fa662c77b6dea9a0e40a4f2f01af831880fd2f78c89219
Instruction Fuzzy Hash: D6110675E4820ACFCF44DFA8C485A7EBBB1BB54300F128596D10AFB204D770A981CB9A

Function 0277E738 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b301af6d1fd8399dd54eea87666a400d767fb23917cf7517348df1696bb57af4
Instruction ID: d30c38be62b84b6eac6df40cf49a7f8af70304eb21fea263b6778de4ee03f29e
Opcode Fuzzy Hash: b301af6d1fd8399dd54eea87666a400d767fb23917cf7517348df1696bb57af4
Instruction Fuzzy Hash: E3110474D0421ACBDF04CFA9D8446EEBBF6FB8C314F10846AD615B3250D7745A95CBA0

Function 0594AE21 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c978cc2161cb869d88d62fd2323ac8443e7aaaf26ce25786f2cbfeaa14303496
Instruction ID: cd7bae89687e89596bc31ab1a5d3b4a25221a51640795518bb4b9158600462c9
Opcode Fuzzy Hash: c978cc2161cb869d88d62fd2323ac8443e7aaaf26ce25786f2cbfeaa14303496
Instruction Fuzzy Hash: 3911BF34B442059FCF20DF689859BAE7BF6AB88211F14852AE955DB2C0EB75CC01CB90

Function 0594AA51 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a531db5f4166d3950c935c2ba184a0ee0f434464eed3d25f86da8067913c43c3
Instruction ID: 5c093a4aacceb0fa01289bff1ff0b6f719fdf6a3f088cde71ff80443b14aba85
Opcode Fuzzy Hash: a531db5f4166d3950c935c2ba184a0ee0f434464eed3d25f86da8067913c43c3
Instruction Fuzzy Hash: 0111C63134D7914FD3068F28EC54F4A3FA9AB47224F1941AAE455CB2E3C768D80AC751

Function 05837848 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f421ce77aa49f1b688e21d40b08d14ca91325cadcfa3ff716029992ce9ba5610
Instruction ID: adfaa341e0caf4d749d354fee2fecb2e910e0cf273b5e7168550fbcce5e0cb28
Opcode Fuzzy Hash: f421ce77aa49f1b688e21d40b08d14ca91325cadcfa3ff716029992ce9ba5610
Instruction Fuzzy Hash: E11116B0D05209EFCB40CFA9D842AAEBBF5FB49300F14C5AAE819D3211D635DA52CB90

Function 058AEF3B Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e81fb29fe791bf6a61e3f92df6fb33cce161639e5f92de50ae247bdad8b8f25
Instruction ID: 4149d7d850a9b39e06496fffefba137f59d450a1b37e2ee7c92f7fc30e08ab6a
Opcode Fuzzy Hash: 4e81fb29fe791bf6a61e3f92df6fb33cce161639e5f92de50ae247bdad8b8f25
Instruction Fuzzy Hash: 7E21BE79E04258CFEB10CF98D884BEDBBB1BB09314F1085AAD809EB344D7749986CF00

Function 0593C150 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a017b7e18b27741689f7f8d749ff47108da3b04e0084ca250f2ba4de1b563ae
Instruction ID: 85b84f48e86726a2aaa7c9e308ad1b1667bcb14297bf72ffe4642de4952f1379
Opcode Fuzzy Hash: 7a017b7e18b27741689f7f8d749ff47108da3b04e0084ca250f2ba4de1b563ae
Instruction Fuzzy Hash: 37118B71909248EFCB10DFA8E9027ACFBB8EB05304F2480E9D848A3350E6718E41EB95

Function 02771B1F Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12877722e8038d219dc90d7c0fb17669d4114925cccf148f9826ea9588c94c60
Instruction ID: 6ec5c2aa79fd592963fe52ae5002c770498e23f096ce703dc751417bbfa59c3a
Opcode Fuzzy Hash: 12877722e8038d219dc90d7c0fb17669d4114925cccf148f9826ea9588c94c60
Instruction Fuzzy Hash: 95118430A08104DBCF148B6DC865ABDBAF5AB88710F90417ED40FB76B0FA719D04C795

Function 0594ABA1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4034bb94678165909b24c23db2460ca584ee8c2c766786f1083c4f6d4c8e9b51
Instruction ID: 3ac369e540e93d2be5881968824f2e8b8adc609f11c7602ceabd44d4439580b8
Opcode Fuzzy Hash: 4034bb94678165909b24c23db2460ca584ee8c2c766786f1083c4f6d4c8e9b51
Instruction Fuzzy Hash: 18217D78A82259AFCB04CFA8D594EADB7B2BF49300B244059F802EB360CB34AD41CF50

Function 058AF024 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b6b6fc3b24a07e8347eaad1f52448329a548ec82398da21d4ae885e04939d0
Instruction ID: b7e38e533d429230abc71b83b27104f3f537c3aff89157d3cfb046b4c1cd857a
Opcode Fuzzy Hash: 27b6b6fc3b24a07e8347eaad1f52448329a548ec82398da21d4ae885e04939d0
Instruction Fuzzy Hash: 1D21C075E05258CFEB50DF99D484BADBBF6AB09314F10846AD809EB344D7749D85CF04

Function 0593C1A0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 227fbabf4f5256fbb4ed920929ad1d4fee5dd5161484ad1ad648fa2d6dda6e41
Instruction ID: 7e720f39f9e1d88f04555bab69341bbc04778499d5ae6c851e70231eb99278d6
Opcode Fuzzy Hash: 227fbabf4f5256fbb4ed920929ad1d4fee5dd5161484ad1ad648fa2d6dda6e41
Instruction Fuzzy Hash: C7118E75D09248EFCB14DB98D9427ACFBB4EF45300F14C0AAE855A3341D6759E41EB44

Function 0593C028 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d746002beb2176357482c1dfa3135d75d8bf7e60eb760dbc065915687e9e1e
Instruction ID: 7cca4d3e592b7ff1ddf3a7f3074823c104077be59a848030020f7bf965a566a4
Opcode Fuzzy Hash: 20d746002beb2176357482c1dfa3135d75d8bf7e60eb760dbc065915687e9e1e
Instruction Fuzzy Hash: 53115771D09248EFCB00DFA4D842AADBFB6EB48300F1081AAE80562350D7719A52EF81

Function 05939B21 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c30cf6b26d735eee6e3072371fe9f18d3b7c5631fa0f702b7be77861a841db04
Instruction ID: b07136377f5dad2c8e56f45d58bf6e4c3533e33a2ae698107db052fdc2805da3
Opcode Fuzzy Hash: c30cf6b26d735eee6e3072371fe9f18d3b7c5631fa0f702b7be77861a841db04
Instruction Fuzzy Hash: D0219FB4A05268CFDB64CF65C989BDDBBB2FB49304F0485DAD449A7250D7329E81CF01

Function 0594C0D0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea2aee22e1519b8f408d6de66884f91dd4b93f22fcaa66d6a35c9846a7b3b332
Instruction ID: 1b5e0d91b2eef31684410947db901d6da9ef7167e09b5e0804a90a1288c38ef5
Opcode Fuzzy Hash: ea2aee22e1519b8f408d6de66884f91dd4b93f22fcaa66d6a35c9846a7b3b332
Instruction Fuzzy Hash: 43117075E0010A9FCB04DF99C9819AFFBB6FF89308B208429D519AB315DB30AD498BD0

Function 05CA2FE6 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e4bcd9aade088bd65cf9d479d99c11e364bb3bb6a1299719bc6362db68d408
Instruction ID: 16f6e6aaac2f8c6925e0cb216ce76e8a3fb61621006b80fa2d0a3e51b166f5ee
Opcode Fuzzy Hash: 93e4bcd9aade088bd65cf9d479d99c11e364bb3bb6a1299719bc6362db68d408
Instruction Fuzzy Hash: 4021F470E4422ACFDB64DF18C889BE9BBB1BB48318F1088E9D519A7651CB745EC48F91

Function 0594788D Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db62e73924936f255d6bfc562298c3a809d18d082e4566dd181e2406c44a897a
Instruction ID: 87e1607de031c9a60c1f346853738dffa3a75e2a26e2c706928107e1b88f87dd
Opcode Fuzzy Hash: db62e73924936f255d6bfc562298c3a809d18d082e4566dd181e2406c44a897a
Instruction Fuzzy Hash: 8221EA78E04218CFDB50EF94D884BAEBBF2EB49314F2081AAD409A7754DB305E85CF50

Function 0594AA80 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ea1043bad0760663d90ba389ec02e036341c6611b77e63c21794a7467cca246
Instruction ID: 77753e3b688c69a4b81717966772a96912e49f65396ac1756b4cd6038b6b671b
Opcode Fuzzy Hash: 1ea1043bad0760663d90ba389ec02e036341c6611b77e63c21794a7467cca246
Instruction Fuzzy Hash: FA014436340215AFEB108E59DC94FAB77AEFB89721F108066FA15CB290C6B1D9158B50

Function 0593C980 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a888894bdc8e3129fa337f8ed59fe06af3285330adc4a925db6c0c3bc94aab26
Instruction ID: 697879808a6c254aa3a949f531a18d7317506bdd4e135fd2b020fed3afa12d52
Opcode Fuzzy Hash: a888894bdc8e3129fa337f8ed59fe06af3285330adc4a925db6c0c3bc94aab26
Instruction Fuzzy Hash: 6301C07980924CAFCB11EBB4D806B5D7BB49F45304F1080998804A7262EA71DD45DB92

Function 05939CE0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 101af89c0e3b9d3aa5d02eea45e5fbb62008f0b0ec65ded4a3fb62089353aa4d
Instruction ID: 510d30c3893ad84f93fce6fdd1042a6ffaaead32aa9f56780f61710b96399648
Opcode Fuzzy Hash: 101af89c0e3b9d3aa5d02eea45e5fbb62008f0b0ec65ded4a3fb62089353aa4d
Instruction Fuzzy Hash: 5D219DB4905228CFDB64CF14C989BDCBBF1BB09304F1084EAE549A7280C7769E95CF45

Function 058AE1DA Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf215ff9d565389d9a6713c02cb4b12c607394dbbe997f70ab499b098f12d258
Instruction ID: b10fab87968501d895a53e7df576d94b3a112b5a1c1ebbf3f6d48efde46cd5c0
Opcode Fuzzy Hash: bf215ff9d565389d9a6713c02cb4b12c607394dbbe997f70ab499b098f12d258
Instruction Fuzzy Hash: 661180B5E402288FDBA8CF68CC91BEDB7B1BB88310F0485E9D949A7350DA305E858F50

Function 058ACD7E Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0cf8410538b52823d315adb2a1a22ceab9ad065b5ac596e698bf78c1202b1f9
Instruction ID: 4102ccf8b87a6115b8951ea9d781adfad014696d24aca21c904364be368567cc
Opcode Fuzzy Hash: c0cf8410538b52823d315adb2a1a22ceab9ad065b5ac596e698bf78c1202b1f9
Instruction Fuzzy Hash: ED21E774A0121DCFEB10DF68D596BAD7BF1FB08304F1081A5D815AB254D774AE45CF40

Function 02771649 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd038396ac8f30085051b62be9806ccf04d6edca88045a3039cba1515792361c
Instruction ID: 3f3153ec9c3ac3f55426fa0d69de6e1f1b31e56ccc2a5e0d8736adcb2a5f8b3d
Opcode Fuzzy Hash: bd038396ac8f30085051b62be9806ccf04d6edca88045a3039cba1515792361c
Instruction Fuzzy Hash: BF11AC31608105CFCF05EBA4D5A86A87BB1EB40304F85466AC00ABB2A4DF309944CB92

Function 059471F8 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 211bb5163d38d3bc98dc3587237d5d33db91032704a7fb101de5634af9cb50ec
Instruction ID: 073c6731b07cae290cf51b46e75cbde1c3325f91c6c719b974ea571f1124a8b5
Opcode Fuzzy Hash: 211bb5163d38d3bc98dc3587237d5d33db91032704a7fb101de5634af9cb50ec
Instruction Fuzzy Hash: 6D11F870A04128CFCB24DFA9D894BADBBB2FB89304F0094A9D40DA7255DB305E81DF50

Function 05947E30 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f14d9e63fd32d3ac224625da87571641f6e722b04ff5e2321d094186ee06372
Instruction ID: bd6a910575186893a518167a3647225994166cbef678a7c48bebbd2fcf8bb6da
Opcode Fuzzy Hash: 9f14d9e63fd32d3ac224625da87571641f6e722b04ff5e2321d094186ee06372
Instruction Fuzzy Hash: AF01DE254492E48FD302EB7CD8602DD3FB0DF07318F1844DBC0848B2A6DA29888AC786

Function 0583748F Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 034ae3e2d8c726ffe280c47bf047ff07f16387014ac0f2f64e576cf1c12e1386
Instruction ID: 6d54e409d99aeb3eef97c65dd31ae3d1a1069e74d962db2a803b40e72bba6cc7
Opcode Fuzzy Hash: 034ae3e2d8c726ffe280c47bf047ff07f16387014ac0f2f64e576cf1c12e1386
Instruction Fuzzy Hash: 2201E5B4D15208EFCB54DFA8D4456ACBFF5EB08304F6080A9D908D7320E631AE91DF91

Function 02771881 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f916c08821016ca5e2d666fd453c3595cae9a3c3db28bb79dacecf6b4574b0d6
Instruction ID: 2ef8c617aafc698237ee1272835774577d202e2d9bc0e05225abf1aa76bb4a17
Opcode Fuzzy Hash: f916c08821016ca5e2d666fd453c3595cae9a3c3db28bb79dacecf6b4574b0d6
Instruction Fuzzy Hash: 4D119A34E0060ADBDB049FA5D448799F7B1BF88300F20CA29E469AB391EF749885CF80

Function 05947251 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 163d96e7181b50c1220aa12cf31df3b9f2b053c771b5fe4e9db7da9bca391984
Instruction ID: 3391fb67f28aea2cdc38986768e0f6482108acfe92cc4a7988929de8a1aa0a88
Opcode Fuzzy Hash: 163d96e7181b50c1220aa12cf31df3b9f2b053c771b5fe4e9db7da9bca391984
Instruction Fuzzy Hash: 9611D670E14128CBDB64DFA9D890BADBBB2FB89304F1085A9D40DB7255DB319D81DF10

Function 058A24B1 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e00754431c3805bc9298cf2db8924c25f2978488afc33d12cfc7755c427d8c
Instruction ID: ba1c273d0dfff2d53109096f6fe5037fb1d785682dd40ce65f96367000c49c01
Opcode Fuzzy Hash: a3e00754431c3805bc9298cf2db8924c25f2978488afc33d12cfc7755c427d8c
Instruction Fuzzy Hash: 6E01B5367007409FE72A9B34C558B7A77A3BF86314F04466CD9968B791CB71EC42DB80

Function 058A24C0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e662a1989c2d2241dd4aec23ca2b097962f96bb19f09e602bfb3af795cf2660b
Instruction ID: 679d68387310e9331fdc9d115c4d28b7b8a3d833f0d3eabf634d60aac30510d0
Opcode Fuzzy Hash: e662a1989c2d2241dd4aec23ca2b097962f96bb19f09e602bfb3af795cf2660b
Instruction Fuzzy Hash: ED019E367002048FE329AB34C458A3B37A3BBC5314F14862CD9478B794CB71EC42DB91

Function 0594C0C0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3cc16566d9de82409b1eb5d9d9939248836eb32648557035315eaa06a25967f
Instruction ID: 12f5eae856c291b4ce7258ccd799cd0f56d8fad5b9290ee07f1f7e49c8d6c980
Opcode Fuzzy Hash: a3cc16566d9de82409b1eb5d9d9939248836eb32648557035315eaa06a25967f
Instruction Fuzzy Hash: CC01D475A0020A9FCF00DFA5D8819AFBBB5FF89314B104469E50CAB351DB31AD09CBD0

Function 0583FD73 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0f453925988b3e7aec4abc2ce37282c23da9f388ed37ef16b869d3b0375cf5e
Instruction ID: a4b72d52f870b8a0213ef0676491a727eaa5494eeba09c7b030d2fe3aff8dc39
Opcode Fuzzy Hash: c0f453925988b3e7aec4abc2ce37282c23da9f388ed37ef16b869d3b0375cf5e
Instruction Fuzzy Hash: 8201A2397005109FC7059B24D454A6E7BA2FFC9710F104129EA0A8B7A0DF72EC02CBC1

Function 0583C048 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddee7e5257208b339d1aff6930a83154a7aefa1ed6a86a3433036a6551dbd10a
Instruction ID: 6beb549adf007c84a54a770d3a23a950ad7065f1531bd13f90c2d3f35be35a1d
Opcode Fuzzy Hash: ddee7e5257208b339d1aff6930a83154a7aefa1ed6a86a3433036a6551dbd10a
Instruction Fuzzy Hash: 3D0109B0D192498FCB54DFB994862ADBFF1AF49310F1481AAD859E7251D7304982CF91

Function 058AFDE0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42f42c35deb035a7113579a72e77799b53d36ed9db5b75d08d49d822a2823c48
Instruction ID: 9308b5b802fa83512c4eccc41c55aab315622ac88529b6cc71b583bb0b17aa4a
Opcode Fuzzy Hash: 42f42c35deb035a7113579a72e77799b53d36ed9db5b75d08d49d822a2823c48
Instruction Fuzzy Hash: C0F0C23A90918C9BEB25CFA4D8417B9FBB5FB46304F1891D98D08DB342D671CD11CB81

Function 058A3CC9 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 951d9ef660084be39add117f4d37f2ffe466eb7c0401340b8cffae05e57e4f90
Instruction ID: 80db76e041ab4945a608ec3c63e17e74f333f8c2804b30dc6ac6747774a1d329
Opcode Fuzzy Hash: 951d9ef660084be39add117f4d37f2ffe466eb7c0401340b8cffae05e57e4f90
Instruction Fuzzy Hash: 0E01F9327002189FDB05DA64D855B9EB776EB88310F104139E902D7380DFB1AC06C7D1

Function 02770A77 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3dfe94fd2866d3d87b4011f9e99291f3e8a5d2238b647fcc9bba71312281c09
Instruction ID: 8e8e53146e767b4f46991d3a61b20396464ce47d598f0de81ed2e909c8ba6e4f
Opcode Fuzzy Hash: e3dfe94fd2866d3d87b4011f9e99291f3e8a5d2238b647fcc9bba71312281c09
Instruction Fuzzy Hash: 2A018170F18116DF8F48EB7854146BE7BF6BF88600F16446AD007F7254EB208E01CB86

Function 05CA5119 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc99d3cd767d9a80343880a052574cbf17491e5d257cb848a6b1d3fb5570d905
Instruction ID: eec0d6697104e73b03c1f66f38ec22ec6dccbc97972ed56ac25fb51a7e2c939c
Opcode Fuzzy Hash: cc99d3cd767d9a80343880a052574cbf17491e5d257cb848a6b1d3fb5570d905
Instruction Fuzzy Hash: 9C21C474E40129DFCB65DF18D889AD9BBF1EB08309F1084EAA519A7751D7309EC5CF50

Function 0594BCA8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a51fefa70689b5f98b20243c46fef9593a4ce373415402afc6a764d7c1bbe5b8
Instruction ID: 56a9ed17a99fa945167dcfd30d2605c825ba786da566241e5c8bcd109d63aa14
Opcode Fuzzy Hash: a51fefa70689b5f98b20243c46fef9593a4ce373415402afc6a764d7c1bbe5b8
Instruction Fuzzy Hash: 9BF06D317000105FCB049A1ED894E6AF7EBFFC8655B2580B9E609CB365CE35EC0297D1

Function 05939C2D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aeaa0dd8e83260c980f7b1a95b0b2fd7d6834e3349b9e7d6fc2da2353dda2fb3
Instruction ID: 45129b2d33c9fad507ebed719436dc93dc458be0201feb5aead8850aa4bc2895
Opcode Fuzzy Hash: aeaa0dd8e83260c980f7b1a95b0b2fd7d6834e3349b9e7d6fc2da2353dda2fb3
Instruction Fuzzy Hash: DE11D4B0905268CFCB65DF54DD88BDCBBB1AB99301F1040DAE509AB350DB355E84CF00

Function 058ABE0D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bfd351ccac0060b6fa1b1aa41e80a422fb8fe4b7f7d3c31fb09c32a97118117
Instruction ID: 949bcdb97055f91dfffdbdd8a137cac1a9d29864ceb003b81734426211e1900d
Opcode Fuzzy Hash: 6bfd351ccac0060b6fa1b1aa41e80a422fb8fe4b7f7d3c31fb09c32a97118117
Instruction Fuzzy Hash: 42110574A05208CFDB54EF79E496AAE77F2FB48305F208269E815EB355DB34AD408F00

Function 0583FD80 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81b07b4f5920c4172a6d82877d8a50c6eef876593fc4163ca3fa71dc57b6c662
Instruction ID: e0074de1d6d324d20a2d75eb26d9e315adfbc3a23eb6eb4d120970291dec61a6
Opcode Fuzzy Hash: 81b07b4f5920c4172a6d82877d8a50c6eef876593fc4163ca3fa71dc57b6c662
Instruction Fuzzy Hash: 5701A4397005109FC7049F24D45895E7BA6FFCCB11B108129EA0A87764DF72EC42CBC1

Function 0583D19F Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 780563dd6b2e1a2401fed15e2d7363215492b0df04da5048e20b0492331a82b5
Instruction ID: 234f12f79d8791399d194fc9c187dd46253faa8820caec2ee02f4c21a4b5807a
Opcode Fuzzy Hash: 780563dd6b2e1a2401fed15e2d7363215492b0df04da5048e20b0492331a82b5
Instruction Fuzzy Hash: F2F02B56B0F2D11BE722263D6C52719AF95AB83654F4506AFECC2C72C2CA04DE0A83A5

Function 0583D9A0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b82feee0ad62cf4db91167401d1d5ccf2ce97d9f7b3e8b9fce96798806892e
Instruction ID: d9d0d88344ce08fb07f0591b4c1ecced3c2cd0172455b65383da816b64cec42d
Opcode Fuzzy Hash: a9b82feee0ad62cf4db91167401d1d5ccf2ce97d9f7b3e8b9fce96798806892e
Instruction Fuzzy Hash: A2F02B317144045FDB149B29D85AA6ABBA6EF84364F08802AFD59C73A1DF749C07C7C1

Function 02770B08 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d33b3039a95e826bd5305e106d2a6fad59c63b15b5a31be07288b59b046f123a
Instruction ID: 08f9b6a5421fc3811506647f1104dc8d2e7bc893aece8e470a45e7c021adfd22
Opcode Fuzzy Hash: d33b3039a95e826bd5305e106d2a6fad59c63b15b5a31be07288b59b046f123a
Instruction Fuzzy Hash: 6AF06D70F04119DF8F54EBBC88145BE7AE5AF4865875004A9D51BEB320FB20AF01CBE6

Function 0593BF80 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62045a989e3614ab149266d6858c4f10534a9caccc17f58e73f33a0ab4a0966f
Instruction ID: bdf9f5fdc4146347ccaa77192677a3b35729731a17fd9492d6cafaa37e96e47e
Opcode Fuzzy Hash: 62045a989e3614ab149266d6858c4f10534a9caccc17f58e73f33a0ab4a0966f
Instruction Fuzzy Hash: B0016D34D08148EFCB50DFA4C442BACBFB1EB49314F2481DED84997341C6368A42DF41

Function 059338F8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a84a1c03215904f5157766d3b59b4ba786d1a219649048b680bc8073944053d
Instruction ID: 0e1fac21f790769f0be41294dcc42a2c45fba9e5bc239a45b0a3669a746fe0aa
Opcode Fuzzy Hash: 6a84a1c03215904f5157766d3b59b4ba786d1a219649048b680bc8073944053d
Instruction Fuzzy Hash: 81118074A05219DFDB60CF28D886B99B7B1EF05304F2080D9D45DEB251CB309E81CF01

Function 058AC5FD Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7a459e1d76d991ce1d620b8974081ad427451e03575c56b0308c0356db4b213
Instruction ID: 0f989036ab971d121ae3a3df46b5d4f80b4c4ca413fde799253a664d6883036d
Opcode Fuzzy Hash: d7a459e1d76d991ce1d620b8974081ad427451e03575c56b0308c0356db4b213
Instruction Fuzzy Hash: 2911A278A05309CFDB44EB68E496AADBBF1EB48308F508169E41AEB254DB34AD40CF40

Function 058AC7B3 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6210d6d1f01a894c7b7b639c3921fb4fe075b016401475ef3b9f018d7513e219
Instruction ID: c6880b5e7492dd3925ed9e36f22739764950d8fe9656e618495e45f201026772
Opcode Fuzzy Hash: 6210d6d1f01a894c7b7b639c3921fb4fe075b016401475ef3b9f018d7513e219
Instruction Fuzzy Hash: 0F110974A41209CFDB64EF28D496BAD77F2EB44304F1081A5E819EB754EB34AE81CF40

Function 05949F10 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 084f13edb5fc0c5ea685eee9c13e9749fada564ae5788e58d8005f18c1bdf026
Instruction ID: dc022985b60da8006ec08c055030b5d9af60b2313c981daa9ba7bd57f52c9e7c
Opcode Fuzzy Hash: 084f13edb5fc0c5ea685eee9c13e9749fada564ae5788e58d8005f18c1bdf026
Instruction Fuzzy Hash: 37F02422F4D2915FE31242381C14737AFA2ABC6200F0844DBD0868F3AADA969C06C750

Function 05949EA9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 873f37af0d0f8e599d1852a035cef7ce3a97dd000c6251822364ffdeb9b3ffef
Instruction ID: 23862bfe5f039c055ff518daa84b727c0d93838069d625d56497915f27673046
Opcode Fuzzy Hash: 873f37af0d0f8e599d1852a035cef7ce3a97dd000c6251822364ffdeb9b3ffef
Instruction Fuzzy Hash: BAF0F631F4C2516FE71596289814B2BFBA9FFC9310F04456EE50A9F395CBB19C418B80

Function 0583752B Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0877b8bbed9fcbe2db4e06b72c27f1c9ee2289f3416c3e7a9dbebd545162c561
Instruction ID: f35343827c3f720b7892a5500a66d7a20a43c30b1c33c2e05e9179e59867391c
Opcode Fuzzy Hash: 0877b8bbed9fcbe2db4e06b72c27f1c9ee2289f3416c3e7a9dbebd545162c561
Instruction Fuzzy Hash: F7011DB5904208EFCB54DFA8D845AACBBB5EB08315F204099D919D7310E731EF51CB91

Function 0593A868 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9e93ab42be1c7d07d878f954c6a37bd65698805e67c0954be471d941ca3284e
Instruction ID: d29b38da3e1e0f67048357e23dc3f1e8b01e30927837b7619c40d80e34a5ff03
Opcode Fuzzy Hash: a9e93ab42be1c7d07d878f954c6a37bd65698805e67c0954be471d941ca3284e
Instruction Fuzzy Hash: 23018B3180424AEFCF01DF99CC019EEBB75FF4A310F04C15AEA9863211D335A5A2DBA1

Function 059342E2 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1c02e5534cab87a589e150319491bf9c895f5ccbcb4d66ef13df799a45da441
Instruction ID: c058ae3b19583f41303fb703ad23d011eaa1560e4ac57cc7226af255ed6775c5
Opcode Fuzzy Hash: e1c02e5534cab87a589e150319491bf9c895f5ccbcb4d66ef13df799a45da441
Instruction Fuzzy Hash: 80016974A09308CFDB15DF14D859BA9BBB1FF09304F1084DAD419A7292CB719E82CF40

Function 058ACCC5 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55fbd8d0fdd71d179a9e4b1e2bea74567e28a7a463a0c87abc56685a6d0bf49b
Instruction ID: 2d6e5455d5788acfa107a12a3bac89946182cdf348d1456a815e6739296929a1
Opcode Fuzzy Hash: 55fbd8d0fdd71d179a9e4b1e2bea74567e28a7a463a0c87abc56685a6d0bf49b
Instruction Fuzzy Hash: CA11A574A4520ADFDB64EF28D596FA9B7F1EB48308F0081A5D51AEB654D734AD80CF40

Function 05949EB8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 623047506e7dc499e5ad85eb7edc5fb7319a7ab4f348189ee5d960215fc94d34
Instruction ID: 71f5a80cf99f4456b1833ae2e6ac5d6d17c7f0112ca861c60134e148e7070b92
Opcode Fuzzy Hash: 623047506e7dc499e5ad85eb7edc5fb7319a7ab4f348189ee5d960215fc94d34
Instruction Fuzzy Hash: 14F0E931F482155FE71596199804B2BF7AAEBC9720F148469E50A9F394CBB1AC4187C4

Function 05946BD0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d98e7b22516eb85653ede468dab0dd2a1781eb77937fe264bf31219bda2f3d2f
Instruction ID: f20f8636b2f7b7eca15a353fbc93a1a8090ff6e4d85400b5394561820dba16ee
Opcode Fuzzy Hash: d98e7b22516eb85653ede468dab0dd2a1781eb77937fe264bf31219bda2f3d2f
Instruction Fuzzy Hash: 86F04475909208EFCB14CB98D848FACBBBDEB0A312F109098A849A7221C7718D90DB50

Function 0593A21D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a57eac9b038bf172f78c9cf07816f6a65594c76d187b62391cc6bb230fcf414d
Instruction ID: 638620f4ff6bc3a51521ccc43f584007dc5db8850e2a48056c14f5109f53eb38
Opcode Fuzzy Hash: a57eac9b038bf172f78c9cf07816f6a65594c76d187b62391cc6bb230fcf414d
Instruction Fuzzy Hash: C01190B4905668CFDB64CF59CE89BDCBBB2BB48305F1084EAE509AA390D7755E84CF04

Function 02771BDA Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1521f7bf5bcf0eb245745401c97b420dfe78b645124d08a5b5b37a47ec895f5b
Instruction ID: c1d4c5386a403a3b432d54c3e507c2dd615894ab1e163b261d690f6740727469
Opcode Fuzzy Hash: 1521f7bf5bcf0eb245745401c97b420dfe78b645124d08a5b5b37a47ec895f5b
Instruction Fuzzy Hash: D9F0F930A48104CBDF018B5DC965ABDBAB1AB48A14FD0806BD40FB7670F7719A04CB95

Function 058A3B18 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79fb962054fc052dd549f51a0e29caa0f2a5737ded0e6601c66d63c073308bdc
Instruction ID: d12aca306e434f17b2558460218b73f7e0f17a92439c1177156825588582101c
Opcode Fuzzy Hash: 79fb962054fc052dd549f51a0e29caa0f2a5737ded0e6601c66d63c073308bdc
Instruction Fuzzy Hash: CAF020337082219BFB06562C9459B7EB69BABC0A50F04813AED00CB290EFB5CC02C3C5

Function 02771BE9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdf1f2b81cc2cc39bdaaf80b9f2fb9e6877c90a1bbdd6c476074152166343f7d
Instruction ID: 0b2e488f1eaef9c800b0c86c0e4a862a41912c84eb3b8bb0432d33f6a2efb6ac
Opcode Fuzzy Hash: cdf1f2b81cc2cc39bdaaf80b9f2fb9e6877c90a1bbdd6c476074152166343f7d
Instruction Fuzzy Hash: 2FF0FC311047804FC3169B68D94178ABFE1EF8A310B1485A5D0958F65BCB74594DC7A0

Function 0594350D Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36f18269514a2f6cbd0368d35ba5cb12c27da701a11cbf4cf2869b1e15f17e5a
Instruction ID: f5ecba6da50467bb2afb7d734aad2900a40f2aeb73f9bc966aeae6d58d92c54d
Opcode Fuzzy Hash: 36f18269514a2f6cbd0368d35ba5cb12c27da701a11cbf4cf2869b1e15f17e5a
Instruction Fuzzy Hash: 0611B378A802298FCB64DF24C854BAABBF2FF88301F1141E9950AA7350DB319E91CF00

Function 059474A9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a39167905f94542e1b64c54070269fa10195f0cf2cc8c0a028b74ad3653cc775
Instruction ID: 663683ea88223657e95d7310ea5ca2c2e36776d44e9c32c97464239025138d59
Opcode Fuzzy Hash: a39167905f94542e1b64c54070269fa10195f0cf2cc8c0a028b74ad3653cc775
Instruction Fuzzy Hash: 3A012578905148DFDB149B98D898B99BBF1FB05315F1001A5E445AB651CB704C95CF40

Function 05CA50D7 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708250f4424645a53c0709382235f1ff3aeb0798c480edea51b420478e878067
Instruction ID: fac64ded3861b46469a20fc47ecc0a46e6d55a58aa8a44eab2b15db72ecf2432
Opcode Fuzzy Hash: 708250f4424645a53c0709382235f1ff3aeb0798c480edea51b420478e878067
Instruction Fuzzy Hash: A411F774D4412ACFCB66CF29D889AD9BBF1EB08309F1084E9D609A7A65D7305A86CF10

Function 0583BBD0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1a14fcfefb02bbcd3e4245d009df56daeb3c65d23cb5e51d5e91371859c2f45
Instruction ID: 74f69f012770e6f68d97e9875e37c8c46c297253ecb436fe8397c25caba4cc4e
Opcode Fuzzy Hash: d1a14fcfefb02bbcd3e4245d009df56daeb3c65d23cb5e51d5e91371859c2f45
Instruction Fuzzy Hash: 31F0E2B4D0520CDFCB54DFA8D9456AEBBF8FB08305F2085AA9819E3250EB305A91CB91

Function 058A2BA8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97a0e38b1442abb5bbb1c41c21f73d6a90d6bb6b3d0fbd17f8ab7a69351b6228
Instruction ID: c42431cfa23f3c071ada901f6ef30b0bb520b23147eef7855b19bf69688d36a1
Opcode Fuzzy Hash: 97a0e38b1442abb5bbb1c41c21f73d6a90d6bb6b3d0fbd17f8ab7a69351b6228
Instruction Fuzzy Hash: 5BF0A039344314CBF7246A789C18B6A37A6EB85210F104579EA06CF294EE72EC01C740

Function 05CBF460 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e2aa8e5369e91a3447173273103624323032295f7f3f4d48f41d828f3bb59a
Instruction ID: b689189974a7ef7448f321399eca153a8ebfeec72c06dd8cbe2c02ed2d4fcbe0
Opcode Fuzzy Hash: d2e2aa8e5369e91a3447173273103624323032295f7f3f4d48f41d828f3bb59a
Instruction Fuzzy Hash: 1CF036312403055BC715DF19D985E8BFBAAEFC4314B008939F5168B669DEB0B9098690

Function 0583BBC3 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca972c12f7262599912abad6eb41f764b0daa0ca65d8cee584271d501593f14
Instruction ID: e9dacb0954a1416bc8794272278ffa36ef9d81e6f7f386127518de7204c4b041
Opcode Fuzzy Hash: 4ca972c12f7262599912abad6eb41f764b0daa0ca65d8cee584271d501593f14
Instruction Fuzzy Hash: 00013CB4C05208DFCB44DFA8D8453AEBBF4FB08305F2084A9D819E3341DB304A41CBA1

Function 05934FA4 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2cff96f87358f4647e1497335ad0de6afca5bcf521e1fbc22af136aff58ca21
Instruction ID: 46f1980b33637d141a02f0ed025ae13fea5f5c9a3ef58407318177a2ea792304
Opcode Fuzzy Hash: b2cff96f87358f4647e1497335ad0de6afca5bcf521e1fbc22af136aff58ca21
Instruction Fuzzy Hash: AA1112B8A04228CFCB64DF28C9957EEBBB1AB48304F2080AAC559A3754DB305E81DF50

Function 05834349 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 959800a119cfada62756250748e89d865eb4f51fcd7ac6d8fc4f6a25f53c4b2b
Instruction ID: 9fd99619200df05649c708aa081e28a752071d309cb362d877a0641e88c28b66
Opcode Fuzzy Hash: 959800a119cfada62756250748e89d865eb4f51fcd7ac6d8fc4f6a25f53c4b2b
Instruction Fuzzy Hash: C8F0C974A5A218CFCF64DF65C9496EDB7B5FB89304F6085A89809E7265CB309D42CF40

Function 0593A878 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e154f6ef10d8edc1435896383db9a950f7c54e75a807ed781c5c267194fdadbd
Instruction ID: b36f0afd4c6d62a0e7f4ebd3683b7a51dfb759c6fe2299a41ce54534ebfbe520
Opcode Fuzzy Hash: e154f6ef10d8edc1435896383db9a950f7c54e75a807ed781c5c267194fdadbd
Instruction Fuzzy Hash: EAF0E73180060AEBCF11DF99D8019EEBB75FF89324F10C519EA5827210D775A5A6DBA0

Function 02770B07 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69b5e148d45c0ef3386b844e018b1b9ab8da9d2eee6c33df57de2ec72013a3be
Instruction ID: 1639937365f0047441d5c53f5dd10171578a4aba43e6e31d3bdfd09a30859a7d
Opcode Fuzzy Hash: 69b5e148d45c0ef3386b844e018b1b9ab8da9d2eee6c33df57de2ec72013a3be
Instruction Fuzzy Hash: 9DF0F870E14119DF8F50EBB898456BEBBF1AF48658B1045AAD51BEB221FB305E01CBA1

Function 0277FF18 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2762f19f006d7e1df016a5f738db874229a8378b1dbbecf02f3046dab7f14412
Instruction ID: 2b7090eb944d7fef4e74291501a7ccb692702c0937e88866a5b0a354b5be981b
Opcode Fuzzy Hash: 2762f19f006d7e1df016a5f738db874229a8378b1dbbecf02f3046dab7f14412
Instruction Fuzzy Hash: E7F03A353102009FC7049B19D494D2A77AAFFC9721B1140A9FE068B370CE71EC02CB90

Function 058A2B98 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c5ea318b4918bd1378e5e68a7de31f1fb2fe81008b7f6fbb3efcd3cc59b3aa1
Instruction ID: cfeb731845382e707fe62c308ed0cbbe05f9f692fca48d38430486d850c3eac6
Opcode Fuzzy Hash: 7c5ea318b4918bd1378e5e68a7de31f1fb2fe81008b7f6fbb3efcd3cc59b3aa1
Instruction Fuzzy Hash: 55F01239744315DFFB35AE399819B6533A6EB85214F504569DA028F290EF71EC02C785

Function 05CA35AF Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d222dd72148bcb6551cc94cae9dc80f354840ec009d52da88029e34cd0193f18
Instruction ID: 3a2e14a9c219c3bd8225e5fe0a81df5cc4f966c68c890d53382134f929ef1344
Opcode Fuzzy Hash: d222dd72148bcb6551cc94cae9dc80f354840ec009d52da88029e34cd0193f18
Instruction Fuzzy Hash: D101A578A441288FDB64DF18D899AD9BBB1FB48308F1081EAA91DA7755DB309F81CF50

Function 058AC4D6 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74692ad5fd1bad3cc3119e5de7dc0a9271cb927bd6e8785fd8133b1822193e12
Instruction ID: 943ea7bdad68f2b1ba39253ca6f964b16753bc99d100130cc610e327154d0f73
Opcode Fuzzy Hash: 74692ad5fd1bad3cc3119e5de7dc0a9271cb927bd6e8785fd8133b1822193e12
Instruction Fuzzy Hash: BCF0B674616109DFC748EF68E596A5E77B2BB88208B109269E816EB354DA30AC058F40

Function 027709BC Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fa319ff37bccd0978fbbe102af4147891cdafbece93b7bb475ed5019ab45a9d
Instruction ID: 364276d827d720360e4b45a0a63676b9e8043cc2d2f949600c39cf3280e4b03a
Opcode Fuzzy Hash: 2fa319ff37bccd0978fbbe102af4147891cdafbece93b7bb475ed5019ab45a9d
Instruction Fuzzy Hash: 4CF0F874E1820ACF8F84DFBD944557EBBF1BB48200F1184AAD40AF7200E7308A82CF96

Function 0594DDD8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 620be171ba3b465a63f6c3c90d9b771eb789dd24c4c2e2b2d6ba930c3f6e70cd
Instruction ID: 77ff8d7e9a46edd2248375e85c8b0e95f781e413ffeb525bd0ffb8ea5e7bdad3
Opcode Fuzzy Hash: 620be171ba3b465a63f6c3c90d9b771eb789dd24c4c2e2b2d6ba930c3f6e70cd
Instruction Fuzzy Hash: D5F067369042188BDB04DB90C918ADEBBB2AF8D200F108969D5027B381DB752E008BE1

Function 05947135 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b1f15026b2a2e69e682c5abf52de3841034f8a81e4ad3bb84612086de6ae0fa
Instruction ID: ff28d9c876c80e21cb56cefc7efe2ee540e4b4ab137bdd015ab8770248215256
Opcode Fuzzy Hash: 8b1f15026b2a2e69e682c5abf52de3841034f8a81e4ad3bb84612086de6ae0fa
Instruction Fuzzy Hash: B50124B8A15118CFDB10EF58E490B99BBF1FB08304F1081A5E598A7384D7309ED1CF40

Function 05CA7555 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd22bcd9b84a40677b7e51b2972f66569e8a8456dbd3825d5774388464bcff25
Instruction ID: eadad9d020ec3629cf99cea3e0c0b21f99164a6f5f61236a19596cd3185a6cdc
Opcode Fuzzy Hash: bd22bcd9b84a40677b7e51b2972f66569e8a8456dbd3825d5774388464bcff25
Instruction Fuzzy Hash: 7D01D678A002288FDB28DF28C9D4E99BBF1FB49305F2146D8D909A7355CB31AE80CF50

Function 0583D208 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 308782133f1f279653e5657091b1233c90d76d434f949183723d225807cd6af8
Instruction ID: 44c16a389b7d36fdfdd1864a908caae5ea6cbaaa58cc1659b54a89b100129e87
Opcode Fuzzy Hash: 308782133f1f279653e5657091b1233c90d76d434f949183723d225807cd6af8
Instruction Fuzzy Hash: AAF082312006074BC7119A29EC89F4FFF99EFC0315F149539F84A46169DB70A8498690

Function 0593C380 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e81b48f0cc89158cde167857deabe937ef7c36f39774b574d92ae1a329b20b
Instruction ID: a1508142ab2d341b7653c8997ae14198d1ae80679b4f5b85b208e5bc651954cf
Opcode Fuzzy Hash: a3e81b48f0cc89158cde167857deabe937ef7c36f39774b574d92ae1a329b20b
Instruction Fuzzy Hash: 90E06D3990910CEBC704CB94E847B6DBBB4EB46305F2481DCDC0963355E632AE51D685

Function 05938A70 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83cd0c6a3f179df3619b35c0146c432048b35e94a328a3303f3c9c7e38f8fcba
Instruction ID: fc415f7eeff82bc05c914f3a062abffbc228833dc7e472f2b871fe63ed1fa2d7
Opcode Fuzzy Hash: 83cd0c6a3f179df3619b35c0146c432048b35e94a328a3303f3c9c7e38f8fcba
Instruction Fuzzy Hash: 64F01C3A40920CFBCB10DF94DC42A9DBF76EB49304F14D459BD0456291C772DA62EB51

Function 058AD2B0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 049172f1e063da1dcc0f89c6f01b99ec3b508e24169bcf3f9489db0544a616d3
Instruction ID: 1ec069ab7c8a98a262ae575257e1e7fd7af4b9d91bb716e97fd8c4cb7193fbc4
Opcode Fuzzy Hash: 049172f1e063da1dcc0f89c6f01b99ec3b508e24169bcf3f9489db0544a616d3
Instruction Fuzzy Hash: 2DF03A75805248AFC750CFA8D840AACBFF4EB49210F1480AAEC98D3281D7759A51DB50

Function 058AAE56 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e93efc352f0899d330d3632e6c60ab3012402316991e447170ae73be836e2701
Instruction ID: 09831f68758d340ecf32eef4f7072501944e0282702a35f3ee6ee70550d81ebd
Opcode Fuzzy Hash: e93efc352f0899d330d3632e6c60ab3012402316991e447170ae73be836e2701
Instruction Fuzzy Hash: 2901E878E45258CFEBA8DF24C9A5BA9B7B5BB48309F1050D9D50EA7285CB305E81CF00

Function 0594C163 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 890c38f288989161daabb35cf8dfc3b6f332d80962de0cd9e6775236a208f2c5
Instruction ID: fcfa1431192ab283f35049fd95f66f9f4a97726fcc0b08432c17298c7a4da485
Opcode Fuzzy Hash: 890c38f288989161daabb35cf8dfc3b6f332d80962de0cd9e6775236a208f2c5
Instruction Fuzzy Hash: 04F0A771904604AFDB19CF54D84C7DD7FB6EB84321F0480A5E40597280DB745AC5CB80

Function 0277209A Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec87f9ddf7509c610e36d0a71bb2ed2fa82123a29935513f70bb9b5652168c4
Instruction ID: d18df9cc7ef1464e7809776841abc5c7b68c7df51e180c4562aad99304b93aaf
Opcode Fuzzy Hash: cec87f9ddf7509c610e36d0a71bb2ed2fa82123a29935513f70bb9b5652168c4
Instruction Fuzzy Hash: 10F0E231604A43CFCB369B34EC1072E7BB0BB41315B000A38D05A8A8B7DB24A54AC780

Function 02770D40 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2017ab43fd92888e87526b5676ce1fbc326dfe5c3df4cf22537dc0294ed40de
Instruction ID: 899b1db9b14f17b92ed4319d70007958906923aabf23d34db41d533287ae5477
Opcode Fuzzy Hash: c2017ab43fd92888e87526b5676ce1fbc326dfe5c3df4cf22537dc0294ed40de
Instruction Fuzzy Hash: 9EF0C074D0870ADEDF58DFABC4452BEBBF4AB04301F108266890AF2250E7722685CBD2

Function 05837858 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9cac477f0968cb224679a964ba68c9bd1c2b782ff07ac288b9fc810a271589e
Instruction ID: 1a8e4001e95c4c487fd484dce3c2ec208235f30d23be35147eba0430c149f5b0
Opcode Fuzzy Hash: c9cac477f0968cb224679a964ba68c9bd1c2b782ff07ac288b9fc810a271589e
Instruction Fuzzy Hash: E3F0F874904248AFCB90DFA9D841AADBBF8EB48210F14C0AAAC59D3241D635DA51DF90

Function 0593BFD3 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a42b317edf54d0468ef49880dba32719606b15b7cfc30470c26b1dee84a81c5f
Instruction ID: f8ad02f456c357c541ac9275d8adcc52abd2491c606f1af07bc847287d22a08d
Opcode Fuzzy Hash: a42b317edf54d0468ef49880dba32719606b15b7cfc30470c26b1dee84a81c5f
Instruction Fuzzy Hash: 23F0D435908108EFCB11DF94D841BDCBFB2EB48310F148199E95596361C7728A61EF40

Function 058AEC59 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea5f211cae71a82f470fe7ece8daafb31edc54791846930b0a68c1fa604c87c
Instruction ID: d616d5cf6600f50dec148b2dbebf748630f619ada97d7882a92d0bf0c79437c1
Opcode Fuzzy Hash: 2ea5f211cae71a82f470fe7ece8daafb31edc54791846930b0a68c1fa604c87c
Instruction Fuzzy Hash: ECF058B1C14148ABDB14CFA8D5847ECBFB5EB49314F1081A9E80897301C6764A42DF40

Function 058A936F Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3de35132f49e90a301c2a145c8c86551b59226509c6b297d9b045d9e82499b2d
Instruction ID: 4bcd13a87de85219b1f21101cceec47218f4ce1a0defdca5f8c7a543996ae347
Opcode Fuzzy Hash: 3de35132f49e90a301c2a145c8c86551b59226509c6b297d9b045d9e82499b2d
Instruction Fuzzy Hash: CDF0CF7180A22ECAEB20DF1489587A9BBB2AB41309F0061D6C44DA2581E7392B85CE01

Function 0594729B Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cec47799432f7d305064fd43522a7a42582cfdae1e4c1b62cb2cbda469aeed4
Instruction ID: d64d6822594f847df22a6e62fbe3a7e194bb57df05a826d8482367c47f77ed96
Opcode Fuzzy Hash: 8cec47799432f7d305064fd43522a7a42582cfdae1e4c1b62cb2cbda469aeed4
Instruction Fuzzy Hash: 5CF0EC74A06118CFDB14DF98D594B9DBBF1FB49304F1080A9E105A7794CB345E95DF41

Function 0583C7A1 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a1b01708914fde7bcb4b5598591c4f60698b99a22ea57c1bc7828f90f2db77d
Instruction ID: 0b0fe3f40fbfd9caf72cbb0ae514790a3ec0771252bc8eb7d3af22ea73ae6039
Opcode Fuzzy Hash: 1a1b01708914fde7bcb4b5598591c4f60698b99a22ea57c1bc7828f90f2db77d
Instruction Fuzzy Hash: ABF0A020A2C7C30FD712933EAC147852FC267531A0F0893AAE4A1C71EAEF5D99478741

Function 05936CC1 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86d72d3b88923590cdee0dfe47803b289536d80dc4aecf6574f393bcd3378398
Instruction ID: bce85698b81640d4372c07a90d7d0dd0e40a9736cdedee42d6e0bc1a2c94a62f
Opcode Fuzzy Hash: 86d72d3b88923590cdee0dfe47803b289536d80dc4aecf6574f393bcd3378398
Instruction Fuzzy Hash: 6BE0DF36405208EBC711EBB8C80B78E7AF8DB44208F1040A89A44D3160EB72C90086E3

Function 05935BB1 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 214624ca3d3efccb915bc99d9c6197cbb211aa41ae677f38b74c0e21fb1c3408
Instruction ID: 795b92461d682c4af28110d7685db7303268a073fd4b78284b9b96eb43eabfa8
Opcode Fuzzy Hash: 214624ca3d3efccb915bc99d9c6197cbb211aa41ae677f38b74c0e21fb1c3408
Instruction Fuzzy Hash: E2F05834908208EFCB40DFA8E85579CBBF8EF89204F14C0E9D84897341D6319A41CB41

Function 0593B3D1 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80ae2c6217451690668347223260f96f7d60c0aa97cfd9dbf459f0968b9fc318
Instruction ID: a46ad5209e571de2c6b24b2f1432b2e02543df4ec5583362847bb2a4773155fd
Opcode Fuzzy Hash: 80ae2c6217451690668347223260f96f7d60c0aa97cfd9dbf459f0968b9fc318
Instruction Fuzzy Hash: 3EF01C34805118EFCB10CF95D941AACBBB5EB48310F14C099ED1462350CA319A55DB41

Function 0594752D Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 376e021b5a048898630751645140f429d81a8f7ecfc2ce6e85939ffd5f775d82
Instruction ID: cf12ec28b4457dae36aa44767e954df97ad8554fbf0bc1af055a4d0f26aed8f0
Opcode Fuzzy Hash: 376e021b5a048898630751645140f429d81a8f7ecfc2ce6e85939ffd5f775d82
Instruction Fuzzy Hash: F3F03778905158CFDB50DF94E884FADBBF2FB46314F1080A9E409A7644CB306DD58F51

Function 05948478 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d273e5268c7cbbab04c16054e27e8da77b5600e1adc3fc8a94dc262fa08e06
Instruction ID: 8b33903654a4fe17a582bac02ef59d9d6b83b1333cbe26da71d17f8d81a86659
Opcode Fuzzy Hash: c1d273e5268c7cbbab04c16054e27e8da77b5600e1adc3fc8a94dc262fa08e06
Instruction Fuzzy Hash: F7F0F834D18208AFC750DBA8E8987ACBBF4EB49314F24819AC85897291D7765A45DF41

Function 05946E88 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c42d5b581a8ba774df886979b33c35664ebb62f34f37557f85d5cad287b860a
Instruction ID: 1588bdd795fd94afbed085473b9974b69a4f4c00e158639ddf0dca95a3f496a2
Opcode Fuzzy Hash: 8c42d5b581a8ba774df886979b33c35664ebb62f34f37557f85d5cad287b860a
Instruction Fuzzy Hash: 5EF014B8914118CFCB50DF94E484B9DBBF2EB05304F208499E509A3281CB31AD968F50

Function 05946928 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 297295f90f6aa04250dace193d1cd58950f768821c6a8946dd9087c4b9ae6076
Instruction ID: fbaf2d64571a1532a0b0e5a2d7fd70aceb800dce8d02edd3e1ab28cb42fedab2
Opcode Fuzzy Hash: 297295f90f6aa04250dace193d1cd58950f768821c6a8946dd9087c4b9ae6076
Instruction Fuzzy Hash: 69F0A070C09208EFCB14CFA8E40079CBBB5BB45304F1084A9D80457350C7314A55DF91

Function 059470C0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e406c49556adef581751b263da66e8cfc73932cb4ba2ed02a0c31d8d665c716
Instruction ID: 8aaee82f8a47917db069cb92897c461c85195a87f0bb5f86d3c96aed76116599
Opcode Fuzzy Hash: 5e406c49556adef581751b263da66e8cfc73932cb4ba2ed02a0c31d8d665c716
Instruction Fuzzy Hash: 95F03778908109CFDB24DFA4D498BEDBBF1EB09304F2080A9E519A3680CB319DE5DF40

Function 0583D218 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6ed78553f993df680e470b2cc8fe33365856bc42a988f58be465ded6aacd096
Instruction ID: be179a4b011f47ab34164bdc5e20e927cbfb043ab964a8579df1b85f8f5e21f4
Opcode Fuzzy Hash: a6ed78553f993df680e470b2cc8fe33365856bc42a988f58be465ded6aacd096
Instruction Fuzzy Hash: B7E048317002065BCB109A2AED85D5FFF9AEFC4365710D539F50A87139DE70AD4987D0

Function 05937F20 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c798740bf14523fd81128886f68a317801ed27ff01a5545a8b5fef4d1789b43b
Instruction ID: 0b523ec298abd07748259eba94284e61640a7a442b9556c3c7897fcac5b9ef31
Opcode Fuzzy Hash: c798740bf14523fd81128886f68a317801ed27ff01a5545a8b5fef4d1789b43b
Instruction Fuzzy Hash: 22E09274909108EFC780DBE8D84779DBBF4EB09204F2480EDD808D3351D671DA42CB41

Function 05936F68 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9e889dd84eceb8debef7d2cf12fed8cfbc2235ed56e3dcca4b15528385a2e65
Instruction ID: 4e1158919f31170b360178e46c6240f65cda157016d95f5942bb76b515b02211
Opcode Fuzzy Hash: c9e889dd84eceb8debef7d2cf12fed8cfbc2235ed56e3dcca4b15528385a2e65
Instruction Fuzzy Hash: 98E0DF38809108EBC704DFA8E886BACBBB9EB49304F20C09C9C0457350CA31E943C642

Function 05937681 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b9911a2ae71ae30dbe16387a3915771abfd8378f639a1a2e0aeaa3599bd1d4d
Instruction ID: 9ccda64e9c849783b8aadbdf62c52376693e4b1798e469ddc1e94f0df75fe618
Opcode Fuzzy Hash: 6b9911a2ae71ae30dbe16387a3915771abfd8378f639a1a2e0aeaa3599bd1d4d
Instruction Fuzzy Hash: 20E09274819108DBC704CB98EC4279CFBB5EB45304F2080A9D80417351D6319E42CB52

Function 058AF7A0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c78eb2e2206ddc1e1ea4cd9bb5dabde03e046b094c3625bda1e445b8a72d4f9
Instruction ID: 924ce92e7009c9df35988af8532849e51693da8a622fb31855aef4746c530094
Opcode Fuzzy Hash: 0c78eb2e2206ddc1e1ea4cd9bb5dabde03e046b094c3625bda1e445b8a72d4f9
Instruction Fuzzy Hash: CFE032B8915208AFD740EFA8E8447A8BBF8EB08704F2080AA9D08C3340E7319E42CB50

Function 058AD2C0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7520b9563f4271be82c545a0bc86d6c7ae904371f197155f0b0967de8f2ec0a1
Instruction ID: 531b2c589ffdfc7f5e615db91cfa6ae97609bfef981659f6eb95cef9080c8484
Opcode Fuzzy Hash: 7520b9563f4271be82c545a0bc86d6c7ae904371f197155f0b0967de8f2ec0a1
Instruction Fuzzy Hash: FFF0397590924CEFCB40CF98D840AADBBF8EB49310F14C09AEC98D3341D671EA51DB50

Function 058A9261 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54237f5bbadc16132de80f1f89660558d0ac71db63d1a25d082bcdc5477258a0
Instruction ID: c0f0749490b64f41c85aa524785dd3075213f1d46f9f69b4e8f59ccd181a931e
Opcode Fuzzy Hash: 54237f5bbadc16132de80f1f89660558d0ac71db63d1a25d082bcdc5477258a0
Instruction Fuzzy Hash: 73F03934C08208AFCB51DFA4E6403ACBBF4FB89304F20C1AAD82497391DB319A41CB80

Function 05946B48 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20a7bbea11fc2ac3c3e3ae209ebe57f3c53c8efccf3506fc677ca2e481262520
Instruction ID: 1352bbb570910f6f1b82898bdae8ca290edcbd2fc3cfb7060c08218526349222
Opcode Fuzzy Hash: 20a7bbea11fc2ac3c3e3ae209ebe57f3c53c8efccf3506fc677ca2e481262520
Instruction Fuzzy Hash: A9F06D34849248EFC745DFA9E888E9CBFB9BB1A311F10C099E8441B322C7319E58DF51

Function 0583B528 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: def7449e18a2ed99cb5db74d915f064db7e020b4d124c08bf9b9050ff31ff795
Instruction ID: 3b0aa3398240d7c1d599baa7839f8ae7bd06ba5851b0741b9dc52b826e24bf66
Opcode Fuzzy Hash: def7449e18a2ed99cb5db74d915f064db7e020b4d124c08bf9b9050ff31ff795
Instruction Fuzzy Hash: DEE092B4C5A38C9FC701DFB8A8492DC7FB4AB45202F2014EAD849D3392E7300E58E761

Function 05832E88 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71c90ef00a9a5c6e5078cf5c28bba9089f7640cc401e8a0fcdbbf8482cdb380a
Instruction ID: fc11096b0aa15827b23eeabdf45b3072917215ea699aded7bf0516faa48f9a71
Opcode Fuzzy Hash: 71c90ef00a9a5c6e5078cf5c28bba9089f7640cc401e8a0fcdbbf8482cdb380a
Instruction Fuzzy Hash: E0F0393894A248EFCB01DFA8E4817ACBFB4AF49214F2480EEDC4997342C7315E59CB91

Function 0583B848 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83fa06bfdbf43d3d8e851be4c67603833e0c9a97027f8af8e6038f84e066adc4
Instruction ID: f1b033e3d686b998b892545e5a4f3ff1c60608d9389ce3ce65c2468093675a37
Opcode Fuzzy Hash: 83fa06bfdbf43d3d8e851be4c67603833e0c9a97027f8af8e6038f84e066adc4
Instruction Fuzzy Hash: 78E06DB4965248EFC750DBA8E98679C7BF4FB49205F204199D948C7321D7309A44CB51

Function 059335AC Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afa61d4eeb989b6740c3a180671ee95bf48c3d61223c7f963e6639d9d085d401
Instruction ID: f4908e478b00969ed47375030f56399af2e9eb47f48b622c82d29c3e1b47ed54
Opcode Fuzzy Hash: afa61d4eeb989b6740c3a180671ee95bf48c3d61223c7f963e6639d9d085d401
Instruction Fuzzy Hash: 3DF01274A08259CFEB24DF2AD885BA9BBB2BB89305F5084E5D00DE7205EB308D81CF00

Function 0593BFE0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f4b961f54c2256983d5c165e06a68abaa0747c6996ab6f023cbf11c6fa7d3e3
Instruction ID: 6ccba8de779550e19493b93646991c44f0abb0a8e198fc14f62615ff1c1f07b8
Opcode Fuzzy Hash: 2f4b961f54c2256983d5c165e06a68abaa0747c6996ab6f023cbf11c6fa7d3e3
Instruction Fuzzy Hash: 38F0153590420CEFCB00DF98D841AACBBB6FB48310F10C099ED1953350C7329A61EF40

Function 05932248 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fb3adfb760c96cfb992594da0d8cd885fe03533907ce42448d3a19eafafe85b
Instruction ID: ea2432761183043b7e8cec5eea8f8b8cc650248e466e570676140439158e11a1
Opcode Fuzzy Hash: 4fb3adfb760c96cfb992594da0d8cd885fe03533907ce42448d3a19eafafe85b
Instruction Fuzzy Hash: 00E06D3994D208DFCB15DFA8E88565CFBB4FB46304F1091D8D80417355C6315946C791

Function 058A80D0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f153e856aa9695bd330c467db41eca65297db9b95dcae17084d861f6957fe62f
Instruction ID: df763145c0d5c4abf9cb1713649206cf8b02bbe82a69da7e83ae43cbe0810c64
Opcode Fuzzy Hash: f153e856aa9695bd330c467db41eca65297db9b95dcae17084d861f6957fe62f
Instruction Fuzzy Hash: 87F01575D08248AFDB11DBA8D8402ACBBB5EB44308F2480AAD81993341D6759E42CB94

Function 058AEB80 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19b1844383d7e815d62ba7a8a1f9a753ead29a4467d4e9e690f34d85133118e8
Instruction ID: b9e3062a8e750a4218adf68f3364a7c2a45a2db44d62e182616d4177252c727d
Opcode Fuzzy Hash: 19b1844383d7e815d62ba7a8a1f9a753ead29a4467d4e9e690f34d85133118e8
Instruction Fuzzy Hash: DCE01A7081520CEFEB60EFB898887ADBBF8E705300F1045AAC809E3220EB304A85CB40

Function 058ADB98 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a58161e0b02cff58ce6a30e18bd43f91bf1c83148a6d71182a821845cbed263b
Instruction ID: dfb4c2253253877f2ed7b00d419a3ca40d7c3c88d17c9e8a63b87636871070ff
Opcode Fuzzy Hash: a58161e0b02cff58ce6a30e18bd43f91bf1c83148a6d71182a821845cbed263b
Instruction Fuzzy Hash: 0DE0ED7081520CDFD750DF68D4843ACBBF5FB05305F5049A98808D2651EB709A96CB51

Function 058AD648 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25e1367ab745c0a509d0984d1d635e2dfe443a2efe489391ce73b4d6af366a23
Instruction ID: 33decb9ab89beaa2493af7aa602808574ba1542c0372c99c945c8e9df07fac8c
Opcode Fuzzy Hash: 25e1367ab745c0a509d0984d1d635e2dfe443a2efe489391ce73b4d6af366a23
Instruction Fuzzy Hash: A7F039B4905208EFD700DFA8D8457ACBBB4FB88208F1081AED809DB750D7329E42CB80

Function 02770D99 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31fb6449726d0ec61eddccee92b240027f3c0cfc6280de6590aede36a1f2d98d
Instruction ID: 01c8a69a90d471ce5e8db18c489f0da4c22b940b6f4a185817dda21803ba3674
Opcode Fuzzy Hash: 31fb6449726d0ec61eddccee92b240027f3c0cfc6280de6590aede36a1f2d98d
Instruction Fuzzy Hash: 90E0923424C3C09FC746D735D8A89293FB06F9621031408DEE087EB3A6D625AC16CB11

Function 05948F48 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 183dc00daadf936f0f3b82d39161f8a7450832f08347a6708cabaa549b828fe1
Instruction ID: 6cc6184d56b98cfebfbda47e1ba9cc3b55339b1d1e5b0c164b675c7c0e31454f
Opcode Fuzzy Hash: 183dc00daadf936f0f3b82d39161f8a7450832f08347a6708cabaa549b828fe1
Instruction Fuzzy Hash: 8CF0F2B4D08208AFD744DFA8D8547ACBBF1EB48304F1484EAD81893292D7758A42CF81

Function 059466C0 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaa244359c52ec63f7aee85a3ea5ba8458d22420e91a4f928073d3f15487e39b
Instruction ID: 8d9bf3a42ad54355a1ab09957b4193a10425213a75b6fc7abcc217cb6e9fca77
Opcode Fuzzy Hash: eaa244359c52ec63f7aee85a3ea5ba8458d22420e91a4f928073d3f15487e39b
Instruction Fuzzy Hash: C5E01AB4C59248EFC740DBB9E8447AC7FF8AB0A201F2084A9D84993751E7708AA4DF51

Function 05839F80 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c8f0bc00fa2b78152b0a998e1923087cbb0c6cbb07eda9f53228d2fadba8ebd
Instruction ID: dbc454b77a8d1a588c2afa858fcab6cde5014c0df28f465c0ab8b054ad3b42c8
Opcode Fuzzy Hash: 2c8f0bc00fa2b78152b0a998e1923087cbb0c6cbb07eda9f53228d2fadba8ebd
Instruction Fuzzy Hash: D1F03930909189EFCB64CFA8D4417ACBFF1EB49310F24C1AAEC54A3351C6768A55EB80

Function 05832601 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adcc5db929b6e88e7ded42ec617504f53baf2f2479fbd7708e563315d179781d
Instruction ID: f39dd15a76c8ae2ef72908fcbe0acfeb8e9e7eab67adc2b38413f3633d31447a
Opcode Fuzzy Hash: adcc5db929b6e88e7ded42ec617504f53baf2f2479fbd7708e563315d179781d
Instruction Fuzzy Hash: 0AE04F38918208EBC725DF98E945BACBBB4FF45304F2490BCED0957351EA719D82CB91

Function 05937D49 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adede3cb0d7cca4fa3757965b2eb5cd1ac60f2305794fec853a6735b629393e0
Instruction ID: ee1bf8e768e723c2daaaff0e042588ff6f66cd4f8de66fafef774232be8e6460
Opcode Fuzzy Hash: adede3cb0d7cca4fa3757965b2eb5cd1ac60f2305794fec853a6735b629393e0
Instruction Fuzzy Hash: DAE0DF34809588EBC350DBA8D80336CFFF4EB05205F5480EC889497391D631DB42C751

Function 05931780 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7216df7b8c9e4436245cdfa54dffbd4f3974947e0668b9b9d54df769134d9b94
Instruction ID: 53e79ae7027e715e5ca9e17b0f9c78099d4e1e936dfad33dbc01118db8fc7b67
Opcode Fuzzy Hash: 7216df7b8c9e4436245cdfa54dffbd4f3974947e0668b9b9d54df769134d9b94
Instruction Fuzzy Hash: D1E09234D18144DBCB10DB74D8815ECBFB1EF46310F2891DDC84957351C6314A46DB01

Function 059329A0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0cb31c3c2c2a7ae972b800aad44a4a4ce723e7140d7998af0f293ecb973636a
Instruction ID: 5fa2bb8fb013230e24698e93559a286bd7f7661db43391b62636fc99e1c3f721
Opcode Fuzzy Hash: b0cb31c3c2c2a7ae972b800aad44a4a4ce723e7140d7998af0f293ecb973636a
Instruction Fuzzy Hash: D3E09A38808208DBCB04DFA8E9427ACBBB4EB42314F2094D8D8481B311D7325982CBA1

Function 059340AD Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea86351e06fa9f3ab007e8a75a4018dbfb05b62a36058b51be99704a71e97ead
Instruction ID: 999ec574ba8511c20568fbb892c35afd6d1ddae44796607203d6d5a026fbd371
Opcode Fuzzy Hash: ea86351e06fa9f3ab007e8a75a4018dbfb05b62a36058b51be99704a71e97ead
Instruction Fuzzy Hash: DFF0DA74A49218CFDB25DF14D855B99BBB1FB49304F1084D9E819A7395CB729E82CF40

Function 0593982D Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebb1aa62e3773e035ecc2399833a4b8e65b0645a840674c700f43913f447da6b
Instruction ID: 02073282e68e969de276776b1a65eeddf95f39a6101c9b235f06494751a1a0cb
Opcode Fuzzy Hash: ebb1aa62e3773e035ecc2399833a4b8e65b0645a840674c700f43913f447da6b
Instruction Fuzzy Hash: B5F09DB4919269CFDB20DF14D989BD8BBF2BB09314F4085E6D089A6290C3769A84CF02

Function 0593B3D8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad7f958455a763e161557f645f9358c23613d51e138916a888f5c5188e772ca3
Instruction ID: f54473114eb3547d6e13186f12954c73c1f067923eb7d7712ce00f5510e368b0
Opcode Fuzzy Hash: ad7f958455a763e161557f645f9358c23613d51e138916a888f5c5188e772ca3
Instruction Fuzzy Hash: 9BF03934809208EFCB00CF95D841AACBBB6EB48310F10C099EC1452350CA329A51EB40

Function 05934B50 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 326eb6b6c1e11eed3791412760c6183f2f322042892a0f66230cc10cb96dd53e
Instruction ID: 595450d2749c5c3f9ea4593f1e8ac29f206fc967d3e47f9f2aaf6d3b261dd3eb
Opcode Fuzzy Hash: 326eb6b6c1e11eed3791412760c6183f2f322042892a0f66230cc10cb96dd53e
Instruction Fuzzy Hash: CFE01A30819148EBCBA4CBB8D5963ECBFB4DF4A214F2880D9D88966652C6778A52CB01

Function 05938A80 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567cc9cf48bf60fbf4f2de5a96acd0859e4ae8d9af089a5b09ccbe74e780903a
Instruction ID: b9062034577154c7ed71971cd68f79d0a41d25c4e31248cdfd9e34cc018e3af6
Opcode Fuzzy Hash: 567cc9cf48bf60fbf4f2de5a96acd0859e4ae8d9af089a5b09ccbe74e780903a
Instruction Fuzzy Hash: C0E06D3540910CEBCF00CF94D8419ADBB76FB48300F108459FD0413250C7329A61EB90

Function 05939250 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567cc9cf48bf60fbf4f2de5a96acd0859e4ae8d9af089a5b09ccbe74e780903a
Instruction ID: 3a96224ffe601df456358495ce0b42f2cd8e742f7ac153e72e42633221006cf2
Opcode Fuzzy Hash: 567cc9cf48bf60fbf4f2de5a96acd0859e4ae8d9af089a5b09ccbe74e780903a
Instruction Fuzzy Hash: A8E0ED3590810CEBCB05DF94DD41AADBB79FB49310F108459EC0527251C7B29A61EB51

Function 058AADD8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a59bc2e855c4193c5e4062c3b06ed1094c39d15f324262fb16a56ea1e72d165a
Instruction ID: 48ccb87fa0540e08775dd81b157e7bb2f8c9dbd334262f2fe29f7b5ab8377c98
Opcode Fuzzy Hash: a59bc2e855c4193c5e4062c3b06ed1094c39d15f324262fb16a56ea1e72d165a
Instruction Fuzzy Hash: 6EF0E778E45218CFDBA8DF24D9A5B99B7B5BB48305F1040E9D50EA7284DB309E81CF00

Function 058A7DD0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2800266ae872adc80a0383d7991c933f370962c02136d819987cb923f87cb2f
Instruction ID: de8cea225ebd8eae0d51d4a30bfc6d70e4ba709d254bd8032b71f306122060bf
Opcode Fuzzy Hash: d2800266ae872adc80a0383d7991c933f370962c02136d819987cb923f87cb2f
Instruction Fuzzy Hash: 33E06D31829248DFDB50DFB8D4843ACBFB0EB05204F1001ADC808D2210D7714A91CB00

Function 058ADDE0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a379b41ec6f063d2cfbceae67c72e6d7663b0250434265fec3e6cf5a388e112b
Instruction ID: ff5abccadd4a680adfeba62555eb221fc71e63f4332f4f05ea3ac2c7f55fcb2c
Opcode Fuzzy Hash: a379b41ec6f063d2cfbceae67c72e6d7663b0250434265fec3e6cf5a388e112b
Instruction Fuzzy Hash: ECE0E57590924CEFCB44DF98D840AACBBF9EB48314F10C0AAEC59D7351C6719E92DB90

Function 0594DD98 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e057bfcec13bf46b1b2924f097fb53353db8e3af79bee3b05bdde02631cc0066
Instruction ID: 6de73f6b34f3a9a75f38e5ff38ad095652eb85535168b18670aba0000e68830b
Opcode Fuzzy Hash: e057bfcec13bf46b1b2924f097fb53353db8e3af79bee3b05bdde02631cc0066
Instruction Fuzzy Hash: 24E0863434030497DB1465655954F66329A9B85650F100469E7059F6C4D962EC018B55

Function 05CB53C0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f465596fb07927429d8c96515e9c8dba0fd524938f5487cd3a45e768649426c6
Instruction ID: 933f2a61154aa282b551f4548a11eb9a876dd22f7c42b30b7b2bb6ba29590118
Opcode Fuzzy Hash: f465596fb07927429d8c96515e9c8dba0fd524938f5487cd3a45e768649426c6
Instruction Fuzzy Hash: E2E0ED74E04208EFCB54DFA9E88469CFBF5EB48310F20C5A99819A3350D6B19E51DF50

Function 05CBAE10 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f465596fb07927429d8c96515e9c8dba0fd524938f5487cd3a45e768649426c6
Instruction ID: d20a74517923bddd041fe566d07977f64b87c438a95655ab142f9fe9c1dcae54
Opcode Fuzzy Hash: f465596fb07927429d8c96515e9c8dba0fd524938f5487cd3a45e768649426c6
Instruction Fuzzy Hash: 86E0C974D04208EFCB54DFA9D84469DBBF5EB48310F10C4A9985893350D6729A51DF40

Function 05CB9638 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f465596fb07927429d8c96515e9c8dba0fd524938f5487cd3a45e768649426c6
Instruction ID: 878f62b1643c6fc0c5036c8d352d4296bc6412f2eb6f031d8098d920ed30b96e
Opcode Fuzzy Hash: f465596fb07927429d8c96515e9c8dba0fd524938f5487cd3a45e768649426c6
Instruction Fuzzy Hash: DEE0C274E0420CEFCB94DFA9D844AACBBF5EB48310F10C4AA9919A3350D6729A52DF80

Function 058374A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eba9b755a20aec4e202bf09af5d846a1dca4debc1f3ad834271061307247a43
Instruction ID: aadad0cc977deed8a98d5983945a3b11dfcf8f3bebce8d9118b908cad9272b6c
Opcode Fuzzy Hash: 1eba9b755a20aec4e202bf09af5d846a1dca4debc1f3ad834271061307247a43
Instruction Fuzzy Hash: FAE0E5B0D0520CEFCB54DFA8D44569DBBF5EB48304F10C0A99918A2310D675AE91DF91

Function 05833F53 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ccd55ebb1437ce553e33ffb920f10692f1e0df7e101f3d1e3c9b0dc6349c58e
Instruction ID: df7a775427d36c661ab398402445c6af5d5a38e20a91431de327c84c243fa52d
Opcode Fuzzy Hash: 5ccd55ebb1437ce553e33ffb920f10692f1e0df7e101f3d1e3c9b0dc6349c58e
Instruction Fuzzy Hash: DEE0863494920CDBC704DB94E84176CBBB4EB45304F64959DDC4453391CB729E56DB81

Function 05835318 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c509bede943b2ca3b3098d98517052e279e0d4e552e28ca2bad66bc52261c59
Instruction ID: 3be2d1f0298ba3bbf8d9bafffd5a4ff34e28439cd14b07d476199b8448580621
Opcode Fuzzy Hash: 8c509bede943b2ca3b3098d98517052e279e0d4e552e28ca2bad66bc52261c59
Instruction Fuzzy Hash: 22E06D74949248DFC718CFA0E88696DBF70EF46311F10C1EEDC0467251CA714E99DB81

Function 05930E43 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce4c2857e65541b2cdb9518badea306d3f8834b215d4aa2afa8a22a9feb2834a
Instruction ID: eaea150ddec154668572724f36ca415e022e612480238808831bc48b2effd131
Opcode Fuzzy Hash: ce4c2857e65541b2cdb9518badea306d3f8834b215d4aa2afa8a22a9feb2834a
Instruction Fuzzy Hash: 4FE04F75E0810CEBC714DFA4F8457ACBBB4FB49315F249598D80827341C7319D86CB41

Function 05935BC0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e78cafdb8f288ca7b4b48dd4ccf6533454742702ad7d11c951a0b5b425181580
Instruction ID: 638ac949193ca3c269e20c4a2f96ace4acf11cb7eb62948aef037c1a74ed0f48
Opcode Fuzzy Hash: e78cafdb8f288ca7b4b48dd4ccf6533454742702ad7d11c951a0b5b425181580
Instruction Fuzzy Hash: 00E01A74E08208EFCB94DFA8E8456ACFBF8FB49304F20C0A99819A3340D6319E42CF40

Function 058AEC68 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 480e3fd14eb301f8b804fe9e0e0176989163c27dcc88b19d3b0b81af3d59e575
Instruction ID: 86fc45ecdc4396b1871c005f67c899ed963dac71be70f84c9a13dba6b822ca67
Opcode Fuzzy Hash: 480e3fd14eb301f8b804fe9e0e0176989163c27dcc88b19d3b0b81af3d59e575
Instruction Fuzzy Hash: E6E0E575908108AFD744DF98D944AACBBF9EB48304F10C0AAAC1997341D6759E42DB94

Function 058A2B1F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a36e1ec2c55af645f00e4ae291abf9cd24380fb4b7d366fefcf411063d20fcc2
Instruction ID: 14289afd4eebfdb007ad87697ada557119fd4d1ecb4dc808fe40d636232f16e2
Opcode Fuzzy Hash: a36e1ec2c55af645f00e4ae291abf9cd24380fb4b7d366fefcf411063d20fcc2
Instruction Fuzzy Hash: D6D0175709E7C88FEB0386744D116873F20CB9760571949F7CC46EA193C42DDA1E8BA1

Function 058A8E9B Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bd435d8227ed5bd67bfe73245f92a04714c462aaba4d08aeb83925adf23f521
Instruction ID: a1fb344eb9e3d6fc9d010c2ec90df59ae422d8bcf420f3cdb1978cfa672e505b
Opcode Fuzzy Hash: 7bd435d8227ed5bd67bfe73245f92a04714c462aaba4d08aeb83925adf23f521
Instruction Fuzzy Hash: A8E01A74909208DFDB14DB94E94176CBBB4EB45308F2080A9980857381CA319D52CA90

Function 05948488 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dc7b2d4836f66798093ac4e7529a006eb8e4803229e39e7019920856047854e
Instruction ID: 22655cde76578437bf52dd96801c893431404fac2e8f6d2bee9a9b6b540322a0
Opcode Fuzzy Hash: 9dc7b2d4836f66798093ac4e7529a006eb8e4803229e39e7019920856047854e
Instruction Fuzzy Hash: C9E0E574E04208EFCB54DFA8D884AACBBF8EB88314F20C1A9D81897340D6319E42CF40

Function 05948F58 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dc7b2d4836f66798093ac4e7529a006eb8e4803229e39e7019920856047854e
Instruction ID: 64d6c7a051d5fc7f84cb681745ebd49863513d40846e1a0a89564b18dd033813
Opcode Fuzzy Hash: 9dc7b2d4836f66798093ac4e7529a006eb8e4803229e39e7019920856047854e
Instruction Fuzzy Hash: 59E0E574E04208EFCB54DFA8D844AACBBF5EB48304F10C0E9D81893351D6319E42CF80

Function 05946938 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d08473a71a50594d2945cf0b50918d41b707bb3dca407d77f0607b9317fd4f9
Instruction ID: d27f23579ae6b75c0c31c5dd1038568d15f71f63008d00ca097be181c426c07a
Opcode Fuzzy Hash: 7d08473a71a50594d2945cf0b50918d41b707bb3dca407d77f0607b9317fd4f9
Instruction Fuzzy Hash: D9E01AB0D0520CEFCB54DFA8D444A9DBBF5FB49304F1080A9D808A7310D7759A91DF95

Function 05839F90 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfa76ef660855adeeef3339bb3e2aab5340adef72454c30cb9c2c7485f2d6ce7
Instruction ID: 4bda20d7d7396d57926923f2546c3a977f89ed06c4c2693e817d5d8865cd6e22
Opcode Fuzzy Hash: cfa76ef660855adeeef3339bb3e2aab5340adef72454c30cb9c2c7485f2d6ce7
Instruction Fuzzy Hash: A8E0E574908208AFCB14DF98D841AACBBB5EB49314F20C1AADC5493351C6729A52EF90

Function 05832250 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 432f1497b9b267022fde0efa2b5f2b10921b4cd79e7b23bd2db0a2b682ce4e31
Instruction ID: 84fbc7a66d45b1ecc479496aacf409ea6e1e326e4b614833a090732d974e252f
Opcode Fuzzy Hash: 432f1497b9b267022fde0efa2b5f2b10921b4cd79e7b23bd2db0a2b682ce4e31
Instruction Fuzzy Hash: 04E0863410D14C9FCB00DBDCEC45BACBBBA9B46218F2851AD9C0993653C6329D42D791

Function 0593BF90 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f27bfb25906592657df0d6968f0aaac71726c070a016369882fb79244bd7070
Instruction ID: 01853d2cf94e8e5e5ca4e67f9d7b29ada1b90b14fb8268eeabdc1e10343ed0e0
Opcode Fuzzy Hash: 9f27bfb25906592657df0d6968f0aaac71726c070a016369882fb79244bd7070
Instruction Fuzzy Hash: 1BE01A74D08208EFCB14DF98D841AACFBB5EB48310F20C1AADC5453351C6319A52EF91

Function 0593367F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b5c06159255aabe45817fd955de4f8e585ba895273a4f581f94a874219b4c12
Instruction ID: 9a5111b17e7ada4b0921f7e5cf04a95d32c90285f14b232e69adfb212db24544
Opcode Fuzzy Hash: 9b5c06159255aabe45817fd955de4f8e585ba895273a4f581f94a874219b4c12
Instruction Fuzzy Hash: 2AF0F874949258CFDBA0DF29D585BE8BBB1FB08314F5084D5E149A7646CB348EC4CF00

Function 0593C160 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f27bfb25906592657df0d6968f0aaac71726c070a016369882fb79244bd7070
Instruction ID: 1be61237449e195cb7aa6f09d5aa94a3858099cdd539a9d98fb97e1308dcf878
Opcode Fuzzy Hash: 9f27bfb25906592657df0d6968f0aaac71726c070a016369882fb79244bd7070
Instruction Fuzzy Hash: CAE0E574908208EBCB14DFA8D941AACBBB5EB49310F10C0AA985563351C6329A52EB90

Function 05949540 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fae74af7352d9090c705026478e3e4a0f93bcdb0094c7d414bded86201466bb
Instruction ID: 9f6521540bfbfdf120028387a9cf5ed80dd5678c907d6b130f585b0968995a08
Opcode Fuzzy Hash: 9fae74af7352d9090c705026478e3e4a0f93bcdb0094c7d414bded86201466bb
Instruction Fuzzy Hash: D4E0DF38949649DFCB00EFB4E80634DBBB1EB4A318F10C6D9E808DB289DB721E049B41

Function 05948E3F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a5199757da198ef5bd355c0f26f19151db47a84fe262f85e2796f83c8a9d3f
Instruction ID: 78907ca6cd71ad2f8287cf5b0ff927ccea1b9d44eac23cf2fe383e50a7fee0e5
Opcode Fuzzy Hash: 65a5199757da198ef5bd355c0f26f19151db47a84fe262f85e2796f83c8a9d3f
Instruction Fuzzy Hash: F9E0DF30C4D288DFD715EBA0D84879DBBB1EB01305F6084ACC41423681C3B94D81DB42

Function 05949990 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30e9cf454467533540e023cad074e54bbe1564fb41f6c6fa5436e3098349e20e
Instruction ID: c45cf6f89271cb5ff19687d4aa2243759c3f59dc2858a8f3b22ceeccf2274af3
Opcode Fuzzy Hash: 30e9cf454467533540e023cad074e54bbe1564fb41f6c6fa5436e3098349e20e
Instruction Fuzzy Hash: 75E09274945248DFDB00EF70DE1535E3BA1E746314F00859899049B292DB711A08AB41

Function 05CB5200 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14f3ac6f8fff9777fc00bbbc97608e479b9b02f73c2b90ba001eca7e8fc1422d
Instruction ID: 958af45defc77f950fd1357ac479847d8b930e5d345bdd1b3fbcd2fbbce4b7b8
Opcode Fuzzy Hash: 14f3ac6f8fff9777fc00bbbc97608e479b9b02f73c2b90ba001eca7e8fc1422d
Instruction Fuzzy Hash: 6CE01A70D1530CEFCB54DFA9E4442ADBBF5EB44300F1084A9881893310E7759A41CF41

Function 05CBEE38 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b6eb47edf9f93159b493f8752cb5e8922614dc4ae20433dfc000dfbd0d8de19
Instruction ID: 274b9ff5f76f49fbadd2783337fedaa1a347481a9457ca2589174e8e8f3af4d4
Opcode Fuzzy Hash: 1b6eb47edf9f93159b493f8752cb5e8922614dc4ae20433dfc000dfbd0d8de19
Instruction Fuzzy Hash: 30E08674908148EBC714DF94D840AEDBFFCEB49710F10C0ADD84857341C6729E42DB90

Function 0583B858 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63e849350a094e3d39ff61f76db50ef3d169dac2d44a014f0fba1b483b170f02
Instruction ID: 31cb48f8e936c8c3a28b9ce9de4ee67d031789db29ddc19a569e2b5ea9eec102
Opcode Fuzzy Hash: 63e849350a094e3d39ff61f76db50ef3d169dac2d44a014f0fba1b483b170f02
Instruction Fuzzy Hash: 13E04F74914208DFC740EFA8D44669CBBF4EF08209F2041A8D809D3320D6309E40CB40

Function 05835328 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 970ba7d7509ffa147b3ce9c972b0c848a0be720f6cf354dcd8a683fa1653fda9
Instruction ID: c28f2ae3ae0884ef8d082bba69446cc518255b8b746e8b89a58e6c504afb795d
Opcode Fuzzy Hash: 970ba7d7509ffa147b3ce9c972b0c848a0be720f6cf354dcd8a683fa1653fda9
Instruction Fuzzy Hash: 7AE0867490810CEBC704DF94E8459ACBFB5EB45314F10C09DDC0463350C6719E92DB90

Function 0593CF33 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf4514d8e9c343d07d77aa49cb9542662f4455963e215a5117c796c795495eb9
Instruction ID: 42637c4a12f6538c99b460ea69f36e08c25d24fccd5b7bfb57a1d5234bc6cf58
Opcode Fuzzy Hash: bf4514d8e9c343d07d77aa49cb9542662f4455963e215a5117c796c795495eb9
Instruction Fuzzy Hash: B1E0C230408148DBCB10CB65D84ABA8BBBCDB02308F1480DD991C63382C672AD02CB80

Function 05937F30 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2734842c86c53906be7527b49d94cdfcba4fc457728907e66b131a1a85376728
Instruction ID: 029be55c2a361af3e13650d1d2b35809daae7dd1be50d269c43dafe9ede97a3a
Opcode Fuzzy Hash: 2734842c86c53906be7527b49d94cdfcba4fc457728907e66b131a1a85376728
Instruction Fuzzy Hash: 5EE04670914208EFC780EFA8D8866ACBBF8EB08204F2090E9980893340E6319A82CB40

Function 058A80E0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22029f0da23d445d980c12219ebb226dac146c953ca1af82ffc6e934b9a310a8
Instruction ID: ceed2edf76dfa29e9b630f5f1e34b15ba714d4b1f90109c0c465de929b92a7e7
Opcode Fuzzy Hash: 22029f0da23d445d980c12219ebb226dac146c953ca1af82ffc6e934b9a310a8
Instruction Fuzzy Hash: 5CE01A34D08208EFC714DB98D4406ACBBB4EB48204F10C0A99C1993341C6719E42DF54

Function 058AF7B0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e2dcbae6c4881ad4c56fcf8a8ff5d8a6c3723a855609a200deb466c96438be
Instruction ID: add715b54eff817fbd2726a6a4b4c2db97b36b99ac2c8fa215a36cbc14c7e58f
Opcode Fuzzy Hash: 29e2dcbae6c4881ad4c56fcf8a8ff5d8a6c3723a855609a200deb466c96438be
Instruction Fuzzy Hash: 71E04F34914148DFC740EFA8D84469CBBF4EB08604F2080A98D08D3340D6319E42CB50

Function 058A5F61 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4a47cc3b33e18a0add8af38a970c4de041718aac9e7ae96bfacd59cf78a4fe1
Instruction ID: 230a654abf131ccf93af00b962092d930710c1d1ea538be38c63a0d7b75f64dd
Opcode Fuzzy Hash: c4a47cc3b33e18a0add8af38a970c4de041718aac9e7ae96bfacd59cf78a4fe1
Instruction Fuzzy Hash: B9E08C32415B20CFDB269B19E004BA6B3F8EF45221F00052EED0A86A60CB72A881CBC0

Function 058A9270 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22029f0da23d445d980c12219ebb226dac146c953ca1af82ffc6e934b9a310a8
Instruction ID: eea1057ec64927514565e1d3222958fd3e3d3cd9d154c44553797b5f4134a673
Opcode Fuzzy Hash: 22029f0da23d445d980c12219ebb226dac146c953ca1af82ffc6e934b9a310a8
Instruction Fuzzy Hash: 48E01234D08208ABCB54DFA8D8406ACBBF4EB89204F20C0AADC2893341DA319E42DB80

Function 05940C97 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0864aa5784934159f97346769a43afbb7fe54b85685912ea0b14aea14e2a9563
Instruction ID: 849a6b393baa0fdb585570dabed3161309b335cb6fe08a2b41affec937fa71e2
Opcode Fuzzy Hash: 0864aa5784934159f97346769a43afbb7fe54b85685912ea0b14aea14e2a9563
Instruction Fuzzy Hash: 7FF0B238909269DFEB20DF24DD88F99BBB2FB08305F048AD4D10DA7280C7305E848F01

Function 05946FF1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9126d7b85bdc3ea4437a33eb402c9bd7bcf6f10a109b575a231c9c6823e1a32d
Instruction ID: fcbe8b712e62362c77270477192184a1c4838835e8553b477e01bec795855e35
Opcode Fuzzy Hash: 9126d7b85bdc3ea4437a33eb402c9bd7bcf6f10a109b575a231c9c6823e1a32d
Instruction Fuzzy Hash: 89E0EDB4E04208CFD708DF99E09499DBBF6FB85304F60C425E15597654DB309C91DF40

Function 05946E35 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71c003bf8f4cf66d8614af84673e2478c056cb2897bf14bf1fce1be2090be591
Instruction ID: e6133b3d0ccb5b6dc05c5b2c63f21a3644a03dbcdc0eb683961200afe35955c3
Opcode Fuzzy Hash: 71c003bf8f4cf66d8614af84673e2478c056cb2897bf14bf1fce1be2090be591
Instruction Fuzzy Hash: 6BF0307CA04158DFCB14DF54E495BDDBBB1EB46314F108896E20AB3344CB305E919F91

Function 05947656 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5b70f9c74217519fd13b2d6623183550329613d09fe595861553193012bd937
Instruction ID: 076b4ba7a7f03699494ad95c76263ea848db07f1332654d9195bde13f35911d6
Opcode Fuzzy Hash: c5b70f9c74217519fd13b2d6623183550329613d09fe595861553193012bd937
Instruction Fuzzy Hash: 60F0EC34504289CFC710DF10E895B9D7B71DF46314F2080D6D505AB791DB301D85DF10

Function 05947E78 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e639f3c39c3f70a087cc9be11b0ab3e5522b38771077460830b895f32e57751
Instruction ID: b1891bea6de4ad5e18f08a8399cecf10f9ce211020b6fa1a3b7a0960c30a0ddf
Opcode Fuzzy Hash: 9e639f3c39c3f70a087cc9be11b0ab3e5522b38771077460830b895f32e57751
Instruction Fuzzy Hash: 68E0467491420CEFC794DFA8D884AADBBF8EB08204F2085A9880893350E7319E82CB81

Function 05CB7F68 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 823b28c62fc5ac082d72a284da67ff7b95c7be02a33e3cb86d8b067039d72d14
Instruction ID: 86a4e300ba10d8a49db5d0d08de5cb5abd9784feb1f2e7fd46eeb358506b9fa8
Opcode Fuzzy Hash: 823b28c62fc5ac082d72a284da67ff7b95c7be02a33e3cb86d8b067039d72d14
Instruction Fuzzy Hash: B6E01A34D08108EBC714DFA9D5406ACBBF5EB88305F1080A99C1853341D6719B42DB84

Function 05CBEA50 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 823b28c62fc5ac082d72a284da67ff7b95c7be02a33e3cb86d8b067039d72d14
Instruction ID: 2e2f3d11296be2aba74ca4eb47d2f41665f7cc05cb8bc9aea66b464e4c471b29
Opcode Fuzzy Hash: 823b28c62fc5ac082d72a284da67ff7b95c7be02a33e3cb86d8b067039d72d14
Instruction Fuzzy Hash: C6E01274D08208AFCB14DBA9D8406ECBBB9EB89604F2080AA981853341C6719B42DB80

Function 0583B538 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78eb5a131eeddcf1acfdcaca5f18ffd628a1920eb80d5ebc04399b4110997a8f
Instruction ID: 3edb19815444c00a90941c4a9bfe2242035892056c3a1735f885519c6ebe9056
Opcode Fuzzy Hash: 78eb5a131eeddcf1acfdcaca5f18ffd628a1920eb80d5ebc04399b4110997a8f
Instruction Fuzzy Hash: B4E0ECB4D5520CDFCB54DFA8E9497ACBBF4AB48707F2040A99809D3250E7705E94DB91

Function 05833F60 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f92577e785586c478cc5009e2b5f07831462c5b076d241215ed298551597072
Instruction ID: 0aa46c9887bb2fc5ca0952b159a252b8f07d5303066705c5e40aea616ad5fdcd
Opcode Fuzzy Hash: 3f92577e785586c478cc5009e2b5f07831462c5b076d241215ed298551597072
Instruction Fuzzy Hash: 76E0C23490810CDBCB04EF94E8416ACBBB4EB45304F60819CDC0853350CA329E42CB80

Function 0583E877 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4067260e9c8c94eb773c7c1530ef842a4626531edc27f144b394921e12ab9e2
Instruction ID: 20bed50367c6841a3f563beff2a131fa7eaf7a3a716e03aa8f0ec2b9b4af8348
Opcode Fuzzy Hash: d4067260e9c8c94eb773c7c1530ef842a4626531edc27f144b394921e12ab9e2
Instruction Fuzzy Hash: 1AD05B76B105125BD7258A1DE94279673E5EFC9705B044174E806C7318EF24DC174780

Function 05936CD0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79d82925acfa106a858baa4cb3696019af87db8bbecea813d6826e824166f152
Instruction ID: ade494e5849cd5a7ca9071d4e3d6beb6b0a320d6274d681e5f73091b4ce803ff
Opcode Fuzzy Hash: 79d82925acfa106a858baa4cb3696019af87db8bbecea813d6826e824166f152
Instruction Fuzzy Hash: 9DE0C77084120CEBCB21EBB8C80969E7BF9EB44204F1005A9990493120EE728A40DBA2

Function 05939C10 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ed9cad26c1799c8aa64ac903e8edf0782b4cc8716f615cf2506768f58bfa436
Instruction ID: 33cb4687688313dcee97b60a3e035775ef97f8de97c9751777f805932dd23f46
Opcode Fuzzy Hash: 8ed9cad26c1799c8aa64ac903e8edf0782b4cc8716f615cf2506768f58bfa436
Instruction Fuzzy Hash: 61E0E574809229CFCF30DF21C949BECBBB1EB15304F00969A900A63291C7B94AC5DF01

Function 05931790 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction ID: ea43badf0f6ef4b9de360c6dd5726deb32e322dbf26788ff4a61d75f3b2320e4
Opcode Fuzzy Hash: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction Fuzzy Hash: 45E0C234D08108DBC704DFA4E8416ACBFB8EB85304F28909CC80913350C6319E42DB81

Function 05936F78 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction ID: e88fa21482e966eeeafa54ff1b65a2ed491e9d13e483d2fcc1132fbd36457f0d
Opcode Fuzzy Hash: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction Fuzzy Hash: 84E0C234908108EFC714DF94E841AACBBFAEB46304F20C09CD80817340CA31AE42CB81

Function 05937690 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction ID: 9dae96e399c5af88e248d4fcb8cc2d09090062479363a950133df1fd32668ac1
Opcode Fuzzy Hash: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction Fuzzy Hash: 3CE0C2B4908108DBC704DFD8E8816ACBBB8EB85308F2080ADC80823341C7319E42CB82

Function 05930E50 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction ID: 490f3b267a239e3de83233f4cd60a760b26ca245d9e7d8d72c843db3cb0b7db2
Opcode Fuzzy Hash: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction Fuzzy Hash: 53E0C234E0810CDBC714DF94E8456ACBBB8EB45304F20809CC80823341C731AE46CB80

Function 0593C990 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction ID: f1e71272e895c5dc3e59ffd1311e856667aea003e934bf677232a5732b6f5d30
Opcode Fuzzy Hash: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction Fuzzy Hash: 0DE0C238908108DBC704DF94E8416ACBBB8EF85304F20809CC80923340DA319E42CB82

Function 059329B0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction ID: a5c709e4d900e2362f7323f909e7080c8cf73bb8bedd0572c5e88f8d8574d68b
Opcode Fuzzy Hash: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction Fuzzy Hash: 23E0C238908108DBCB04DF94E9416ACBBB8EB45304F20809CC80813340D7319E42CBA0

Function 0593C390 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction ID: 7ce3ed7dff272cd4ea5534fd82834590e63b6c10bd1de0f9a6a53290af3af774
Opcode Fuzzy Hash: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction Fuzzy Hash: 5BE0C238908108DBC704DF94E8416ACBBB8EF85304F20809CC80923340C6329E52CB81

Function 0593D2A3 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b064a03998e0c754a45c2bd753cae1ac3ec29a723dac90494772ce26097d07
Instruction ID: 10005607733e47da39c68cf1e09292dcddfaa0bb61e33f131b8ff81627017557
Opcode Fuzzy Hash: a9b064a03998e0c754a45c2bd753cae1ac3ec29a723dac90494772ce26097d07
Instruction Fuzzy Hash: 3DD02E3080A308EACB20DBB4D88A76CBBADDB02308F1040ACC40823260C6B1ED40C740

Function 05932258 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction ID: dfe41f8d2b32a64bd7857dbf119da57e69363ba5d5efbd49a63769005bff7c79
Opcode Fuzzy Hash: 8360eda7ea563a90f83652c48e9213c376fdc093ef32c269356d068ea91a9fbd
Instruction Fuzzy Hash: A0E0EC38909108EBCB18DF98E9456ACBBB9EB45314F20919DD80917351CA719E52DB91

Function 058A7DE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5233cfe36382faaf2d586f565d46feaf1a8535d081ccffa51ffffe8c03c7f6ca
Instruction ID: f1288730921a368f75c1eb10ff4bd6960a4164badea2f8a23184d81b8fbac912
Opcode Fuzzy Hash: 5233cfe36382faaf2d586f565d46feaf1a8535d081ccffa51ffffe8c03c7f6ca
Instruction Fuzzy Hash: ACE0E27192924CEFDB94EFB898482BCBBF9EB04215F2044A9C808D6250E6B19E90DB51

Function 058AFDF0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbae6e4384a5b69c138e772e1ab3c7fa979c8343565afce9c7e919bf07bc3fad
Instruction ID: e2cde978abff4a5b17fec52c1a2aed6c02537f14c37ba3a198c248c212aa1f02
Opcode Fuzzy Hash: bbae6e4384a5b69c138e772e1ab3c7fa979c8343565afce9c7e919bf07bc3fad
Instruction Fuzzy Hash: 2BE0C23890810CDBC714DFA4E8406ACBBB4EF45304F20909CCC0857342CB319E52CB80

Function 058AEB90 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea5be20e2212c8a06310427a20cf37c2dfdc0df626404ac9ddd3d7f68ee64611
Instruction ID: 99d7e545f9e6557e37b9bf416e032a0c0b9959c30f2f4fa4032f2b72f189d2d8
Opcode Fuzzy Hash: ea5be20e2212c8a06310427a20cf37c2dfdc0df626404ac9ddd3d7f68ee64611
Instruction Fuzzy Hash: 83E01270D5520CDFDB60EFB8D94979DBBF8AB04214F2044A98C09E3250E6705E85CB91

Function 058A8EA8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbae6e4384a5b69c138e772e1ab3c7fa979c8343565afce9c7e919bf07bc3fad
Instruction ID: 931ce52562bd7ac24858400059d2989234af6e3b59fa613a1964aa1b21e76e09
Opcode Fuzzy Hash: bbae6e4384a5b69c138e772e1ab3c7fa979c8343565afce9c7e919bf07bc3fad
Instruction Fuzzy Hash: 81E08C74908108DBC714DF94E8406ACBBB8EB45304F2080AC8C0853341CA319E52CB90

Function 0277D4C8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f6f5e09340cdfc2d498afba5ea21e4b0b19e841af8c16cff1f4760136c8670
Instruction ID: 2e0677070cc9f724f5ad203e12b65fd8ed457fa17c7b2c8dd18de47ef20a1591
Opcode Fuzzy Hash: c9f6f5e09340cdfc2d498afba5ea21e4b0b19e841af8c16cff1f4760136c8670
Instruction Fuzzy Hash: 84E08C34840208EBCB10EBB4D80869EBBF8EB49201F1044A9990A93154EF715A54D7A1

Function 059466D0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ca8dbd284083738b3502ebcc66ac01a2fd75512bfee13977640431f43c6a31
Instruction ID: cf6363a38dc5341bfc90b453f19fcbbcc9d0a7f3a95c6b1d974a6d34377aebd7
Opcode Fuzzy Hash: f4ca8dbd284083738b3502ebcc66ac01a2fd75512bfee13977640431f43c6a31
Instruction Fuzzy Hash: 83E0ECB4D5920CDFCB50DFA9D84969CBBF8EB05201F2044A9D84993250E7709A90CB51

Function 05CBCFD8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e76eb7c4d403efb48b945958a50ce2efcc8b88686da51617442a98937b720e
Instruction ID: bf44358d5f98447f1d09aa90b4e1579a85a0543614817228fb44f416aac7a58f
Opcode Fuzzy Hash: d2e76eb7c4d403efb48b945958a50ce2efcc8b88686da51617442a98937b720e
Instruction Fuzzy Hash: 61E0C238909108DBCB14DF98E8416ACBBB8EB45305F2080DCD80823340CA719E82CB81

Function 05936628 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83a7d41d21f4a60bd9eca1261d370f8b8a999ef3f32d7fb31a24d44f9d9ac756
Instruction ID: 030889f95456ac3677e0d11416f437b55b7b46c4f20e428d062645a0b8a7be5b
Opcode Fuzzy Hash: 83a7d41d21f4a60bd9eca1261d370f8b8a999ef3f32d7fb31a24d44f9d9ac756
Instruction Fuzzy Hash: 32E0C23080810CEFC750DBA8D8512ACBFF8EB05208F2080EDC84953351DB319E42CB50

Function 05934B60 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83a7d41d21f4a60bd9eca1261d370f8b8a999ef3f32d7fb31a24d44f9d9ac756
Instruction ID: 2a5edc25cf83c25ee97ffe963f06c022cf2fd2716757df4c8d4e9ba849decbd6
Opcode Fuzzy Hash: 83a7d41d21f4a60bd9eca1261d370f8b8a999ef3f32d7fb31a24d44f9d9ac756
Instruction Fuzzy Hash: 5EE08C30808208DBCB50DBA8D8453ACBFB8EB09204F108099D84853351D6329A52CB50

Function 05946EFD Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97ec864b24894ec9390973a80217a04f359768bacc732d169a76bceb03d470fd
Instruction ID: 858471d35750fbafee0d4b135d730e5df91b79057b385b463cb02e74d1709882
Opcode Fuzzy Hash: 97ec864b24894ec9390973a80217a04f359768bacc732d169a76bceb03d470fd
Instruction Fuzzy Hash: 36E012B8A08104DFD700DFD8E0D4B9D7BF1EB02314F108055E15197644C7349C95CF41

Function 059499A0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82514401136e48481f00d82f6a1e894136828e0152ec3005b4d5b88288580937
Instruction ID: 2560d7d3dfd3e3f0410b92e0875be262a4205bae2ba90ddd723024149a749a4e
Opcode Fuzzy Hash: 82514401136e48481f00d82f6a1e894136828e0152ec3005b4d5b88288580937
Instruction Fuzzy Hash: 1EE0C274A41208EFDB00EFB4D94176E77B5EB86314F4044A8E804DB246DA711F00EB80

Function 05937EA9 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc8bb0f35b700026381bf867c9b856bd7102a39e0128178bd1f7c8d5e1281794
Instruction ID: 910cafdb94b3dcd65a731c0dcda95625bcaac717c23a37572d71b873e072cf7c
Opcode Fuzzy Hash: fc8bb0f35b700026381bf867c9b856bd7102a39e0128178bd1f7c8d5e1281794
Instruction Fuzzy Hash: 38D0227A00A90EC3E338B788EC8B3B8F3ACD705708F147C249509819B2CF609CAAC205

Function 0593B9FB Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 903d5029f63b9f499fe0b75f66707ee8e20cc81662c06c8a0740d73d9e5366ac
Instruction ID: f174d09a233245195667eaebd11e4f62d769aac3182f1af9cf0158b13992d3f2
Opcode Fuzzy Hash: 903d5029f63b9f499fe0b75f66707ee8e20cc81662c06c8a0740d73d9e5366ac
Instruction Fuzzy Hash: C6E01270C04219CFEB34CF24C989B9EBBF2BB00309F0491A9990A67260D37848C4CF11

Function 02772A09 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22f7329916d7b107cfb713ccc6ad59c8724901382027a1a20c373d4190a8c4a3
Instruction ID: 6cff8ef08924f1c91e571121620ab66ac25598fe814ee7f9cc1fde58f3318c8e
Opcode Fuzzy Hash: 22f7329916d7b107cfb713ccc6ad59c8724901382027a1a20c373d4190a8c4a3
Instruction Fuzzy Hash: 0FD0A72170D2D44BCF063768BC002DD6F32EBC7324B494067D422AA16BCA284986EBA1

Function 05949550 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7f4c0e0e72d98ac0b7c0172723f5a27e678143f48155cdbdbc1434f6a2c6621
Instruction ID: bfe2d8bc7b901fb966b7971c4dcd79945d943fda00575fcfc4308bc9723040d0
Opcode Fuzzy Hash: d7f4c0e0e72d98ac0b7c0172723f5a27e678143f48155cdbdbc1434f6a2c6621
Instruction Fuzzy Hash: 2BE0C234A0110DEFCB00EFB4E50168DB7F9EB46304F1084E9E808D7308DA711F049B80

Function 0593D2B0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f5789cf82a3f6286714b3474353a2a0ef889822978f90a0e71a23d92bcc747
Instruction ID: 1c723feb6425c974e39384d2b02083d398732ad877aa509faee22fbe6d7ed13f
Opcode Fuzzy Hash: c9f5789cf82a3f6286714b3474353a2a0ef889822978f90a0e71a23d92bcc747
Instruction Fuzzy Hash: 21D0A93080A308DBC724EBA8A8067ACB3BEEB06204F5004ACC80813220CA72ED80CB51

Function 059475A2 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6ba6d9446f4028a4ddec3c0a3b3a3bb55290bcbb3c2d59bee2f98134b019a88
Instruction ID: cb239fdf3a8367d8e5aa9781ab4c40cc2b9317369f05206c33b63f0a447edbaf
Opcode Fuzzy Hash: e6ba6d9446f4028a4ddec3c0a3b3a3bb55290bcbb3c2d59bee2f98134b019a88
Instruction Fuzzy Hash: A5E01A78A04218CFCB14EF94D8987DA7BB1FB8A319F20449AD109B7384CB301E94DF10

Function 05947438 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b171c9eaf4f9118141b68ce8143ee74bdce75fb799b1c38d0603da1cf93e1d2
Instruction ID: dce746a292361b544d04ffb72c2b0fec009175da36cab568eb9b1d18f50f8ced
Opcode Fuzzy Hash: 0b171c9eaf4f9118141b68ce8143ee74bdce75fb799b1c38d0603da1cf93e1d2
Instruction Fuzzy Hash: FCE01A78A0011C8FC728EF90D9997DEBBB2EB89355F104099D10DA3395CB305E84DF51

Function 05946F9B Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7960e151144b7b749874209291a9496e8836f4a5739d528b5c33711937575479
Instruction ID: d8153763c9fab7952cf02d49390052d5b668fdd95ba0d27ae45d33832afdac3f
Opcode Fuzzy Hash: 7960e151144b7b749874209291a9496e8836f4a5739d528b5c33711937575479
Instruction Fuzzy Hash: FCE01A78A01114CFE714EF64E894B9ABBF2EB89308F2081D9E40DA7284CB305E94DF60

Function 05946F45 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd99c01fb55e04c29e7a567262d292793a86a633e6e7ad45d4069932690bc013
Instruction ID: 5beb5a0330404c505769e5cfe07d85356a751f95eb37cf5f5267645db909ee99
Opcode Fuzzy Hash: bd99c01fb55e04c29e7a567262d292793a86a633e6e7ad45d4069932690bc013
Instruction Fuzzy Hash: BBE0E5B8A84158CBDB50EB54D844BDD7BB5EB89304F208A98D44AA3385CB345E95EF10

Function 059476C9 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99758aded51a43ff74b1c0c5da80f6e064cbe5a7facc958c4f242e24813ae348
Instruction ID: 88bc7775d089edb985215ef607c824fbc7c893ab6a4b1de77a8624617c2c9471
Opcode Fuzzy Hash: 99758aded51a43ff74b1c0c5da80f6e064cbe5a7facc958c4f242e24813ae348
Instruction Fuzzy Hash: 3DE01274A04218CFD714EF10E854BDDBBB2EB85305F20C499950567384C7301D849F51

Function 0594736F Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d61c9f31bcace8a5396c48f7f3859cb62038ba7aab281bdf461ecf5dc97f1c44
Instruction ID: 25df175bbd6e1df5f104eeb1f422c3a6082bfea6d68cb895edb29a279d554e00
Opcode Fuzzy Hash: d61c9f31bcace8a5396c48f7f3859cb62038ba7aab281bdf461ecf5dc97f1c44
Instruction Fuzzy Hash: 2BE01A78A05214CFCB50EF50D8847E9BBB1EB8A304F108598D50EB7385CB302E89DF41

Function 027729B3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf057e2c787217830de86cab395205496b7fe0e43896ee19b78d5d312eb6afc
Instruction ID: 42ed2ca7b6eaa205f754e3b4110b9f9f71e37e74ffb7a9964a0d3855ae2b1dfa
Opcode Fuzzy Hash: 9cf057e2c787217830de86cab395205496b7fe0e43896ee19b78d5d312eb6afc
Instruction Fuzzy Hash: E1D05E2130C6D00BCB1B6B6874602DEBFE2CFC7620B9944EED0C587ABAC9544C479341

Function 0594783B Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae75fd5d8c0566ebcd65b9a0b6de34bba641317bef3125cd7bd7fb69ad19cbf6
Instruction ID: b8c758dde49d21aa9978d7182719d8403d016396c519a5da98059af04006f453
Opcode Fuzzy Hash: ae75fd5d8c0566ebcd65b9a0b6de34bba641317bef3125cd7bd7fb69ad19cbf6
Instruction Fuzzy Hash: 5DE052749183288FCBA0DF54CC8879DBBF6BB08304F0045DAD50DA2250D7741A85CF02

Function 059394F6 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4886cea796067ed40a40df923f24acd35ecffdb5634703b56cdac4d407a52d96
Instruction ID: 3a249a40a4d18834850d6f7e1fa0e01ea52239104beaebf264fcbe1074d0dd11
Opcode Fuzzy Hash: 4886cea796067ed40a40df923f24acd35ecffdb5634703b56cdac4d407a52d96
Instruction Fuzzy Hash: 9FE0E279808229CFCB20DF22CA48BDCBBB1AB14304F0082AA904963290C7B95FC5CF40

Function 058A4218 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f380816bb2ac04d90e5c84be3f2dd5084cbbe2ab71fa12f722ab90a780c9a1c
Instruction ID: fbd4719d1f2a899f8f5c1a14b8fd13ac6e34621c5797d99d1615f271370ca9cf
Opcode Fuzzy Hash: 3f380816bb2ac04d90e5c84be3f2dd5084cbbe2ab71fa12f722ab90a780c9a1c
Instruction Fuzzy Hash: 53D01236400218AFCF03CB50E811E147B66FB54700F40C125F74546322DF32AC12CAC0

Function 0593B97F Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359363957.0000000005930000.00000040.00000800.00020000.00000000.sdmp, Offset: 05930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5930000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c703f8a17dc3fc895b8b96a9b8b3858ee82c05636152c0bec42e8da2e94a99e9
Instruction ID: e9a4beec7c371a4387ba2d05498b15c270b3f60646c78f1cd8f9940911404d8d
Opcode Fuzzy Hash: c703f8a17dc3fc895b8b96a9b8b3858ee82c05636152c0bec42e8da2e94a99e9
Instruction Fuzzy Hash: 41E0E234900219CFDB24CF24C988B9EBBB2AB00304F0480A99509A7210D7349DC0DF11

Function 059443AC Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5790d560ed08bbbadd1222d643e3918b545b0e54bb21471f39cede593b95c094
Instruction ID: 4f84b77e91d03649451994c801f7b882ca29040dc3b5e6d6631d5627a85ee1af
Opcode Fuzzy Hash: 5790d560ed08bbbadd1222d643e3918b545b0e54bb21471f39cede593b95c094
Instruction Fuzzy Hash: 97D05E78A0C3198FCB10EF28D58479A77F2FB48304F004AD8840997248C7304D468F40

Function 05CBD3E8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68aaa2349558004fc9300eb07bdb9ff301b7a2974f113527f94dc4f2b0a34639
Instruction ID: 1756a3e85c864960853c812625c576433e5531036991bb963de5bd915ef35482
Opcode Fuzzy Hash: 68aaa2349558004fc9300eb07bdb9ff301b7a2974f113527f94dc4f2b0a34639
Instruction Fuzzy Hash: 3CC08C3009A60C86D524134968DC3B832BDE302206F483D00900E004A286E08098C122

Function 0277086C Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4389a02d6d2fb474ce5803aae982ee8756c1260e5a59f9df1b7ebd915e8c3c2e
Instruction ID: 743c47cedfeba0c2655cf02592c4f46b671f56f2092c8d2c49bc49b5b684e575
Opcode Fuzzy Hash: 4389a02d6d2fb474ce5803aae982ee8756c1260e5a59f9df1b7ebd915e8c3c2e
Instruction Fuzzy Hash: B4C08C30D142089B8B847AB81C0A21977A8D606100B4002B1E88AA2241EA2099128BC2

Function 0277D2B0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40a43508d33e4be0990d0cfc7cfd297b454fae29cd3e0063053c44395119f47f
Instruction ID: df4b09457a0571f8ec47cefbf1949af85a8f9ea939a578b5d2da7a8a1dfad31d
Opcode Fuzzy Hash: 40a43508d33e4be0990d0cfc7cfd297b454fae29cd3e0063053c44395119f47f
Instruction Fuzzy Hash: 67C08C704D0A1887C32277A4B90D32E36A89B0120AF100010E40C504A04BF098E5CA7A

Function 05836CAA Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5240365c4559a650cd8230a62155a0e595f42e289ce2ef638315829549ee6e2b
Instruction ID: 7bd0ca1125aa9d0d73c52d370d2a5a87909d74fe947742be54a600d13c2f1630
Opcode Fuzzy Hash: 5240365c4559a650cd8230a62155a0e595f42e289ce2ef638315829549ee6e2b
Instruction Fuzzy Hash: 74D048B8D04228CFEB20CF10CC89B9DFBB2BB48302F20909AC809A2340D7301E848E16

Function 058A4F30 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00309ef0f5ff39975713dcfbab0fcd11369f16f63697b567a3862767771fbfb5
Instruction ID: 54bb3a6cebae29f19607c2fb1fbfa99a76cd5dba6a221f3c5489a3d6d54cdb9c
Opcode Fuzzy Hash: 00309ef0f5ff39975713dcfbab0fcd11369f16f63697b567a3862767771fbfb5
Instruction Fuzzy Hash: CBD0C978504100AFC782DB54D440A81B7A1BB88314F14D85EE5088B211CF379813DBA0

Function 058A3AF1 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5f528d5672d3ad239336fb8ef116d0888ca392eabe792280d983c88b8b23edf
Instruction ID: 5c8634faff30edfbfdd356a3df1891098c93f4e4bb83e09093cdd50531be9d26
Opcode Fuzzy Hash: e5f528d5672d3ad239336fb8ef116d0888ca392eabe792280d983c88b8b23edf
Instruction Fuzzy Hash: FDD0C9305152008FCF069B20A24061537B2FB84306F509529E50586564DB769840DA80

Function 02770EEB Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09f2f7dd7ac373b694132706f518bbc0e9d6e524708332df502159c398981347
Instruction ID: 51c3140a1e3f50939e5bd5d000dcf34c1b516ee2b04e5db725242a0dbdddd004
Opcode Fuzzy Hash: 09f2f7dd7ac373b694132706f518bbc0e9d6e524708332df502159c398981347
Instruction Fuzzy Hash: 62C08C35528250CFEB64CB26CC966AA37B1BE1A29030848E0DC86AF561DA302831DB50

Function 0583BB70 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c90011092dc51c2c5002176a3439c6445360c4ca8e80b9ceb0f677d42327f22
Instruction ID: df3aec15d23ebc0b4d6d0a18c2e8196d9e059730c4e0640da74bfb96289a975d
Opcode Fuzzy Hash: 7c90011092dc51c2c5002176a3439c6445360c4ca8e80b9ceb0f677d42327f22
Instruction Fuzzy Hash: 52C00276E5001A9A8B00DAD9E4508DCB774EB94321B004036D614A6204D63015268B50

Function 058A54C1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 474cfb8805933eebf743a4cd8afa1ca707a6f0ce3157ef5d9820dd86d18576d2
Instruction ID: 86dd906a63640504b7f838aa712b182932485b9ed78854f4b138aed3369e6058
Opcode Fuzzy Hash: 474cfb8805933eebf743a4cd8afa1ca707a6f0ce3157ef5d9820dd86d18576d2
Instruction Fuzzy Hash: 15C04C79615614DEDB429B60A90AF157B60EB50B42F009219F60489550DB715410EB95

Function 0277FEF0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 0594AE00 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b312e2bdd5a08c3c50c643c82407da749828be8b8c1b827d26b778884b3fc71b
Instruction ID: bb73cb7e642a573a5d6a8bdb813566c87850a8b4f770e2065224476734125168
Opcode Fuzzy Hash: b312e2bdd5a08c3c50c643c82407da749828be8b8c1b827d26b778884b3fc71b
Instruction Fuzzy Hash: EFC04C6498C6E18EDF03D7245C683457E555B06619F08CA8998D09F5C3EB664019CBC3

Function 058A4228 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33914be9d35b44ae36de0098d31cd7733b99acd7267b5fb85bb50e5a74d59930
Instruction ID: eec6d87bc5c6d5e35c3cf2c794add12b2019ce309fd5c468060597b5c7ac395a
Opcode Fuzzy Hash: 33914be9d35b44ae36de0098d31cd7733b99acd7267b5fb85bb50e5a74d59930
Instruction Fuzzy Hash: 75B09236000208AB8A009B85E904855BB69AB597007008065B609062228B32A922DA94

Function 02770844 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 031eed746f97fc86c92668a95708ec0daad40342ea58a7f2af6b22d4bae0eb33
Instruction ID: a175226c71ebeb8d41bfedb22088bc9059e0397668f0a7fba956ce879ca81125
Opcode Fuzzy Hash: 031eed746f97fc86c92668a95708ec0daad40342ea58a7f2af6b22d4bae0eb33
Instruction Fuzzy Hash: D1B012341A834CDBD72437A4FC0DB9D7F6CEB4121AF800064F00E51C218B6424119B4D

Function 0583E861 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba2d662924b64eb6f497b47e3acf09fb61eaf557b852963276d17f6641bd4cd8
Instruction ID: 8bd23475a87bf132427f515d222d9c035d7145847e76a7b184cf07fe9d28adaa
Opcode Fuzzy Hash: ba2d662924b64eb6f497b47e3acf09fb61eaf557b852963276d17f6641bd4cd8
Instruction Fuzzy Hash: CFB0126A00042823C310B748C4893D40350EF42341FC40010C904C1104DB05952E8193

Function 058A2B50 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 788a7a9e39fcceb4b79ae8110276d664b4ab6c2ba7d7c3655a7d77bf18d67430
Instruction ID: be0106bcc82969f9d3ee45b071364198f9d21dca9f1d08671b15261723c654d3
Opcode Fuzzy Hash: 788a7a9e39fcceb4b79ae8110276d664b4ab6c2ba7d7c3655a7d77bf18d67430
Instruction Fuzzy Hash: 58A012300102088B81005745EC05421B75C97866043008064910D022134B32B8028580

Function 02770848 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e94c1bab6829a322570b67cb2ceb85e8e7c4b89d65e30b7f30b8a605d958c97
Instruction ID: a6db292c8bc0d80b689e2f9a597ffbad09d87d74d35d05e6c4f74c37d49582e3
Opcode Fuzzy Hash: 5e94c1bab6829a322570b67cb2ceb85e8e7c4b89d65e30b7f30b8a605d958c97
Instruction Fuzzy Hash: 83A012340A4208CB81142750BC0D74D371CE5401167400020A00E41C204A1014115A48

Function 05CBF670 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee7ac0ae51e317454cf365d39cd3a2ba16accadf7daa9e577efd6b7f579513ca
Instruction ID: 184c3385aee2de000890c62b4eea50343e25ecd8a314c9c52b49929328ad87e3
Opcode Fuzzy Hash: ee7ac0ae51e317454cf365d39cd3a2ba16accadf7daa9e577efd6b7f579513ca
Instruction Fuzzy Hash: 0DA01230010208CF81005745E805810B75C9B455043008064910D121124B32B80285A0

Function 0277099F Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8617020ea987235a704129c7c864cb61f357d9783e37bcf6930dbece8bd963d
Instruction ID: 93c2483d56c11d8c28da5635bc6d9cd22bec4ebe16f1893d19428b23a6b63d5a
Opcode Fuzzy Hash: d8617020ea987235a704129c7c864cb61f357d9783e37bcf6930dbece8bd963d
Instruction Fuzzy Hash: 0BA002E1697102DB9A582775FC4D3FA2774A5601127180455F083A0556FF580453DE41

Non-executed Functions

Function 05835370 Relevance: 3.9, Strings: 3, Instructions: 102COMMON

Download Yara Rule

Strings

q, xrefs: 058356FF
g, xrefs: 0583694C
e, xrefs: 0583543F

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: e$g$q
API String ID: 0-600984288
Opcode ID: 1c34b2d5e28b92e145e029bb9ae9c377388692e919b870d52de5645aa0bc2090
Instruction ID: 1f7985d281bd28b9e346edad2cdcb0238047f886b597048770ad76d0be460ba2
Opcode Fuzzy Hash: 1c34b2d5e28b92e145e029bb9ae9c377388692e919b870d52de5645aa0bc2090
Instruction Fuzzy Hash: 9941B9B1D056288BDB68DF6BC84879DBBF3AFC8305F14C1A9880DA6254DB344A85CF44

Function 02779268 Relevance: 2.7, Strings: 2, Instructions: 172COMMON

Download Yara Rule

Strings

4'_q, xrefs: 0277935A
4'_q, xrefs: 0277932F

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q
API String ID: 0-531570531
Opcode ID: 83dd2b487e59acc426f3d79e3324e291beb5130ed09a3ed12641f8ad0bf77240
Instruction ID: c200e637e6b4654bbe6403c74ee8b6d5a25291945e2120ef6cd52c767be86661
Opcode Fuzzy Hash: 83dd2b487e59acc426f3d79e3324e291beb5130ed09a3ed12641f8ad0bf77240
Instruction Fuzzy Hash: 34712BB4E046098FDB08EF7AE9C579EBBF2FF88304F14C169E4049B269DB7059468B50

Function 02779278 Relevance: 2.7, Strings: 2, Instructions: 165COMMON

Download Yara Rule

Strings

4'_q, xrefs: 0277935A
4'_q, xrefs: 0277932F

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID: 4'_q$4'_q
API String ID: 0-531570531
Opcode ID: bc35d446621da96dad70caec9277198139f799a6aa7c895cc2b762b846aa84cb
Instruction ID: 258d8b0627dce1a34f2d0c0e888ac6c3d8613c77d10108b8671286ca69d00020
Opcode Fuzzy Hash: bc35d446621da96dad70caec9277198139f799a6aa7c895cc2b762b846aa84cb
Instruction Fuzzy Hash: 85710AB4E046098FDB08EF6AE9C579EBBF2BB88304F14C569E4049B269DB7059068B50

Function 058C9AE8 Relevance: 1.6, Strings: 1, Instructions: 354COMMON

Download Yara Rule

Strings

\Vl, xrefs: 058C9EF5

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID: \Vl
API String ID: 0-682378881
Opcode ID: 069adcc295c832a87e9c843b25ee04700c8691340fb8e0a89a398585e279815d
Instruction ID: 88b5cb95f85827e6f5301283a5a129bbb61f93313dd14132ab17e885c79cb734
Opcode Fuzzy Hash: 069adcc295c832a87e9c843b25ee04700c8691340fb8e0a89a398585e279815d
Instruction Fuzzy Hash: BDE1C470D01218CFEB60CFA9C885BADBBB1BF49304F1485EAD809B7254EB74A985CF55

Function 05949068 Relevance: 1.5, Strings: 1, Instructions: 233COMMON

Download Yara Rule

Strings

Te_q, xrefs: 059493DF

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: Te_q
API String ID: 0-823545363
Opcode ID: 037498c9e3fbdbcdfb6cd44c2a494b77fbfde62c845f0499ddd634ba3054ccdd
Instruction ID: dc89db1bc7d70c43620fe72a4918688bc1b186f23d207aa7f4d94ce7f4939374
Opcode Fuzzy Hash: 037498c9e3fbdbcdfb6cd44c2a494b77fbfde62c845f0499ddd634ba3054ccdd
Instruction Fuzzy Hash: F3A1E874E05218CFDB24DFA9D984BAEBBF2BF49304F1094A9D409AB255D7749D85CF00

Function 0594522F Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

u, xrefs: 05945D9C

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID: u
API String ID: 0-4067256894
Opcode ID: 098d87bd8934a5e0d2517117f13bc8f15a391b703116d56f5030753a7cd06345
Instruction ID: 0788d0ea4403667403bde8baef7b46744f5cd411e15921e6b9292daf9ef66266
Opcode Fuzzy Hash: 098d87bd8934a5e0d2517117f13bc8f15a391b703116d56f5030753a7cd06345
Instruction Fuzzy Hash: 13614AB4E5426C9FDB60CFA8D884B8DBBF1BF49314F5482A6D448E6201D334AE96CF05

Function 05910040 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

}, xrefs: 0591886E

Memory Dump Source

Source File: 00000000.00000002.1359263820.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5910000_Nulzuen.jbxd

Similarity

API ID:
String ID: }
API String ID: 0-4239843852
Opcode ID: e6037e7b9a19de3af07c7fc1f441d52ae9cd33bdbdbf557335434fda1883a015
Instruction ID: 79e15b1112804bda3088fbdc3f8fb57b8d126baa889a3afb7dfc38422960eee3
Opcode Fuzzy Hash: e6037e7b9a19de3af07c7fc1f441d52ae9cd33bdbdbf557335434fda1883a015
Instruction Fuzzy Hash: 27510B71D056288BEB6CCF2B8D456C9FAF3AFC9300F14C1FA995CA6254DB740A858F54

Function 05CA0040 Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

%, xrefs: 05CAE70B

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 6e5032f12ddeefc2d4f763dab234b5b44608632a78c54120cca042782e95b65d
Instruction ID: 5904d0084f5fa2e41d1887f6ef0d5b015311c860734fe296a11e2b442e49656d
Opcode Fuzzy Hash: 6e5032f12ddeefc2d4f763dab234b5b44608632a78c54120cca042782e95b65d
Instruction Fuzzy Hash: 5A41D871D042298BDB28CF6AC848BD9BBF6BF88304F10C8EAD41DA7251DB741A84CF51

Function 05835361 Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

e, xrefs: 0583543F

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID: e
API String ID: 0-4024072794
Opcode ID: 602e2662968903705a977efe3cc77e9c828860845879c1543a50723e8202c039
Instruction ID: 97a834c604884e48d788ab3b81cf7a63c100df264472387b97c23d370b930b1f
Opcode Fuzzy Hash: 602e2662968903705a977efe3cc77e9c828860845879c1543a50723e8202c039
Instruction Fuzzy Hash: EF318EB1D056588BEB5CCF6B9C4529AFBF7AFC8301F14C1FA880CA6224DB350A858F50

Function 0583A610 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4b8be2e6f4eb2ed05c7ca473b20c02287a75699ad8477b75c1b6166cb1ac444
Instruction ID: cab6bcd18435d25c77ea7111183d6d5421808fc8e92151a674f46c69b0f501dd
Opcode Fuzzy Hash: d4b8be2e6f4eb2ed05c7ca473b20c02287a75699ad8477b75c1b6166cb1ac444
Instruction Fuzzy Hash: 5312A371E046189FDB18CFAAC98169DFBF2BF88304F24C169D459EB219D734A946CF90

Function 05CBD018 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba8fe187fd454f6e320765d542e2e8ee7ac43ba837862f270fb95db5c5aae904
Instruction ID: 676f78e19f132df8ce5e0ae9be6967b6abf76c61570998804bab35981b731ef4
Opcode Fuzzy Hash: ba8fe187fd454f6e320765d542e2e8ee7ac43ba837862f270fb95db5c5aae904
Instruction Fuzzy Hash: 2C813A70E05218CFEB24DFAAD8447DDBBB2BF89304F5484A9D00AA7251DBB45A86CF41

Function 05832EE0 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39dafc94f4d27c18df8c8fb4ce0d2054edb1cea06e4c3d0e2e3ea4fa5842bfd0
Instruction ID: f3389a83ed0d115f5e3b8b16b64a72207a2524b8577abb7df7853940e1177e25
Opcode Fuzzy Hash: 39dafc94f4d27c18df8c8fb4ce0d2054edb1cea06e4c3d0e2e3ea4fa5842bfd0
Instruction Fuzzy Hash: 3371F178E0520DCBEF24CFA9D5497EEBBF2FB48304F10906AD916B2240D7754A95CB94

Function 05910006 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359263820.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5910000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e200a58a0683d98a74a497d640c08a594244604f05db94793d05a676705c0d10
Instruction ID: 0661a50d1efc1be15ad4a8b8e9566aa2ecb376fc2da16a21a5080f81b60d8ea5
Opcode Fuzzy Hash: e200a58a0683d98a74a497d640c08a594244604f05db94793d05a676705c0d10
Instruction Fuzzy Hash: 38516C71D056688BE72DCF278D456C9FAF3AFC9300F04C1FA954CAA265EB750A868F41

Function 0583A600 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ef91409056284b76519f0c57aa3fc6afe5e074380396397c3ee2dc4dc92f0b6
Instruction ID: 109ae77c61087038d22a00553194715a663ce0e47ea47c3e3ea76322dd1c5ff7
Opcode Fuzzy Hash: 6ef91409056284b76519f0c57aa3fc6afe5e074380396397c3ee2dc4dc92f0b6
Instruction Fuzzy Hash: 12414675E016198BDB18CFABD94169EFBF3BFC8300F14C17AD958AB224EB3059468B54

Function 0591DAF8 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359263820.0000000005910000.00000040.00000800.00020000.00000000.sdmp, Offset: 05910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5910000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe67025073a386c0bdae4413a550ff9e3f570a1793a591659b12e8f0a9863099
Instruction ID: ad1dbad2724399a8e32a427c6a0ce59cc6e2dec7dbedca74f0c88e3a604bbc4a
Opcode Fuzzy Hash: fe67025073a386c0bdae4413a550ff9e3f570a1793a591659b12e8f0a9863099
Instruction Fuzzy Hash: 4B41FEB4D0435C9FDB14CFA9C984AADBBF5BB09300F209029E819BB350D7749885CF89

Function 02779846 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dff223de705d130411a59b90d163d273b45f65cbf608ef5e88f62177d3ed948f
Instruction ID: 1f0129064f2548db962ace2565868368c20b2cace125b380d5f0641968d331f2
Opcode Fuzzy Hash: dff223de705d130411a59b90d163d273b45f65cbf608ef5e88f62177d3ed948f
Instruction Fuzzy Hash: 05417875E026188BEB64CF6AC95979AFBF2BF89304F14C1E9D50CA7294DB740A85CF01

Function 02779850 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce9e53b9847ab8762f2082a19b3c439ebc0eb96af4405bc2251fa1859d1a3708
Instruction ID: f9c9fac7dbe635a4cd5d54d3d91246edc3aa9481f650726504a4c08e8349a0d5
Opcode Fuzzy Hash: ce9e53b9847ab8762f2082a19b3c439ebc0eb96af4405bc2251fa1859d1a3708
Instruction Fuzzy Hash: 02419871E02618CBEB64CF6ACD5978ABAF6BF89304F14C1E9D50CA7294DB740A85CF01

Function 05940011 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359420975.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5940000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5a941fb40dae4309dc45a96064c8446e2f28f73fb62c9eec3fec586fddffd44
Instruction ID: 910b7381240ce9cc7bdb74048ee2dbad7e3d6259ac24d9567f792b3da7cb5344
Opcode Fuzzy Hash: c5a941fb40dae4309dc45a96064c8446e2f28f73fb62c9eec3fec586fddffd44
Instruction Fuzzy Hash: EC417571E05A589FE75DCF678D4169EFAF3AFC9200F18C1BA844CAA265DB3049468F11

Function 058C61A0 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ea253b1cecfea2e896dc08450da9f6b184bc6fd84bb4c2d2cafe443479103e7
Instruction ID: 64500b99bf7508bc9b9cffbaa1021e052a3bc6a40290202990b501f3361d745c
Opcode Fuzzy Hash: 0ea253b1cecfea2e896dc08450da9f6b184bc6fd84bb4c2d2cafe443479103e7
Instruction Fuzzy Hash: 1A41E0B5D042589FCB10CFA9D584AEEFBF4BF49310F14906AE415B7240D778AA49CFA4

Function 058C619F Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fe0792c0eacb31ddcc0a1f6d615c3a65e7114ce53cd680a58b5adec583ae50d
Instruction ID: 8d5189c22c2111947d159603fa4fa58898e89b52765de75b4a8b3481681ccf91
Opcode Fuzzy Hash: 1fe0792c0eacb31ddcc0a1f6d615c3a65e7114ce53cd680a58b5adec583ae50d
Instruction Fuzzy Hash: 9041EEB5D042589FCB10CFA9D584AEEFBF0AF09310F14906AE415B7240D738AA49CFA4

Function 05CA001C Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1360429910.0000000005CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5ca0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 891075731a003983ee916ebb8edb0dfd11ab55d4d557bd8d086ef9836bc24345
Instruction ID: 6458d52ad4c7d795090586b46a3a8b7692f8c9e29908b032bd4f86192b95c3ea
Opcode Fuzzy Hash: 891075731a003983ee916ebb8edb0dfd11ab55d4d557bd8d086ef9836bc24345
Instruction Fuzzy Hash: 6E311E71D046598BEB29CF6B9848799BFF7AFC9304F04C4EA980CA6255DB740A85CF50

Function 058C1910 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f60a54366b9ae8e9fad3f5d3e35da429ce58623620111d1cce5aa8ac7794d5f6
Instruction ID: 5a697fdd6b39dd3f89fb1577492a95e71b1a1358779dc9a91a9fc2d1dc4ede94
Opcode Fuzzy Hash: f60a54366b9ae8e9fad3f5d3e35da429ce58623620111d1cce5aa8ac7794d5f6
Instruction Fuzzy Hash: 4621DDB5D142189FCB14DFA9D985AEEBBF5BB49320F10906AE809B7210C735A905CFA4

Function 058C1918 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9695744fd47879adbfb3347fa0034edb6d6efd12b0344b6cfdeb021edd0febd
Instruction ID: fd30343c46f6e7c00c8afa5ca643f47dd5c960b60f380e78267c30f38394fbb3
Opcode Fuzzy Hash: f9695744fd47879adbfb3347fa0034edb6d6efd12b0344b6cfdeb021edd0febd
Instruction Fuzzy Hash: D421F0B5D042189FCB14DFA9D984ADEFBF5BB49310F10905AD809B7210C735A905CFA4

Function 058AECB8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c244c81ad42b3315f112b05178625a3a26df8753ebc4263a2c8ba72b3ed5a782
Instruction ID: 4fabbd75d37589c11c385316f4167a24fef6bef41141605b17acf6c61ba04fc7
Opcode Fuzzy Hash: c244c81ad42b3315f112b05178625a3a26df8753ebc4263a2c8ba72b3ed5a782
Instruction Fuzzy Hash: 6B21D3B1D05658CBEB18CF9BD8447EDFAFBBFC8304F04C16AD909A6254DB7409468B50

Function 05834158 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358613521.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5830000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c1b03c8d20ba21546d028d342ae4b454e078d80f6f53cd714db81661d93ccd5
Instruction ID: 1bc42e350522ebe4d5e8d620f9ccd6a04532025b959ae666b83613f59076cb38
Opcode Fuzzy Hash: 2c1b03c8d20ba21546d028d342ae4b454e078d80f6f53cd714db81661d93ccd5
Instruction Fuzzy Hash: C121BB71E046588BDB18CF5BDD052DEBBF7AFC9305F04C0BAD808AA224DB3109858E50

Function 058AECA8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bf6e3476284a68ab793e2ce74c5583cf9af834bbed95d6d11d4d8f460e681c1
Instruction ID: 7815155f815098f0f741286e70b6f665efc89ce1640e93f0562db38a4cd4db9e
Opcode Fuzzy Hash: 0bf6e3476284a68ab793e2ce74c5583cf9af834bbed95d6d11d4d8f460e681c1
Instruction Fuzzy Hash: 1121E3B1D056588BEB28CFABC94479EFAF7BFC8304F14C16AD408AA264DB7509468F00

Function 058C6A08 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1359037287.00000000058C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58c0000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e78dd3e6799cfb4c3de1e7519b084ba4a6712540fc7e985cab0ce8c3f0eef6f0
Instruction ID: 738a09865bbc55b410ae7d1e540dee2d38f963ef35b5939cd3db32f2a643f7e0
Opcode Fuzzy Hash: e78dd3e6799cfb4c3de1e7519b084ba4a6712540fc7e985cab0ce8c3f0eef6f0
Instruction Fuzzy Hash: 6F11E332D09208DFC714DB9EE80A7ACBB70AB01218F1490AFD955FF152E7349C48CB66

Function 0277D518 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1343145369.0000000002770000.00000040.00000800.00020000.00000000.sdmp, Offset: 02770000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2770000_Nulzuen.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cea49c2accace75a7cd23c35026bc0ff957ff53cb6d92e9d9202f6ad6f59eed0
Instruction ID: 46f5262f504b90e689da046f1da2475c2f678aec0f77b4431c3325c953fedac1
Opcode Fuzzy Hash: cea49c2accace75a7cd23c35026bc0ff957ff53cb6d92e9d9202f6ad6f59eed0
Instruction Fuzzy Hash: B7112671E01A189BE72CCF6B9C456CAFAF7AFC9300F14C1B9981C6A265EB700542CE51

Function 058A3220 Relevance: 5.2, Strings: 4, Instructions: 187COMMON

Download Yara Rule

Strings

(__q, xrefs: 058A3959
(__q, xrefs: 058A3923
(__q, xrefs: 058A38D3
(__q, xrefs: 058A38DD

Memory Dump Source

Source File: 00000000.00000002.1358983240.00000000058A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_58a0000_Nulzuen.jbxd

Similarity

API ID:
String ID: (__q$(__q$(__q$(__q
API String ID: 0-61215435
Opcode ID: 1a5c88166a7d271b43e1fb8a3634f9c12f07cd62a3c92a328da749f24b85a098
Instruction ID: 7c0de48ca588e3fb8a637902a496508ec0c566b88bc5ab76c9ee4aa85f8aa1d0
Opcode Fuzzy Hash: 1a5c88166a7d271b43e1fb8a3634f9c12f07cd62a3c92a328da749f24b85a098
Instruction Fuzzy Hash: 8C61F035B042448FDB05AF78C4555AD7BB2FF8A304B5489A9E946DB361EF31EC42CB90

Analysis Process: InstallUtil.exePID: 7828, Parent PID: 2592COMMON

Executed Functions

Function 015A75B0 Relevance: 1.6, Strings: 1, Instructions: 350COMMON

Download Yara Rule

Strings

{, xrefs: 015A7A82

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID: {
API String ID: 0-366298937
Opcode ID: bd23f944f69271aff5ef21306981045ca41e7365d0ccab864ccc82936c9fa0e5
Instruction ID: 9dc2d9dbd85a7caba0ef0d337b89778530c98c9a6495e6b58c3d1031c0607572
Opcode Fuzzy Hash: bd23f944f69271aff5ef21306981045ca41e7365d0ccab864ccc82936c9fa0e5
Instruction Fuzzy Hash: F2D1AF71E4422A8FDB15CBADC8806ADFBF1FB88300F988569D455EB242D735ED46CB90

Function 015A2F87 Relevance: 1.5, Strings: 1, Instructions: 244COMMON

Download Yara Rule

Strings

Te_q, xrefs: 015A311B

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te_q
API String ID: 0-823545363
Opcode ID: 64538b437b08357474177c371723defb56314cd0ca84178c2d83e4d099c7bbe7
Instruction ID: dc2284a98cb371349c030a4d5c375dad7c7424594d83f81bdd5ac75f552b581c
Opcode Fuzzy Hash: 64538b437b08357474177c371723defb56314cd0ca84178c2d83e4d099c7bbe7
Instruction Fuzzy Hash: 85A17A34A44005CFD794CB29D588BAEB7F3FB88304FA584A5E4069F369CB35AD85CB11

Function 015A2F98 Relevance: 1.5, Strings: 1, Instructions: 235COMMON

Download Yara Rule

Strings

Te_q, xrefs: 015A311B

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te_q
API String ID: 0-823545363
Opcode ID: c7987ca4c3c1e6afecd8bdbe150812500dbcafd277f745ea318bdd564faeb4b1
Instruction ID: 9000b023933567b01fe41681ef0c3db340f6785f6785eba9a4c11ef0051d017b
Opcode Fuzzy Hash: c7987ca4c3c1e6afecd8bdbe150812500dbcafd277f745ea318bdd564faeb4b1
Instruction Fuzzy Hash: B3915934A84004CFD794CB29D588BAEB7F2FB88704FA584B5E5069F369CB35AD85CB11

Function 015A46A8 Relevance: 1.5, Strings: 1, Instructions: 235COMMON

Download Yara Rule

Strings

Dfq, xrefs: 015A4743

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Dfq
API String ID: 0-331155411
Opcode ID: 8c64055354be810ba9eaf1fb11896fdc4bbb843bc26362a8b5e6bc3e73b9959b
Instruction ID: 76ebeb4efc4c2583ddabf3a7fe0b01952ae7dd33aee7f3436fc500fec87c51e1
Opcode Fuzzy Hash: 8c64055354be810ba9eaf1fb11896fdc4bbb843bc26362a8b5e6bc3e73b9959b
Instruction Fuzzy Hash: 30A10F30A002059FC714DF6DD584AADBBF2FF88310F5981A8E416AB3A5DB70ED42CB90

Function 015A4698 Relevance: 1.4, Strings: 1, Instructions: 173COMMON

Download Yara Rule

Strings

Dfq, xrefs: 015A4743

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Dfq
API String ID: 0-331155411
Opcode ID: 7ac73d9fc51440700faabce8c0fe73f8eaa9dec38ecbc69a6c7059231561ce3d
Instruction ID: 75ec15b1b46a9dbc7ba4ee9707d9d823a7367451e48e76556b873b9000d16f57
Opcode Fuzzy Hash: 7ac73d9fc51440700faabce8c0fe73f8eaa9dec38ecbc69a6c7059231561ce3d
Instruction Fuzzy Hash: A871AA34A40615DFC714DF6DD584A9DBBF2FF88310B9982A8E416AB365DB70ED41CB80

Function 015A18B6 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eb39f09d5ccac6c399b5e422efb1361d5eb0564cc39b337cdea9aad28cd7fb4
Instruction ID: 556006f412a823cd1dd3bc78a17ee1a59ce906490349f19d3dd4f55aaf61ec2a
Opcode Fuzzy Hash: 7eb39f09d5ccac6c399b5e422efb1361d5eb0564cc39b337cdea9aad28cd7fb4
Instruction Fuzzy Hash: A221927058E7C94FD313472888E43953FB6AB57220F8E01D7D080CF5ABD229588BC726

Function 013BD3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2572981371.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_13bd000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11921fbd0c11fe7ea5b4da53cef491fa3b1b1c0277e620268fd59f88c02ae6c2
Instruction ID: 7c7e191e0dc1bacdd2d3efde70589eadfba9c80747a64c5928cbe98f24506ff8
Opcode Fuzzy Hash: 11921fbd0c11fe7ea5b4da53cef491fa3b1b1c0277e620268fd59f88c02ae6c2
Instruction Fuzzy Hash: 7F214871504204DFCB01DF58D9C0B96BF65FB8431CF20C569EA091BA57D73AE456C6A1

Function 015A1AA3 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0c4af2b6aff76fab514cc751aeb0487e4ab360bb4997ea4d83d5f95e76ad3a4
Instruction ID: c5929f6aca590ab2ae8b713c462201aea6f73766aa7341ce825200844722dcee
Opcode Fuzzy Hash: a0c4af2b6aff76fab514cc751aeb0487e4ab360bb4997ea4d83d5f95e76ad3a4
Instruction Fuzzy Hash: 37216835785511CFD704CB28D994BAD7BF2FB89310F6988A6E50A8F365DA70EC82CB41

Function 015AABE8 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b1da4318db94063c3c7f791c444132d5b30e8047838ec881d34665bfeafda89
Instruction ID: b99f69159408cb5843876f1dee4c236cbf8975f818b39ccef75aa62fd6bce200
Opcode Fuzzy Hash: 7b1da4318db94063c3c7f791c444132d5b30e8047838ec881d34665bfeafda89
Instruction Fuzzy Hash: 1D016134B402295BD708EA7E8894B6F66EEBBC9750F14446DB10ADB3A8DD759C0543A0

Function 013BD3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2572981371.00000000013BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013BD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_13bd000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
Instruction ID: d73564d784a4af32ffc1397a2c2137427f19a4d07d3e714a9ebae7a4720d0f18
Opcode Fuzzy Hash: b6d9f8954513a289108155b17418e8e788e8b427863a5550f59da745f4ae8560
Instruction Fuzzy Hash: 93110372404280CFCB02CF54D5C4B96BF71FB84318F24C5A9D9091B657C33AE45ACBA1

Function 05A36518 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2577184878.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5a30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e71346bd25ea22218b68881f12ee1d1ad557796fbb8d92d1a96214303f99546e
Instruction ID: ea95ef360b301ba4640aad614da041d5777f08124d0d8b165d2267447b549ad1
Opcode Fuzzy Hash: e71346bd25ea22218b68881f12ee1d1ad557796fbb8d92d1a96214303f99546e
Instruction Fuzzy Hash: AF113074904208EFD700DFA9E549BAD7BF6FB5470CF6080B5E406A7288E7799986CB01

Function 015A1920 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c75816384ceeb290e747b556c602c84dfb3d7d5132c19b41b3097cb73146a0d
Instruction ID: a4e1ff834fb9e7b98ff019e025550cf3fec66da53d7cd15d5fa4681b68a09e5e
Opcode Fuzzy Hash: 9c75816384ceeb290e747b556c602c84dfb3d7d5132c19b41b3097cb73146a0d
Instruction Fuzzy Hash: 4501D13458D7898FD313872988D43AA3FF2BB57210F8E40E3D0448E56BD739688AD722

Function 015A2F00 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a35c952548910c44cd187ba9fa6d5b6782b805dfaa86af0b399cd9003cd7ef40
Instruction ID: e64d503585fb565c9e127976f0dbab80c3d1ae759a72ad684fa67d80ab8ddfbf
Opcode Fuzzy Hash: a35c952548910c44cd187ba9fa6d5b6782b805dfaa86af0b399cd9003cd7ef40
Instruction Fuzzy Hash: CFF0E5307442258FC345DF79E4158457BFAFF4E6103114196E40AC7766CB22FC018BE2

Function 015A1C11 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c0c10732b2c6d0e56b651a3c41c93852778562fb8f7ad0789dbf4c1a9edabf4
Instruction ID: 66d36d30d4f4140b2e7d0ae65d6e174e09e96ce1892534726c111f4016882212
Opcode Fuzzy Hash: 7c0c10732b2c6d0e56b651a3c41c93852778562fb8f7ad0789dbf4c1a9edabf4
Instruction Fuzzy Hash: A6F02735C8DA60DFCF228B14C9A132C3BB0BF01340FCA08A2C5A57F543C32478898B52

Function 015A570B Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 863889fb508f193b833393ce146a83d75d42ce22179dc14ca209b8f5aebe5f27
Instruction ID: 69af85fca87c9067ff2f5465d4891631c8584d3a08ef70da186cf2883b89f786
Opcode Fuzzy Hash: 863889fb508f193b833393ce146a83d75d42ce22179dc14ca209b8f5aebe5f27
Instruction Fuzzy Hash: B9F01C34654015EFDB05DAB8E8448AE76B2FF45315B844625AA129B3E0EBB09D018742

Function 015A4238 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44790863010eb957e12e5121a569d257d99fc79ff8bd09c374746f40a0a5f02d
Instruction ID: 5010e39a723ec567dcfa71dc20ab641bda5715d6838ce89f760f49278f904390
Opcode Fuzzy Hash: 44790863010eb957e12e5121a569d257d99fc79ff8bd09c374746f40a0a5f02d
Instruction Fuzzy Hash: 71F03438B00104CFD354CF2AD088A5D7BF2FB9C700B8A80A9E4168B365CB30AC81CF10

Function 015A1948 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e9006489606fe8e6cab1e1e347bcfff2c1547d19ce9d0e986e60067c08b8107
Instruction ID: d64b69af8a82fc8c954a6a0cd619d12729433795b38a1144174e518dc088597b
Opcode Fuzzy Hash: 1e9006489606fe8e6cab1e1e347bcfff2c1547d19ce9d0e986e60067c08b8107
Instruction Fuzzy Hash: 64E0123464150ACFE7248B19D5C876A73E7FB84321F9D8071D1194A569D73478C5DB11

Function 015A2F10 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e85cedd6b07fdd316f0f1be2cfae7f2dfb71aff2e39f0f0359dc5e7e24ff20cf
Instruction ID: 636d7d42160ef9e26876ca2e4bd6c53a87c5232fa5c8d3055cccf1473596c4b5
Opcode Fuzzy Hash: e85cedd6b07fdd316f0f1be2cfae7f2dfb71aff2e39f0f0359dc5e7e24ff20cf
Instruction Fuzzy Hash: EDE046347000288FC384AB69E45885A77E9FB8D62071100A5F80AC7329CA21EC018B91

Function 015A19F0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3924500e3545cdbc6aadcc87ff65049cc91a055a20495429d1122324e794d301
Instruction ID: bfcfce48841a332faf2dc6bb7532efedd1965da6741f80335c7171effb862679
Opcode Fuzzy Hash: 3924500e3545cdbc6aadcc87ff65049cc91a055a20495429d1122324e794d301
Instruction Fuzzy Hash: 04E0C22060D7925FCB62A624A4283983B56AB43328F404ACBC0868E08AD216386883A2

Function 015A2F58 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec804d003709a9299a4680388f03dc71d05837747aceb0fec43b76b731f4370e
Instruction ID: 82021d876a9cfac1ea3f203174725014c5a19a6f70ce80fc3614417d7ba609ee
Opcode Fuzzy Hash: ec804d003709a9299a4680388f03dc71d05837747aceb0fec43b76b731f4370e
Instruction Fuzzy Hash: 54D05E35F513118FCB655B7960080EDBFEAAFC633270041AAD40BC3204DF7578028B91

Function 015A1BC1 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0f58cd1dc770b2021eb3a280c0dbe8ec95c3a00c3bf6ef5ebb41b154e6a2fae
Instruction ID: 62a48cf0c6d78a89daa7bda24909ec70231ddf46c18536cd95688d89ab7c37bb
Opcode Fuzzy Hash: d0f58cd1dc770b2021eb3a280c0dbe8ec95c3a00c3bf6ef5ebb41b154e6a2fae
Instruction Fuzzy Hash: 4ED022B000CBCC8FC3131B387C562847F39BE1732174800D2E04894097D20138198388

Function 05A3367A Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2577184878.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5a30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dccbda26550da5da5695e9778443a3d82baf878286780e0d550ccb9ff72851e9
Instruction ID: ab7f9a5e3ad598f47c050f7a5669ecb88cc5326c528e5e37c49cf3dfe805c1f0
Opcode Fuzzy Hash: dccbda26550da5da5695e9778443a3d82baf878286780e0d550ccb9ff72851e9
Instruction Fuzzy Hash: A7D05E74300214EFDB105A60D85569C7673BF89300F4080BCA20A52354CF766D444F06

Function 015A0950 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5273346896f1659f92a63e4f0cca54e1bf933c25979c459d29c7aea7c944c3c
Instruction ID: 6a1d73eaf3e33023286bc88a5209189cc542dbfb7cb1168d52115a24c087f48b
Opcode Fuzzy Hash: d5273346896f1659f92a63e4f0cca54e1bf933c25979c459d29c7aea7c944c3c
Instruction Fuzzy Hash: F5C0483286E6C4AECF23277828292907FA55E5721534F48C7D0D4CA89BC11628D7CBA7

Function 015A1DA0 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3aa3d4883d54f7c5e5e553db714e330f59ce64e74c3aff86d61f2d859097d2b
Instruction ID: 15188cdf07b34769826a5d45b85d7ca58423a2bc3b0b6c7b724f1de4d07c8958
Opcode Fuzzy Hash: c3aa3d4883d54f7c5e5e553db714e330f59ce64e74c3aff86d61f2d859097d2b
Instruction Fuzzy Hash: DBC02B3050843B5BC6016324DDD532C2571FF40388F804438D6077B349DE183D0D47C1

Function 015A522C Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d6fc2097939e1613f9802c1da80c56eac112705fb376d58990d9c1626e9bccb
Instruction ID: 8e52c41c0e0962d3f211322a7a7620558a773add52965ad17503688d74c05b55
Opcode Fuzzy Hash: 6d6fc2097939e1613f9802c1da80c56eac112705fb376d58990d9c1626e9bccb
Instruction Fuzzy Hash: E2C01234A08014BFCF046AD4F8408EEBAB3FF84300F800019BA02662A8DAB16D008B01

Function 05A36390 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2577184878.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5a30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
Instruction ID: 308734e347fe5fbfc39d01466d26648a0473cab39bdc6a53ba3d68073832f9aa
Opcode Fuzzy Hash: d200006d66dfcaf3ad5dd5c1c75a4ffe651a9ea33eed7fff1a75258716443a08
Instruction Fuzzy Hash: 93B01230240208CFC200DB5DD444C0033FCAF49A0434000D0F1098B731C721FC00CA40

Function 05A3E110 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2577184878.0000000005A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5a30000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c96e3802bc4de4a3d88b2f5b335313f528f30ece222b88e142adc3d93d13ab9
Instruction ID: 3cb0ac8a50b82f9e319cc7ff66d72874501262a46cf67d927e593bd72d8d5488
Opcode Fuzzy Hash: 2c96e3802bc4de4a3d88b2f5b335313f528f30ece222b88e142adc3d93d13ab9
Instruction Fuzzy Hash: 1DA02230082B0C83830032B0230AA20338C080000C3C000F8A30C0EA202833E0A08280

Function 015A1BD0 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2573273664.00000000015A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_15a0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f09e5406e33d4826c8bd805da3fff77d161e0af3322fb8cea86520ae33b3528a
Instruction ID: 88819b01905e06328d764b60a38b90fb75a0fcf041703e3e2110adf424329d84
Opcode Fuzzy Hash: f09e5406e33d4826c8bd805da3fff77d161e0af3322fb8cea86520ae33b3528a
Instruction Fuzzy Hash: AFA011B0008A288FC2203BA0B80F0883B3CAA00322B800020A20EA02088A2A38088B88

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Nulzuen.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe

C:\Users\user\AppData\Roaming\Zwrgmbkirk.exe:Zone.Identifier

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

UDP Packets

DNS Answers

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Windows Analysis Report
Nulzuen.exe

Function 0277D5AD Relevance: 5.9, Strings: 4, Instructions: 858
COMMON

Function 058C0040 Relevance: 3.0, Strings: 2, Instructions: 543
COMMON

Function 0594D468 Relevance: 2.9, Strings: 2, Instructions: 395
COMMON

Function 058AA2E0 Relevance: 2.8, Strings: 2, Instructions: 310
COMMON

Function 058AA12A Relevance: 2.8, Strings: 2, Instructions: 307
COMMON

Function 058AA1F2 Relevance: 2.8, Strings: 2, Instructions: 305
COMMON

Function 0583D3E8 Relevance: 7.9, Strings: 6, Instructions: 404
COMMON

Function 0277EE00 Relevance: 6.6, Strings: 5, Instructions: 341
COMMON

Function 0583C138 Relevance: 4.2, Strings: 3, Instructions: 478
COMMON

Function 0583DDE0 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON